Navigation :
Suspicious External Alarm Activity
Description
This threat is a catch all threat that contains external alarms from third party tools (e.g., IDS, IPS, DLP).
Content Mapping
This content is not mapped to any local saved search. Add mapping
Use Case
Advanced Threat Detection, Security Monitoring, Insider Threat
Category
Adversary Tactics, Endpoint Compromise, Malware, IAM Analytics, Account Compromise, Lateral Movement
Alert Volume
Low
(?)SPL Difficulty
None
Journey
Stage 6
Data Sources
DLP
Host-based IDS
IDS or IPS
Anti-Virus or Anti-Malware