Inactive Account Activity Detected

Description

Discovers previously inactive accounts that are now being used. This may be due to an attacker that successfully gained access to an account that was no longer being used.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Insider Threat, Security Monitoring

Category

Insider Threat

Alert Volume

Discovers previously inactive accounts that are now being used. This may be due to an attacker that successfully gained access to an account that was no longer being used.

SPL Difficulty

Advanced

Journey

Stage 4

MITRE ATT&CK Tactics

Initial Access

MITRE ATT&CK Techniques

Valid Accounts

MITRE Threat Groups

APT18
APT28
APT33
APT39
APT41
Carbanak
Chimera
Dragonfly 2.0
FIN10
FIN4
FIN5
FIN6
FIN8
Leviathan
Night Dragon
OilRig
PittyTiger
Sandworm Team
Silence
Soft Cell
Suckfly
TEMP.Veles
Threat Group-3390
Wizard Spider
menuPass

Data Sources

Authentication