Which term describes analysis based on user behavior patterns?

Analyzing based on how users behave is about watching patterns in user activity and spotting deviations from normal behavior. This approach is known as Behavioral Intelligence (often used interchangeably with User Behavior Analytics). It builds a baseline of typical actions for each user or role and then flags unusual patterns that could indicate a compromised account, insider threats, or targeted misuse. By focusing on behavior rather than specific files or known threat signatures, it can detect novel or zero-day tactics that might slip past traditional signature-based defenses. Indicators of Attack describe concrete attacker techniques and steps observed during an intrusion, not the overall pattern of user behavior. Indicators of Compromise are artifacts left behind after an intrusion, such as IP addresses or file hashes. XDR capabilities refer to a broad set of detection and response functions across multiple security layers, not specifically the analysis of user behavior patterns.