LoFP
/
t1586
t1586
Title
Tags
a user with successful authentication events from different ips may also represent the legitimate use of more than one device. filter as needed and/or customize the threshold to fit your environment.
t1110.001
T1110.003
T1535
t1586
azure tenant
aws account
splunk
access attempts to non-existent repositories or due to outdated plugins. usually \"anonymous\" user is reported in the \"author.name\" field in most cases.
t1586
bitbucket
sigma
if an end-user incorrectly identifies normal activity as suspicious.
t1586
t1586.003
okta
sigma
LoFP
/
t1586