SIEM Usecases - Threat Detection

Scenario based threat explanations and how to detect in Log360

 
 

Filter Usecases

×

Level

Threat Category

MITRE ATT&CK

 

Primary data source

 
Filter applied :
Platform: Windows × Clear all
1-20 of 1247
No data found
Rule Name
Level
MITRE ATT&CK
Category
Last Updated

Scheduled Task

T1053.005 Windows
L2 - Investigation
T1053.005
Windows
Last updated: March 18, 2026
View details

Transfer Data to Cloud Account

T1537 Threat Intel
L2 - Investigation
T1537
Threat Intel
Last updated: March 18, 2026
View details

Account Manipulation

T1098 Threat Intel
L2 - Investigation
T1098
Threat Intel
Last updated: March 18, 2026
View details

Exploit Public-Facing Application

T1190 Database
L1 – Triage
T1190
Database
Last updated: March 18, 2026
View details

Web Shell

T1505.003 Windows
L3 – Incident
T1505.003
Windows
Last updated: March 18, 2026
View details

Signed Binary Proxy Execution

T1218 Sysmon
L2 – Investigation
T1218
Sysmon
Last updated: March 18, 2026
View details

Modify Registry

T1112 Sysmon
L2 – Investigation
T1112
Sysmon
Last updated: March 18, 2026
View details

Exploit Public-Facing Application

T1190 Vulnerability Scanner
L1 – Triage
T1190
Vulnerability Scanner
Last updated: March 18, 2026
View details

Process Injection

T1055 Sysmon
L3 – Incident
T1055
Sysmon
Last updated: March 18, 2026
View details

Remote Services: RDP

T1021.001 Windows
L2 – Investigation
T1021.001
Windows
Last updated: March 18, 2026
View details

Shadow IT Monitoring

T1087 T1046 Cloud and SaaS M365
L2 - Investigation
T1087, T1046
Cloud and SaaS
Last updated: September 15, 2025
View details

Security analytics – Process hunting lineage

T1059 Endpoint Sysmon
L2 - Investigation
T1087, T1046
Cloud and SaaS
Last updated: September 15, 2025
View details

Column integrity monitoring

T1565.001 Application and Data Database
L2 - Investigation
T1565.001
Application and Data
Last updated: September 15, 2025
View details

Dark web - Corporate IDs in SaaS apps

T1589 Identity and Access Threat intel
L1 - Triage
T1589
Identity and Access
Last updated: September 15, 2025
View details

Rogue device

T1133 Endpoint Firewall
L1 - Triage
T1133
Endpoint
Last updated: September 15, 2025
View details

Short lived admin accounts

T1098 Identity and Access Active Directory
L1 - Triage
T1098
Identity and Access
Last updated: September 15, 2025
View details

Audit tampering

T1562.002 Application and Data Windows
L3 – Incident
T1562.002
Application and Data
Last updated: September 15, 2025
View details

Firewall rule changes

T1562.004 Network Firewall
L2 – Investigation
T1562.004
Network
Last updated: September 15, 2025
View details

Port scanning

T1046 Network Firewall
L1 – Triage
T1046
Network
Last updated: September 15, 2025
View details

Impossible travel

T1078 Identity and Access Azure
L1 – Triage
T1078
Identity and Access
Last updated: September 15, 2025
View details

Attacker tools

T1105 Endpoint Sysmon
L2 – Investigation
T1105
Endpoint
Last updated: September 15, 2025
View details

Malicious traffic

T1071 Network Firewall
L2 – Investigation
T1071
Network
Last updated: September 15, 2025
View details

Privilege escalation through service account misuse

T1078.004 Identity and Access Active Directory
L3 – Incident
T1078.004
Identity and Access
Last updated: September 15, 2025
View details

Unauthorized PowerShell remote session

T1059.001 Endpoint Sysmon
L2 – Investigation
T1059.001
Endpoint
Last updated: September 15, 2025
View details

Cross-site scripting (XSS) leading to session theft

T1056 Application and Data Firewall
L3 – Incident
T1056
Application and Data
Last updated: September 15, 2025
View details

Quick Links  

Home »

Awards & recognition

ManageEngine named in 2025 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

  Editor's choice  
  8th time in the MQ in 2025  
  Major player in 2024  
  Integrated cloud security Innovator  
  Technical excellence in SIEM  
  Market leader most innovative  

Gartner® Magic Quadrant™ for SIEM 2024

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link