Security Behavior Graph

With a graph-oriented database at its core, Sqrrl excels at streamlining hunts and investigations by laying out network, endpoint, identity, and security data in an intuitive Security Behavior Graph, which automatically transforms raw logs into actionable knowledge and contextual insight via entity extraction techniques. Similar to the concept of hyperlinking websites, the Security Behavior Graph connects together user, entity, asset, and event data, simplifying search and exploration across them.

The Security Behavior Graph

The Security Behavior Graph sets Sqrrl apart from other security solutions, and it is a visual, interactive environment for hunting and investigating suspicious behaviors.

The Security Behavior Graph:

  • Lets analysts visually pivot across data users, entities, and events using link analysis techniques instead of manual database queries.
  • Enables the use of powerful graph algorithms (in addition to machine learning) to detect the connections between suspicious behaviors
  • Unites advanced analytics with link analysis to pull together entire attack pictures with ease

Behavior Graph (2.5)

A Security Behavior Graph representation of network transactions


Using the Security Behavior Graph, analysts and hunters using Sqrrl benefit from:

  • Enriched contextual knowledge from raw data
  • Rapid understanding of the relationships between entities like users, hosts, and domains
  • Rapid understanding of the activities performed by entities based on those relationships
  • Embedded User and Entity Behavior Analytics that leverage machine learning and graph algorithms

Interested in learning more about the Security Behavior Graph? Request access to the Sqrrl Product Paper.