I've been using Rapid7's InsightIDK since it was called UserInsight (and later InsightUBA).
It has really grown in that time, and has become a very useful tool for keeping track of user activity within the environment -- suspicious login times/patterns, lockouts, etc.
My concern is that the pricing is not friendly for smaller environments that can absolutely benefit from this visibility. We're not talking about SIEM-lite level of features, but even small shops of 10-50 users could stand to track the information from Active Directory and DNS pertaining to user behavior.
Does anyone have experience with InsightIDK alternatives that would be budget friendly (4-figures vs 5-figures) for smaller organizations?
It can be cloud-based or on-premises (virtual appliance).
Any vendors I should be looking at?