Description
User behavior analytics ("UBA") as defined by Gartner, is a cybersecurity process about detection of insider threats, targeted attacks, and financial fraud. UBA solutions look at patterns of human behavior, and then apply algorithms and statistical analysis to detect meaningful anomalies from those patterns-anomalies that indicate potential threats.' Instead of tracking devices or security events, UBA tracks a system's users. Big data platforms are increasing UBA functionality by allowing them to analyze petabytes worth of data to detect insider threats and advanced persistent threats.
Technical Details
| Framework | MITRE D3FEND |
| Ontology URI | d3f:UserBehaviorAnalysis |
| Local Identifier | UserBehaviorAnalysis |
| Publication Status | Published on D3FEND website |
Relationships
Parent Tactics
- Detect Detect
Child Concepts
- D3-RAPA Resource Access Pattern Analysis
- D3-ANET Authentication Event Thresholding
- D3-UDTA User Data Transfer Analysis
- D3-WSAA Web Session Activity Analysis
- D3-DAM Domain Account Monitoring
- D3-JFAPA Job Function Access Pattern Analysis
- D3-AZET Authorization Event Thresholding
- D3-LAM Local Account Monitoring
- D3-UGLPA User Geolocation Logon Pattern Analysis
- D3-CCSA Credential Compromise Scope Analysis
- D3-SDA Session Duration Analysis
References
For the official documentation and additional resources, visit the MITRE D3FEND website.
View on MITRE D3FEND