Suspicious External Alarm Activity

Description

This threat is a catch all threat that contains external alarms from third party tools (e.g., IDS, IPS, DLP).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Account Compromise, Adversary Tactics, Endpoint Compromise, IAM Analytics, Lateral Movement, Malware

Alert Volume

Low

Journey

Stage 6

Data Sources

IDS or IPS
DLP
Anti-Virus or Anti-Malware
Host-based IDS