Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
1 Hour |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user accessed an abnormal number of remote shared folders. This might indicate an attempt to collect data before exfiltration.
Attacker's Goals
Collect valuable data about the organization for exfiltration purposes.
Investigative actions
- Check for other suspicious activity made by the user at the time of the event.
- Inspect the shared folder and verify if the user should have accessed to that folder.
- Go over the list of files and check if such user should have access to those files.