Navigation :
External Alarm Activity
Description
This is a generic catch all anomaly that can hold alarms generated by 3rd party systems like firewall, IDS/IPS, Enterprise Security, etc.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Security Monitoring, Insider Threat
Category
Endpoint Compromise, Network Attack
Alert Volume
Medium
(?)SPL Difficulty
None
Journey
Stage 4
Data Sources
DLP
Host-based IDS
IDS or IPS
Anti-Virus or Anti-Malware