Skill UI

Implements UEBA using Elasticsearch/OpenSearch to normalize authentication, file, and network logs, establish behavioral baselines, calculate anomaly scores through deviation and peer-group analysis, and correlate indicators into SOC-ready alerts for insider threat detection.

Detect process hollowing (T1055.012) by analyzing EDR telemetry for suspended process creation, memory section anomalies, integrity mismatches, and correlated network evidence to hunt for in-memory threats and proactive defense.