Excessive Downloads via VPN

Description

This is a subset of the Excessive Data Transmission anomaly that looks only at volume of downloaded data while on VPN.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Insider Threat, Data Exfiltration, Account Compromise

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 3

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration Over Other Network Medium

Data Sources

Network Communication