Skip to main content
Skip table of contents

Threat Detection Rules

Threat detection rules provide your team with an additional resource for threat research and dashboard configuration. The preconfigured rules deliver content out of the box.

LogRhythm Labs’ ongoing in-field and lab-based research ensures your LogRhythm Axon analytics evolve as fast as current threats.

New rules are disabled by default, and you can enable them in the Rules window.

For a complete list of MITRE threat detection rules and how to configure them, refer to the Axon MITRE ATT&CK Module.

Content Revisions

The following table summarizes the changes that have been made for the latest release.

T1090.001:ProxyT1090.001:Proxy: Internal Proxy
T1136.003:Cloud AccountT1136.003:Create Account: Cloud Account
T1199:Trusted RelationshipT1199:Trusted Relationship
T1078.001:Default AccountsT1078.001:Valid Accounts: Default Accounts
T1078.003:Local AccountsT1078.003:Valid Accounts: Local Accounts
T1078.004:Cloud AccountsT1078.004:Valid Accounts: Cloud Accounts
T1059.001:PowerShellT1059.001:Command and Scripting Interpreter: PowerShell
T1621:MFA Request GenerationT1621:Multi-Factor Authentication Request Generation
T1558.003:KerberoastingT1558.003:Steal or Forge Kerberos Tickets: Kerberoasting
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.