Automate Gurucul Behavior Analytics Threat Detection and Response Workflows

Apr 20, 2021
2 minutes

Existing cybersecurity point solutions like Firewalls, DLP tools, and traditional SIEMs don’t provide actionable context about risks they may detect. These sorts of conventional technologies focus on events and deliver a flood of information and alerts. This pervasive paradigm presents events and incidents without the context necessary to remediate threats efficiently at scale.

Gurucul uses a risk-based approach to help analysts prioritize the right incident that will make the most impact for investigation. This has enabled customers to achieve a 99.5% efficiency rate for true positive incidents and improve the accuracy of investigations. These savings are delivered by leveraging Gurucul’s comprehensive risk engine that performs continuous behavioral risk scoring on vendor agnostic data lakes and a library of more than 2,000 pre-packaged machine learning models aligned with key use cases, telemetry, industry verticals, and threat and compliance frameworks including MITRE ATT&CK, PCI-DSS, and more.

Now available in the Cortex XSOAR Marketplace, Gurucul’s integrated content pack delivers end-to-end workflow automation for anomalous, high risk users and entities or devices. Gurucul’s Unified Security and Risk Analytics platform automates context gathering and enriches Cortex XSOAR data with historical information about users, entities, and accounts to significantly improve the speed of threat investigations and time to resolution.

Gurucul content pack for Cortex XSOAR enables you to:

  • Automatically sync incidents between the Cortex XSOAR and Gurucul platforms
  • Trigger fully automated remediation playbooks in Cortex XSOAR instantly from Gurucul incidents to reduce response times
  • Assign a risk score to anomalous users and entities and enrich events with metadata including threat indicators, behavior baselines, and event details for prioritized incident analysis in Cortex XSOAR
  • Leverage the full power and features of Cortex XSOAR for your Gurucul workflows
  • Address key Gurucul network and user behavior analytics use cases across your automated security workflows including insider threats, data exfiltration, account compromise, privileged access abuse, cloud security access, zero-day exploits, malware, and IoT threats

The Gurucul Unified Security and Risk Analytics platform drives high efficacy threat detection and automated response with machine learning based behavior analytics. There are hundreds of use cases, all focused on predicting and detecting risky anomalous behavior before a malicious insider or cybercriminal can do harm.

For more information on the Gurucul use cases, please visit:

To learn more about the Cortex XSOAR Marketplace and download the Gurucul content pack, visit


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.