alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1078 |
Valid Accounts |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1078.003 |
Local Accounts |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1078.001 |
Default Accounts |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1059 |
Command and Scripting Interpreter |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
significant |
T1059.001 |
PowerShell |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
significant |
T1059.003 |
Windows Command Shell |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1204 |
User Execution |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1204.002 |
Malicious File |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1547 |
Boot or Logon Autostart Execution |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1547.001 |
Registry Run Keys / Startup Folder |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1136 |
Create Account |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1136.001 |
Local Account |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1543 |
Create or Modify System Process |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1543.003 |
Windows Service |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1546 |
Event Triggered Execution |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1546.002 |
Screensaver |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1546.008 |
Accessibility Features |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1548 |
Abuse Elevation Control Mechanism |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1548.002 |
Bypass User Account Control |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055 |
Process Injection |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.001 |
Dynamic-link Library Injection |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.002 |
Portable Executable Injection |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.003 |
Thread Execution Hijacking |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.005 |
Thread Local Storage |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.004 |
Asynchronous Procedure Call |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.011 |
Extra Window Memory Injection |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.012 |
Process Hollowing |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1055.013 |
Process Doppelgänging |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1203 |
Exploitation for Client Execution |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1212 |
Exploitation for Credential Access |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1211 |
Exploitation for Defense Evasion |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1068 |
Exploitation for Privilege Escalation |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1210 |
Exploitation of Remote Services |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1190 |
Exploit Public-Facing Application |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1189 |
Drive-by Compromise |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1140 |
Deobfuscate/Decode Files or Information |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1222 |
File and Directory Permissions Modification |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1222.001 |
Windows File and Directory Permissions Modification |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1564 |
Hide Artifacts |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1564.003 |
Hidden Window |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1562 |
Impair Defenses |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1562.004 |
Disable or Modify System Firewall |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1562.001 |
Disable or Modify Tools |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1070 |
Indicator Removal on Host |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1070.004 |
File Deletion |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1070.001 |
Clear Windows Event Logs |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1112 |
Modify Registry |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1027 |
Obfuscated Files or Information |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1218 |
Signed Binary Proxy Execution |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1218.005 |
Mshta |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1218.011 |
Rundll32 |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1110 |
Brute Force |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
significant |
T1110.003 |
Password Spraying |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
significant |
T1110.001 |
Password Guessing |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
significant |
T1110.004 |
Credential Stuffing |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1003 |
OS Credential Dumping |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1003.004 |
LSA Secrets |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1558 |
Steal or Forge Kerberos Tickets |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1558.001 |
Golden Ticket |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1087 |
Account Discovery |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1087.001 |
Local Account |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1087.002 |
Domain Account |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1082 |
System Information Discovery |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1563 |
Remote Service Session Hijacking |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1563.002 |
RDP Hijacking |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
partial |
T1105 |
Ingress Tool Transfer |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1048 |
Exfiltration Over Alternative Protocol |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1489 |
Service Stop |
alerts_for_windows_machines |
Alerts for Windows Machines |
detect |
minimal |
T1202 |
Indirect Command Execution |