Network intrusion detection systems that are based on statistical User Behaviour Analytics play a fundamental role in the identification of anomalous agents such as malicious insiders, misused accounts, and users with compromised credentials. To this extent, there have been significant results in detecting anomalies from learned user behavior models via non-negative Poisson matrix factorization. We expand upon previous work in this project by exploiting the higher dimensional and sparse problems created by the user authentication data. An integrated multidimensional anomaly scoring method based on tensors and Poisson recommender systems is proposed. In our experiments, we build a higher-order model that can detect the accounts compromised by red-team during penetration testing activities at a large organization.