Skip to main content

Use CasesGet Started with Threat Detection, Investigation, and Response (TDIR) Use Case Categories

Scenarios

A scenario is a high-value detection insight within a use case.

A scenario typically describes an Indicator of Compromise (IOC) or a method an attacker uses to create the threat the use case describes.

In the Threat Detection, Investigation, and Response (TDIR) Use Case Categories hierarchy, each scenario falls under a specific use case. For example, the Lateral Movement use case contains the Abnormal Network Connections, Abnormal Remote Access, Pass the Hash, and Pass the Ticket scenarios.

Not all use cases contain scenarios; for example, the External Threats use cases don't have scenarios.