Data Source: Windows

Potential File Download via a Headless Browser

Nov 4, 2024 · Domain: Endpoint OS: Windows Use Case: Threat Detection Tactic: Command and Control Resources: Investigation Guide Data Source: Windows Data Source: Elastic Endgame Data Source: Elastic Defend Data Source: System Data Source: Microsoft Defender for Endpoint Data Source: SentinelOne Data Source: Sysmon Data Source: Crowdstrike ·

Share on:

Identifies the use of a browser to download a file from a remote URL and from a suspicious parent process. Adversaries may use browsers to avoid ingress tool transfer restrictions.

Suspicious Access to LDAP Attributes

Oct 15, 2024 · Domain: Endpoint OS: Windows Use Case: Threat Detection Tactic: Discovery Data Source: System Data Source: Active Directory Data Source: Windows ·

Share on:

Identify read access to a high number of Active Directory object attributes. The knowledge of objects properties can help adversaries find vulnerabilities, elevate privileges or collect sensitive information.

Rapid7 Threat Command CVEs Correlation

Aug 6, 2024 · OS: Windows Data Source: Elastic Endgame Data Source: Windows Data Source: Network Data Source: Rapid7 Threat Command Rule Type: Threat Match Resources: Investigation Guide Use Case: Vulnerability Use Case: Asset Visibility Use Case: Continuous Monitoring ·

Share on:

This rule is triggered when CVEs collected from the Rapid7 Threat Command Integration have a match against vulnerabilities that were found in the customer environment.