Advanced Persistent Threats (APTs) are a type of cyber-attack that used to mainly target governments and their associated institutions. Nowadays, APTs are growing concern worldwide, since private institutions and businesses have also become targets. These well-funded criminal organizations have become harder to be detected and can cause significant financial and reputational losses to an organization. The words "Advanced" and "Persistent" are clear indicators of the nature of the attacks orchestrated by the APT groups. APT groups use advanced technologies to exploit zero-day vulnerabilities, this allows them to launch targeted attacks over an extended period. If not detected and mitigated in time, APT attacks could steal sensitive information or disrupt critical operations, rather than inflicting immediate damage or destruction. APT attacks are hard to detect and defend against, and that is because attackers often use a variety of tactics and techniques to gain and maintain access to the target system. Security practitioners had to resolve to more advanced and novel techniques to detect ongoing attacks on a network in real-time. It was proven that using machine learning techniques to analyze network traffic and system logs can help identify patterns of attacks associated with APTs. This paper's focus will be on building a baseline model based on users’ day-to-day activities. We will leverage the machine learning capabilities to build an LSTM model that will learn the daily activities of users over the network allowing it to detect any anomalies.