Threat Detection Rules
Threat detection rules provide your team with an additional resource for threat research and dashboard configuration. The preconfigured rules deliver content out of the box.
LogRhythm Labs’ ongoing in-field and lab-based research ensures your LogRhythm Axon analytics evolve as fast as current threats.
New rules are disabled by default, and you can enable them in the Rules window.
For a complete list of MITRE threat detection rules and how to configure them, refer to the Axon MITRE ATT&CK Module.
Content Revisions
The following table summarizes the changes that have been made for the latest release.
| Rule Name | MITRE ATT&CK Mapping | MITRE ATT&CK URL | Revision |
|---|---|---|---|
| T1098:Account Manipulation | T1098:Account Manipulation | https://attack.mitre.org/techniques/T1098/ | 2024.07 |
| T1552.004:Private Keys | T1552.004:Unsecured Credentials: Private Keys | https://attack.mitre.org/techniques/T1552/004/ | 2024.07 |
| T1562.001:Disable or Modify Tools:Windows Defender | T1562.001:Impair Defenses: Disable or Modify Tools | https://attack.mitre.org/techniques/T1562/001/ | 2024.07 |
| T1134.002:Access Token Manipulation:Create Process with Token (updated) | T1134.002:Access Token Manipulation: Create Process with Token | https://attack.mitre.org/techniques/T1134/002/ | 2024.07 |
| T1562.002:Impair Defenses: Disable Windows Event Logging (updated) | T1562.002:Impair Defenses: Disable Windows Event Logging | https://attack.mitre.org/techniques/T1562/002/ | 2024.07 |
| T1621:MFA Request Generation:Repeated OKTA Push Denies | T1621:Multi-Factor Authentication Request Generation | https://attack.mitre.org/techniques/T1621/ | 2024.07 |
| T1059.003:Windows Command Shell | T1059.003:Command and Scripting Interpreter: Windows Command Shell | https://attack.mitre.org/techniques/T1059/003/ | 2024.07 |
| T1021.001:Remote Services: Remote Desktop Protocol | T1021.001:Remote Services: Remote Desktop Protocol | https://attack.mitre.org/techniques/T1021/001/ | 2024.07 |