open-menu
closeme
Suspicious File Changes Activity Detected
calendar
Jul 19, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Remote File Creation on a Sensitive Directory
calendar
Apr 1, 2024
·
Domain: Endpoint
Use Case: Lateral Movement Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Reverse Connection through Port Knocking
calendar
Mar 7, 2024
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Defend
Rule Type: BBR
·
Share on:
twitter
facebook
linkedin
copy
Malicious Remote File Creation
calendar
Dec 20, 2023
·
Domain: Endpoint
Use Case: Lateral Movement Detection
Tactic: Lateral Movement
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Process Herpaderping Attempt
calendar
Dec 19, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential Reverse Shell via Suspicious Parent Process
calendar
Dec 18, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential DNS Tunneling via Iodine
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Potential Process Injection via LD_PRELOAD Environment Variable
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Persistence
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Network Connection Attempt by Root
calendar
Aug 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Threat Intel Filebeat Module (v8.x) Indicator Match
calendar
Jul 18, 2023
·
OS: Windows
Data Source: Elastic Endgame
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Deprecated - Threat Intel Indicator Match
calendar
Jul 18, 2023
·
OS: Windows
Data Source: Elastic Endgame
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Potential SSH Brute Force Detected on Privileged Account
calendar
Jul 10, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Reverse Shell Created via Named Pipe
calendar
Jul 6, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Endgame
·
Share on:
twitter
facebook
linkedin
copy
Potential Shell via Web Server
calendar
May 5, 2023
·
Elastic
Host
Linux
Threat Detection
Persistence
Investigation Guide
Elastic Endgame
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace User Group Access Modified to Allow External Access
calendar
Mar 2, 2023
·
Elastic
Cloud
Google Workspace
Continuous Monitoring
SecOps
Identity and Access
Persistence
·
Share on:
twitter
facebook
linkedin
copy
File and Directory Discovery
calendar
Jan 9, 2023
·
Elastic
Host
Windows
Threat Detection
Discovery
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Process from Conhost
calendar
Jan 9, 2023
·
Elastic
Host
Windows
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Threat Intel Filebeat Module (v7.x) Indicator Match
calendar
Jan 9, 2023
·
Elastic
Windows
Elastic Endgame
Network
Continuous Monitoring
SecOps
Monitoring
·
Share on:
twitter
facebook
linkedin
copy
Whitespace Padding in Process Command Line
calendar
Jan 9, 2023
·
Elastic
Host
Windows
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
GCP Kubernetes Rolebindings Created or Patched
calendar
Nov 9, 2022
·
Elastic
Cloud
GCP
Continuous Monitoring
SecOps
Configuration Audit
·
Share on:
twitter
facebook
linkedin
copy
Web Application Suspicious Activity: No User Agent
calendar
Sep 19, 2022
·
Elastic
APM
·
Share on:
twitter
facebook
linkedin
copy
DNS Activity to the Internet
calendar
Aug 3, 2022
·
Elastic
Network
Threat Detection
Command and Control
Host
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Local Kerberos Relay over LDAP
calendar
Aug 1, 2022
·
Elastic
Host
Windows
Threat Detection
Privilege Escalation
Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Strace Process Activity
calendar
Jul 29, 2022
·
Elastic
Host
Linux
Threat Detection
Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Disable IPTables or Firewall
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Auditd Login Attempt at Forbidden Time
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Auditd Login from Forbidden Location
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Auditd Max Failed Login Attempts
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Auditd Max Login Sessions
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Initial Access
·
Share on:
twitter
facebook
linkedin
copy
Unusual Process Execution - Temp
calendar
Jul 26, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via apt/apt-get Changelog Escape
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via awk Commands
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via busybox Shell Evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via c89/c99 Shell evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via cpulimit Shell Evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via crash Shell evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via env Shell Evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via flock Shell evasion
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the expect command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the find command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the gcc command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the mysql command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the SSH command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Linux Restricted Shell Breakout via the vi command
calendar
May 25, 2022
·
Elastic
Host
Linux
Threat Detection
Execution
GTFOBins
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare Exploit Registry Modification
calendar
Mar 17, 2022
·
Elastic
Host
Windows
Threat Detection
Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
Potential PrintNightmare File Modification
calendar
Mar 17, 2022
·
Elastic
Host
Windows
Threat Detection
Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Export
calendar
Oct 26, 2021
·
Elastic
Cloud
AWS
Continuous Monitoring
SecOps
Asset Visibility
·
Share on:
twitter
facebook
linkedin
copy
Network Connection via Mshta
calendar
Oct 20, 2021
·
Elastic
Host
Windows
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
RDP (Remote Desktop Protocol) to the Internet
calendar
Jul 29, 2021
·
Elastic
Host
Network
Threat Detection
Initial Access
·
Share on:
twitter
facebook
linkedin
copy
SSH (Secure Shell) from the Internet
calendar
Jul 29, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
SSH (Secure Shell) to the Internet
calendar
Jul 29, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Base64 Encoding/Decoding Activity
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
FTP (File Transfer Protocol) Activity to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Hex Encoding/Decoding Activity
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
IRC (Internet Relay Chat) Protocol Activity to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Mknod Process Activity
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
·
Share on:
twitter
facebook
linkedin
copy
Network Sniffing via Tcpdump
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
Credential Access
·
Share on:
twitter
facebook
linkedin
copy
Nmap Process Activity
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
·
Share on:
twitter
facebook
linkedin
copy
Persistence via Kernel Module Modification
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
Persistence
·
Share on:
twitter
facebook
linkedin
copy
Potential Persistence via Cron Job
calendar
Apr 21, 2021
·
Elastic
Host
Linux
macOS
Threat Detection
Persistence
·
Share on:
twitter
facebook
linkedin
copy
PowerShell spawning Cmd
calendar
Apr 21, 2021
·
Elastic
Host
Windows
Threat Detection
Execution
·
Share on:
twitter
facebook
linkedin
copy
PPTP (Point to Point Tunneling Protocol) Activity
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Proxy Port Activity to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Query Registry via reg.exe
calendar
Apr 21, 2021
·
Elastic
Host
Windows
Threat Detection
Discovery
·
Share on:
twitter
facebook
linkedin
copy
SMTP to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Socat Process Activity
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
·
Share on:
twitter
facebook
linkedin
copy
SQL Traffic to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
TCP Port 8000 Activity to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Tor Activity to the Internet
calendar
Apr 21, 2021
·
Elastic
Host
Network
Threat Detection
Command and Control
·
Share on:
twitter
facebook
linkedin
copy
User Discovery via Whoami
calendar
Apr 21, 2021
·
Elastic
Host
Linux
Threat Detection
Discovery
·
Share on:
twitter
facebook
linkedin
copy
Process Discovery via Tasklist
calendar
Apr 15, 2021
·
Elastic
Host
Windows
Threat Detection
Discovery
·
Share on:
twitter
facebook
linkedin
copy
Trusted Developer Application Usage
calendar
Apr 15, 2021
·
Elastic
Host
Windows
Threat Detection
Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Execution via Regsvcs/Regasm
calendar
Mar 19, 2021
·
Elastic
Host
Windows
Threat Detection
Execution
·
Share on:
twitter
facebook
linkedin
copy
Setgid Bit Set via chmod
calendar
Mar 17, 2021
·
Elastic
Host
Linux
Threat Detection
Privilege Escalation
·
Share on:
twitter
facebook
linkedin
copy
to-top