linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1059 |
Command and Scripting Interpreter |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1059.004 |
Unix Shell |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1068 |
Exploitation for Privilege Escalation |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1098 |
Account Manipulation |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1098.004 |
SSH Authorized Keys |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1547 |
Boot or Logon Autostart Execution |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1547.006 |
Kernel Modules and Extensions |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1136 |
Create Account |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1136.001 |
Local Account |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1505 |
Server Software Component |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1505.003 |
Web Shell |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1564 |
Hide Artifacts |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1564.001 |
Hidden Files and Directories |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1564.006 |
Run Virtual Instance |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1562 |
Impair Defenses |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1562.004 |
Disable or Modify System Firewall |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1562.006 |
Indicator Blocking |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070 |
Indicator Removal on Host |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070.002 |
Clear Linux or Mac System Logs |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1070.003 |
Clear Command History |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1027 |
Obfuscated Files or Information |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1027.004 |
Compile After Delivery |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110 |
Brute Force |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.001 |
Password Guessing |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.003 |
Password Spraying |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1110.004 |
Credential Stuffing |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1003 |
OS Credential Dumping |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1003.008 |
/etc/passwd and /etc/shadow |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
minimal |
T1021 |
Remote Services |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1021.004 |
SSH |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1525 |
Implant Container Image |
linux_auditd_alerts_and_log_analytics_agent_integration |
Linux auditd alerts and Log Analytics agent integration |
detect |
partial |
T1113 |
Screen Capture |