Excessive Data Transmission

Excessive Data Transmission

Description

Triggered when there is more than expected data transfer for a user or device. This anomaly will often be included in a data exfiltration attempt.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat

Category

Data Exfiltration, Insider Threat, Zero Trust

Alert Volume

Medium

Data Availability

Bad

Journey

Stage 6

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Alternative Protocol
Exfiltration Over C2 Channel

MITRE Threat Groups

Lazarus Group
APT3
Kimsuky
MuddyWater
APT32
Stealth Falcon
Gamaredon Group
Frankenstein
Sandworm Team
Wizard Spider
Soft Cell
Ke3chang

Data Sources

Network Communication