USB storage attached an unusually high number of times

Description

Triggered when the number of physical USB attach and detach actions exceed the idividual's historical baseline.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Insider Threat, Data Exfiltration

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Physical Medium

Data Sources

Endpoint Detection and Response