0 Replies Latest reply on Mar 30, 2016 5:54 PM by jonarmani

    Dashboard for anomalous user login activity?


      I'm trying to figure out a way to detect if some user suddenly logs onto 100 unique hosts in a short period, successful or otherwise, when that user typically only logs onto 5 unique hosts in a day.


      I know there is a deviation component for rules and dashboards, but with 6,000+ users I can't find a meaningful way to visualize user accounts that may be getting abused for lateral movement.