Lateral Movement : Network Zone Activity
The Lateral Movement : Network Zone Activity model determines if a user's network zone is significantly different from the user's defined group.
Enable the Lateral Movement : Network Zone Activity model to determine if a user's network zone is significantly different from the user's defined group. If the user's activity is significantly different from the user's defined group, it is deemed suspicious and a Sense Event is generated to increase the user's risk score.
Event name (new activity)
UBA : First time access to network zone
Event Name (activity deviation)
UBA : Unusual network zone access
sensevalue
5
Required configuration
Configure the Network Hierarchy to help with the accuracy of determining network zones.
Log source types
All events that have a defined username and local destination IP.