Multiple Box operations

Description

Triggered by a high volume of box operations by user. The number of operations is compared to the enterprise average.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring, Compliance

Category

Account Compromise

Alert Volume

High (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Collection

MITRE ATT&CK Techniques

Collection

Data Sources

Audit Trail