Navigation :
Account Compromise with Suspicious Internal Activity
Description
This threat is generated when an account (or multiple accounts) exhibit behavior outside of the normal baseline that indicates a compromise.
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Security Monitoring
Category
Account Compromise
Alert Volume
LowJourney
Stage 6Data Sources
Audit Trail
Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Physical Security
Web Server
DNS
Endpoint Detection and Response
Authentication
Application Data
Windows Security
Network Communication
Email
Web Proxy