RSA NetWitness UEBA (User and Entity Behavior Analytics) is a behavior analytics solution that analyzes user activity data from logs, network traffic, and endpoints, correlating this data with threat intelligence to identify activities indicative of malicious presence. The platform uses machine learning to establish baselines of "normal" behavior across user peer groups, applying both static rules and statistical analysis to detect suspicious activity. It operates with a zero-touch, turn-key approach — no rule configuration, metadata customization, or extended model training periods are required at deployment. Rather than generating alerts on every anomaly, RSA NetWitness UEBA aggregates multiple indicators of suspicious activity and applies a dynamic, statistical risk-scoring mechanism. Alerts are only produced when a risk score exceeds defined thresholds, reducing false positives and improving alert fidelity. The platform is designed to scale, processing billions of events per day and analyzing hundreds of thousands of organizational entities. Data collection, enrichment, analysis, and investigation can be handled via streaming or batch loading on a Hadoop infrastructure. Peer grouping uses machine learning to segment users by role, work type, location, and other factors, enabling more accurate deviation detection within relevant groups. As part of the RSA NetWitness Platform, it correlates behavioral analysis with threat intelligence and business context to support SOC analysts in detecting threats such as compromised accounts, command and control activity, data exfiltration, lateral movement, advanced malware, privileged account abuse, and geolocation anomalies.