Impossible traveler - SSO

Description

A user connected from multiple remote countries in a short period of time, which should normally be impossible. This may indicate the account is compromised.

Attacker's Goals

Gain user-account credentials.

Investigative Actions

Check if the user routed their traffic via a VPN, or shared their credentials with a remote employee.

Recommended For You