About Microsoft Advaned Threat Analytics Description

Betül Uyanık 1 Reputation point

Hello team,
There is a guide in Microsoft Advanced Threat Analytics where we can get detailed information about suspicious activities (see https://learn.microsoft.com/en-us/advanced-threat-analytics/suspicious-activity-guide).

However, is there a more detailed guide available or can you explain what the following descriptions mean?

Performed a login from xxx abnormal workstations. ->
Requested access to xxx abnormal resources. ->
Performed a login from xxx abnormal servers. ->
xxx has uncharacteristically modified sensitive group memberships. ->
xxx's Kerberos tickets were stolen from xxx to xxx and used to access xxx. ->


Microsoft Configuration Manager
0 comments No comments
{count} votes