Suspicious External Alarm Activity

Description

This threat is a catch all threat that contains external alarms from third party tools (e.g., IDS, IPS, DLP).

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Security Monitoring, Insider Threat

Category

Adversary Tactics, Endpoint Compromise, Malware, IAM Analytics, Account Compromise, Lateral Movement

Alert Volume

Low (?)

SPL Difficulty

None

Journey

Stage 6

Data Sources

DLP
Host-based IDS
IDS or IPS
Anti-Virus or Anti-Malware