How would you implement User and Entity Behavior Analytics to detect insider threats and compromised accounts? What data sources, baselining techniques, and alert strategies would you use?

Sample answer preview

Implementing UEBA effectively requires a thoughtful approach to data collection, baseline construction, anomaly scoring, and alert management. A rushed deployment without proper foundations produces overwhelming false positives and erodes analyst trust.