Detecting Lateral Movement in Network When to Use - Monitoring enterprise networks for post-compromise lateral movement patterns (pass-the-hash, RDP hopping, PSExec) - Building SIEM detection rules and alerts for common MITRE ATT&CK lateral movement techniques (T1021, T1570) - Investigating suspected breaches by analyzing authentication patterns and network connections between internal hosts - Hunting for anomalous east-west traffic patterns that indicate an attacker pivoting through the network - Validating that network segmentation and access controls effectively limit lateral movement path…