Network events are a unique detection event that displays the links between shared identifiers, compromised accounts, and fake accounts. You can detect and analyze Network events in Account Defender to easily understand the relationships between affected accounts and events, particularly for large-scale abuse. By taking advantage of Network events, you can observe patterns in complex attacks, which lets you take action for your organization faster.
For Network events to appear, you must set up a Network event policy rule in Account Defender > Policies. Once the rule is triggered, it will appear in your Account Defender Dashboard.
To view a Network event, navigate to Account Defender > Dashboard and select a Network-type event. If you do not update or resolve any of the accounts in the Network, then it will be automatically archived in 14 days. Otherwise, Networks are archived 30 days after they are created.
You can filter by Event Type > Network to quickly find the right event.
From a Network event’s Investigation page, you can use the following panels to learn more about the event and take appropriate action:
The Network Attack panel lists a brief summary about the attack.
You can also select Open control panel to view each affected account by different identifiers.
The Linked Attacks by Network panel displays the relationships between the network type identifier (for example, a VID) and accounts affected by the event. From here, you can learn how networks of accounts are connected to each other to create a large-scale event. You can also see a breakdown of the types of identifiers involved.
The Activities Log is a full activity record for the network event. You can customize the display by choosing different table columns and filtering your results.