Some point I need to know, we need to create rules on ESA, and based on
that alert will be generated. But how UEBA will help ESA? I mean do we
need to see UEBA for anomaly behavior/deviations then write rules on
SIEM again for fine-tuning the rules o...
thank you dear and sorry for the late response...ok that means, UEBA
analysis the logs from the SIEM and compare it with threat intelligence.
correct me if i am wrong.
Thank you dear Prashant Mishra for the reply. I am clear now. One more
thing, where do we need to integrate threat intel? With UEBA or with Log
collector?
