Regarding the prioritization of threats, Gurucul UEBA needs to enhance its alert severity assignment process within the system. This is one area where Gurucul UEBA could improve. Additionally, it would be beneficial if the tool itself could provide or assign user-based or asset-based CI ratings to allow for a more accurate assessment of alert severity. In our environment, we forward these logs, events, and alerts to SIM, where the CI rating is already present. Therefore, if we need to closely investigate a UEBA case directly, it becomes problematic. Gurucul UEBA should proactively incorporate asset-based or user-based CI severity into its design.

Gurucul UEBA needs to be more user-friendly.

I would like Gurucul UEBA to be able to integrate with legacy-based identity systems and systems that are performing network-based access control. This would require additional integration and playbook models.

It could be more stable. 

Gurucul can improve on the online documentation. They should educate the end users more to allow them to do everything themselves.