- Threat Detection, Investigation, and Response (TDIR) Use Case Categories
- Threat Detection, Investigation, and Response (TDIR) Use Case Categories Hierarchy
- Compromised Insiders Use Case Category
- External Threats Use Case Category
- Malicious Insiders Use Case Category
PrevNext
Service Account Abuse Scenario
Learn about the Privilege Abuse Service Account Abuse scenario.
The Service Account Abuse scenario describes when a service account does something unusual or authenticates to an asset using the local user account or domain account, also known as an interactive login. These activities suggest that an insider is disguising their malicious activity using a service account. Service accounts are valuable to malicious insiders because they often have privileged access to critical business entities.
In the Threat Detection, Investigation, and Response (TDIR) Use Case Categories hierarchy, the Service Account Abuse scenario falls under the Privilege Abuse use case.