Performing Lateral Movement Detection When to Use Use this skill when: - SOC teams need to detect attackers pivoting between systems after initial compromise - Incident investigations require tracking an attacker's movement path through the network - Detection engineering needs lateral movement rules mapped to ATT&CK TA0008 techniques - Red/purple team exercises identify lateral movement detection gaps Do not use for detecting initial access or external attacks — lateral movement detection focuses on internal host-to-host pivot activity. Prerequisites - Windows Security Event Logs (EventCode…