Atypical Travel (1a41023f-1e70-4026-921a-4d9341a9038e)
Identifies two sign-ins originating from geographically distant locations, where at least one of the locations may also be atypical for the user, given past behavior.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) | Attack Pattern | Atypical Travel (1a41023f-1e70-4026-921a-4d9341a9038e) | Sigma-Rules | 1 |