Teresa wants to detect a potential insider threat using her security information and event management (SIEM) system. What capability best matches her needs?

User behavior analysis is the main capability when trying to detect potential insider threats. Teresa can use her SIEM’s behavioral analysis capabilities to detect improper or illicit use of rights and privileges as well as abnormal behavior on the part of her users. Sentiment analysis helps analyze feelings, and log aggregation and security monitoring provide ways to gain insight into the overall security posture and status of the organization.