open-menu
closeme
My First Rule
calendar
Mar 14, 2024
·
Use Case: Guided Onboarding
·
Share on:
twitter
facebook
linkedin
copy
WebServer Access Logs Deleted
calendar
Mar 13, 2024
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
Data Source: Sysmon
·
Share on:
twitter
facebook
linkedin
copy
Elastic Agent Service Terminated
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Hosts File Modified
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Masquerading Space After Filename
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Cookies Theft via Browser Debugging
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Credential Access
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Reverse Shell Activity via Terminal
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Python Script Execution via Command Line
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
OS: Windows
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Security Software Discovery via Grep
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious JAVA Child Process
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Resources: Investigation Guide
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Tampering of Shell Command-Line History
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
Data Source: Elastic Endgame
Data Source: Auditd Manager
·
Share on:
twitter
facebook
linkedin
copy
Threat Intel Hash Indicator Match
calendar
Mar 11, 2024
·
OS: Windows
Data Source: Elastic Endgame
Rule Type: Indicator Match
·
Share on:
twitter
facebook
linkedin
copy
Threat Intel IP Address Indicator Match
calendar
Mar 11, 2024
·
OS: Windows
Data Source: Elastic Endgame
Rule Type: Indicator Match
·
Share on:
twitter
facebook
linkedin
copy
Threat Intel URL Indicator Match
calendar
Mar 11, 2024
·
OS: Windows
Data Source: Elastic Endgame
Rule Type: Indicator Match
·
Share on:
twitter
facebook
linkedin
copy
Threat Intel Windows Registry Indicator Match
calendar
Mar 11, 2024
·
OS: Windows
Data Source: Elastic Endgame
Rule Type: Indicator Match
·
Share on:
twitter
facebook
linkedin
copy
Timestomping using Touch Command
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Defense Evasion
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Virtual Machine Fingerprinting via Grep
calendar
Mar 11, 2024
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Discovery
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Zoom Meeting with no Passcode
calendar
Mar 11, 2024
·
Data Source: Zoom
Use Case: Configuration Audit
Tactic: Initial Access
·
Share on:
twitter
facebook
linkedin
copy
SSH Authorized Keys File Modification
calendar
Mar 7, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Lateral Movement
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Downloaded from Google Drive
calendar
Jan 31, 2024
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Command and Control
·
Share on:
twitter
facebook
linkedin
copy
Sudo Heap-Based Buffer Overflow Attempt
calendar
Jan 17, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Sudoers File Modification
calendar
Jan 8, 2024
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Bash Shell Profile Modification
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Standard Authentication Module or Configuration
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: macOS
OS: Linux
Use Case: Threat Detection
Tactic: Credential Access
Tactic: Persistence
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Non-Standard Port SSH connection
calendar
Oct 23, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Command and Control
OS: macOS
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
EggShell Backdoor Execution
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential JAVA/JNDI Exploitation Attempt
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Execution
Use Case: Vulnerability
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Privilege Escalation via Sudoers File Modification
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Setuid / Setgid Bit Set via chmod
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Linux
OS: macOS
Use Case: Threat Detection
Tactic: Privilege Escalation
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Agent Spoofing - Mismatched Agent ID
calendar
Jun 22, 2023
·
Use Case: Threat Detection
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Agent Spoofing - Multiple Hosts Using Same Agent
calendar
Jun 22, 2023
·
Use Case: Threat Detection
Tactic: Defense Evasion
·
Share on:
twitter
facebook
linkedin
copy
Multiple Alerts in Different ATT&CK Tactics on a Single Host
calendar
Jun 22, 2023
·
Use Case: Threat Detection
Rule Type: Higher-Order Rule
·
Share on:
twitter
facebook
linkedin
copy
Multiple Alerts Involving a User
calendar
Jun 22, 2023
·
Use Case: Threat Detection
Rule Type: Higher-Order Rule
·
Share on:
twitter
facebook
linkedin
copy
to-top