Lateral Movement : Network Zone Activity

The Lateral Movement : Network Zone Activity model determines if a user's network zone is significantly different from the user's defined group.

Enable the Lateral Movement : Network Zone Activity model to determine if a user's network zone is significantly different from the user's defined group. If the user's activity is significantly different from the user's defined group, it is deemed suspicious and a Sense Event is generated to increase the user's risk score.

Event name (new activity)

UBA : First time access to network zone

Event Name (activity deviation)

UBA : Unusual network zone access

sensevalue

5

Required configuration

Configure the Network Hierarchy to help with the accuracy of determining network zones.

Log source types

All events that have a defined username and local destination IP.