Excessive Data Transmission

Description

Triggered when there is more than expected data transfer for a user or device. This anomaly will often be included in a data exfiltration attempt.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat

Category

Data Exfiltration, Insider Threat, Zero Trust

Alert Volume

Medium

Journey

Stage 6

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Alternative Protocol
Exfiltration Over C2 Channel

MITRE Threat Groups

APT3
APT32
Frankenstein
Gamaredon Group
Ke3chang
Kimsuky
Lazarus Group
MuddyWater
Sandworm Team
Soft Cell
Stealth Falcon
Wizard Spider

Data Sources

Network Communication