From system logs, an UEBA system gathers data on user & entity activity. It analyzes the data using powerful analytical tools and creates a baseline of user activity patterns. To detect abnormal activity, UEBA continually analyzes entity activities and compared it to baseline performance for the same or related entities. Base lining is essential for an UEBA system since it allows for the detection of possible attacks. The UEBA system generates a risk rating and evaluates if variations are allowed by combining the preset baseline with present user activity. When the risk score reaches a particular level, the system sends a real-time warning to security experts.