High Volume Email Activity to Non-corporate Domains by User

Description

Alerts on high volume email activity by a user to non-corporate domains.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat

Category

Endpoint Compromise, Data Exfiltration, Insider Threat

Alert Volume

Alerts on high volume email activity by a user to non-corporate domains.

SPL Difficulty

Advanced

Journey

Stage 3

MITRE ATT&CK Tactics

Exfiltration

MITRE ATT&CK Techniques

Exfiltration

Data Sources

Email