Unusual Windows Security Event (Unusual - Event Code, Process, Directory, LoginType, ReturnCode, Domain)
This is a catch all anomaly for unusal Windows Security Events. This can contain things like: rare process, rare resource, or even a rare process name for a given process. This anomaly is based on user baseline and enterprise baseline.
This content is not mapped to any local saved search. Add mapping