Suspicious Activity After Intrusion

Description

Threat is generated when a user or device exhibits suspicious behavior after an intrusion.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Adversary Tactics, Endpoint Compromise, Malware

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

Windows Security
Application Data
Audit Trail
Network Communication
DNS
Web Server
Authentication
DLP
Email
Endpoint Detection and Response
Web Proxy