- Threat Detection, Investigation, and Response (TDIR) Use Case Categories
- Threat Detection, Investigation, and Response (TDIR) Use Case Categories Hierarchy
- Compromised Insiders Use Case Category
- External Threats Use Case Category
- Malicious Insiders Use Case Category
PrevNext
Scenarios
A scenario is a high-value detection insight within a use case.
A scenario typically describes an Indicator of Compromise (IOC) or a method an attacker uses to create the threat the use case describes.
In the Threat Detection, Investigation, and Response (TDIR) Use Case Categories hierarchy, each scenario falls under a specific use case. For example, the Lateral Movement use case contains the Abnormal Network Connections, Abnormal Remote Access, Pass the Hash, and Pass the Ticket scenarios.
Not all use cases contain scenarios; for example, the External Threats use cases don't have scenarios.