Threat Detection Rules
Threat detection rules provide your team with an additional resource for threat research and dashboard configuration. The preconfigured rules deliver content out of the box.
LogRhythm Labs’ ongoing in-field and lab-based research ensures your LogRhythm Axon analytics evolve as fast as current threats.
New rules are disabled by default, and you can enable them in the Rules window.
For a complete list of MITRE threat detection rules and how to configure them, refer to the Axon MITRE ATT&CK Module.
Content Revisions
The following table summarizes the changes that have been made for the latest release.
| Rule Name | MITRE ATT&CK Mapping | MITRE ATT&CK URL | Revision |
|---|---|---|---|
| T1090.001:Proxy | T1090.001:Proxy: Internal Proxy | https://attack.mitre.org/techniques/T1090/001/ | 2024.04 |
| T1136.003:Cloud Account | T1136.003:Create Account: Cloud Account | https://attack.mitre.org/techniques/T1136/003/ | 2024.04 |
| T1199:Trusted Relationship | T1199:Trusted Relationship | https://attack.mitre.org/techniques/T1199/ | 2024.04 |
| T1078.001:Default Accounts | T1078.001:Valid Accounts: Default Accounts | https://attack.mitre.org/techniques/T1078/001/ | 2024.04 |
| T1078.003:Local Accounts | T1078.003:Valid Accounts: Local Accounts | https://attack.mitre.org/techniques/T1078/003/ | 2024.04 |
| T1078.004:Cloud Accounts | T1078.004:Valid Accounts: Cloud Accounts | https://attack.mitre.org/techniques/T1078/004/ | 2024.04 |
| T1059.001:PowerShell | T1059.001:Command and Scripting Interpreter: PowerShell | https://attack.mitre.org/techniques/T1059/001/ | 2024.04 |
| T1621:MFA Request Generation | T1621:Multi-Factor Authentication Request Generation | https://attack.mitre.org/techniques/T1621/ | 2024.04 |
| T1558.003:Kerberoasting | T1558.003:Steal or Forge Kerberos Tickets: Kerberoasting | https://attack.mitre.org/techniques/T1558/003/ | 2024.04 |