Activity from Infrequent Country (0f2468a2-5055-4212-a368-7321198ee706)
Detects when a Microsoft Cloud App Security reported when an activity occurs from a location that wasn't recently or never visited by any user in the organization.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Activity from Infrequent Country (0f2468a2-5055-4212-a368-7321198ee706) | Sigma-Rules | Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) | Attack Pattern | 1 |