Navigation :
USB storage attached an unusually high number of times
Description
Triggered when the number of physical USB attach and detach actions exceed the idividual's historical baseline.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Insider Threat, Security Monitoring
Category
Insider Threat, Data Exfiltration
Alert Volume
Low
(?)SPL Difficulty
None
Journey
Stage 3
MITRE ATT&CK Tactics
Exfiltration
MITRE ATT&CK Techniques
Exfiltration Over Physical Medium
Data Sources
Endpoint Detection and Response