For improvement, I have requested three enhancement tickets, which are already lodged with the Gurucul support team. The first request is to add a visualization option in reports for charts or graphs. I have also requested new dashboard features. In the query box, there's a bug where taking an attribute at the end does not return data, but placing it elsewhere does. The support system could be more equipped.
Manager at a comms service provider with 10,001+ employees
Real User
Top 10
2023-11-10T09:17:00Z
Nov 10, 2023
Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design. Gurucul UEBA needs to be more user-friendly. I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.
Threats are a moving target. Determined and persistent threat actors purposely stretch out their activity across weeks or even months, especially when most SIEM and XDR solutions are incapable of piecing together events across time. Even worse, is that these solutions primarily use rule-based Machine Learning, which is essentially pattern matching. This makes them especially ineffective in detecting new attacks and/or variants, which are highly successful in breaching organizations....
For improvement, I have requested three enhancement tickets, which are already lodged with the Gurucul support team. The first request is to add a visualization option in reports for charts or graphs. I have also requested new dashboard features. In the query box, there's a bug where taking an attribute at the end does not return data, but placing it elsewhere does. The support system could be more equipped.
Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design. Gurucul UEBA needs to be more user-friendly. I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.
Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves.
It could be more stable.