Comment on page
Accounts With Unusually High Activity
Detects accounts with unusually high daily sign-in events, which can indicate malicious activity or the presence of a service account. A user will fail this check if Oort detects more than 1,000 sign-in events per day.
Tag known service accounts and machine identities as “MACHINE” in Oort. Investigate the spike to determine what application is generating the activity.
Default Check Settings
Events per day: 1,000