A user accessed an uncommon AppID that is rarely accessed by them or anyone else in the organization.
A user accessed an uncommon AppID that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to exfiltrate sensitive data.
Check for any other suspicious activity related to the host and the user involved in the alert.
Synopsis
Description
A user accessed an uncommon external peer-to-peer service that is rarely accessed by them or anyone else in the organization.
Attacker's Goals
A user accessed an uncommon external peer-to-peer service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to exfiltrate sensitive data.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.
Synopsis
Description
A user accessed an uncommon external file-sharing service that is rarely accessed by them or anyone else in the organization.
Attacker's Goals
A user accessed an uncommon external file-sharing service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to exfiltrate sensitive data.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.
Synopsis
Description
A user accessed an uncommon peer-to-peer service that is rarely accessed by them or anyone else in the organization.
Attacker's Goals
A user accessed an uncommon peer-to-peer service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to exfiltrate sensitive data.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.
Synopsis
Description
A user accessed an uncommon file-sharing service that is rarely accessed by them or anyone else in the organization.
Attacker's Goals
A user accessed an uncommon file-sharing service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to exfiltrate sensitive data.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.
Synopsis
Description
A user connected to an unusual VPN service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to hide their online activity.
Attacker's Goals
A user connected to an unusual VPN service that is rarely accessed by them or anyone else in the organization. This may indicate an attempt to hide their online activity.
Investigative actions
Check for any other suspicious activity related to the host and the user involved in the alert.