| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1059 |
Command and Scripting Interpreter |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1059.004 |
Unix Shell |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1068 |
Exploitation for Privilege Escalation |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1098 |
Account Manipulation |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1098.004 |
SSH Authorized Keys |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1547 |
Boot or Logon Autostart Execution |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1547.006 |
Kernel Modules and Extensions |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1136 |
Create Account |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1136.001 |
Local Account |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1505 |
Server Software Component |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1505.003 |
Web Shell |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1564 |
Hide Artifacts |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1564.001 |
Hidden Files and Directories |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1564.006 |
Run Virtual Instance |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1562 |
Impair Defenses |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1562.004 |
Disable or Modify System Firewall |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1562.006 |
Indicator Blocking |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070 |
Indicator Removal on Host |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070.002 |
Clear Linux or Mac System Logs |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070.003 |
Clear Command History |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1027 |
Obfuscated Files or Information |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1027.004 |
Compile After Delivery |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110 |
Brute Force |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.001 |
Password Guessing |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.003 |
Password Spraying |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.004 |
Credential Stuffing |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1003 |
OS Credential Dumping |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1003.008 |
/etc/passwd and /etc/shadow |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1021 |
Remote Services |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1021.004 |
SSH |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1525 |
Implant Container Image |
| linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1113 |
Screen Capture |
