LetsDefend Monitoring Alert

VPN Connection Detected from Unauthorized Country

Jan, 25, 2024, 01:37 PM

Event ID: 222

Event Time: Jan, 25, 2024, 01:37 PM

Rule Name: SOC257 - VPN Connection Detected from Unauthorized Country

Alert Type: Unauthorized Access

MITRE Technique:
T1110 - Credential Access - Brute Force,
T1586 - Resource Development - Compromise Accounts,
T1111 - Credential Access - Multi-Factor Authentication Interception,
T1204.001 - Execution - User Execution: Malicious Link,
T1588.001 - Resource Development - Obtain Capabilities: Malware,
T1621 - Credential Access - Multi-Factor Authentication Request Generation,

Severity: Medium

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166