Security Operations

OpenText Core Threat Detection and Response

Identify hard-to-detect threats before they can cause damage

Insider threat detection

Stop wasting time on false positives—surface the threats that matter, faster. Empower your SOC with AI-driven detection that learns your environment and spots insider threats others miss.

OpenText™ Core Threat Detection and Response uses patented, self-learning behavioral analytics to detect insider threats, credential misuse, and subtle anomalies that evade rule-based tools. It continuously learns what is normal across users and systems and identifies deviations that signal risk—without manual tuning or added agents. Help your SOC reduce alert fatigue, prioritize response, and detect advanced threats with greater precision.

Why OpenText Core Threat Detection and Response?

Modernize security operations with adaptive AI that reduces alert fatigue, detects insider threats faster, and gives your team time back.

Fewer
false positives with behavioral AI baselining
Detect threats based on deviations from each entity’s normal behavior not generic rules or signatures.
10+
proven innovation patents with over a decade of patented research
Built on 10+ patented AI technologies for advanced behavioral detection and insider threat identification.
80%
red team detection success rate with skilled threat hunters
Boost threat hunter accuracy with context-rich alerts that uncover stealthy attacks and accelerate investigations.

[The OpenText solution] gives us the tools and the peace of mind to know we can protect our customers and employees against malicious intent.

Adam Watson
Head of Security and Infrastructure, Bernicia Homes
Read the customer story

[OpenText] found a previously dormant active GUEST account which had not been locked despite failing hundreds of authentication attempts, all made outside of working hours. It attempted to access a classified server, and our team was able to neutralize the activity before any breach occurred.

Chief Information Security Officer
Large Healthcare Organization
Read the customer story

Use cases

Support SOC analysts, threat hunters, and security leaders with AI-powered detection that learns from your environment. Detect insider threats, reduce alert fatigue, and expose advanced attacks that traditional tools miss.

Identify malicious insiders, negligent behavior, and compromised accounts with self-learning behavioral analytics. Flag abnormal access, privilege misuse, and suspicious data movement—without relying on predefined rules.
Surface the threats that matter with adaptive AI that continuously prioritizes risk based on behavioral context. Let your SOC team stop chasing false alerts and stay focused on real threats.
Go beyond raw logs. Give threat hunters a head start with automatically surfaced behavioral threat indicators, risk-scored anomalies, and plain-language context that guides investigation.
Catch slow-moving, stealthy threats that blend in. Behavior-first detection spots the early signs of advanced attacks—even those without known signatures—before they escalate.

Key features

Modernize your SOC with self-learning behavioral analytics that prioritize real threats, reduce noise, and adapt as your environment evolves.

Behavioral analytics engine

Baselines user and entity behavior continuously to detect abnormal activity like credential misuse, lateral movement, and insider threats—without relying on rules or thresholds.

Unsupervised machine learning

Learns your organization’s “unique normal” with AI that automatically adjusts detection over time, improving precision as users, roles, and risk factors change.

Context-rich alerting

Delivers clear, prioritized alerts that explain what happened and why it matters—so analysts can respond faster without sifting through noise.

Risk-based prioritization

Examines behavioral severity, frequency, and peer comparison to dynamically score and rank threats—guiding attention to what’s truly urgent.

Microsoft ecosystem integration

Ingests telemetry from Microsoft Defender for Endpoint and Entra ID, enriching detection with behavioral analytics that enhance what Microsoft tools already see.

Visual investigation dashboards

Accelerates analyst decision making through fast triage and investigation with intuitive timelines, entity heat maps, and user behavior trends.

Accelerate the value of OpenText Core Threat Detection and Response

Integrations

Expand your security operations capabilities.

Minimize MTTD, MTTR with real-time threat detection and native SOAR

OpenText™ Enterprise Security Manager
Safeguard data, reduce risks, improve compliance, and govern access

Data security
Empower developers with trusted, reimagined application security

Application security testing

Defend against threats with real-time network monitoring and response

OpenText™ Network Detection and Response
Secure your digital assets by confidently managing identities and access

Identity and access management

Professional Services

OpenText Professional Services combines end-to-end solution implementation with comprehensive technology services to help improve systems.

Accelerate your journey to enhanced threat detection

OpenText™ Core Threat Detection and Response Managed Security Services

Partners

OpenText helps customers find the right solution, the right support, and the right outcome.

Search OpenText's Partner directory

Find a Partner
Explore OpenText's Partner solutions catalog

Application Marketplace

Industry-leading organizations that enhance OpenText products and solutions

Strategic Partners

Communities

Explore our OpenText communities. Connect with individuals and companies to get insight and support. Get involved in the discussion.

Explore ideas, join discussions, and network

OpenText community

Premium Support

Optimize the value of your OpenText solution with dedicated experts who provide mission-critical support for your complex IT environment.

Get personalized, one-on-one assistance from technical and strategic

Premium Support

OpenText Core Threat Detection and Response resources

The solution uses unsupervised behavioral analytics to baseline every user and device across Defender for Endpoint and Entra ID telemetry, then flags even slight drift. Peer-group context surfaces malicious, negligent, or compromised insiders early—before privilege abuse or data theft can unfold.
Patented ML pipelines build multi-dimensional behavioral baselines for every entity and update continuously. This adaptive AI uncovers zero-day TTPs and low-noise anomalies missed by signatures, rules, or SIEMs, delivering higher-fidelity detections with almost no tuning.
SaaS onboarding through native Microsoft APIs is agentless and fast. Point to your tenants, backfill 30 days of history, and actionable detections appear within hours. Full behavioral maturity lands after about two weeks, giving SOCs insight long before traditional rule tuning finishes.
Integrated risk scoring suppresses benign anomalies, clusters related indicators, and elevates only high-impact events. The result: up to 90 percent fewer false positives, drastically reduced alert fatigue, and analysts who can focus energy on genuine threats instead of drowning in noise.
Online learning refreshes baselines daily, automatically absorbing role changes, shift rotations, mergers, seasonal peaks, and travel patterns. Detection precision remains tight without rule rewrites, keeping insider-threat coverage accurate as the business and its workforce evolve over time.
Every alert is tagged with ATT&CK tactic, technique, and step; an LLM-generated narrative links precursor activity to follow-on actions. Analysts know their exact kill-chain position, prior context, and recommended next moves, shortening triage and speeding containment.

A new era of advanced threat detection and response has arrived

Read the blog

Can you spot the threat? OpenText Core Threat Detection and Response can

Watch the video

A new era of advanced threat detection and response has arrived

Read the blog

Can you spot the threat? OpenText Core Threat Detection and Response can

Watch the video

Take the next step

Empower your team with AI-native, behavior-driven threat detection designed to help your SOC easily detect insider threats and advanced attacks before they escalate.

Talk to an expert

Aviator AIAviator AI

Analytics CloudAnalytics Cloud

Data Lakehouse & AnalyticsData Lakehouse & Analytics

BI, Visualization & ReportingBI, Visualization & Reporting

eDiscovery with AIeDiscovery with AI

OpenText™ Aviator Search

Business Network CloudBusiness Network Cloud

Supply Chain AutomationSupply Chain Automation

B2B IntegrationB2B Integration

Secure CollaborationSecure Collaboration

Supply Chain TraceabilitySupply Chain Traceability

Supply Chain InsightsSupply Chain Insights

Industry Applications and ServicesIndustry Applications and Services

OpenText™ Business Network Aviator

Content CloudContent Cloud

Document ManagementDocument Management

AI Content ManagementAI Content Management

Capture and Intelligent Document ProcessingCapture and Intelligent Document Processing

Process AutomationProcess Automation

Business IntegrationsBusiness Integrations

Information ArchivingInformation Archiving

Industry SolutionsIndustry Solutions

Information GovernanceInformation Governance

OpenText™ Content Aviator

Cybersecurity CloudCybersecurity Cloud

Application Security TestingApplication Security Testing

Data SecurityData Security

Security OperationsSecurity Operations

Identity and Access ManagementIdentity and Access Management

Digital Forensics and Incident ResponseDigital Forensics and Incident Response

OpenText™ Cybersecurity Aviator

DevOps CloudDevOps Cloud

DevOps PlatformDevOps Platform

Functional TestingFunctional Testing

PPM and Strategic Portfolio ManagementPPM and Strategic Portfolio Management

Quality ManagementQuality Management

Performance EngineeringPerformance Engineering

OpenText™ DevOps Aviator

Experience CloudExperience Cloud

Web & Mobile ExperiencesWeb & Mobile Experiences

Contact Center AnalyticsContact Center Analytics

Messaging & FaxMessaging & Fax

Customer CommunicationsCustomer Communications

Digital Asset ManagementDigital Asset Management

Customer Journey and DataCustomer Journey and Data

OpenText™ Experience Aviator

Observability and Service Management CloudObservability and Service Management Cloud

Service ManagementService Management

ObservabilityObservability

AIOpsAIOps

Automation and Vulnerability RemediationAutomation and Vulnerability Remediation

CMDB and Asset ManagementCMDB and Asset Management

OpenText™ Service Management Aviator

OpenText™ ThrustOpenText™ Thrust

OpenText™ Thrust bundleOpenText™ Thrust bundle

OpenText™ Aviator Thrust

Device and Data ProtectionDevice and Data Protection

Enterprise Data Backup and Disaster Recovery SolutionsEnterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management ToolsUnified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving ComplianceEmail Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document ManagementConnectivity and Document Management

Information reimaginedInformation reimagined

Artificial IntelligenceArtificial Intelligence

IndustryIndustry

Enterprise ApplicationsEnterprise Applications

Your journey to successYour journey to success

Customer SupportCustomer Support

Customer Success ServicesCustomer Success Services

Consulting ServicesConsulting Services

NextGen ServicesNextGen Services

Cloud MigrationCloud Migration

Latest product releasesLatest product releases

Learning ServicesLearning Services

Managed ServicesManaged Services

Find an OpenText PartnerFind an OpenText Partner

Find a Partner SolutionFind a Partner Solution

Grow as a PartnerGrow as a Partner

Become a Partner

Resource libraryResource library

Aviator AI

Analytics Cloud

Data Lakehouse & Analytics

BI, Visualization & Reporting

eDiscovery with AI

Business Network Cloud

Supply Chain Automation

B2B Integration

Secure Collaboration

Supply Chain Traceability

Supply Chain Insights

Industry Applications and Services

Content Cloud

Document Management

AI Content Management

Capture and Intelligent Document Processing

Process Automation

Business Integrations

Information Archiving

Industry Solutions

Information Governance

Cybersecurity Cloud

Application Security Testing

Data Security

Security Operations

Identity and Access Management

Digital Forensics and Incident Response

DevOps Cloud

DevOps Platform

Functional Testing

PPM and Strategic Portfolio Management

Quality Management

Performance Engineering

Experience Cloud

Web & Mobile Experiences

Contact Center Analytics

Messaging & Fax

Customer Communications

Digital Asset Management

Customer Journey and Data

Observability and Service Management Cloud

Service Management

Observability

AIOps

Automation and Vulnerability Remediation

CMDB and Asset Management

OpenText™ Thrust

OpenText™ Thrust bundle

Device and Data Protection

Enterprise Data Backup and Disaster Recovery Solutions

Unified Endpoint Management Tools

Hybrid Work, Email, and Team Collaboration

Email Archiving, E-Discovery, Data Archiving Compliance

Connectivity and Document Management

Information reimagined

Artificial Intelligence

Industry

Enterprise Applications

Your journey to success

Customer Support

Customer Success Services

Consulting Services

NextGen Services

Cloud Migration

Latest product releases

Learning Services

Managed Services

Find an OpenText Partner

Find a Partner Solution

Grow as a Partner

Resource library

Blogs

Events

Communities

Customer stories

OpenText Navigator

Marketplace