From e1b14917a93a8dd011d59653de4f03c67914962c Mon Sep 17 00:00:00 2001
From: InspiraEnterprise-Microsoft
 <117059212+InspiraEnterprise@users.noreply.github.com>
Date: Mon, 7 Oct 2024 16:43:07 +0530
Subject: [PATCH] Update Impossible-Travel.yaml

---
 Detections/Impossible_Travel/Impossible-Travel.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/Detections/Impossible_Travel/Impossible-Travel.yaml b/Detections/Impossible_Travel/Impossible-Travel.yaml
index 3719658b48..53c0c21c58 100644
--- a/Detections/Impossible_Travel/Impossible-Travel.yaml
+++ b/Detections/Impossible_Travel/Impossible-Travel.yaml
@@ -12,13 +12,9 @@ queryPeriod: 24h
 triggerOperator: gt
 triggerThreshold: 0
 tactics:
-  - ValidAccounts
-  - ApplicationLayerProtocol
-  - Masquerading
+  - InitialAccess
 relevantTechniques: 
   - T1078
-  - T1071
-  - T1036
 query: |
   let maxSpeed = 1000;
   SigninLogs