![]() ![]() ![]() ![]() Recommended action: Suspend the user, mark the user as compromised, and reset their password.ī-TP: If a user is known to use anonymous IP addresses in the scope of their duties. TP: If you're able to confirm that the activity was performed from an anonymous or TOR IP address. This detection uses a machine learning algorithm that reduces B-TP incidents, such as mis-tagged IP addresses that are widely used by users in the organization. These proxies can be used to hide a device's IP address and may be used for malicious activities. Activity from anonymous IP addressĪctivity from an IP address that has been identified as an anonymous proxy IP address by Microsoft Threat Intelligence or by your organization. This section describes alerts indicating that a malicious actor may be attempting to gain an initial foothold into your organization. For example, review the following user device information and compare with known device information: Review all user activity for other indicators of compromise and explore the source and scope of impact.If you identify a TP, review all the user's activities to gain an understanding of the impact. ![]() This will help you identify which users in your organization pose the greatest risk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |