Navigation :
USB storage attached an unusually high number of times
Description
Triggered when the number of physical USB attach and detach actions exceed the idividual's historical baseline.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Insider Threat, Security Monitoring
Category
Data Exfiltration, Insider Threat,
Zero TrustAlert Volume
LowJourney
Stage 3MITRE ATT&CK Tactics
Exfiltration
MITRE ATT&CK Techniques
Exfiltration Over Physical Medium
Data Sources
Endpoint Detection and Response