External Alarm Activity

Description

This is a generic catch all anomaly that can hold alarms generated by 3rd party systems like firewall, IDS/IPS, Enterprise Security, etc.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Endpoint Compromise, Network Attack

Alert Volume

Medium

Journey

Stage 4

Data Sources

IDS or IPS
DLP
Anti-Virus or Anti-Malware
Host-based IDS