Account Compromise

User accounts that display unusual activity, have been detected on the dark web, or that have been targeted by malicious email campaigns may be compromised and require immediate attention.

Operations Dashboard assesses user accounts for any activity that may indicate potential account compromise. If an assessment of an account highlights events with a "High" or "Medium" risk level, the account and risk type information displays in the Account Compromise Indicators table.

The following table outlines the indicators associated with potential account compromise and the related data sources.

Indicator

Description

Data Source

Target

Leaked account

The detection of a user's account on the dark web

  • Azure AD

  • Okta

  • Email Sensor

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Suspicious user activity

Activity that may indicate the malicious intent of a user that purposefully creates anomalous activity

  • Azure AD

  • Okta

  • Email Sensor

  • Trend Micro Vision One Endpoint Sensor

  • Connected Endpoint Product Agent

  • User

Targeted user account

The most at risk user accounts that exhibited high risk anomalous activities or were specifically targeted by malicious email campaigns during the evaluation period

  • Email Sensor

  • User
Parent topic: Risk Index