Unusually Long VPN Session

Description

Triggered when a VPN session extends past the normal time period. This time period is determined by both the user's individual baseline as well as the enterprise average.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Account Compromise, Data Exfiltration, Lateral Movement, Zero Trust

Alert Volume

Low

Journey

Stage 4

MITRE ATT&CK Tactics

Exfiltration
Persistence

MITRE ATT&CK Techniques

Exfiltration Over Alternative Protocol
Redundant Access

Data Sources

Network Communication