open-menu
closeme
High Number of Process Terminations
calendar
Nov 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Potential Linux Ransomware Note Creation Detected
calendar
Nov 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Data Encryption via OpenSSL Utility
calendar
Nov 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious File Changes Activity Detected
calendar
Nov 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Suspicious Termination of ESXI Process
calendar
Nov 3, 2023
·
Domain: Endpoint
OS: Linux
Use Case: Threat Detection
Tactic: Impact
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Deleting Backup Catalogs with Wbadmin
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Hosts File Modified
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Linux
OS: Windows
OS: macOS
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Modification of Boot Configuration
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Third-party Backup Files Deleted via Unexpected Process
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Volume Shadow Copy Deleted or Resized via VssAdmin
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Volume Shadow Copy Deletion via PowerShell
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Volume Shadow Copy Deletion via WMIC
calendar
Oct 30, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Tactic: Execution
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Deactivate an Okta Application
calendar
Oct 24, 2023
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Delete an Okta Application
calendar
Oct 24, 2023
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Modify an Okta Application
calendar
Oct 24, 2023
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Attempt to Revoke Okta API Token
calendar
Oct 24, 2023
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudTrail Log Updated
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS CloudWatch Log Stream Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
AWS Deletion of RDS Instance or Cluster
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EC2 Encryption Disabled
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EFS File System or Mount Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS EventBridge Rule Disabled or Deleted
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Deactivation of MFA Device
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Resources: Investigation Guide
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS IAM Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS KMS Customer Managed Key Disabled or Scheduled for Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Instance/Cluster Stoppage
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
AWS RDS Security Group Deletion
calendar
Oct 24, 2023
·
Domain: Cloud
Data Source: AWS
Data Source: Amazon Web Services
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Possible Okta DoS Attack
calendar
Oct 24, 2023
·
Use Case: Identity and Access Audit
Data Source: Okta
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Account Password Reset Remotely
calendar
Oct 15, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Persistence
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Potential Secure File Deletion via SDelete Utility
calendar
Oct 15, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Defense Evasion
Tactic: Impact
Data Source: Elastic Endgame
Resources: Investigation Guide
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
GitHub Repository Deleted
calendar
Sep 14, 2023
·
Domain: Cloud
Use Case: Threat Detection
Tactic: Impact
Data Source: Github
·
Share on:
twitter
facebook
linkedin
copy
High Number of Process and/or Service Terminations
calendar
Sep 5, 2023
·
Domain: Endpoint
OS: Windows
Use Case: Threat Detection
Tactic: Impact
Resources: Investigation Guide
Data Source: Elastic Endgame
Data Source: Elastic Defend
·
Share on:
twitter
facebook
linkedin
copy
Azure Kubernetes Pods Deleted
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Asset Visibility
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Resource Group Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Log Auditing
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Service Principal Credentials Added
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Identity and Access Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Azure Virtual Network Device Modified or Deleted
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Azure
Use Case: Network Security Monitoring
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
GCP IAM Role Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Identity and Access Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
GCP Service Account Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Identity and Access Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
GCP Service Account Disabled
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Use Case: Identity and Access Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
GCP Storage Bucket Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: GCP
Data Source: Google Cloud Platform
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace Admin Role Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Identity and Access Audit
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Google Workspace MFA Enforcement Disabled
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Google Workspace
Use Case: Configuration Audit
Tactic: Impact
Resources: Investigation Guide
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Potential ransomware activity
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
Microsoft 365 Unusual Volume of File Deletion
calendar
Jun 22, 2023
·
Domain: Cloud
Data Source: Microsoft 365
Use Case: Configuration Audit
Tactic: Impact
·
Share on:
twitter
facebook
linkedin
copy
to-top