Compromised Account

Description

This is a threat that looks for login anomalies such as a land speed violation followed by malicious activity like unusual machine access or unusual access time.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise

Alert Volume

High

Journey

Stage 4

Data Sources

Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Authentication
Windows Security
Network Communication
Audit Trail