Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Account Compromise


The Account Compromise Detector identifies an account that exhibits signs of being taken over by a threat actor. The detector combines multiple entities related to user login and post-login behavior to deliver a more comprehensive view of account behavior and produce more true positives. If multiple suspicious actions are seen, it is more likely that the account is being used by a threat actor. Entities are provided to the Account Compromise Detector by other Taegis™ XDR detectors including Password Spray and Kerberoasting.

Account Compromise Alert

Account Compromise Alert


Auth, by way of detections from input detectors.


Detections from the following sources:


Alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard


MITRE Enterprise ATT&CK - Defense Evasion, Persistence, Privilege Escalation, Initial Access - Valid Accounts. For more information, see MITRE Technique T1078.

Configuration Options



On this page: