Synopsis
Activation Period |
14 Days |
Training Period |
30 Days |
Test Period |
N/A (single event) |
Deduplication Period |
2 Days |
Required Data |
|
Detection Modules |
|
Detector Tags |
|
ATT&CK Tactic |
|
ATT&CK Technique |
|
Severity |
Low |
Description
A suspicious local network login was observed, which might indicate on Kerberos relay attack. This attack can lead to privilege escalation by obtaining system privileges on the target.
Attacker's Goals
An attacker is attempting to elevate its privileges on the machine.
Investigative actions
- Check for any other suspicious activity related to the host involved in the alert.
- Look for a new machine that was added to the domain.