Hello NetWitness Community,
The NetWitness R&D organization is hard at work expanding out behavior analytics and entity relationship tracking capabilities and we would really appreciate input from the community as validation and inspiration. One of the main areas of focus we are very excited about is correlation between anomalous/suspect behaviors and more traditional SIEM alert sources. Given that many of the traditional SIEM alerting sources (IDS. IPS, FW, AV, DLP, etc) can be very noisy and/or not highly accurate detection on their own correlation has always been important. As a SIEM NetWitness has always endeavored to deliver more value than others by coupling deep visibility with correlation however the introduction of behavior analytics is really going to allow us to crank up the level of value we can deliver. To that end we are very interested to hear specific behavior correlation use cases from the community to ensure we can deliver the most value to you possible.
For example, if you had a risk rating for every user in your company and the ability to automatically surface any other alerts related to that user (directly or indirectly), which types of alerts would yield the most actionable results for your analysts?