Malware

Description

This threat is generated when a device exhibits behavior that could be attributed to malware. Examples of indicators of malware are beaconing, suspicous data movement, and unusual VPN access.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Adversary Tactics, Endpoint Compromise, Malware

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

Windows Security
Host-based IDS
Network Communication
Anti-Virus or Anti-Malware
IDS or IPS
Authentication
DLP
Email
Endpoint Detection and Response
Web Proxy