Case :
UB3.C4 -Users use different ISPs
UB3.C4.K1 – Users contract and use non-secure ISP
Protection:
UB3.C4.K1.P1 – Monitor activities from non-secure ISP
Threats:
UB3.C4.K1.T1 -Sign-in attempts using non-secure ISP
KQL:
Rating ISP to detect potential attacks and IOCs sources