New Analytic Story
- AWS Defense Evasion
- Azure Active Directory Account Takeover
- DarkCrystal RAT
- Linux Living Off The Land
- Linux Rootkit
New Analytics
- AWS Defense Evasion Delete Cloudtrail
- AWS Defense Evasion Delete CloudWatch Log Group
- AWS Defense Evasion Impair Security Services
- AWS Defense Evasion PutBucketLifecycle
- AWS Defense Evasion Stop Logging Cloudtrail
- AWS Defense Evasion Update Cloudtrail
- Azure Active Directory High Risk Sign-in
- Azure AD Authentication Failed During MFA Challenge
- Azure AD Multiple Users Failing To Authenticate From Ip
- Azure AD Successful PowerShell Authentication
- Azure AD Successful Single-Factor Authentication
- Azure AD Unusual Number of Failed Authentications From Ip
- Linux Clipboard Data Copy
- Linux Decode Base64 to Shell
- Linux Kernel Module Enumeration
- Linux Obfuscated Files or Information Base64 Decode
- Linux Persistence and Privilege Escalation Risk Behavior (RBA)
- Linux SSH Authorized Keys Modification
- Linux SSH Remote Services Script Execute
- Windows Command Shell DCRat ForkBomb Payload
- Windows System LogOff Commandline
- Windows System Reboot CommandLine
- Windows System Shutdown CommandLine
- Windows System Time Discovery W32tm Delay
Other Updates
- Deprecated analytic story
Container Implantation monitoring and investigation