Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
3 Hours |
Deduplication Period |
1 Day |
Required Data |
|
Detection Modules |
Identity Threat Module |
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Informational |
Description
Multiple archive files were created by a user. This might indicate an attempt to stage data before exfiltration.
Attacker's Goals
Stage data on an endpoint in the organization.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.