Account Compromise with Suspicious Internal Activity

Description

This threat is generated when an account (or multiple accounts) exhibit behavior outside of the normal baseline that indicates a compromise.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise

Alert Volume

Low

Journey

Stage 6

Data Sources

Audit Trail
Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Physical Security
Web Server
DNS
Endpoint Detection and Response
Authentication
Application Data
Windows Security
Network Communication
Email
Web Proxy