Unusual USB Activity

Description

This anomaly contains a number of detection methods surrounding USB usage in the enterprise.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Data Exfiltration, Unauthorized Software, Zero Trust

Alert Volume

Low

Journey

Stage 4

MITRE ATT&CK Tactics

Exfiltration
Initial Access

MITRE ATT&CK Techniques

Exfiltration Over Physical Medium
Replication Through Removable Media
Hardware Additions

MITRE Threat Groups

APT28
DarkVishnya
Darkhotel
Tropic Trooper

Data Sources

Endpoint Detection and Response