Let the community know what you think. Share your opinions now!
Notifies for any high risk or suspicious activities like risky command execution in UNIX or registry changes in windows.
Maybe, look for solutions that capture diverse user actions and provide advanced analytics for early detection and prevention.
Examining this "Deep & Wide" area at this individualized criteria level will not likely be the answer any CIO is looking for.
Additionally, since it is an issue for both Privileged and Unprivileged account activities, the alert criteria will differ for each.
Where are you planning this tool to be situated: for outside in, inside intra network or access through a PAM solution?
You should look at this more holistically and not just sum of the parts.
I believe this question is related to User Activity Monitoring solution. If yes, then below would be some key aspect.
1. Easy of use
2. Ability to scale up and capable to handle large dataset to create good baseline.
3. Ability to integrate with other solution like SIEM, SOAR, EDR
The support team that stands behind the detection and response. Is there adequate expertise and are they behind you 24x7x365? Cynet CyOps has been there for us.
The primary user activities that interest me are the number of logins and failed logins.