What is a one sentence summary of your feature request?
Detect abnormal behavior in the solution (local siem)
Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.
The idea behind is to allow the system to gather and analyze users behavior (based on built in templates) and rise alerts whenever an abnormal behaviour is detected.
Some examples :
- An identity manually created outside of working hours.
- Permissions granted, requested or approved by a disabled user
- Permissions requested and approved by the same user
- A workflow executed/approved by non authorized user (example: approval by a non manager)
- etc.
In summary we want to setup a mini smart SIEM in NIM
How do you currently solve the challenges you have by not having this feature?
Integration with existing SIEM
Reports