Compromised Account

Description

This is a threat that looks for login anomalies such as a land speed violation followed by malicious activity like unusual machine access or unusual access time.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise

Alert Volume

High (?)

SPL Difficulty

None

Journey

Stage 4

Data Sources

Windows Security
Host-based IDS
Audit Trail
Network Communication
Anti-Virus or Anti-Malware
IDS or IPS
Authentication
DLP