Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
12 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A user was observed visiting multiple domains for personal reasons. Time theft happens when an employee is paid to work but did not actually work during that time. It might affect your business as it reduces the employee's efficiency.
Attacker's Goals
A user may utilize work time for personal reasons.
Investigative actions
- Investigate the domains accessed and how popular they are in the organization.
- Verify that the user is not part of a department that visits these websites as part of daily their operations.