OpenUBA
OpenUBA is an open source User and Entity Behavior Analytics (UEBA) framework designed for security analytics. It helps data scientists and security analysts detect anomalous behavior across users and entities by providing a flexible platform for building, testing, and deploying behavioral models and rules. The framework features a model library, a rule canvas for creating detection logic, a model execution sandbox for safe testing, and a workspace SDK for custom development. It leverages technologies such as FastAPI, Next.js, PostgreSQL, Apache Spark, and Elasticsearch, and is built with Docker and Kubernetes support for scalable deployment. OpenUBA is aimed at cybersecurity teams seeking a lightweight, extensible solution for threat detection, insider threat monitoring, and behavioral baselining in enterprise environments. It is currently in beta and welcomes community contributions.