Download from Internal Server

Description

Triggered off of accounting information from firewall data (bytes in/out) to determine an unusually high volume of downloaded data per user from UBA defined internal servers.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Account Compromise, Insider Threat

Alert Volume

Low

Journey

Stage 4

MITRE ATT&CK Tactics

Collection

MITRE ATT&CK Techniques

Data from Network Shared Drive
Data from Information Repositories

MITRE Threat Groups

BRONZE BUTLER
FIN6
Gamaredon Group
Sowbug
Turla
menuPass

Data Sources

Network Communication