Performing User Behavior Analytics When to Use Use this skill when: - SOC teams need to detect compromised accounts through abnormal authentication patterns - Insider threat programs require behavioral monitoring beyond rule-based detection - Impossible travel or geographic anomalies indicate credential compromise - Privileged account monitoring requires baseline deviation detection Do not use as the sole basis for disciplinary action — UEBA findings are indicators requiring investigation, not proof of malicious intent. Prerequisites - SIEM with 30+ days of authentication and access log histo…