🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Account Compromise

detectors


The Account Compromise Detector identifies an account that exhibits signs of being taken over by a threat actor. The detector combines multiple entities related to user login and post-login behavior to deliver a more comprehensive view of account behavior and produce more true positives. If multiple suspicious actions are seen, it is more likely that the account is being used by a threat actor. Entities are provided to the Account Compromise Detector by other Taegis™ XDR detectors including Password Spray and Kerberoasting.

Account Compromise Alert

Account Compromise Alert

Schema

Auth, by way of detections from input detectors.

Inputs

Detections from the following sources:

Outputs

Alerts pushed to the Secureworks® Taegis™ XDR Alert Database and Secureworks® Taegis™ XDR Dashboard

MITRE ATT&CK Category

MITRE Enterprise ATT&CK - Defense Evasion, Persistence, Privilege Escalation, Initial Access - Valid Accounts. For more information, see MITRE Technique T1078.

Configuration Options

None

 

On this page: