Suspicious Behavior

Description

This threat is generated when a user (or group of users) exhibit general suspicious behavior, specifically patterns of behavior that are outside the normal baseline for the user.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Adversary Tactics, Endpoint Compromise, Malware, IAM Analytics, Account Compromise, Lateral Movement

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

Windows Security
Application Data
Audit Trail
Host-based IDS
Network Communication
Anti-Virus or Anti-Malware
DNS
Web Server
Authentication
IDS or IPS
DLP
Email
Endpoint Detection and Response
Web Proxy