We have recently implemented a Insider Risk Policy for Data Leaks by Departing employee. The volume alert has been manageable for the past two weeks and we are looking into onboarding other use cases. I am just looking to see if there are someone who can share what other use cases are deployed by other organizations.
you can make use of smart alerts for system admins on risky user behavior. From there as a system admins you could proactively be shown alerts and insights of risky user behavior without having to first implement specific policies, then you can steer your policies for specific alerts you are interested in. "Smart alerts are out-of-the-box alerts/insights for admins that are system generated and surface the top risks admins can triage as a priority. These are intelligent alerts that leverage various signals including user activity, source and target domains, across workloads and then combine them within and across solutions to flag high risk detections to system admins. They are not dependent on policies, and admins can benefit from these detections even if they don’t have policies in place."