Unusual USB Device Plugged In

Description

Triggered when a user uses a USB device (plugging into a computer) for the first time. This anomaly is based on the user's historical information.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Insider Threat, Data Exfiltration, Malware

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Lateral Movement
Exfiltration

MITRE ATT&CK Techniques

Replication Through Removable Media
Exfiltration Over Physical Medium

MITRE Threat Groups

APT28
Darkhotel
Tropic Trooper

Data Sources

Endpoint Detection and Response