New Features Introduced in January 2025

The Legacy UEBA Integration with Behavior Threats feature enhances your User and Entity Behavior Analytics (UEBA) capabilities by combining machine learning-based behavior threats with optimized rule-based policy rules. This integration addresses limitations in traditional rule-based systems, providing a more adaptive and accurate security solution. You can improve threat detection, reduce false positives, and identify complex behavioral anomalies and unknown threats. The system adapts to new threat patterns automatically, reducing the need for manual updates. You gain a consolidated view of all security incidents, streamlining threat management. This feature is valuable when you need to strengthen your security posture against sophisticated cyberthreats, enhance operational efficiency, and customize threat detection policy rules. By implementing this solution, you can ensure your security infrastructure evolves with the changing threat landscape while offering scalability and flexibility. The feature is useful for detecting insider threats, account compromises, and emerging attack vectors. It allows your security teams to focus on strategic tasks rather than constant rule updates. With this integration, you can improve your overall security effectiveness, adapt to new threats more quickly, and gain deeper insights into user and entity behaviors across your organization.

Behavior Threats Incident Details enhances your ability to investigate and respond to security threats effectively. This feature provides detailed information about detected anomalies and security incidents, including application names, granular activities, precise timestamps, and asset data. You can view a chronological sequence of user activities, understand risk score calculations, and access visual representations of activity patterns. By using Behavior Threats Incident Details, you can conduct thorough investigations, reduce response times, and minimize the risk of undetected security breaches. The feature allows you to filter incidents efficiently, export detailed reports for compliance purposes. You will find this feature useful when analyzing user behavior, identifying potential insider threats, and maintaining a strong security posture across your organization. Behavior Threats Incident Details lets your security administrators make informed decisions quickly, implement targeted remediation strategies, and optimize administrative resources in managing security incidents. You can also view a detailed breakdown of user risk scores, helping you understand the factors contributing to a user's risk level. The feature includes advanced filtering options for efficient incident management and provides visual tree views of risk score contributions. By using Behavior Threats Incident Details, you can significantly improve your security team's efficiency in detecting, analyzing, and responding to potential threats, ultimately strengthening your organization's overall security posture.

Behavior Threats supports LLM powered user risk summary of the top 0.1% of risky users. This summary provides detailed insights into unusual activities, data access patterns, and potential security concerns even when incidents are not generated, enabling security administrators like you to understand and assess user risk more effectively. LLM-powered user risk summary is an innovative approach for evaluating high-risk users by analyzing their activity patterns and machine learning model results. This summary offers an overview of user risk factors, surpassing the limitations of current incident descriptions that often focus on single aspects. It's valuable for explaining high risk scores for users without recorded incidents. This approach has shown promising results in production, offering additional insights compared to traditional incident descriptions.