Techniques
Sample rules
Unusual Hour for a User to Logon
- source: elastic
- technicques:
- T1078
Description
A machine learning job detected a user logging in at a time of day that is unusual for the user. This can be due to credentialed access via a compromised account when the user and the threat actor are in different time zones. In addition, unauthorized user activity often takes place during non-business hours.
Detection logic