open-menu
closeme
First Time Seen Removable Device
calendar
Oct 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Initial Access
Tactic: Exfiltration
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Sysmon
Data Source: Microsoft Defender for Endpoint
Data Source: SentinelOne
·
Share on:
twitter
facebook
linkedin
copy
Rare SMB Connection to the Internet
calendar
Oct 13, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Exfiltration
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: Microsoft Defender for Endpoint
Data Source: Sysmon
Data Source: SentinelOne
·
Share on:
twitter
facebook
linkedin
copy
Potential File Transfer via Certreq
calendar
Oct 11, 2024
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Command and Control
Tactic: Exfiltration
Data Source: Elastic Endgame
Data Source: Elastic Defend
Data Source: System
Data Source: Microsoft Defender for Endpoint
Data Source: Sysmon
Data Source: SentinelOne
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 EBS Snapshot Shared with Another Account
calendar
Oct 9, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Policy Added to Share with External Account
calendar
Jul 24, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS S3 Bucket Replicated to Another Account
calendar
Jul 19, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS S3
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS DB Snapshot Shared with Another Account
calendar
Jul 11, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS RDS
Resources: Investigation Guide
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity to an Unusual Destination Port
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity to an Unusual IP Address
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity to an Unusual ISO Code
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Potential Data Exfiltration Activity to an Unusual Region
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Spike in Bytes Sent to an External Device
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Spike in Bytes Sent to an External Device via Airdrop
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Unusual Process Writing Data to an External Device
calendar
May 28, 2024
·
Use Case: Data Exfiltration Detection
Rule Type: ML
Rule Type: Machine Learning
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Full Network Packet Capture Detected
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Network Security Monitoring
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Snapshot Activity
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 VM Export Failure
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
Tactic: Collection
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Snapshot Export
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
EC2 AMI Shared with Another Account
calendar
May 22, 2024
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Data Source: AWS EC2
Use Case: Threat Detection
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
GCP Logging Sink Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Log Auditing
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Transport Rule Creation
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Exchange Transport Rule Modification
calendar
May 22, 2024
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Mass download by a single user
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Exfiltration
·
Share on:
twitter
facebook
linkedin
copy
to-top