Exfiltration after Infection

Description

This threat is generated when a device exhibits behavior outside of the normal baseline that indicates a compromise. It further differentiates itself by including data exfiltration associated with that device.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise, Data Exfiltration, Malware

Alert Volume

Low

Journey

Stage 6

Data Sources

DLP
Physical Security
Web Server
Endpoint Detection and Response
Authentication
Application Data
Windows Security
Network Communication
Email
Web Proxy