Filter Usecases
×Level
Threat Category
MITRE ATT&CK
Primary data source
Filter applied :
Platform: Windows × Clear all
1-20 of 1247
Rule Name
Level
MITRE ATT&CK
Category
Last Updated
BloodHound and Active Directory enumeration
L2 - Investigation
TA0007
Identity and Access
Last updated: May 5, 2026
View detailsAD Group Policy abuse
L2 - Investigation
TA0004
Identity and Access
Last updated: May 5, 2026
View detailsNTLM relay and coercion attack
L1 - Triage
TA0006
Identity and Access
Last updated: May 5, 2026
View detailsMFA bypass and fatigue attack
L2 - Investigation
TA0006
Identity and Access
Last updated: May 5, 2026
View detailsADCS abuse
L2 - Investigation, L3 - Incident
TA0006
Identity and Access
Last updated: May 5, 2026
View detailsScheduled task manipulation
L2 - Investigation
TA0003
Endpoint
Last updated: April 10, 2026
View detailsS3 bucket access anomalies
L2 - Investigation
TA0010
Cloud and SaaS
Last updated: April 10, 2026
View detailsSuspicious AWS IAM activity
L2 - Investigation
TA0004
Cloud and SaaS
Last updated: April 10, 2026
View detailsWeb shell installation
L3 - Incident
TA0003
Application and Data
Last updated: April 10, 2026
View detailsWindows Registry Evasion
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View detailsShadow IT monitoring
L2 - Investigation
TA0007
Cloud and SaaS
Last updated: April 10, 2026
View detailsMalicious process hunting lineage
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View detailsColumn integrity monitoring
L2 - Investigation
TA0040
Application and Data
Last updated: April 10, 2026
View detailsDark web - Corporate IDs in SaaS apps
L1 - Triage
TA0006
Identity and Access
Last updated: April 10, 2026
View detailsShort lived admin accounts
L2 - Investigation
TA0004
Identity and Access
Last updated: April 10, 2026
View detailsCredential dumping tools
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View detailsPrivilege escalation through service account misuse
L3 - Incident
TA0004
Identity and Access
Last updated: April 10, 2026
View detailsUnauthorized PowerShell remote session
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View detailsCross-site scripting (XSS) leading to session theft
L3 - Incident
TA0006
Application and Data
Last updated: April 10, 2026
View detailsUnauthorized four-eyes authorization disabling in Veeam
L3 - Incident
TA0040
Application and Data
Last updated: April 10, 2026
View detailsFailover plan tampering in Veeam solutions
L3 - Incident
TA0005
Application and Data
Last updated: April 10, 2026
View detailsCommand line obfuscation
L2 - Investigation
TA0005
TA0002
Endpoint
Last updated: April 10, 2026
View detailsNetwork share tampering
L2 - Investigation
TA0005
TA0040
Network
Last updated: April 10, 2026
View detailsUnattended system login detection
L2 - Investigation
TA0003
TA0006
TA0005
Identity and Access
Last updated: April 10, 2026
View detailsAD backup extraction
L2 - Investigation
TA0006
Identity and Access
Last updated: April 10, 2026
View detailsAD database tampering
L2 - Investigation
TA0006
TA0003
TA0005
Identity and Access
Last updated: April 10, 2026
View detailsBoot configuration tampering
L2 - Investigation
TA0005
TA0040
Endpoint
Last updated: April 10, 2026
View detailsCloud brute force login attempts
L1 - Triage
TA0006
TA0001
Cloud and SaaS
Last updated: April 10, 2026
View detailsDLL injection via registry
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View detailsRegistry security controls disabled
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View detailsSecurity logging and monitoring disabled
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View detailsSystem level account management activity
L2 - Investigation
TA0004
TA0003
TA0005
Identity and Access
Last updated: April 10, 2026
View detailsSystem time discovery activity
L1 - Triage
TA0007
Endpoint
Last updated: April 10, 2026
View detailsAutomated file system enumeration
L2 - Investigation
TA0009
Endpoint
Last updated: April 10, 2026
View detailsBITS service abuse detection
L2 - Investigation
TA0005
TA0003
TA0011
Endpoint
Last updated: April 10, 2026
View detailsCritical service disruption
L2 - Investigation
TA0040
TA0005
TA0003
Endpoint
Last updated: April 10, 2026
View detailsDarkgate malware account creation
L2 - Investigation
TA0003
TA0004
Endpoint
Last updated: April 10, 2026
View detailsData staging for exfiltration
L2 - Investigation
TA0010
Application and Data
Last updated: April 10, 2026
View detailsDB master credentials changed
L2 - Investigation
TA0003
Cloud and SaaS
Last updated: April 10, 2026
View detailsFailed privilege elevation attempts
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View detailsKerberos authentication attacks
L2 - Investigation
TA0006
Identity and Access
Last updated: April 10, 2026
View detailsNetwork firewall weakening
L2 - Investigation
TA0005
Network
Last updated: April 10, 2026
View detailsVmware esxi privilege escalation attack
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View details
