Use CasesGet Started with Threat Detection, Investigation, and Response (TDIR) Use Case Packages

Table of Contents

Threat Detection, Investigation, and Response (TDIR) Use Case Packages

A powerful, prescriptive, outcome-based approach to using your Exabeam product.

Threat Detection, Investigation, and Response (TDIR) Use Case Packages is an outcome-based framework for using your Exabeam product. It describes what threat you can detect, investigate, hunt, and respond to using a prescribed end-to-end workflow.

For example, if you use Exabeam to tackle a phishing threat, the Phishing use case defines specific rules and models to help detect anomalous email activity, a Phishing incident type to ensure you gather all necessary phishing-related evidence, specific tasks to investigate a phishing incident, and a Phishing turnkey playbook to quickly analyze and respond to the phishing threat.Phishing Incident TypePhishing Turnkey Playbook

The TDIR Use Case Packages framework integrates expert knowledge and recommendations into every step of the process. You use standardized, repeatable workflows to address a given threat type, so you quickly define your security operations and ensure that you have consistent, effective, and measurable outcomes.

The TDIR Use Case Packages framework organizes threats in a hierarchy so you can break them down from a general type, like Compromised Insiders, to a specific scenario, like pass the hash. There are three use case packages: Compromised Insiders, Malicious Insiders, and External Threats. You can access certain use case packages based on your Exabeam license. To learn more, contact your technical account manager.