Suspicious Network Exploration

Description

Triggered when a user accesses a number of systems and that number increases systematically over time. This is a lead indicator of a possible lateral movement threat.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat, Security Monitoring

Category

Lateral Movement, Insider Threat, Account Compromise

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Initial Access
Lateral Movement

MITRE ATT&CK Techniques

Valid Accounts
Lateral Movement
Remote Services
Ingress Tool Transfer

MITRE Threat Groups

APT-C-36
APT18
APT28
APT3
APT32
APT33
APT37
APT38
APT39
APT41
BRONZE BUTLER
Carbanak
Chimera
Cobalt Group
Dragonfly 2.0
Elderwood
FIN10
FIN4
FIN5
FIN6
FIN7
FIN8
Frankenstein
Gamaredon Group
Gorgon Group
Lazarus Group
Leviathan
Magic Hound
Molerats
MuddyWater
Night Dragon
OilRig
PLATINUM
Patchwork
PittyTiger
Rancor
Rocke
Sandworm Team
Sharpshooter
Silence
Soft Cell
Suckfly
TA505
TEMP.Veles
Threat Group-3390
Tropic Trooper
Turla
WIRTE
Whitefly
Wizard Spider
menuPass

Data Sources

Windows Security
Authentication