Exfiltration after Account Compromise

Description

This threat is generated when an account (or multiple accounts) exhibit behavior outside of the normal baseline that indicates a compromise. It further differentiates itself by including data exfiltration associated with that account.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Data Exfiltration, Account Compromise

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

Windows Security
Application Data
Network Communication
Web Server
Authentication
DLP
Email
Endpoint Detection and Response
Web Proxy