Core Threat Detection – Lists

-2091

Privileged Users

X

AIE Rule

511

Lateral: Admin Password Modified

AIE Rule

713

Corruption: Audit Disabled by Admin

-2471

Module: Core Threat Detection Rules

-2549

Attack Lifecycle: Recon and Planning

X

X

X

-2550

Attack Lifecycle: Initial Compromise

X

X

X

-2551

Attack Lifecycle: Command and Control

X

X

X

-2552

Attack Lifecycle: Lateral Movement

X

X

X

-2553

Attack Lifecycle: Target Attainment

X

X

X

-2554

Attack Lifecycle: Exfil, Corruption, Disruption

X

X

X