...
| Expand | ||
|---|---|---|
| ||
Detects attempts to access credential material stored in the process memory of the Local Security Authority Subsystem Service (LSASS). Source table → |
| Expand | ||
|---|---|---|
| ||
This policy is automatically enabled to alert you when anomalous behavior is detected in discovered users, IP addresses, and services, such as large amounts of uploaded data compared to other users, and large service transactions compared to the service's history. Source table → |