Use CasesGet Started with Threat Detection, Investigation, and Response (TDIR) Use Case Packages

Compromised Insiders Use Case Package

The Compromised Insiders use case package categorizes all use cases related to compromised insiders.

The Compromised Insiders use case package is a top-level classification that groups all use cases in which someone outside your organization exploits credentials to steal data or sabotage your operations.

Compromised Insiders use cases include:

  • Compromised Credentials

  • Lateral Movement DOCUMENTATION COMING SOON

  • Privilege Escalation DOCUMENTATION COMING SOON

  • Privileged Activity DOCUMENTATION COMING SOON

  • Account Manipulation DOCUMENTATION COMING SOON

  • Data Exfiltration DOCUMENTATION COMING SOON

  • Evasion DOCUMENTATION COMING SOON

Compromised Credentials Use Case

Learn about the Compromised Credentials use case and what Exabeam functionalities are aligned to solve it.

The Compromised Credentials use case describes when an attacker disguises as a valid user with legitimate access and uses stolen credentials to access your system.

In the Threat Detection, Investigation, and Response (TDIR) Use Case Packages hierarchy, the Compromised Credentials use case is categorized under the Compromised Insiders use case package. It contains specific scenarios, including:

  • Abnormal Application Access

  • Abnormal Authentication and Access

  • Abnormal Database Access

  • Abnormal File Access

  • Abnormal VPN Access

  • Abnormal Web Access

  • Compromised Asset

  • Compromised Service Account

  • Credential Theft

In Case Manager, use the out-of-the-box Compromised Credentials incident type to standardize incident fields, phases, and tasks for compromised credentials incidents.Compromised Credentials Incident TypeIncident FieldsExabeam PhasesExabeam Tasks

View more information what compromised credentials are and how it happens on the Exabeam Community.

Abnormal Application Access Scenario

Learn about the Compromised Credentials Abnormal Application Access scenario.

The Abnormal Application Access scenario describes when an attacker compromises valid credentials and accesses an application. You can often identify this scenario when someone's application access and interaction patterns change.

In the Threat Detection, Investigation, and Response (TDIR) Use Case Packages hierarchy, the Abnormal Application Access scenario falls under the Compromised Credentials use case.