QUESTION

Does Panther support User Entity and Behaviour Analytics (UEBA) or risk-based alerting?

ANSWER

Panther does not currently support UEBA. If you are interested in support of this feature, please contact Panther Support to put in a request.

As a workaround, you can use the DynamoDB cache to monitor and score entities based on events that have come into Panther. More information can be found in Panther’s documentation on Python Rule Caching.