attack.t1565.001

Identifies when a device or device configuration in azure is modified or deleted.

Aug 12, 2024 · attack.impact attack.t1565.001 ·

Identifies when DNS zone is modified or deleted.

Detect a system being shutdown or put into different boot mode

Aug 12, 2024 · attack.impact attack.t1565.001 ·

Detects specific commands commonly used to remove or empty the syslog

Aug 12, 2024 · attack.impact attack.t1565.001 ·

Detects events in which a history file gets deleted, e.g. the ~/bash_history to remove traces of malicious activity

Aug 12, 2024 · attack.impact attack.t1565.001 ·

Detects changes of sensitive and critical files. Monitors files that you don't expect to change without planning on Linux system.