Is SIEM Correlation or Rules are Useless?

Is, correlation or rules are useless?

What if the end-user needs a custom use case?

Is it possible and easy to develop an ML model using a UEBA GUI for an end-user?

UEBA solutions work as a black box. Is it possible to develop a custom ML model as an end-user?

Why UEBA solutions like Exabeam, Aruba introspect utilizes rules and correlation engines.

Originally published at https://www.peerlyst.com on May 2, 2020.