Behavior Models With SureLog

In modern SIEM solutions, correlation and profiling used together. User-behavior baseline profiling and event correlation through association are two critical features in next-gen SIEM solutions.

SureLog has a profiler wizard that most of SureLog’s competitor does not have. A user can simply create profiles, baselines, then detect any deviation from those profiles or baselines like:

• Check if this authentication failure behavior by this user is seen before in the last 7 days.
• Check if this authentication failure behavior by this user was seen before at this hour and this day of the week for the last 30 days.
• Check if this authentication behavior by this user from this SRCIP to DSTPIP is seen before at this hour and this day of the week for the last 60 days.

SureLog Profiler