According to a survey, 25% of internal security incidents are attributed to information disclosure. Attackers, merely through information disclosure, without needing to resort to measures with obvious patterns, like password cracking, can further acquire sensitive information about users and enterprises. It should be noted that this kind of attack method has a high degree of anonymity, rendering pattern-based network traffic analysis and terminal security log analysis fruitless. Combining user entity behavior analysis (UEBA) with dissection of network traffic logs and terminal security logs, we can identify abnormal behaviors, associate the behaviors with attack alerts, and present readable threat event analysis, offering users a new approach to discovering stealthy threats.