Skip to main content
McAfee Enterprise MVISION Cloud

Anomalous Access Location Workflow

Anomalous Access Locations are indicative of potentially compromised accounts or insider threats. This anomaly is detected when a user registers activity from an IP Address, Geographic Location or an Organization which is suspicious, block listed, or a competitor. In addition to detecting this with MVISION Cloud's block lists and UEBA, you can add competitor names, known bad IP addresses, and geographic locations to provide supervised learning.

That's where the filters are important. By fine tuning each filter, you can remove expected network activity noise and have MVISION Cloud focus attention on truly anomalous events. 

To begin using Anomalous Access Locations, your policy manager or security team just needs to take a look at how the filters are enabled.

Step 1: View Anomalous Access Locations

Step 2: Baseline Anomalous Access locations

Step 3: Configure Anomalous Access Location Filters

Step 4: Manage anomalies.

  • Was this article helpful?