The Dtex User Threat Platform complements SIEM systems to produce a consolidated and transparent view of user activity. SIEM systems consolidate a substantial volume of data from logs – which can result in an over-whelming number of events. By contrast, Dtex uses analytics to pinpoint the most relevant events. In addition, SIEM systems – while sophisticated in their capability to collect, integrate and analyze data from multiple disparate sources – do not necessarily have visibility into user activities on endpoint devices. Using the example of a real-world data exfiltration attack, this paper illustrates the difference between data from SIEM systems and the data that Dtex's collects.