Unusually Long VPN Session

Description

Triggered when a VPN session extends past the normal time period. This time period is determined by both the user's individual baseline as well as the enterprise average.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Lateral Movement, Account Compromise, Data Exfiltration

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Exfiltration
Persistence

MITRE ATT&CK Techniques

Exfiltration Over Alternative Protocol
Redundant Access

Data Sources

Network Communication