Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Analytics |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
A machine account performed an interactive or remote interactive login.
Attacker's Goals
Use an account that has access to resources to move laterally in the network and access privileged resources.
Investigative actions
- See whether the login was successful.
- Check whether the account has done any administrative actions it should not usually do.
- Look for more logins and authentications by the account throughout the network.