| .. | | 03-May-2022 | - |
| apm_403_response_to_a_post.json | H A D | 18-Dec-2021 | 1.1 KiB | 31 | 30 |
| apm_405_response_method_not_allowed.json | H A D | 18-Dec-2021 | 1 KiB | 31 | 30 |
| apm_null_user_agent.json | H A D | 18-Dec-2021 | 1.4 KiB | 49 | 48 |
| apm_sqlmap_user_agent.json | H A D | 18-Dec-2021 | 1.1 KiB | 31 | 30 |
| application_added_to_google_workspace_domain.json | H A D | 18-Dec-2021 | 2.3 KiB | 38 | 37 |
| attempt_to_deactivate_okta_network_zone.json | H A D | 18-Dec-2021 | 1.4 KiB | 38 | 37 |
| attempt_to_delete_okta_network_zone.json | H A D | 18-Dec-2021 | 1.4 KiB | 38 | 37 |
| collection_cloudtrail_logging_created.json | H A D | 18-Dec-2021 | 1.9 KiB | 56 | 55 |
| collection_email_powershell_exchange_mailbox.json | H A D | 18-Dec-2021 | 2 KiB | 66 | 65 |
| collection_gcp_pub_sub_subscription_creation.json | H A D | 18-Dec-2021 | 2 KiB | 53 | 52 |
| collection_gcp_pub_sub_topic_creation.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| collection_microsoft_365_new_inbox_rule.json | H A D | 18-Dec-2021 | 2.4 KiB | 65 | 64 |
| collection_posh_audio_capture.json | H A D | 18-Dec-2021 | 1.9 KiB | 71 | 70 |
| collection_update_event_hub_auth_rule.json | H A D | 18-Dec-2021 | 2.6 KiB | 69 | 68 |
| collection_winrar_encryption.json | H A D | 18-Dec-2021 | 2.1 KiB | 57 | 56 |
| command_and_control_certutil_network_connection.json | H A D | 18-Dec-2021 | 2 KiB | 49 | 48 |
| command_and_control_cobalt_strike_beacon.json | H A D | 18-Dec-2021 | 2.1 KiB | 68 | 67 |
| command_and_control_cobalt_strike_default_teamserver_cert.json | H A D | 18-Dec-2021 | 2.7 KiB | 64 | 63 |
| command_and_control_common_webservices.json | H A D | 18-Dec-2021 | 4 KiB | 74 | 73 |
| command_and_control_dns_directly_to_the_internet.json | H A D | 18-Dec-2021 | 2.9 KiB | 50 | 49 |
| command_and_control_dns_tunneling_nslookup.json | H A D | 18-Dec-2021 | 1.6 KiB | 62 | 61 |
| command_and_control_download_rar_powershell_from_internet.json | H A D | 18-Dec-2021 | 2.9 KiB | 57 | 56 |
| command_and_control_encrypted_channel_freesslcert.json | H A D | 18-Dec-2021 | 2 KiB | 47 | 46 |
| command_and_control_fin7_c2_behavior.json | H A D | 18-Dec-2021 | 2.4 KiB | 67 | 66 |
| command_and_control_halfbaked_beacon.json | H A D | 18-Dec-2021 | 2.1 KiB | 68 | 67 |
| command_and_control_iexplore_via_com.json | H A D | 18-Dec-2021 | 2.7 KiB | 71 | 70 |
| command_and_control_nat_traversal_port_activity.json | H A D | 18-Dec-2021 | 1.7 KiB | 46 | 45 |
| command_and_control_port_26_activity.json | H A D | 18-Dec-2021 | 1.9 KiB | 65 | 64 |
| command_and_control_port_forwarding_added_registry.json | H A D | 18-Dec-2021 | 1.3 KiB | 50 | 49 |
| command_and_control_rdp_remote_desktop_protocol_from_the_internet.json | H A D | 18-Dec-2021 | 3.5 KiB | 79 | 78 |
| command_and_control_rdp_tunnel_plink.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| command_and_control_remote_file_copy_desktopimgdownldr.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| command_and_control_remote_file_copy_mpcmdrun.json | H A D | 18-Dec-2021 | 1.7 KiB | 52 | 51 |
| command_and_control_remote_file_copy_powershell.json | H A D | 18-Dec-2021 | 2.2 KiB | 68 | 67 |
| command_and_control_remote_file_copy_scripts.json | H A D | 18-Dec-2021 | 1.4 KiB | 46 | 45 |
| command_and_control_sunburst_c2_activity_detected.json | H A D | 18-Dec-2021 | 3.1 KiB | 78 | 77 |
| command_and_control_teamviewer_remote_file_copy.json | H A D | 18-Dec-2021 | 1.5 KiB | 55 | 54 |
| command_and_control_telnet_port_activity.json | H A D | 18-Dec-2021 | 2.6 KiB | 76 | 75 |
| command_and_control_tunneling_via_earthworm.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| command_and_control_vnc_virtual_network_computing_from_the_internet.json | H A D | 18-Dec-2021 | 3.1 KiB | 70 | 69 |
| command_and_control_vnc_virtual_network_computing_to_the_internet.json | H A D | 18-Dec-2021 | 2.7 KiB | 55 | 54 |
| credential_access_access_to_browser_credentials_procargs.json | H A D | 18-Dec-2021 | 2.2 KiB | 56 | 55 |
| credential_access_attempted_bypass_of_okta_mfa.json | H A D | 18-Dec-2021 | 1.5 KiB | 51 | 50 |
| credential_access_attempts_to_brute_force_okta_user_account.json | H A D | 18-Dec-2021 | 1.7 KiB | 59 | 58 |
| credential_access_aws_iam_assume_role_brute_force.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| credential_access_azure_full_network_packet_capture_detected.json | H A D | 18-Dec-2021 | 2.1 KiB | 54 | 53 |
| credential_access_cmdline_dump_tool.json | H A D | 18-Dec-2021 | 2.7 KiB | 62 | 61 |
| credential_access_collection_sensitive_files.json | H A D | 18-Dec-2021 | 3 KiB | 79 | 78 |
| credential_access_cookies_chromium_browsers_debugging.json | H A D | 18-Dec-2021 | 2.4 KiB | 60 | 59 |
| credential_access_copy_ntds_sam_volshadowcp_cmdline.json | H A D | 18-Dec-2021 | 2.2 KiB | 60 | 59 |
| credential_access_credential_dumping_msbuild.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| credential_access_credentials_keychains.json | H A D | 18-Dec-2021 | 2.4 KiB | 57 | 56 |
| credential_access_domain_backup_dpapi_private_keys.json | H A D | 18-Dec-2021 | 2.2 KiB | 64 | 63 |
| credential_access_dump_registry_hives.json | H A D | 18-Dec-2021 | 1.8 KiB | 62 | 61 |
| credential_access_dumping_hashes_bi_cmds.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| credential_access_dumping_keychain_security.json | H A D | 18-Dec-2021 | 1.6 KiB | 56 | 55 |
| credential_access_iam_user_addition_to_group.json | H A D | 18-Dec-2021 | 2 KiB | 64 | 63 |
| credential_access_iis_apppoolsa_pwd_appcmd.json | H A D | 18-Dec-2021 | 1.5 KiB | 51 | 50 |
| credential_access_iis_connectionstrings_dumping.json | H A D | 18-Dec-2021 | 1.7 KiB | 52 | 51 |
| credential_access_kerberoasting_unusual_process.json | H A D | 18-Dec-2021 | 1.8 KiB | 50 | 49 |
| credential_access_kerberosdump_kcc.json | H A D | 18-Dec-2021 | 1.7 KiB | 62 | 61 |
| credential_access_key_vault_modified.json | H A D | 18-Dec-2021 | 2.3 KiB | 62 | 61 |
| credential_access_keychain_pwd_retrieval_security_cmd.json | H A D | 18-Dec-2021 | 2.7 KiB | 74 | 73 |
| credential_access_lsass_memdump_file_created.json | H A D | 18-Dec-2021 | 1.7 KiB | 58 | 57 |
| credential_access_microsoft_365_brute_force_user_account_attempt.json | H A D | 18-Dec-2021 | 2 KiB | 61 | 60 |
| credential_access_microsoft_365_potential_password_spraying_attack.json | H A D | 18-Dec-2021 | 1.8 KiB | 56 | 55 |
| credential_access_mimikatz_memssp_default_logs.json | H A D | 18-Dec-2021 | 1.1 KiB | 47 | 46 |
| credential_access_mitm_localhost_webproxy.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| credential_access_mod_wdigest_security_provider.json | H A D | 18-Dec-2021 | 2 KiB | 58 | 57 |
| credential_access_okta_brute_force_or_password_spraying.json | H A D | 18-Dec-2021 | 1.8 KiB | 59 | 58 |
| credential_access_persistence_network_logon_provider_modification.json | H A D | 18-Dec-2021 | 2.3 KiB | 70 | 69 |
| credential_access_posh_minidump.json | H A D | 18-Dec-2021 | 2.3 KiB | 82 | 81 |
| credential_access_potential_lsa_memdump_via_mirrordump.json | H A D | 18-Dec-2021 | 1.7 KiB | 56 | 55 |
| credential_access_potential_ssh_bruteforce.json | H A D | 18-Dec-2021 | 1.3 KiB | 54 | 53 |
| credential_access_promt_for_pwd_via_osascript.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| credential_access_root_console_failure_brute_force.json | H A D | 18-Dec-2021 | 1.8 KiB | 59 | 58 |
| credential_access_saved_creds_vaultcmd.json | H A D | 18-Dec-2021 | 2 KiB | 63 | 62 |
| credential_access_secretsmanager_getsecretvalue.json | H A D | 18-Dec-2021 | 1.8 KiB | 57 | 56 |
| credential_access_ssh_backdoor_log.json | H A D | 18-Dec-2021 | 2.9 KiB | 69 | 68 |
| credential_access_storage_account_key_regenerated.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| credential_access_systemkey_dumping.json | H A D | 18-Dec-2021 | 1.7 KiB | 56 | 55 |
| credential_access_user_excessive_sso_logon_errors.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json | H A D | 18-Dec-2021 | 1.6 KiB | 63 | 62 |
| defense_evasion_agent_spoofing_mismatched_id.json | H A D | 18-Dec-2021 | 1.4 KiB | 48 | 47 |
| defense_evasion_agent_spoofing_multiple_hosts.json | H A D | 18-Dec-2021 | 1.5 KiB | 60 | 59 |
| defense_evasion_amsienable_key_mod.json | H A D | 18-Dec-2021 | 1.9 KiB | 58 | 57 |
| defense_evasion_apple_softupdates_modification.json | H A D | 18-Dec-2021 | 1.7 KiB | 59 | 58 |
| defense_evasion_attempt_del_quarantine_attrib.json | H A D | 18-Dec-2021 | 2 KiB | 57 | 56 |
| defense_evasion_attempt_to_disable_gatekeeper.json | H A D | 18-Dec-2021 | 1.4 KiB | 50 | 49 |
| defense_evasion_attempt_to_disable_iptables_or_firewall.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| defense_evasion_attempt_to_disable_syslog_service.json | H A D | 18-Dec-2021 | 1.6 KiB | 53 | 52 |
| defense_evasion_azure_application_credential_modification.json | H A D | 18-Dec-2021 | 2.3 KiB | 61 | 60 |
| defense_evasion_azure_blob_permissions_modified.json | H A D | 18-Dec-2021 | 2 KiB | 53 | 52 |
| defense_evasion_azure_diagnostic_settings_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 61 | 60 |
| defense_evasion_azure_service_principal_addition.json | H A D | 18-Dec-2021 | 2.4 KiB | 62 | 61 |
| defense_evasion_base16_or_base32_encoding_or_decoding_activity.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| defense_evasion_clearing_windows_event_logs.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| defense_evasion_clearing_windows_security_logs.json | H A D | 18-Dec-2021 | 1.4 KiB | 55 | 54 |
| defense_evasion_cloudtrail_logging_deleted.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| defense_evasion_cloudtrail_logging_suspended.json | H A D | 18-Dec-2021 | 2.2 KiB | 63 | 62 |
| defense_evasion_cloudwatch_alarm_deletion.json | H A D | 18-Dec-2021 | 2 KiB | 63 | 62 |
| defense_evasion_code_injection_conhost.json | H A D | 18-Dec-2021 | 1.5 KiB | 51 | 50 |
| defense_evasion_config_service_rule_deletion.json | H A D | 18-Dec-2021 | 2.5 KiB | 64 | 63 |
| defense_evasion_configuration_recorder_stopped.json | H A D | 18-Dec-2021 | 2 KiB | 63 | 62 |
| defense_evasion_create_mod_root_certificate.json | H A D | 18-Dec-2021 | 2.3 KiB | 61 | 60 |
| defense_evasion_cve_2020_0601.json | H A D | 18-Dec-2021 | 1.5 KiB | 52 | 51 |
| defense_evasion_defender_disabled_via_registry.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| defense_evasion_defender_exclusion_via_powershell.json | H A D | 18-Dec-2021 | 4.9 KiB | 85 | 84 |
| defense_evasion_delete_volume_usn_journal_with_fsutil.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| defense_evasion_deleting_websvr_access_logs.json | H A D | 18-Dec-2021 | 1.4 KiB | 50 | 49 |
| defense_evasion_deletion_of_bash_command_line_history.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| defense_evasion_disable_selinux_attempt.json | H A D | 18-Dec-2021 | 1.5 KiB | 53 | 52 |
| defense_evasion_disable_windows_firewall_rules_with_netsh.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| defense_evasion_disabling_windows_defender_powershell.json | H A D | 18-Dec-2021 | 1.8 KiB | 60 | 59 |
| defense_evasion_disabling_windows_logs.json | H A D | 18-Dec-2021 | 2.2 KiB | 59 | 58 |
| defense_evasion_dns_over_https_enabled.json | H A D | 18-Dec-2021 | 1.9 KiB | 51 | 50 |
| defense_evasion_dotnet_compiler_parent_process.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| defense_evasion_ec2_flow_log_deletion.json | H A D | 18-Dec-2021 | 2 KiB | 63 | 62 |
| defense_evasion_ec2_network_acl_deletion.json | H A D | 18-Dec-2021 | 2.3 KiB | 65 | 64 |
| defense_evasion_elasticache_security_group_creation.json | H A D | 18-Dec-2021 | 2 KiB | 62 | 61 |
| defense_evasion_elasticache_security_group_modified_or_deleted.json | H A D | 18-Dec-2021 | 2.2 KiB | 62 | 61 |
| defense_evasion_enable_inbound_rdp_with_netsh.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| defense_evasion_enable_network_discovery_with_netsh.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| defense_evasion_event_hub_deletion.json | H A D | 18-Dec-2021 | 2.2 KiB | 63 | 62 |
| defense_evasion_execution_control_panel_suspicious_args.json | H A D | 18-Dec-2021 | 2 KiB | 57 | 56 |
| defense_evasion_execution_lolbas_wuauclt.json | H A D | 18-Dec-2021 | 1.8 KiB | 50 | 49 |
| defense_evasion_execution_msbuild_started_by_office_app.json | H A D | 18-Dec-2021 | 2.4 KiB | 69 | 68 |
| defense_evasion_execution_msbuild_started_by_script.json | H A D | 18-Dec-2021 | 2 KiB | 66 | 65 |
| defense_evasion_execution_msbuild_started_by_system_process.json | H A D | 18-Dec-2021 | 1.9 KiB | 66 | 65 |
| defense_evasion_execution_msbuild_started_renamed.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| defense_evasion_execution_msbuild_started_unusal_process.json | H A D | 18-Dec-2021 | 1.9 KiB | 60 | 59 |
| defense_evasion_execution_suspicious_explorer_winword.json | H A D | 18-Dec-2021 | 2 KiB | 47 | 46 |
| defense_evasion_execution_windefend_unusual_path.json | H A D | 18-Dec-2021 | 2.4 KiB | 61 | 60 |
| defense_evasion_file_creation_mult_extension.json | H A D | 18-Dec-2021 | 2.2 KiB | 76 | 75 |
| defense_evasion_file_deletion_via_shred.json | H A D | 18-Dec-2021 | 1.6 KiB | 53 | 52 |
| defense_evasion_file_mod_writable_dir.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| defense_evasion_firewall_policy_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 61 | 60 |
| defense_evasion_frontdoor_firewall_policy_deletion.json | H A D | 18-Dec-2021 | 2.3 KiB | 61 | 60 |
| defense_evasion_gcp_firewall_rule_created.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| defense_evasion_gcp_firewall_rule_deleted.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| defense_evasion_gcp_firewall_rule_modified.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| defense_evasion_gcp_logging_bucket_deletion.json | H A D | 18-Dec-2021 | 2.2 KiB | 54 | 53 |
| defense_evasion_gcp_logging_sink_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| defense_evasion_gcp_pub_sub_subscription_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| defense_evasion_gcp_pub_sub_topic_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| defense_evasion_gcp_storage_bucket_configuration_modified.json | H A D | 18-Dec-2021 | 1.3 KiB | 36 | 35 |
| defense_evasion_gcp_storage_bucket_permissions_modified.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| defense_evasion_guardduty_detector_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| defense_evasion_hidden_file_dir_tmp.json | H A D | 18-Dec-2021 | 2.2 KiB | 66 | 65 |
| defense_evasion_hide_encoded_executable_registry.json | H A D | 18-Dec-2021 | 1.4 KiB | 52 | 51 |
| defense_evasion_iis_httplogging_disabled.json | H A D | 18-Dec-2021 | 1.6 KiB | 55 | 54 |
| defense_evasion_injection_msbuild.json | H A D | 18-Dec-2021 | 1.7 KiB | 63 | 62 |
| defense_evasion_install_root_certificate.json | H A D | 18-Dec-2021 | 1.9 KiB | 59 | 58 |
| defense_evasion_installutil_beacon.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| defense_evasion_kernel_module_removal.json | H A D | 18-Dec-2021 | 2.4 KiB | 81 | 80 |
| defense_evasion_kubernetes_events_deleted.json | H A D | 18-Dec-2021 | 2.2 KiB | 61 | 60 |
| defense_evasion_log_files_deleted.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| defense_evasion_masquerading_as_elastic_endpoint_process.json | H A D | 18-Dec-2021 | 1.6 KiB | 47 | 46 |
| defense_evasion_masquerading_renamed_autoit.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| defense_evasion_masquerading_suspicious_werfault_childproc.json | H A D | 18-Dec-2021 | 2.2 KiB | 55 | 54 |
| defense_evasion_masquerading_trusted_directory.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| defense_evasion_masquerading_werfault.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| defense_evasion_microsoft_365_exchange_dlp_policy_removed.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| defense_evasion_microsoft_365_exchange_malware_filter_policy_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| defense_evasion_microsoft_365_exchange_malware_filter_rule_mod.json | H A D | 18-Dec-2021 | 1.9 KiB | 55 | 54 |
| defense_evasion_microsoft_365_exchange_safe_attach_rule_disabled.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| defense_evasion_misc_lolbin_connecting_to_the_internet.json | H A D | 18-Dec-2021 | 2.4 KiB | 58 | 57 |
| defense_evasion_modify_environment_launchctl.json | H A D | 18-Dec-2021 | 2.4 KiB | 56 | 55 |
| defense_evasion_msbuild_making_network_connections.json | H A D | 18-Dec-2021 | 1.5 KiB | 53 | 52 |
| defense_evasion_mshta_beacon.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| defense_evasion_msxsl_network.json | H A D | 18-Dec-2021 | 1.9 KiB | 49 | 48 |
| defense_evasion_network_connection_from_windows_binary.json | H A D | 18-Dec-2021 | 2.9 KiB | 46 | 45 |
| defense_evasion_network_watcher_deletion.json | H A D | 18-Dec-2021 | 2.2 KiB | 61 | 60 |
| defense_evasion_parent_process_pid_spoofing.json | H A D | 18-Dec-2021 | 2.7 KiB | 54 | 53 |
| defense_evasion_potential_processherpaderping.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| defense_evasion_privacy_controls_tcc_database_modification.json | H A D | 18-Dec-2021 | 1.9 KiB | 58 | 57 |
| defense_evasion_privilege_escalation_privacy_pref_sshd_fulldiskaccess.json | H A D | 18-Dec-2021 | 2.1 KiB | 65 | 64 |
| defense_evasion_process_termination_followed_by_deletion.json | H A D | 18-Dec-2021 | 1.8 KiB | 51 | 50 |
| defense_evasion_rundll32_no_arguments.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| defense_evasion_s3_bucket_configuration_deletion.json | H A D | 18-Dec-2021 | 2.2 KiB | 59 | 58 |
| defense_evasion_safari_config_change.json | H A D | 18-Dec-2021 | 1.8 KiB | 56 | 55 |
| defense_evasion_sandboxed_office_app_suspicious_zip_file.json | H A D | 18-Dec-2021 | 1.1 KiB | 34 | 33 |
| defense_evasion_scheduledjobs_at_protocol_enabled.json | H A D | 18-Dec-2021 | 1.7 KiB | 57 | 56 |
| defense_evasion_sdelete_like_filename_rename.json | H A D | 18-Dec-2021 | 1.5 KiB | 55 | 54 |
| defense_evasion_sip_provider_mod.json | H A D | 18-Dec-2021 | 2.1 KiB | 57 | 56 |
| defense_evasion_solarwinds_backdoor_service_disabled_via_registry.json | H A D | 18-Dec-2021 | 2.5 KiB | 79 | 78 |
| defense_evasion_suspicious_certutil_commands.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| defense_evasion_suspicious_execution_from_mounted_device.json | H A D | 18-Dec-2021 | 2.9 KiB | 90 | 89 |
| defense_evasion_suspicious_managedcode_host_process.json | H A D | 18-Dec-2021 | 1.7 KiB | 50 | 49 |
| defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.json | H A D | 18-Dec-2021 | 3 KiB | 92 | 91 |
| defense_evasion_suspicious_process_access_direct_syscall.json | H A D | 18-Dec-2021 | 1.7 KiB | 50 | 49 |
| defense_evasion_suspicious_scrobj_load.json | H A D | 18-Dec-2021 | 2.3 KiB | 44 | 43 |
| defense_evasion_suspicious_wmi_script.json | H A D | 18-Dec-2021 | 1.5 KiB | 46 | 45 |
| defense_evasion_suspicious_zoom_child_process.json | H A D | 18-Dec-2021 | 1.5 KiB | 52 | 51 |
| defense_evasion_system_critical_proc_abnormal_file_activity.json | H A D | 18-Dec-2021 | 1.6 KiB | 47 | 46 |
| defense_evasion_tcc_bypass_mounted_apfs_access.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| defense_evasion_timestomp_touch.json | H A D | 18-Dec-2021 | 1.6 KiB | 55 | 54 |
| defense_evasion_unload_endpointsecurity_kext.json | H A D | 18-Dec-2021 | 1.5 KiB | 53 | 52 |
| defense_evasion_unusual_ads_file_creation.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| defense_evasion_unusual_dir_ads.json | H A D | 18-Dec-2021 | 1.4 KiB | 54 | 53 |
| defense_evasion_unusual_network_connection_via_dllhost.json | H A D | 18-Dec-2021 | 2.2 KiB | 52 | 51 |
| defense_evasion_unusual_network_connection_via_rundll32.json | H A D | 18-Dec-2021 | 2.1 KiB | 56 | 55 |
| defense_evasion_unusual_process_network_connection.json | H A D | 18-Dec-2021 | 2.4 KiB | 46 | 45 |
| defense_evasion_unusual_system_vp_child_program.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| defense_evasion_via_filter_manager.json | H A D | 18-Dec-2021 | 1.4 KiB | 54 | 53 |
| defense_evasion_waf_acl_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| defense_evasion_waf_rule_or_rule_group_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| defense_evasion_whitespace_padding_in_command_line.json | H A D | 18-Dec-2021 | 1.8 KiB | 45 | 44 |
| discovery_adfind_command_activity.json | H A D | 18-Dec-2021 | 6 KiB | 85 | 84 |
| discovery_admin_recon.json | H A D | 18-Dec-2021 | 2.1 KiB | 59 | 58 |
| discovery_blob_container_access_mod.json | H A D | 18-Dec-2021 | 2.3 KiB | 69 | 68 |
| discovery_file_dir_discovery.json | H A D | 18-Dec-2021 | 2 KiB | 50 | 49 |
| discovery_kernel_module_enumeration.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| discovery_net_command_system_account.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| discovery_net_view.json | H A D | 18-Dec-2021 | 2 KiB | 52 | 51 |
| discovery_peripheral_device.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| discovery_posh_suspicious_api_functions.json | H A D | 18-Dec-2021 | 2.9 KiB | 91 | 90 |
| discovery_post_exploitation_external_ip_lookup.json | H A D | 18-Dec-2021 | 3.3 KiB | 54 | 53 |
| discovery_remote_system_discovery_commands_windows.json | H A D | 18-Dec-2021 | 1.2 KiB | 47 | 46 |
| discovery_security_software_grep.json | H A D | 18-Dec-2021 | 2.4 KiB | 57 | 56 |
| discovery_security_software_wmic.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| discovery_users_domain_built_in_commands.json | H A D | 18-Dec-2021 | 1.9 KiB | 51 | 50 |
| discovery_virtual_machine_fingerprinting.json | H A D | 18-Dec-2021 | 1.7 KiB | 49 | 48 |
| discovery_virtual_machine_fingerprinting_grep.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| discovery_whoami_command_activity.json | H A D | 18-Dec-2021 | 1.4 KiB | 50 | 49 |
| domain_added_to_google_workspace_trusted_domains.json | H A D | 18-Dec-2021 | 2.3 KiB | 38 | 37 |
| elastic_endpoint_security.json | H A D | 18-Dec-2021 | 1.5 KiB | 69 | 68 |
| endgame_adversary_behavior_detected.json | H A D | 18-Dec-2021 | 757 | 25 | 24 |
| endgame_cred_dumping_detected.json | H A D | 18-Dec-2021 | 784 | 25 | 24 |
| endgame_cred_dumping_prevented.json | H A D | 18-Dec-2021 | 789 | 25 | 24 |
| endgame_cred_manipulation_detected.json | H A D | 18-Dec-2021 | 810 | 25 | 24 |
| endgame_cred_manipulation_prevented.json | H A D | 18-Dec-2021 | 815 | 25 | 24 |
| endgame_exploit_detected.json | H A D | 18-Dec-2021 | 759 | 25 | 24 |
| endgame_exploit_prevented.json | H A D | 18-Dec-2021 | 764 | 25 | 24 |
| endgame_malware_detected.json | H A D | 18-Dec-2021 | 784 | 25 | 24 |
| endgame_malware_prevented.json | H A D | 18-Dec-2021 | 783 | 25 | 24 |
| endgame_permission_theft_detected.json | H A D | 18-Dec-2021 | 792 | 25 | 24 |
| endgame_permission_theft_prevented.json | H A D | 18-Dec-2021 | 797 | 25 | 24 |
| endgame_process_injection_detected.json | H A D | 18-Dec-2021 | 794 | 25 | 24 |
| endgame_process_injection_prevented.json | H A D | 18-Dec-2021 | 799 | 25 | 24 |
| endgame_ransomware_detected.json | H A D | 18-Dec-2021 | 772 | 25 | 24 |
| endgame_ransomware_prevented.json | H A D | 18-Dec-2021 | 771 | 25 | 24 |
| execution_apt_solarwinds_backdoor_child_cmd_powershell.json | H A D | 18-Dec-2021 | 2.5 KiB | 76 | 75 |
| execution_apt_solarwinds_backdoor_unusual_child_processes.json | H A D | 18-Dec-2021 | 2.6 KiB | 76 | 75 |
| execution_com_object_xwizard.json | H A D | 18-Dec-2021 | 2 KiB | 58 | 57 |
| execution_command_prompt_connecting_to_the_internet.json | H A D | 18-Dec-2021 | 2.6 KiB | 67 | 66 |
| execution_command_shell_started_by_svchost.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| execution_command_shell_started_by_unusual_process.json | H A D | 18-Dec-2021 | 2.2 KiB | 47 | 46 |
| execution_command_shell_via_rundll32.json | H A D | 18-Dec-2021 | 1.8 KiB | 57 | 56 |
| execution_command_virtual_machine.json | H A D | 18-Dec-2021 | 2.3 KiB | 56 | 55 |
| execution_defense_evasion_electron_app_childproc_node_js.json | H A D | 18-Dec-2021 | 1.9 KiB | 67 | 66 |
| execution_enumeration_via_wmiprvse.json | H A D | 18-Dec-2021 | 2.3 KiB | 72 | 71 |
| execution_from_unusual_directory.json | H A D | 18-Dec-2021 | 3.8 KiB | 30 | 29 |
| execution_from_unusual_path_cmdline.json | H A D | 18-Dec-2021 | 5.5 KiB | 31 | 30 |
| execution_html_help_executable_program_connecting_to_the_internet.json | H A D | 18-Dec-2021 | 2.7 KiB | 78 | 77 |
| execution_initial_access_suspicious_browser_childproc.json | H A D | 18-Dec-2021 | 2.7 KiB | 65 | 64 |
| execution_installer_spawned_network_event.json | H A D | 18-Dec-2021 | 3.1 KiB | 81 | 80 |
| execution_ms_office_written_file.json | H A D | 18-Dec-2021 | 2.3 KiB | 68 | 67 |
| execution_pdf_written_file.json | H A D | 18-Dec-2021 | 2.4 KiB | 68 | 67 |
| execution_pentest_eggshell_remote_admin_tool.json | H A D | 18-Dec-2021 | 842 | 33 | 32 |
| execution_perl_tty_shell.json | H A D | 18-Dec-2021 | 1.3 KiB | 46 | 45 |
| execution_posh_portable_executable.json | H A D | 18-Dec-2021 | 1.5 KiB | 53 | 52 |
| execution_psexec_lateral_movement_command.json | H A D | 18-Dec-2021 | 1.8 KiB | 65 | 64 |
| execution_python_tty_shell.json | H A D | 18-Dec-2021 | 1.4 KiB | 46 | 45 |
| execution_register_server_program_connecting_to_the_internet.json | H A D | 18-Dec-2021 | 2.8 KiB | 68 | 67 |
| execution_revershell_via_shell_cmd.json | H A D | 18-Dec-2021 | 1.6 KiB | 52 | 51 |
| execution_scheduled_task_powershell_source.json | H A D | 18-Dec-2021 | 1.9 KiB | 59 | 58 |
| execution_script_via_automator_workflows.json | H A D | 18-Dec-2021 | 1.4 KiB | 48 | 47 |
| execution_scripting_osascript_exec_followed_by_netcon.json | H A D | 18-Dec-2021 | 2.5 KiB | 65 | 64 |
| execution_shared_modules_local_sxs_dll.json | H A D | 18-Dec-2021 | 1.6 KiB | 51 | 50 |
| execution_shell_execution_via_apple_scripting.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| execution_suspicious_cmd_wmi.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| execution_suspicious_image_load_wmi_ms_office.json | H A D | 18-Dec-2021 | 1.6 KiB | 50 | 49 |
| execution_suspicious_jar_child_process.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| execution_suspicious_pdf_reader.json | H A D | 18-Dec-2021 | 2.3 KiB | 47 | 46 |
| execution_suspicious_powershell_imgload.json | H A D | 18-Dec-2021 | 3 KiB | 54 | 53 |
| execution_suspicious_psexesvc.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| execution_suspicious_short_program_name.json | H A D | 18-Dec-2021 | 912 | 30 | 29 |
| execution_via_compiled_html_file.json | H A D | 18-Dec-2021 | 2.5 KiB | 79 | 78 |
| execution_via_hidden_shell_conhost.json | H A D | 18-Dec-2021 | 1.6 KiB | 50 | 49 |
| execution_via_xp_cmdshell_mssql_stored_procedure.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| exfiltration_ec2_full_network_packet_capture_detected.json | H A D | 18-Dec-2021 | 2.5 KiB | 72 | 71 |
| exfiltration_ec2_snapshot_change_activity.json | H A D | 18-Dec-2021 | 1.9 KiB | 56 | 55 |
| exfiltration_ec2_vm_export_failure.json | H A D | 18-Dec-2021 | 2.2 KiB | 71 | 70 |
| exfiltration_gcp_logging_sink_modification.json | H A D | 18-Dec-2021 | 2 KiB | 53 | 52 |
| exfiltration_microsoft_365_exchange_transport_rule_creation.json | H A D | 18-Dec-2021 | 1.9 KiB | 55 | 54 |
| exfiltration_microsoft_365_exchange_transport_rule_mod.json | H A D | 18-Dec-2021 | 2.1 KiB | 56 | 55 |
| exfiltration_rds_snapshot_export.json | H A D | 18-Dec-2021 | 1.6 KiB | 50 | 49 |
| exfiltration_rds_snapshot_restored.json | H A D | 18-Dec-2021 | 1.9 KiB | 48 | 47 |
| external_alerts.json | H A D | 18-Dec-2021 | 1.5 KiB | 69 | 68 |
| google_workspace_admin_role_deletion.json | H A D | 18-Dec-2021 | 2.2 KiB | 38 | 37 |
| google_workspace_mfa_enforcement_disabled.json | H A D | 18-Dec-2021 | 2.3 KiB | 38 | 37 |
| google_workspace_policy_modified.json | H A D | 18-Dec-2021 | 3 KiB | 35 | 34 |
| impact_attempt_to_revoke_okta_api_token.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| impact_aws_eventbridge_rule_disabled_or_deleted.json | H A D | 18-Dec-2021 | 1.8 KiB | 49 | 48 |
| impact_azure_automation_runbook_deleted.json | H A D | 18-Dec-2021 | 1.4 KiB | 37 | 36 |
| impact_azure_service_principal_credentials_added.json | H A D | 18-Dec-2021 | 2.1 KiB | 56 | 55 |
| impact_backup_file_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 53 | 52 |
| impact_cloudtrail_logging_updated.json | H A D | 18-Dec-2021 | 2.4 KiB | 78 | 77 |
| impact_cloudwatch_log_group_deletion.json | H A D | 18-Dec-2021 | 2.5 KiB | 78 | 77 |
| impact_cloudwatch_log_stream_deletion.json | H A D | 18-Dec-2021 | 2.5 KiB | 78 | 77 |
| impact_deleting_backup_catalogs_with_wbadmin.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| impact_ec2_disable_ebs_encryption.json | H A D | 18-Dec-2021 | 2.3 KiB | 64 | 63 |
| impact_efs_filesystem_or_mount_deleted.json | H A D | 18-Dec-2021 | 2.1 KiB | 56 | 55 |
| impact_gcp_iam_role_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| impact_gcp_service_account_deleted.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| impact_gcp_service_account_disabled.json | H A D | 18-Dec-2021 | 1.9 KiB | 53 | 52 |
| impact_gcp_storage_bucket_deleted.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| impact_gcp_virtual_private_cloud_network_deleted.json | H A D | 18-Dec-2021 | 1.4 KiB | 36 | 35 |
| impact_gcp_virtual_private_cloud_route_created.json | H A D | 18-Dec-2021 | 1.5 KiB | 37 | 36 |
| impact_gcp_virtual_private_cloud_route_deleted.json | H A D | 18-Dec-2021 | 1.5 KiB | 37 | 36 |
| impact_hosts_file_modified.json | H A D | 18-Dec-2021 | 2.5 KiB | 61 | 60 |
| impact_iam_deactivate_mfa_device.json | H A D | 18-Dec-2021 | 2.1 KiB | 57 | 56 |
| impact_iam_group_deletion.json | H A D | 18-Dec-2021 | 1.9 KiB | 56 | 55 |
| impact_kubernetes_pod_deleted.json | H A D | 18-Dec-2021 | 1.7 KiB | 48 | 47 |
| impact_microsoft_365_potential_ransomware_activity.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| impact_microsoft_365_unusual_volume_of_file_deletion.json | H A D | 18-Dec-2021 | 1.6 KiB | 55 | 54 |
| impact_modification_of_boot_config.json | H A D | 18-Dec-2021 | 1.4 KiB | 47 | 46 |
| impact_possible_okta_dos_attack.json | H A D | 18-Dec-2021 | 1.7 KiB | 56 | 55 |
| impact_rds_cluster_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 58 | 57 |
| impact_rds_group_deletion.json | H A D | 18-Dec-2021 | 1.8 KiB | 56 | 55 |
| impact_rds_instance_cluster_stoppage.json | H A D | 18-Dec-2021 | 2.1 KiB | 58 | 57 |
| impact_resource_group_deletion.json | H A D | 18-Dec-2021 | 2.5 KiB | 76 | 75 |
| impact_stop_process_service_threshold.json | H A D | 18-Dec-2021 | 1.3 KiB | 52 | 51 |
| impact_virtual_network_device_modified.json | H A D | 18-Dec-2021 | 2.3 KiB | 48 | 47 |
| impact_volume_shadow_copy_deletion_or_resized_via_vssadmin.json | H A D | 18-Dec-2021 | 1.4 KiB | 47 | 46 |
| impact_volume_shadow_copy_deletion_via_powershell.json | H A D | 18-Dec-2021 | 1.8 KiB | 53 | 52 |
| impact_volume_shadow_copy_deletion_via_wmic.json | H A D | 18-Dec-2021 | 1.3 KiB | 47 | 46 |
| initial_access_azure_active_directory_high_risk_signin.json | H A D | 18-Dec-2021 | 2 KiB | 54 | 53 |
| initial_access_azure_active_directory_powershell_signin.json | H A D | 18-Dec-2021 | 2.3 KiB | 62 | 61 |
| initial_access_consent_grant_attack_via_azure_registered_application.json | H A D | 18-Dec-2021 | 3.1 KiB | 73 | 72 |
| initial_access_console_login_root.json | H A D | 18-Dec-2021 | 2.2 KiB | 70 | 69 |
| initial_access_external_guest_user_invite.json | H A D | 18-Dec-2021 | 2.5 KiB | 69 | 68 |
| initial_access_gcp_iam_custom_role_creation.json | H A D | 18-Dec-2021 | 2.3 KiB | 68 | 67 |
| initial_access_login_failures.json | H A D | 18-Dec-2021 | 1.5 KiB | 62 | 61 |
| initial_access_login_location.json | H A D | 18-Dec-2021 | 1.5 KiB | 62 | 61 |
| initial_access_login_sessions.json | H A D | 18-Dec-2021 | 1.5 KiB | 62 | 61 |
| initial_access_login_time.json | H A D | 18-Dec-2021 | 1.5 KiB | 62 | 61 |
| initial_access_microsoft_365_exchange_anti_phish_policy_deletion.json | H A D | 18-Dec-2021 | 2 KiB | 55 | 54 |
| initial_access_microsoft_365_exchange_anti_phish_rule_mod.json | H A D | 18-Dec-2021 | 2 KiB | 55 | 54 |
| initial_access_microsoft_365_exchange_safelinks_disabled.json | H A D | 18-Dec-2021 | 1.9 KiB | 55 | 54 |
| initial_access_microsoft_365_user_restricted_from_sending_email.json | H A D | 18-Dec-2021 | 1.7 KiB | 55 | 54 |
| initial_access_okta_user_attempted_unauthorized_access.json | H A D | 18-Dec-2021 | 1.9 KiB | 75 | 74 |
| initial_access_password_recovery.json | H A D | 18-Dec-2021 | 1.7 KiB | 55 | 54 |
| initial_access_rpc_remote_procedure_call_from_the_internet.json | H A D | 18-Dec-2021 | 2.3 KiB | 52 | 51 |
| initial_access_rpc_remote_procedure_call_to_the_internet.json | H A D | 18-Dec-2021 | 2.3 KiB | 52 | 51 |
| initial_access_script_executing_powershell.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| initial_access_scripts_process_started_via_wmi.json | H A D | 18-Dec-2021 | 2.2 KiB | 53 | 52 |
| initial_access_smb_windows_file_sharing_activity_to_the_internet.json | H A D | 18-Dec-2021 | 2.7 KiB | 67 | 66 |
| initial_access_suspicious_activity_reported_by_okta_user.json | H A D | 18-Dec-2021 | 2.7 KiB | 99 | 98 |
| initial_access_suspicious_mac_ms_office_child_process.json | H A D | 18-Dec-2021 | 2.3 KiB | 55 | 54 |
| initial_access_suspicious_ms_exchange_files.json | H A D | 18-Dec-2021 | 3.2 KiB | 57 | 56 |
| initial_access_suspicious_ms_exchange_process.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| initial_access_suspicious_ms_exchange_worker_child_process.json | H A D | 18-Dec-2021 | 1.8 KiB | 52 | 51 |
| initial_access_suspicious_ms_office_child_process.json | H A D | 18-Dec-2021 | 2.6 KiB | 54 | 53 |
| initial_access_suspicious_ms_outlook_child_process.json | H A D | 18-Dec-2021 | 2.4 KiB | 54 | 53 |
| initial_access_unsecure_elasticsearch_node.json | H A D | 18-Dec-2021 | 2 KiB | 56 | 55 |
| initial_access_unusual_dns_service_children.json | H A D | 18-Dec-2021 | 3 KiB | 56 | 55 |
| initial_access_unusual_dns_service_file_writes.json | H A D | 18-Dec-2021 | 2.1 KiB | 52 | 51 |
| initial_access_via_explorer_suspicious_child_parent_args.json | H A D | 18-Dec-2021 | 2.2 KiB | 59 | 58 |
| initial_access_via_system_manager.json | H A D | 18-Dec-2021 | 2.1 KiB | 62 | 61 |
| initial_access_zoom_meeting_with_no_passcode.json | H A D | 18-Dec-2021 | 2 KiB | 51 | 50 |
| lateral_movement_cmd_service.json | H A D | 18-Dec-2021 | 2.7 KiB | 90 | 89 |
| lateral_movement_credential_access_kerberos_bifrostconsole.json | H A D | 18-Dec-2021 | 2.2 KiB | 79 | 78 |
| lateral_movement_dcom_hta.json | H A D | 18-Dec-2021 | 2.6 KiB | 78 | 77 |
| lateral_movement_dcom_mmc20.json | H A D | 18-Dec-2021 | 1.9 KiB | 56 | 55 |
| lateral_movement_dcom_shellwindow_shellbrowserwindow.json | H A D | 18-Dec-2021 | 2 KiB | 56 | 55 |
| lateral_movement_defense_evasion_lanman_nullsessionpipe_modification.json | H A D | 18-Dec-2021 | 1.8 KiB | 58 | 57 |
| lateral_movement_direct_outbound_smb_connection.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| lateral_movement_dns_server_overflow.json | H A D | 18-Dec-2021 | 5 KiB | 53 | 52 |
| lateral_movement_evasion_rdp_shadowing.json | H A D | 18-Dec-2021 | 1.9 KiB | 51 | 50 |
| lateral_movement_executable_tool_transfer_smb.json | H A D | 18-Dec-2021 | 1.6 KiB | 46 | 45 |
| lateral_movement_execution_from_tsclient_mup.json | H A D | 18-Dec-2021 | 1.3 KiB | 50 | 49 |
| lateral_movement_execution_via_file_shares_sequence.json | H A D | 18-Dec-2021 | 1.6 KiB | 56 | 55 |
| lateral_movement_incoming_winrm_shell_execution.json | H A D | 18-Dec-2021 | 1.6 KiB | 49 | 48 |
| lateral_movement_incoming_wmi.json | H A D | 18-Dec-2021 | 2.1 KiB | 55 | 54 |
| lateral_movement_mount_hidden_or_webdav_share_net.json | H A D | 18-Dec-2021 | 1.8 KiB | 54 | 53 |
| lateral_movement_mounting_smb_share.json | H A D | 18-Dec-2021 | 1.8 KiB | 57 | 56 |
| lateral_movement_powershell_remoting_target.json | H A D | 18-Dec-2021 | 1.9 KiB | 52 | 51 |
| lateral_movement_rdp_enabled_registry.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| lateral_movement_rdp_sharprdp_target.json | H A D | 18-Dec-2021 | 2.5 KiB | 57 | 56 |
| lateral_movement_remote_file_copy_hidden_share.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| lateral_movement_remote_services.json | H A D | 18-Dec-2021 | 1.8 KiB | 46 | 45 |
| lateral_movement_remote_ssh_login_enabled.json | H A D | 18-Dec-2021 | 1.4 KiB | 51 | 50 |
| lateral_movement_scheduled_task_target.json | H A D | 18-Dec-2021 | 4.5 KiB | 69 | 68 |
| lateral_movement_service_control_spawned_script_int.json | H A D | 18-Dec-2021 | 1.6 KiB | 47 | 46 |
| lateral_movement_suspicious_rdp_client_imageload.json | H A D | 18-Dec-2021 | 1.7 KiB | 50 | 49 |
| lateral_movement_telnet_network_activity_external.json | H A D | 18-Dec-2021 | 2.4 KiB | 51 | 50 |
| lateral_movement_telnet_network_activity_internal.json | H A D | 18-Dec-2021 | 2.3 KiB | 51 | 50 |
| lateral_movement_via_startup_folder_rdp_smb.json | H A D | 18-Dec-2021 | 2.1 KiB | 72 | 71 |
| lateral_movement_vpn_connection_attempt.json | H A D | 18-Dec-2021 | 1.6 KiB | 51 | 50 |
| linux_hping_activity.json | H A D | 18-Dec-2021 | 1 KiB | 34 | 33 |
| linux_iodine_activity.json | H A D | 18-Dec-2021 | 1 KiB | 34 | 33 |
| linux_netcat_network_connection.json | H A D | 18-Dec-2021 | 1.7 KiB | 35 | 34 |
| linux_nping_activity.json | H A D | 18-Dec-2021 | 1.1 KiB | 34 | 33 |
| linux_process_started_in_temp_directory.json | H A D | 18-Dec-2021 | 877 | 31 | 30 |
| linux_strace_activity.json | H A D | 18-Dec-2021 | 1 KiB | 34 | 33 |
| mfa_disabled_for_google_workspace_organization.json | H A D | 18-Dec-2021 | 2.3 KiB | 35 | 34 |
| microsoft_365_exchange_dkim_signing_config_disabled.json | H A D | 18-Dec-2021 | 1.6 KiB | 37 | 36 |
| microsoft_365_teams_custom_app_interaction_allowed.json | H A D | 18-Dec-2021 | 1.6 KiB | 37 | 36 |
| ml_auth_rare_hour_for_a_user_to_logon.json | H A D | 18-Dec-2021 | 1 KiB | 30 | 29 |
| ml_auth_rare_source_ip_for_a_user.json | H A D | 18-Dec-2021 | 1.1 KiB | 30 | 29 |
| ml_auth_rare_user_logon.json | H A D | 18-Dec-2021 | 1.3 KiB | 30 | 29 |
| ml_auth_spike_in_failed_logon_events.json | H A D | 18-Dec-2021 | 1.1 KiB | 30 | 29 |
| ml_auth_spike_in_logon_events.json | H A D | 18-Dec-2021 | 953 | 30 | 29 |
| ml_auth_spike_in_logon_events_from_a_source_ip.json | H A D | 18-Dec-2021 | 1,022 | 30 | 29 |
| ml_cloudtrail_error_message_spike.json | H A D | 18-Dec-2021 | 4.2 KiB | 31 | 30 |
| ml_cloudtrail_rare_error_code.json | H A D | 18-Dec-2021 | 3 KiB | 31 | 30 |
| ml_cloudtrail_rare_method_by_city.json | H A D | 18-Dec-2021 | 3.1 KiB | 31 | 30 |
| ml_cloudtrail_rare_method_by_country.json | H A D | 18-Dec-2021 | 4.2 KiB | 31 | 30 |
| ml_cloudtrail_rare_method_by_user.json | H A D | 18-Dec-2021 | 3 KiB | 31 | 30 |
| ml_high_count_network_denies.json | H A D | 18-Dec-2021 | 1.3 KiB | 30 | 29 |
| ml_high_count_network_events.json | H A D | 18-Dec-2021 | 1.3 KiB | 30 | 29 |
| ml_linux_anomalous_compiler_activity.json | H A D | 18-Dec-2021 | 968 | 28 | 27 |
| ml_linux_anomalous_kernel_module_arguments.json | H A D | 18-Dec-2021 | 1.5 KiB | 52 | 51 |
| ml_linux_anomalous_metadata_process.json | H A D | 18-Dec-2021 | 913 | 31 | 30 |
| ml_linux_anomalous_metadata_user.json | H A D | 18-Dec-2021 | 1,009 | 31 | 30 |
| ml_linux_anomalous_network_activity.json | H A D | 18-Dec-2021 | 2.2 KiB | 29 | 28 |
| ml_linux_anomalous_network_port_activity.json | H A D | 18-Dec-2021 | 1 KiB | 34 | 33 |
| ml_linux_anomalous_network_service.json | H A D | 18-Dec-2021 | 865 | 31 | 30 |
| ml_linux_anomalous_network_url_activity.json | H A D | 18-Dec-2021 | 1.3 KiB | 31 | 30 |
| ml_linux_anomalous_process_all_hosts.json | H A D | 18-Dec-2021 | 1.9 KiB | 35 | 34 |
| ml_linux_anomalous_sudo_activity.json | H A D | 18-Dec-2021 | 1.6 KiB | 60 | 59 |
| ml_linux_anomalous_user_name.json | H A D | 18-Dec-2021 | 2.6 KiB | 35 | 34 |
| ml_linux_system_information_discovery.json | H A D | 18-Dec-2021 | 1.5 KiB | 45 | 44 |
| ml_linux_system_network_configuration_discovery.json | H A D | 18-Dec-2021 | 1.6 KiB | 45 | 44 |
| ml_linux_system_network_connection_discovery.json | H A D | 18-Dec-2021 | 1.5 KiB | 45 | 44 |
| ml_linux_system_process_discovery.json | H A D | 18-Dec-2021 | 1.5 KiB | 45 | 44 |
| ml_linux_system_user_discovery.json | H A D | 18-Dec-2021 | 1.5 KiB | 45 | 44 |
| ml_packetbeat_dns_tunneling.json | H A D | 18-Dec-2021 | 1.1 KiB | 30 | 29 |
| ml_packetbeat_rare_dns_question.json | H A D | 18-Dec-2021 | 1.4 KiB | 30 | 29 |
| ml_packetbeat_rare_server_domain.json | H A D | 18-Dec-2021 | 1.5 KiB | 30 | 29 |
| ml_packetbeat_rare_urls.json | H A D | 18-Dec-2021 | 1.9 KiB | 30 | 29 |
| ml_packetbeat_rare_user_agent.json | H A D | 18-Dec-2021 | 1.6 KiB | 30 | 29 |
| ml_rare_destination_country.json | H A D | 18-Dec-2021 | 1.7 KiB | 30 | 29 |
| ml_rare_process_by_host_linux.json | H A D | 18-Dec-2021 | 1.9 KiB | 35 | 34 |
| ml_rare_process_by_host_windows.json | H A D | 18-Dec-2021 | 3.9 KiB | 35 | 34 |
| ml_spike_in_traffic_to_a_country.json | H A D | 18-Dec-2021 | 1.6 KiB | 30 | 29 |
| ml_suspicious_login_activity.json | H A D | 18-Dec-2021 | 857 | 31 | 30 |
| ml_windows_anomalous_metadata_process.json | H A D | 18-Dec-2021 | 921 | 31 | 30 |
| ml_windows_anomalous_metadata_user.json | H A D | 18-Dec-2021 | 1,017 | 31 | 30 |
| ml_windows_anomalous_network_activity.json | H A D | 18-Dec-2021 | 2.9 KiB | 35 | 34 |
| ml_windows_anomalous_path_activity.json | H A D | 18-Dec-2021 | 1.4 KiB | 34 | 33 |
| ml_windows_anomalous_process_all_hosts.json | H A D | 18-Dec-2021 | 2.6 KiB | 35 | 34 |
| ml_windows_anomalous_process_creation.json | H A D | 18-Dec-2021 | 1.6 KiB | 34 | 33 |
| ml_windows_anomalous_script.json | H A D | 18-Dec-2021 | 981 | 31 | 30 |
| ml_windows_anomalous_service.json | H A D | 18-Dec-2021 | 1.1 KiB | 31 | 30 |
| ml_windows_anomalous_user_name.json | H A D | 18-Dec-2021 | 2.8 KiB | 35 | 34 |
| ml_windows_rare_user_runas_event.json | H A D | 18-Dec-2021 | 1.1 KiB | 31 | 30 |
| ml_windows_rare_user_type10_remote_login.json | H A D | 18-Dec-2021 | 1.6 KiB | 32 | 31 |
| okta_attempt_to_deactivate_okta_application.json | H A D | 18-Dec-2021 | 1.4 KiB | 38 | 37 |
| okta_attempt_to_deactivate_okta_policy.json | H A D | 18-Dec-2021 | 1.4 KiB | 38 | 37 |
| okta_attempt_to_deactivate_okta_policy_rule.json | H A D | 18-Dec-2021 | 1.3 KiB | 38 | 37 |
| okta_attempt_to_delete_okta_application.json | H A D | 18-Dec-2021 | 1.3 KiB | 37 | 36 |
| okta_attempt_to_delete_okta_policy.json | H A D | 18-Dec-2021 | 1.4 KiB | 38 | 37 |
| okta_attempt_to_delete_okta_policy_rule.json | H A D | 18-Dec-2021 | 1.3 KiB | 38 | 37 |
| okta_attempt_to_modify_okta_application.json | H A D | 18-Dec-2021 | 1.3 KiB | 38 | 37 |
| okta_attempt_to_modify_okta_network_zone.json | H A D | 18-Dec-2021 | 1.5 KiB | 38 | 37 |
| okta_attempt_to_modify_okta_policy.json | H A D | 18-Dec-2021 | 1.3 KiB | 37 | 36 |
| okta_attempt_to_modify_okta_policy_rule.json | H A D | 18-Dec-2021 | 1.3 KiB | 38 | 37 |
| okta_attempt_to_modify_or_delete_application_sign_on_policy.json | H A D | 18-Dec-2021 | 1.5 KiB | 38 | 37 |
| okta_threat_detected_by_okta_threatinsight.json | H A D | 18-Dec-2021 | 1.2 KiB | 34 | 33 |
| persistence_account_creation_hide_at_logon.json | H A D | 18-Dec-2021 | 1.5 KiB | 56 | 55 |
| persistence_administrator_privileges_assigned_to_okta_group.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| persistence_administrator_role_assigned_to_okta_user.json | H A D | 18-Dec-2021 | 1.8 KiB | 54 | 53 |
| persistence_adobe_hijack_persistence.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| persistence_app_compat_shim.json | H A D | 18-Dec-2021 | 1.7 KiB | 53 | 52 |
| persistence_appcertdlls_registry.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| persistence_appinitdlls_registry.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| persistence_attempt_to_create_okta_api_token.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| persistence_attempt_to_deactivate_mfa_for_okta_user_account.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| persistence_azure_automation_account_created.json | H A D | 18-Dec-2021 | 2.2 KiB | 69 | 68 |
| persistence_azure_automation_runbook_created_or_modified.json | H A D | 18-Dec-2021 | 1.6 KiB | 37 | 36 |
| persistence_azure_automation_webhook_created.json | H A D | 18-Dec-2021 | 1.6 KiB | 37 | 36 |
| persistence_azure_conditional_access_policy_modified.json | H A D | 18-Dec-2021 | 1.8 KiB | 51 | 50 |
| persistence_azure_pim_user_added_global_admin.json | H A D | 18-Dec-2021 | 2.4 KiB | 53 | 52 |
| persistence_azure_privileged_identity_management_role_modified.json | H A D | 18-Dec-2021 | 2.3 KiB | 67 | 66 |
| persistence_creation_change_launch_agents_file.json | H A D | 18-Dec-2021 | 1.8 KiB | 58 | 57 |
| persistence_creation_hidden_login_item_osascript.json | H A D | 18-Dec-2021 | 2.1 KiB | 76 | 75 |
| persistence_creation_modif_launch_deamon_sequence.json | H A D | 18-Dec-2021 | 1.5 KiB | 51 | 50 |
| persistence_credential_access_authorization_plugin_creation.json | H A D | 18-Dec-2021 | 1.8 KiB | 57 | 56 |
| persistence_credential_access_modify_auth_module_or_config.json | H A D | 18-Dec-2021 | 3.1 KiB | 72 | 71 |
| persistence_credential_access_modify_ssh_binaries.json | H A D | 18-Dec-2021 | 2 KiB | 68 | 67 |
| persistence_defense_evasion_hidden_launch_agent_deamon_logonitem_process.json | H A D | 18-Dec-2021 | 2.4 KiB | 81 | 80 |
| persistence_directory_services_plugins_modification.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| persistence_docker_shortcuts_plist_modification.json | H A D | 18-Dec-2021 | 1.5 KiB | 49 | 48 |
| persistence_ec2_network_acl_creation.json | H A D | 18-Dec-2021 | 2.1 KiB | 58 | 57 |
| persistence_ec2_security_group_configuration_change_detection.json | H A D | 18-Dec-2021 | 2.6 KiB | 72 | 71 |
| persistence_emond_rules_file_creation.json | H A D | 18-Dec-2021 | 1.5 KiB | 56 | 55 |
| persistence_emond_rules_process_execution.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| persistence_enable_root_account.json | H A D | 18-Dec-2021 | 1.5 KiB | 56 | 55 |
| persistence_evasion_hidden_launch_agent_deamon_creation.json | H A D | 18-Dec-2021 | 2.4 KiB | 79 | 78 |
| persistence_evasion_hidden_local_account_creation.json | H A D | 18-Dec-2021 | 1.7 KiB | 58 | 57 |
| persistence_evasion_registry_ifeo_injection.json | H A D | 18-Dec-2021 | 2.3 KiB | 57 | 56 |
| persistence_evasion_registry_startup_shell_folder_modified.json | H A D | 18-Dec-2021 | 4.5 KiB | 55 | 54 |
| persistence_exchange_suspicious_mailbox_right_delegation.json | H A D | 18-Dec-2021 | 1.9 KiB | 58 | 57 |
| persistence_finder_sync_plugin_pluginkit.json | H A D | 18-Dec-2021 | 2 KiB | 51 | 50 |
| persistence_folder_action_scripts_runtime.json | H A D | 18-Dec-2021 | 1.9 KiB | 64 | 63 |
| persistence_gcp_iam_service_account_key_deletion.json | H A D | 18-Dec-2021 | 2.1 KiB | 54 | 53 |
| persistence_gcp_key_created_for_service_account.json | H A D | 18-Dec-2021 | 2.1 KiB | 54 | 53 |
| persistence_gcp_service_account_created.json | H A D | 18-Dec-2021 | 2 KiB | 53 | 52 |
| persistence_google_workspace_admin_role_assigned_to_user.json | H A D | 18-Dec-2021 | 2.7 KiB | 55 | 54 |
| persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.json | H A D | 18-Dec-2021 | 2.8 KiB | 55 | 54 |
| persistence_google_workspace_custom_admin_role_created.json | H A D | 18-Dec-2021 | 2.6 KiB | 55 | 54 |
| persistence_google_workspace_role_modified.json | H A D | 18-Dec-2021 | 2.6 KiB | 55 | 54 |
| persistence_gpo_schtask_service_creation.json | H A D | 18-Dec-2021 | 1.8 KiB | 54 | 53 |
| persistence_iam_group_creation.json | H A D | 18-Dec-2021 | 2.1 KiB | 63 | 62 |
| persistence_kde_autostart_modification.json | H A D | 18-Dec-2021 | 2.2 KiB | 51 | 50 |
| persistence_local_scheduled_job_creation.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| persistence_local_scheduled_task_creation.json | H A D | 18-Dec-2021 | 2.5 KiB | 57 | 56 |
| persistence_local_scheduled_task_scripting.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| persistence_login_logout_hooks_defaults.json | H A D | 18-Dec-2021 | 1.8 KiB | 50 | 49 |
| persistence_loginwindow_plist_modification.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| persistence_mfa_disabled_for_azure_user.json | H A D | 18-Dec-2021 | 1.4 KiB | 48 | 47 |
| persistence_microsoft_365_exchange_management_role_assignment.json | H A D | 18-Dec-2021 | 1.9 KiB | 55 | 54 |
| persistence_microsoft_365_teams_external_access_enabled.json | H A D | 18-Dec-2021 | 2 KiB | 54 | 53 |
| persistence_microsoft_365_teams_guest_access_enabled.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| persistence_modification_sublime_app_plugin_or_script.json | H A D | 18-Dec-2021 | 1.8 KiB | 49 | 48 |
| persistence_ms_office_addins_file.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| persistence_ms_outlook_vba_template.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| persistence_periodic_tasks_file_mdofiy.json | H A D | 18-Dec-2021 | 1.7 KiB | 58 | 57 |
| persistence_powershell_exch_mailbox_activesync_add_device.json | H A D | 18-Dec-2021 | 1.9 KiB | 61 | 60 |
| persistence_priv_escalation_via_accessibility_features.json | H A D | 18-Dec-2021 | 3.1 KiB | 79 | 78 |
| persistence_rds_cluster_creation.json | H A D | 18-Dec-2021 | 2.3 KiB | 67 | 66 |
| persistence_rds_group_creation.json | H A D | 18-Dec-2021 | 2 KiB | 63 | 62 |
| persistence_rds_instance_creation.json | H A D | 18-Dec-2021 | 1.6 KiB | 50 | 49 |
| persistence_registry_uncommon.json | H A D | 18-Dec-2021 | 7.4 KiB | 72 | 71 |
| persistence_route_53_domain_transfer_lock_disabled.json | H A D | 18-Dec-2021 | 2.2 KiB | 66 | 65 |
| persistence_route_53_domain_transferred_to_another_account.json | H A D | 18-Dec-2021 | 2.1 KiB | 65 | 64 |
| persistence_route_53_hosted_zone_associated_with_a_vpc.json | H A D | 18-Dec-2021 | 1.7 KiB | 55 | 54 |
| persistence_route_table_created.json | H A D | 18-Dec-2021 | 1.9 KiB | 52 | 51 |
| persistence_route_table_modified_or_deleted.json | H A D | 18-Dec-2021 | 2.3 KiB | 56 | 55 |
| persistence_run_key_and_startup_broad.json | H A D | 18-Dec-2021 | 3.4 KiB | 54 | 53 |
| persistence_runtime_run_key_startup_susp_procs.json | H A D | 18-Dec-2021 | 2.6 KiB | 53 | 52 |
| persistence_screensaver_engine_unexpected_child_process.json | H A D | 18-Dec-2021 | 1.9 KiB | 51 | 50 |
| persistence_screensaver_plist_file_modification.json | H A D | 18-Dec-2021 | 2.3 KiB | 51 | 50 |
| persistence_services_registry.json | H A D | 18-Dec-2021 | 2.6 KiB | 54 | 53 |
| persistence_shell_activity_by_web_server.json | H A D | 18-Dec-2021 | 1.6 KiB | 59 | 58 |
| persistence_shell_profile_modification.json | H A D | 18-Dec-2021 | 2.7 KiB | 60 | 59 |
| persistence_ssh_authorized_keys_modification.json | H A D | 18-Dec-2021 | 2 KiB | 54 | 53 |
| persistence_startup_folder_file_written_by_suspicious_process.json | H A D | 18-Dec-2021 | 2.3 KiB | 54 | 53 |
| persistence_startup_folder_file_written_by_unsigned_process.json | H A D | 18-Dec-2021 | 2.1 KiB | 51 | 50 |
| persistence_startup_folder_scripts.json | H A D | 18-Dec-2021 | 1.9 KiB | 54 | 53 |
| persistence_suspicious_calendar_modification.json | H A D | 18-Dec-2021 | 1.8 KiB | 54 | 53 |
| persistence_suspicious_com_hijack_registry.json | H A D | 18-Dec-2021 | 2.4 KiB | 57 | 56 |
| persistence_suspicious_image_load_scheduled_task_ms_office.json | H A D | 18-Dec-2021 | 1.8 KiB | 51 | 50 |
| persistence_suspicious_scheduled_task_runtime.json | H A D | 18-Dec-2021 | 2.8 KiB | 57 | 56 |
| persistence_suspicious_service_created_registry.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| persistence_system_shells_via_services.json | H A D | 18-Dec-2021 | 1.6 KiB | 54 | 53 |
| persistence_time_provider_mod.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| persistence_user_account_added_to_privileged_group_ad.json | H A D | 18-Dec-2021 | 1.8 KiB | 50 | 49 |
| persistence_user_account_creation.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| persistence_user_added_as_owner_for_azure_application.json | H A D | 18-Dec-2021 | 1.4 KiB | 48 | 47 |
| persistence_user_added_as_owner_for_azure_service_principal.json | H A D | 18-Dec-2021 | 1.8 KiB | 51 | 50 |
| persistence_via_application_shimming.json | H A D | 18-Dec-2021 | 2.1 KiB | 76 | 75 |
| persistence_via_atom_init_file_modification.json | H A D | 18-Dec-2021 | 1.1 KiB | 33 | 32 |
| persistence_via_bits_job_notify_command.json | H A D | 18-Dec-2021 | 2 KiB | 53 | 52 |
| persistence_via_hidden_run_key_valuename.json | H A D | 18-Dec-2021 | 2.2 KiB | 58 | 57 |
| persistence_via_lsa_security_support_provider_registry.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| persistence_via_telemetrycontroller_scheduledtask_hijack.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| persistence_via_update_orchestrator_service_hijack.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| persistence_via_windows_management_instrumentation_event_subscription.json | H A D | 18-Dec-2021 | 1.8 KiB | 54 | 53 |
| persistence_via_wmi_stdregprov_run_services.json | H A D | 18-Dec-2021 | 4.9 KiB | 84 | 83 |
| persistence_webshell_detection.json | H A D | 18-Dec-2021 | 2.5 KiB | 76 | 75 |
| privilege_escalation_applescript_with_admin_privs.json | H A D | 18-Dec-2021 | 1.7 KiB | 65 | 64 |
| privilege_escalation_aws_suspicious_saml_activity.json | H A D | 18-Dec-2021 | 2.5 KiB | 77 | 76 |
| privilege_escalation_cyberarkpas_error_audit_event_promotion.json | H A D | 18-Dec-2021 | 2.1 KiB | 64 | 63 |
| privilege_escalation_cyberarkpas_recommended_events_to_monitor_promotion.json | H A D | 18-Dec-2021 | 2.4 KiB | 64 | 63 |
| privilege_escalation_disable_uac_registry.json | H A D | 18-Dec-2021 | 3 KiB | 81 | 80 |
| privilege_escalation_echo_nopasswd_sudoers.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| privilege_escalation_explicit_creds_via_scripting.json | H A D | 18-Dec-2021 | 2 KiB | 66 | 65 |
| privilege_escalation_exploit_adobe_acrobat_updater.json | H A D | 18-Dec-2021 | 2.1 KiB | 52 | 51 |
| privilege_escalation_gcp_kubernetes_rolebindings_created_or_patched.json | H A D | 18-Dec-2021 | 1.7 KiB | 48 | 47 |
| privilege_escalation_ld_preload_shared_object_modif.json | H A D | 18-Dec-2021 | 1.6 KiB | 56 | 55 |
| privilege_escalation_local_user_added_to_admin.json | H A D | 18-Dec-2021 | 1.6 KiB | 56 | 55 |
| privilege_escalation_lsa_auth_package.json | H A D | 18-Dec-2021 | 2.3 KiB | 76 | 75 |
| privilege_escalation_named_pipe_impersonation.json | H A D | 18-Dec-2021 | 1.5 KiB | 50 | 49 |
| privilege_escalation_new_or_modified_federation_domain.json | H A D | 18-Dec-2021 | 2.4 KiB | 62 | 61 |
| privilege_escalation_persistence_phantom_dll.json | H A D | 18-Dec-2021 | 3.1 KiB | 85 | 84 |
| privilege_escalation_port_monitor_print_pocessor_abuse.json | H A D | 18-Dec-2021 | 2.6 KiB | 79 | 78 |
| privilege_escalation_printspooler_malicious_driver_file_changes.json | H A D | 18-Dec-2021 | 1.7 KiB | 51 | 50 |
| privilege_escalation_printspooler_malicious_registry_modification.json | H A D | 18-Dec-2021 | 1.8 KiB | 50 | 49 |
| privilege_escalation_printspooler_registry_copyfiles.json | H A D | 18-Dec-2021 | 2.1 KiB | 51 | 50 |
| privilege_escalation_printspooler_service_suspicious_file.json | H A D | 18-Dec-2021 | 1.7 KiB | 51 | 50 |
| privilege_escalation_printspooler_suspicious_file_deletion.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| privilege_escalation_printspooler_suspicious_spl_file.json | H A D | 18-Dec-2021 | 1.8 KiB | 51 | 50 |
| privilege_escalation_rogue_windir_environment_var.json | H A D | 18-Dec-2021 | 1.7 KiB | 57 | 56 |
| privilege_escalation_root_crontab_filemod.json | H A D | 18-Dec-2021 | 1.6 KiB | 57 | 56 |
| privilege_escalation_root_login_without_mfa.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| privilege_escalation_setuid_setgid_bit_set_via_chmod.json | H A D | 18-Dec-2021 | 3.1 KiB | 64 | 63 |
| privilege_escalation_sts_assumerole_usage.json | H A D | 18-Dec-2021 | 2.3 KiB | 75 | 74 |
| privilege_escalation_sts_getsessiontoken_abuse.json | H A D | 18-Dec-2021 | 2.4 KiB | 75 | 74 |
| privilege_escalation_sudo_buffer_overflow.json | H A D | 18-Dec-2021 | 2.1 KiB | 61 | 60 |
| privilege_escalation_sudoers_file_mod.json | H A D | 18-Dec-2021 | 1.5 KiB | 54 | 53 |
| privilege_escalation_uac_bypass_com_clipup.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| privilege_escalation_uac_bypass_com_ieinstal.json | H A D | 18-Dec-2021 | 1.9 KiB | 57 | 56 |
| privilege_escalation_uac_bypass_com_interface_icmluautil.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| privilege_escalation_uac_bypass_diskcleanup_hijack.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| privilege_escalation_uac_bypass_dll_sideloading.json | H A D | 18-Dec-2021 | 2 KiB | 57 | 56 |
| privilege_escalation_uac_bypass_event_viewer.json | H A D | 18-Dec-2021 | 1.7 KiB | 54 | 53 |
| privilege_escalation_uac_bypass_mock_windir.json | H A D | 18-Dec-2021 | 1.7 KiB | 57 | 56 |
| privilege_escalation_uac_bypass_winfw_mmc_hijack.json | H A D | 18-Dec-2021 | 1.8 KiB | 57 | 56 |
| privilege_escalation_unusual_parentchild_relationship.json | H A D | 18-Dec-2021 | 4.2 KiB | 58 | 57 |
| privilege_escalation_unusual_printspooler_childprocess.json | H A D | 18-Dec-2021 | 2.3 KiB | 54 | 53 |
| privilege_escalation_unusual_svchost_childproc_childless.json | H A D | 18-Dec-2021 | 2.7 KiB | 73 | 72 |
| privilege_escalation_updateassumerolepolicy.json | H A D | 18-Dec-2021 | 1.8 KiB | 55 | 54 |
| threat_intel_module_match.json | H A D | 18-Dec-2021 | 7.4 KiB | 199 | 198 |