Unusual External Alarm

Description

This is a catch all anomaly for any external alarm that is created by a third party system (e.g., IDS, IPS, DLP, NGFW). These anomalies are useful for increasing the users risk profile and add context to threats inside of UBA.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Endpoint Compromise, Network Attack

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

DLP
Host-based IDS
IDS or IPS
Anti-Virus or Anti-Malware