Suspicious Behavior

Description

This threat is generated when a user (or group of users) exhibit general suspicious behavior, specifically patterns of behavior that are outside the normal baseline for the user.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring

Category

Account Compromise, Adversary Tactics, Endpoint Compromise, IAM Analytics, Lateral Movement, Malware

Alert Volume

Medium

Journey

Stage 6

Data Sources

Audit Trail
Anti-Virus or Anti-Malware
IDS or IPS
DLP
Host-based IDS
Web Server
DNS
Endpoint Detection and Response
Authentication
Application Data
Windows Security
Network Communication
Email
Web Proxy