LogPoint UEBA now maps all anomalies to the MITRE ATT&CK framework and has more filtering options
LogPoint, the global cyber security innovator, has released an update to its UEBA solution. The update includes three new features: support for primary entities, support for secondary entities, and anomalies associated with the MITRE ATT&CK framework.
The new primary entity support feature allows for a more nuanced understanding of the risks in the enterprise network, as it provides insight into risk profiles other than just users. Primary entities now also include servers, shares, websites, and detectors for these primary entities.
The UEBA update provides users with improved filtering options to add more layers and angles to the same data by reintroducing support for secondary entities. When UEBA detects a secondary entity in an anomaly, it is displayed in the context of the anomaly. The secondary entity can also be filtered, and the Anomalies panel provides companies with a filtered view of all anomalies with abnormal secondary entity usage.
Anomalies mapped on MITRE ATT&CK
The UEBA update will map all anomalies to the MITRE ATT&CK framework. LogPoint SIEM is based on the Mitre ATT&CK framework, so the update improves coordination between LogPoint SIEM and UEBA while leveraging a globally accessible knowledge base on attacker tactics from real-world observations.