USB storage attached an unusually high number of times

Description

Triggered when the number of physical USB attach and detach actions exceed the idividual's historical baseline.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Data Exfiltration, Insider Threat, Zero Trust

Alert Volume

Low

Journey

Stage 3

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Physical Medium

Data Sources

Endpoint Detection and Response