Remote Account Takeover

Description

This threat is generated when a user (or group of users) exhibit behavior that indicates their account has been compromised or taken over by a remote adversary.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise, IAM Analytics

Alert Volume

Low

Journey

Stage 6

Data Sources

Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Physical Security
Authentication
Windows Security
Network Communication
Email
Audit Trail