attack.t1565.001 | Detection.FYI

Potential Suspicious Change To Sensitive/Critical Files
May 30, 2023 · attack.impact attack.t1565.001 ·
Share on:
Detects changes of sensitive and critical files. Monitors files that you don't expect to change without planning on Linux system.

Read More
Commands to Clear or Remove the Syslog - Builtin
Feb 1, 2023 · attack.impact attack.t1565.001 ·
Share on:
Detects specific commands commonly used to remove or empty the syslog

Read More
History File Deletion
Feb 1, 2023 · attack.impact attack.t1565.001 ·
Share on:
Detects events in which a history file gets deleted, e.g. the ~/bash_history to remove traces of malicious activity

Read More
Azure Device or Configuration Modified or Deleted
Jan 9, 2023 · attack.impact attack.t1485 attack.t1565.001 ·
Share on:
Identifies when a device or device configuration in azure is modified or deleted.

Read More
Azure DNS Zone Modified or Deleted
Jan 9, 2023 · attack.impact attack.t1565.001 ·
Share on:
Identifies when DNS zone is modified or deleted.

Read More
Cisco Denial of Service
Jan 4, 2023 · attack.impact attack.t1495 attack.t1529 attack.t1565.001 ·
Share on:
Detect a system being shutdown or put into different boot mode

Read More