Security Behavior Graph

Sqrrl excels at streamlining hunts and investigations by laying out network, endpoint, identity, and security data in an intuitive Security Behavior GraphTM, which automatically transforms log files into actionable knowledge and contextual insight via entity extraction techniques. Similar to the concept of hyperlinking websites, the Security Behavior GraphTM connects together network, endpoint, identity, alert, and threat intelligence data, simplifying search and exploration across them.

The Security Behavior GraphTM

The Security Behavior GraphTM sets Sqrrl apart from other security solutions, and it is a visual, interactive environment for hunting and investigating suspicious behaviors.

The Security Behavior GraphTM:

  • Lets analysts visually pivot across data users, assets, and events using link analysis techniques instead of manual database queries.
  • Enables the use of powerful graph algorithms (in addition to machine learning) to detect the connections between suspicious behaviors
  • Unites advanced analytics with link analysis to develop attack narratives with ease

Behavior Graph (2.5)

A Security Behavior Graph representation of network and endpoint events


Using the Security Behavior GraphTM, analysts and hunters using Sqrrl benefit from:

  • Enriched contextual knowledge derived from log data
  • Rapid understanding of the relationships between entities like users, hosts, and domains
  • Rapid understanding of the activities performed by entities based on those relationships
  • Embedded User and Entity Behavior Analytics that leverage machine learning and graph algorithms

Interested in learning more about the Security Behavior Graph? Request access to the Sqrrl Product Paper.