Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
761
Views
0
Helpful
0
Replies

Related to Dwell Time Query

Ankush Kumar
Level 1
Level 1

‎09-18-2018 04:00 AM - edited ‎03-10-2019 01:05 AM

Hi Gents,

 

I have a query related to Dwell Time calculation in Security IR. Query is lets say one of the user who was on a leave for a week, returned back from holidays and one day while checking the emails, he opened the malicious attachment which result into his system compromise and further data exfiltration.

Now Incident Response Team detected this malicious activity after 5 days from the date of malicious code ran, so the question is what will be the Dwell time here?

 From the time when that malicious email landed to colleague inbox or it will be when colleague opened that attachment and which result into system compromise?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents