Suspicious New Access

Description

Triggered when a user accesses a box resource for the first time. This anomaly is based on an individual user's baseline.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise, Lateral Movement, IAM Analytics

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 6

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Other Network Medium

Data Sources

Audit Trail