New User
Monitors for new user account creation and suspicious account activities that may indicate unauthorized access or privilege escalation attempts.
Fluency's AI monitors user account creation and modification events to detect suspicious patterns that may indicate account compromise or unauthorized access. The system analyzes account privileges, creation timing, and associated activities to identify potential threats.
AI Analysis vs Splunk SPL-Based Detection
See how advanced AI-driven security analysis compares to traditional SPL-based detection in key areas of context, logic, and output quality.
| Feature / Capability | AI Analysis | Splunk SPL-Based Detection |
|---|---|---|
| IP to location logic | Accurate with human-readable locations (Barcelona → Opfikon) and real-world travel distance | Based on iplocation, sometimes inaccurate or outdated; no city-to-city distance context |
| Device context awareness | The AI recognize the second IP is from a known AVD endpoint, and distinguish cloud-hosted vs. personal device | SPL treats IPs as flat values; doesn’t infer context from device names unless explicitly encoded in a lookup |
| User role logic | Knows the user is a subcontractor marked ONLY REMOTE, making virtual desktop infrastructure login expected. | SPL cannot infer or evaluate user roles without joining external HR or identity data. |
| Session analysis | The AI considered whether logins belong to the same session or different contexts (VDI vs. local) | SPL can’t link session context unless it’s engineered manually (e.g., through token IDs, session IDs) |
| False positive suppression logic | Advises suppression based on trusted IP/device combinations, remote work patterns, and device type | Requires custom correlation searches, lookups, or external context ingestion |
| ML signal interpretation | Distinguishes why the alert triggered (ML_NEW_USER, ML_NEW_GEO_ISP) and de-risks based on identity validation | SPL will just flag those risks; human/AI interpretation must be layered on top |
| Analyst judgment | Emulates how a human SOC analyst would reason through intent, identity, and environment | SPL doesn’t support nuanced intent modeling without external logic or ML/UEBA tooling |
| Output quality | Clear, contextual, explainable narrative with defensive recommendations | SPL produces tabular alerts and risk scores; lacks explanation without additional dashboards or notes |