Bitdefender - Trusted binary investigation and containment
TA0002T1059T1059.001
Last updated: April 7, 2026
View details
Bitdefender - Obfuscated PS VSS deletion response
TA0040T1565T1565.001
Last updated: April 7, 2026
View details
Bitdefender - Scan task execution
Last updated: April 7, 2026
View details
Okta - Block IP or ASN
Last updated: April 7, 2026
View details
Okta - Account lockout response
TA0040TA0006T1531T1110
Last updated: April 7, 2026
View details
Okta - Suspicious activity remediation
TA0003T1556T1556.006
Last updated: April 7, 2026
View details
Sophos Central - High-risk endpoint verification
TA0005T1562T1562.001
Last updated: April 7, 2026
View details
CrowdStrike Falcon- Unauthorized admin role assignment response
TA0002T1098
Last updated: April 7, 2026
View details
CrowdStrike Falcon - Unauthorized tamper protection deactivation response
TA0005T1211T1562T1562.001
Last updated: April 7, 2026
View details
CrowdStrike Falcon - Sensor removal alert response
TA0005T1211T1562T1562.001
Last updated: April 7, 2026
View details
CrowdStrike Falcon - Block IP
Last updated: April 7, 2026
View details
VirusTotal - URL reputation check
Last updated: April 7, 2026
View details
Log360 Cloud - Create or update incident
Last updated: May 12, 2026
View details
Windows - Shadow Copy deletion remediation
TA0005T1027T1027.003
Last updated: May 12, 2026
View details
Windows - File enrichment
TA0005T1036T1553T1553.002TA0002T1204T1204.002
Last updated: May 12, 2026
View details
Windows Defender quick scan
Last updated: May 12, 2026
View details
Suspicious parent process spawning mitigation
TA0005T1036TA0002T1204T1204.002
Last updated: May 12, 2026
View details
Windows Defender Protection
TA0005T1562T1562.001
Last updated: May 12, 2026
View details
Ryuk WoL execution mitigation
TA0002T1059
Last updated: May 12, 2026
View details
Wsmprovhost LOLBAS execution mitigation
TA0008T1021T1021.006
Last updated: May 12, 2026
View details
Excessive service disablement mitigation
TA0005T1562T1562.001TA0040T1489
Last updated: May 12, 2026
View details
Windows Explorer masquerading mitigation
TA0005T1036TA0002T1059T1059.001
Last updated: May 12, 2026
View details
Investigation of repeated Windows backup failures
TA0040T1490
Last updated: May 12, 2026
View details
Account lockout incident management
TA0006T1110T1110.001
Last updated: May 12, 2026
View details
Repeated registry entry failure analysis
TA0003T1112T1547T1547.001
Last updated: May 12, 2026
View details
Hidden local user account detection and mitigation
TA0003T1562T1136.001
Last updated: May 12, 2026
View details
InstallUtil download investigation playbook
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
File injection exploit remediation
Last updated: May 12, 2026
View details
Unauthorized SAM export remediation
TA0006T1003T1003.002T1003.004
Last updated: May 12, 2026
View details
WLAN credential exposure mitigation
TA0007T1016T1016.002
Last updated: May 12, 2026
View details
Detection and response to RDP session hijack via tscon.exe
TA0008T1563T1563.002
Last updated: May 12, 2026
View details
Detection and response to alternate data streams
TA0005T1027T1027.003
Last updated: May 12, 2026
View details
Suspicious command execution or file injection remediation
TA0008T1563T1563.002
Last updated: May 12, 2026
View details
Dump file threat containment
TA0006T1003T1003.002T1003.004
Last updated: May 12, 2026
View details
Response workflow for Mimikatz execution
TA0006T1003T1003.001T1003.002T1003.004
Last updated: May 12, 2026
View details
Privilege escalation threat containment
TA0005T1036T1036.004TA0004T1068
Last updated: May 12, 2026
View details
Credential theft containment
TA0006T1110T1110.003T1110.004
Last updated: May 12, 2026
View details
Unauthorized exploitation tool containment
TA0007T1087T1087.002
Last updated: May 12, 2026
View details
Rubeus incident response
TA0006T1558T1558.003
Last updated: May 12, 2026
View details
Brute force investigation and response for Windows
TA0006T1110
Last updated: May 12, 2026
View details
Ransomware containment and remediation
TA0040T1486
Last updated: May 12, 2026
View details
DSRM account compromise detection and remediation
TA0005T1078T1078.003
Last updated: May 12, 2026
View details
AlwaysInstallElevated abuse response
TA0004T1218T1218.007
Last updated: May 12, 2026
View details
Multiple failed sudo attempts investigation
TA0006T1110T1110.001
Last updated: May 12, 2026
View details
Syslog service interruption detection and response
TA0006T1562T1562.012
Last updated: May 12, 2026
View details
Cisco Duo – Risky login from untrusted endpoint
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
Cisco Duo – Authentication downgrade attempt detection and response
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
Cisco Duo - Multiple failed logon attempts
TA0006T1110T1110.001
Last updated: May 12, 2026
View details
Cisco Duo - Bulk user deletion
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
Cisco Duo – MFA abuse alert handling
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
Abnormal policy change investigation and remediation
TA0005T1218T1218.004
Last updated: May 12, 2026
View details
Cisco Duo - Block IP
Last updated: May 12, 2026
View details
Cisco Duo - Add user to group
Last updated: May 12, 2026
View details
Okta - Multi-logon failure defense
TA0001T1078T1078.004
Last updated: May 12, 2026
View details
Okta - Self-service unlock abuse response
TA0001T1078T1078.004
Last updated: May 12, 2026
View details
Okta - MFA fatigue remediation
TA0006T1621
Last updated: May 12, 2026
View details
CrowdStrike - Concurrent user login containment
TA0006T1110T1110.003
Last updated: May 12, 2026
View details
VirusTotal - IP reputation
Last updated: May 12, 2026
View details
Okta - Policy creation
Last updated: May 12, 2026
View details
CrowdStrike: User account validation
Last updated: May 12, 2026
View details
