---
title: Bitdefender unusual spike found in blocked user actions on endpoint
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > OOTB Rules > Bitdefender unusual spike found in
  blocked user actions on endpoint
---

# Bitdefender unusual spike found in blocked user actions on endpoint

{% alert level="danger" %}
This rule is part of a beta feature. To learn more, [contact Support](https://docs.datadoghq.com/help/).
{% /alert %}
Classification:attackTactic:[TA0002-execution](https://attack.mitre.org/tactics/TA0002)Technique:[T1204-user-execution](https://attack.mitre.org/techniques/T1204) 
## Goal{% #goal %}

Detects unusual spikes found in blocked user actions on the endpoint.

## Strategy{% #strategy %}

This rule monitors user control logs to detect unusual spikes in blocked user actions on endpoint.

## Triage and Response{% #triage-and-response %}

1. Analyze the user control logs for Computer IP: `{{@params.events.computer_ip}}` to investigate the spike in blocked user actions on the endpoint.
1. Review the frequency and nature of blocked access attempts (e.g., specific URLs, applications).
1. Check if the access attempts were user-initiated or triggered by a process or application.
1. Terminate any suspicious processes associated with blocked requests.
1. Update user awareness training to ensure compliance with security policies.