Some use cases may require more context than is included in the original data set
One piece of data, taken in isolation, is rarely sufficient for making critical decisions. Relying exclusively on a singular piece of data without the associated context can easily lead to misunderstandings that result in failing to respond at all, not responding quickly or thoroughly enough, or taking inappropriate or unnecessary action.
Are you being attacked?
To effectively determine whether or not an insider threat exists or if another cybersecurity event is currently taking place, it may be necessary to enrich application event data with additional information regarding the connected user from Active Directory or Oracle. All of this data taken together can precipitate a far more comprehensive understanding of what's actually occurring in your environment, thereby rapidly facilitating the most appropriate response.