Data Exfiltration by suspicious user or device

Description

This threat is generated when an account or device exhibits behavior outside of the normal baseline. It further includes data exfiltration activity associated with that account.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise, Data Exfiltration

Alert Volume

Low

Journey

Stage 6

Data Sources

Audit Trail
Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Endpoint Detection and Response
Authentication
Application Data
Windows Security
Network Communication
Email
Web Proxy