Change Auditor Threat Detection 7.0.1 - User Guide

Introduction to Change Auditor Threat Detection

 

Overview

Detecting suspicious activity by rogue users is a difficult challenge. The traditional rule-based approach to user threat detection generates too many alerts to investigate. As a result, you waste time with false positives and risk missing the real threats, leaving your organization at risk of a data security breach.

To effectively protect your data and your business, Change Auditor Threat Detection uses advanced machine learning, user and entity behavioral analytics (UEBA), and SMART correlation technology to spot anomalous activity and identify the highest risk users in your environment.

More specifically, Change Auditor provides a threat detection solution that:

This guide gives information about the Threat Detection dashboard functions and capabilities for IT and security analysts. It is also relevant to chief information security officers, security architects, network administrators, and auditors responsible for information security in large organizations who need to understand the functionality and abilities made possible using the solution.

Which systems are monitored?

Threat Detection analyzes Change Auditor events to build a user behavior baseline and to detect anomalies and threats. User activity from the following Change Auditor subsystems is streamed to the Threat Detection server for processing to build the global map of users, groups, systems and files in your environment:

Threat detection concepts

The following section describes the terms and concepts used within Change Auditor Threat Detection to help you understand how risk is assessed and alerts are determined.

Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents