SIEM Use Cases - Threat Detection

Scenario based threat explanations and how to detect in Log360

 
 

Filter Usecases

×

Level

Threat Category

MITRE ATT&CK

 

Primary data source

 
Filter applied :
Platform: Windows × Clear all
1-20 of 1247
No data found
Rule Name
Level
MITRE ATT&CK
Category
Last Updated

Scheduled task manipulation

TA0003 Endpoint
L2 - Investigation
TA0003
Endpoint
Last updated: April 10, 2026
View details

S3 bucket access anomalies

TA0010 Cloud and SaaS
L2 - Investigation
TA0010
Cloud and SaaS
Last updated: April 10, 2026
View details

Suspicious AWS IAM activity

TA0004 Cloud and SaaS
L2 - Investigation
TA0004
Cloud and SaaS
Last updated: April 10, 2026
View details

SQL Injection

TA0001 Application and Data
L1 - Triage
TA0001
Application and Data
Last updated: April 10, 2026
View details

Web shell installation

TA0003 Application and Data
L3 - Incident
TA0003
Application and Data
Last updated: April 10, 2026
View details

LOTL Attack

TA0005 Endpoint
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View details

Windows Registry Evasion

TA0005 Endpoint
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View details

Vulnerable machines

TA0001 Endpoint
L1 - Triage
TA0001
Endpoint
Last updated: April 10, 2026
View details

Process Injection

TA0005 Endpoint
L3 - Incident
TA0005
Endpoint
Last updated: April 10, 2026
View details

RDP Abuse

TA0008 Endpoint
L2 - Investigation
TA0008
Endpoint
Last updated: April 10, 2026
View details

Shadow IT monitoring

TA0007 Cloud and SaaS
L2 - Investigation
TA0007
Cloud and SaaS
Last updated: April 10, 2026
View details

Malicious process hunting lineage

TA0002 Endpoint
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View details

Column integrity monitoring

TA0040 Application and Data
L2 - Investigation
TA0040
Application and Data
Last updated: April 10, 2026
View details

Dark web - Corporate IDs in SaaS apps

TA0006 Identity and Access
L1 - Triage
TA0006
Identity and Access
Last updated: April 10, 2026
View details

Rogue device

TA0001 Endpoint
L1 - Triage
TA0001
Endpoint
Last updated: April 10, 2026
View details

Short lived admin accounts

TA0004 Identity and Access
L2 - Investigation
TA0004
Identity and Access
Last updated: April 10, 2026
View details

Audit tampering

TA0005 Endpoint
L3 - Incident
TA0005
Endpoint
Last updated: April 10, 2026
View details

Firewall rule changes

TA0005 Network
L2 - Investigation
TA0005
Network
Last updated: April 10, 2026
View details

Port scanning

TA0007 Network
L1 - Triage
TA0007
Network
Last updated: April 10, 2026
View details

Impossible travel

TA0006 Identity and Access
L1 - Triage
TA0006
Identity and Access
Last updated: April 10, 2026
View details

Credential dumping tools

TA0002 Endpoint
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View details

Malicious traffic

TA0011 Network
L2 - Investigation
TA0011
Network
Last updated: April 10, 2026
View details

Privilege escalation through service account misuse

TA0004 Identity and Access
L3 - Incident
TA0004
Identity and Access
Last updated: April 10, 2026
View details

Unauthorized PowerShell remote session

TA0002 Endpoint
L2 - Investigation
TA0002
Endpoint
Last updated: April 10, 2026
View details

Cross-site scripting (XSS) leading to session theft

TA0006 Application and Data
L3 - Incident
TA0006
Application and Data
Last updated: April 10, 2026
View details

Unauthorized four-eyes authorization disabling in Veeam

TA0040 Application and Data
L3 - Incident
TA0040
Application and Data
Last updated: April 10, 2026
View details

Failover plan tampering in Veeam solutions

TA0005 Application and Data
L3 - Incident
TA0005
Application and Data
Last updated: April 10, 2026
View details

Remote access trojan

TA0011 Endpoint
L2 - Investigation
TA0011
Endpoint
Last updated: April 10, 2026
View details

Command line obfuscation

TA0005 TA0002 Endpoint
L2 - Investigation
TA0005
TA0002
Endpoint
Last updated: April 10, 2026
View details

Network share tampering

TA0005TA0040 Network
L2 - Investigation
TA0005
TA0040
Network
Last updated: April 10, 2026
View details

Unattended system login detection

TA0003 TA0006 TA0005 Identity and Access
L2 - Investigation
TA0003
TA0006
TA0005
Identity and Access
Last updated: April 10, 2026
View details

AD backup extraction

TA0006 Identity and Access
L2 - Investigation
TA0006
Identity and Access
Last updated: April 10, 2026
View details

AD database tampering

TA0006 TA0003 TA0005 Identity and Access
L2 - Investigation
TA0006
TA0003
TA0005
Identity and Access
Last updated: April 10, 2026
View details

Boot configuration tampering

TA0005 TA0040 Endpoint
L2 - Investigation
TA0005
TA0040
Endpoint
Last updated: April 10, 2026
View details

Cloud brute force login attempts

TA0006 TA0001Cloud and SaaS
L1 - Triage
TA0006
TA0001
Cloud and SaaS
Last updated: April 10, 2026
View details

DLL injection via registry

TA0004 Endpoint
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View details

Registry security controls disabled

TA0005 Endpoint
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View details

Security logging and monitoring disabled

TA0005 Endpoint
L2 - Investigation
TA0005
Endpoint
Last updated: April 10, 2026
View details

System level account management activity

TA0004 TA0003 TA0005 Identity and Access
L2 - Investigation
TA0004
TA0003
TA0005
Identity and Access
Last updated: April 10, 2026
View details

System time discovery activity

TA0007 Endpoint
L1 - Triage
TA0007
Endpoint
Last updated: April 10, 2026
View details

Automated file system enumeration

TA0009 Endpoint
L2 - Investigation
TA0009
Endpoint
Last updated: April 10, 2026
View details

BITS service abuse detection

TA0005 TA0003 TA0011 Endpoint
L2 - Investigation
TA0005
TA0003
TA0011
Endpoint
Last updated: April 10, 2026
View details

Critical service disruption

TA0040 TA0005 TA0003 Endpoint
L2 - Investigation
TA0040
TA0005
TA0003
Endpoint
Last updated: April 10, 2026
View details

Darkgate malware account creation

TA0003 TA0004 Endpoint
L2 - Investigation
TA0003
TA0004
Endpoint
Last updated: April 10, 2026
View details

Data staging for exfiltration

TA0010 Application and Data
L2 - Investigation
TA0010
Application and Data
Last updated: April 10, 2026
View details

DB master credentials changed

TA0003 Cloud and SaaS
L2 - Investigation
TA0003
Cloud and SaaS
Last updated: April 10, 2026
View details

Failed privilege elevation attempts

TA0004 Endpoint
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View details

Kerberos authentication attacks

TA0006 Identity and Access
L2 - Investigation
TA0006
Identity and Access
Last updated: April 10, 2026
View details

Network firewall weakening

TA0005 Network
L2 - Investigation
TA0005
Network
Last updated: April 10, 2026
View details

Vmware esxi privilege escalation attack

TA0004 Endpoint
L2 - Investigation
TA0004
Endpoint
Last updated: April 10, 2026
View details

Quick Links  

Home »

Awards & recognition

ManageEngine named in 2025 Gartner MQ for SIEM Gartner Peer Insights Customers' choice for SIEM

  Editor's choice  
  8th time in the MQ in 2025  
  Major player in 2024  
  Integrated cloud security Innovator  
  Technical excellence in SIEM  
  Market leader most innovative  

Gartner® Magic Quadrant™ for SIEM 2024

Features

Support

Secure your IT infrastructure with a cloud SIEM solution

Solutions by industry

Related solutions

One-stop solution to all Log Management and Active Directory Auditing

Free Trial Get Quote
Email Download Link