|
Prohibited Network Traffic Allowed
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1048
|
TTP
|
Command And Control, Ransomware, Cisco Secure Firewall Threat Defense Analytics, Prohibited Traffic Allowed or Protocol Mismatch
|
2026-05-13
|
|
3CX Supply Chain Attack Network Indicators
|
Sysmon EventID 22
|
T1195.002
|
TTP
|
3CX Supply Chain Attack
|
2026-05-13
|
|
Windows Multi hop Proxy TOR Website Query
|
Sysmon EventID 22
|
T1071.003
|
Anomaly
|
Interlock Ransomware, AgentTesla
|
2026-05-13
|
|
Cisco Secure Firewall - Oracle E-Business Suite Correlation
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1190
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Oracle E-Business Suite Exploitation
|
2026-05-13
|
|
Internal Horizontal Port Scan NMAP Top 20
|
AWS CloudWatchLogs VPCflow, Cisco Secure Firewall Threat Defense Connection Event
|
T1046
|
TTP
|
China-Nexus Threat Activity, Cisco Secure Firewall Threat Defense Analytics, Scattered Lapsus$ Hunters, Network Discovery
|
2026-05-13
|
|
HTTP RMM User Agent
|
Suricata
|
T1071.001
T1219
|
Anomaly
|
Remote Monitoring and Management Software, Suspicious User Agents
|
2026-05-13
|
|
Windows Remote Desktop Network Bruteforce Attempt
|
Sysmon EventID 3, Cisco Secure Access Firewall
|
T1110.001
|
Anomaly
|
Compromised User Account, SamSam Ransomware, Cisco Secure Access Analytics, Ryuk Ransomware, Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
HTTP Malware User Agent
|
Suricata
|
T1071.001
|
TTP
|
RedLine Stealer, Lokibot, Crypto Stealer, Meduza Stealer, Lumma Stealer, Suspicious User Agents
|
2026-05-13
|
|
Cisco Secure Firewall - Lumma Stealer Outbound Connection Attempt
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1041
T1573.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Lumma Stealer
|
2026-05-13
|
|
DNS Query Length With High Standard Deviation
|
Sysmon EventID 22
|
T1048.003
|
Anomaly
|
Command And Control, Suspicious DNS Traffic, Hidden Cobra Malware
|
2026-05-13
|
|
Cisco SA - Automated Web Reconnaissance via HTTP Access Errors
|
Cisco Secure Access Proxy
|
T1595
|
Anomaly
|
Cisco Secure Access Analytics
|
2026-06-09
|
|
Wermgr Process Connecting To IP Check Web Services
|
Sysmon EventID 22
|
T1590.005
|
TTP
|
Trickbot
|
2026-05-13
|
|
Cisco SD-WAN - Peering Activity
|
Cisco SD-WAN NTCE 1000001
|
T1190
|
Hunting
|
Cisco Catalyst SD-WAN Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Bits Network Activity
|
Cisco Secure Firewall Threat Defense Connection Event
|
N/A
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Remote Desktop Network Traffic
|
Zeek Conn
|
T1021.001
|
Anomaly
|
SamSam Ransomware, Hidden Cobra Malware, Ryuk Ransomware, Windows RDP Artifacts and Defense Evasion, Active Directory Lateral Movement
|
2026-05-13
|
|
Cisco Privileged Account Creation with HTTP Command Execution
|
|
T1021.004
T1078
T1136
|
Correlation
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
HTTP C2 Framework User Agent
|
Suricata
|
T1071.001
|
TTP
|
Cobalt Strike, Malicious PowerShell, BishopFox Sliver Adversary Emulation Framework, Tuoni, Spearphishing Attachments, Brute Ratel C4, Meterpreter, Suspicious User Agents
|
2026-05-13
|
|
Detect Remote Access Software Usage DNS
|
Sysmon EventID 22
|
T1219
|
Anomaly
|
Command And Control, Interlock Ransomware, CISA AA24-241A, Ransomware, Remote Monitoring and Management Software, Scattered Lapsus$ Hunters, Scattered Spider, Insider Threat
|
2026-05-13
|
|
Cisco Secure Firewall - Blocked Connection
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1018
T1046
T1110
T1203
T1595.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Snort Rule Triggered Across Multiple Hosts
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1027
T1105
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Detect Large ICMP Traffic
|
Cisco Secure Access Firewall, Palo Alto Network Traffic
|
T1095
|
TTP
|
China-Nexus Threat Activity, Command And Control, Cisco Secure Access Analytics, Backdoor Pingpong
|
2026-05-13
|
|
Cisco Secure Firewall - Privileged Command Execution via HTTP
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1059
T1505.003
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
HTTP PUA User Agent
|
Suricata
|
T1071.001
|
Anomaly
|
Local Privilege Escalation With KrbRelayUp, Suspicious User Agents, BlackSuit Ransomware, Cactus Ransomware
|
2026-05-13
|
|
Cisco Secure Firewall - React Server Components RCE Attempt
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1190
|
TTP
|
React2Shell
|
2026-05-13
|
|
Cisco Secure Firewall - Intrusion Events by Threat Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1041
T1573.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, ArcaneDoor
|
2026-05-13
|
|
Cisco Secure Firewall - Communication Over Suspicious Ports
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1021
T1055
T1059.001
T1105
T1219
T1571
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Detect DNS Query to Decommissioned S3 Bucket
|
Sysmon EventID 22
|
T1485
|
Anomaly
|
Data Destruction, AWS S3 Bucket Security Monitoring
|
2026-05-13
|
|
Detect ARP Poisoning
|
Cisco IOS Logs
|
T1200
T1498
T1557.002
|
TTP
|
Router and Infrastructure Security
|
2026-05-13
|
|
Internal Horizontal Port Scan
|
AWS CloudWatchLogs VPCflow, Cisco Secure Firewall Threat Defense Connection Event
|
T1046
|
TTP
|
China-Nexus Threat Activity, Cisco Secure Firewall Threat Defense Analytics, Scattered Lapsus$ Hunters, Network Discovery
|
2026-05-13
|
|
Cisco Secure Firewall - Repeated Blocked Connections
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1018
T1046
T1110
T1203
T1595.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Smart Install Oversized Packet Detection
|
Splunk Stream TCP
|
T1190
|
TTP
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Cisco Smart Install Port Discovery and Status
|
Splunk Stream TCP
|
T1190
|
TTP
|
Cisco Smart Install Remote Code Execution CVE-2018-0171, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Cisco Secure Firewall - Potential Data Exfiltration
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1041
T1048.003
T1567.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
TOR Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Palo Alto Network Traffic
|
T1090.003
|
TTP
|
Command And Control, Interlock Ransomware, Ransomware, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco TFTP Server Configuration for Data Exfiltration
|
Cisco IOS Logs
|
T1005
T1567
|
TTP
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Zeek x509 Certificate with Punycode
|
|
T1573
|
Hunting
|
OpenSSL CVE-2022-3602
|
2026-05-13
|
|
Cisco SD-WAN - Arbitrary File Overwrite Exploitation Activity
|
Cisco SD-WAN Service Proxy Access Logs
|
T1190
|
TTP
|
Cisco Catalyst SD-WAN Analytics
|
2026-05-13
|
|
SSL Certificates with Punycode
|
|
T1573
|
Hunting
|
OpenSSL CVE-2022-3602
|
2026-05-13
|
|
Detect Software Download To Network Device
|
|
T1542.005
|
TTP
|
Router and Infrastructure Security
|
2026-05-13
|
|
Cisco SD-WAN - Low Frequency Rogue Peer
|
Cisco SD-WAN NTCE 1000001
|
T1190
|
Anomaly
|
Cisco Catalyst SD-WAN Analytics
|
2026-05-13
|
|
Detect Zerologon via Zeek
|
|
T1190
|
TTP
|
Black Basta Ransomware, Rhysida Ransomware, Detect Zerologon Attack
|
2026-05-13
|
|
Detect SNICat SNI Exfiltration
|
|
T1041
|
TTP
|
Data Exfiltration
|
2026-05-13
|
|
Cisco Secure Firewall - Remote Access Software Usage Traffic
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1219
|
Anomaly
|
Command And Control, Interlock Ransomware, Ransomware, Remote Monitoring and Management Software, Scattered Lapsus$ Hunters, Cisco Secure Firewall Threat Defense Analytics, Scattered Spider, Insider Threat
|
2026-05-13
|
|
Protocols passing authentication in cleartext
|
Cisco Secure Firewall Threat Defense Connection Event
|
N/A
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Use of Cleartext Protocols, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
|
Palo Alto Network Threat
|
T1133
T1190
|
TTP
|
F5 BIG-IP Vulnerability CVE-2022-1388, CISA AA24-241A
|
2026-05-13
|
|
Cisco Secure Firewall - Malware File Downloaded
|
Cisco Secure Firewall Threat Defense File Event
|
T1105
T1203
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Internal Vulnerability Scan
|
|
T1046
T1595.002
|
TTP
|
Scattered Lapsus$ Hunters, Network Discovery
|
2026-05-13
|
|
Windows DNS Query Request by Telegram Bot API
|
Sysmon EventID 22
|
T1071.004
T1102.002
|
Anomaly
|
Phantom Stealer, VIP Keylogger, BlankGrabber Stealer, Crypto Stealer, 0bj3ctivity Stealer
|
2026-06-25
|
|
Cisco Secure Firewall - Static Tundra Smart Install Abuse
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1190
T1210
T1499
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Suspicious Process With Discord DNS Query
|
Sysmon EventID 22
|
T1059.005
|
Anomaly
|
WhisperGate, Data Destruction, BlankGrabber Stealer, Phantom Stealer, PXA Stealer, Cactus Ransomware
|
2026-06-25
|
|
Cisco Configuration Archive Logging Analysis
|
Cisco IOS Logs
|
T1098
T1505.003
T1685
|
Hunting
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Cisco Secure Firewall - Blacklisted SSL Certificate Fingerprint
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1071.001
T1573.002
T1587.002
T1588.004
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Rundll32 DNSQuery
|
Sysmon EventID 22
|
T1218.011
|
TTP
|
IcedID, Living Off The Land
|
2026-05-13
|
|
Detect Remote Access Software Usage Traffic
|
Palo Alto Network Traffic
|
T1219
|
Anomaly
|
Command And Control, Interlock Ransomware, Ransomware, Remote Monitoring and Management Software, Scattered Lapsus$ Hunters, Scattered Spider, Insider Threat
|
2026-05-13
|
|
Cisco Secure Firewall - Citrix NetScaler Memory Overread Attempt
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1059
T1203
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Citrix NetScaler ADC and NetScaler Gateway CVE-2025-5777
|
2026-05-13
|
|
Cisco Privileged Account Creation with Suspicious SSH Activity
|
|
T1021.004
T1078
T1136
|
Correlation
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
Detect Rogue DHCP Server
|
Cisco IOS Logs
|
T1200
T1498
T1557
|
TTP
|
Router and Infrastructure Security, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Cisco Secure Firewall - Lumma Stealer Download Attempt
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1041
T1573.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Lumma Stealer
|
2026-05-13
|
|
Cisco Secure Firewall - High Priority Intrusion Classification
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1003
T1071
T1078
T1190
T1203
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Rare Snort Rule Triggered
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1583.006
T1598
|
Hunting
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Windows Gather Victim Network Info Through Ip Check Web Services
|
Sysmon EventID 22
|
T1590.005
|
Anomaly
|
Quasar RAT, Castle RAT, Void Manticore, Handala Wiper, BlankGrabber Stealer, VIP Keylogger, Water Gamayun, PXA Stealer, Snake Keylogger, Azorult, DarkCrystal RAT, Meduza Stealer, 0bj3ctivity Stealer, Phemedrone Stealer
|
2026-05-13
|
|
Internal Vertical Port Scan
|
AWS CloudWatchLogs VPCflow, Cisco Secure Firewall Threat Defense Connection Event
|
T1046
|
TTP
|
China-Nexus Threat Activity, Cisco Secure Firewall Threat Defense Analytics, Scattered Lapsus$ Hunters, Network Discovery
|
2026-05-13
|
|
Cisco IOS Suspicious Privileged Account Creation
|
Cisco IOS Logs
|
T1078
T1136
|
Anomaly
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Suspicious Process DNS Query Known Abuse Web Services
|
Sysmon EventID 22
|
T1059.005
|
TTP
|
WhisperGate, Data Destruction, BlankGrabber Stealer, Cactus Ransomware, PXA Stealer, RedLine Stealer, Snake Keylogger, Braodo Stealer, Remcos, Meduza Stealer, Malicious Inno Setup Loader, Phemedrone Stealer
|
2026-05-13
|
|
Cisco Secure Firewall - High EVE Threat Confidence
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1041
T1071.001
T1105
T1573.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Repeated Malware Downloads
|
Cisco Secure Firewall Threat Defense File Event
|
T1027
T1105
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Hellcat Ransomware
|
2026-05-13
|
|
Windows AD Replication Service Traffic
|
|
T1003.006
T1207
|
TTP
|
Sneaky Active Directory Persistence Tricks
|
2026-05-13
|
|
Cisco Secure Firewall - SSH Connection to Non-Standard Port
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1021.004
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
Windows AD Rogue Domain Controller Network Activity
|
|
T1207
|
TTP
|
Sneaky Active Directory Persistence Tricks
|
2026-05-13
|
|
Cisco Network Interface Modifications
|
Cisco IOS Logs
|
T1021
T1133
T1556
|
Anomaly
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Cisco Secure Firewall - Wget or Curl Download
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1053.003
T1059
T1071.001
T1105
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Windows Abused Web Services
|
Sysmon EventID 22
|
T1102
|
Anomaly
|
BlankGrabber Stealer, Malicious Inno Setup Loader, CISA AA24-241A, NjRAT
|
2026-05-13
|
|
Detect Port Security Violation
|
Cisco IOS Logs
|
T1200
T1498
T1557.002
|
TTP
|
Router and Infrastructure Security
|
2026-05-13
|
|
Large Volume of DNS ANY Queries
|
|
T1498.002
|
Anomaly
|
DNS Amplification Attacks
|
2026-05-13
|
|
Ngrok Reverse Proxy on Network
|
Sysmon EventID 22
|
T1090
T1102
T1572
|
Anomaly
|
CISA AA24-241A, Reverse Network Proxy, CISA AA22-320A
|
2026-05-13
|
|
Detect Windows DNS SIGRed via Zeek
|
|
T1203
|
TTP
|
Windows DNS SIGRed CVE-2020-1350
|
2026-05-13
|
|
Detect hosts connecting to dynamic domain providers
|
Sysmon EventID 22
|
T1189
|
TTP
|
Command And Control, DNS Hijacking, Data Protection, Prohibited Traffic Allowed or Protocol Mismatch, Dynamic DNS, Suspicious DNS Traffic
|
2026-05-13
|
|
Cisco Secure Firewall - File Download Over Uncommon Port
|
Cisco Secure Firewall Threat Defense File Event
|
T1105
T1571
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Veeam CVE-2023-27532 Exploitation Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1003.001
T1059.001
T1190
T1210
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Protocol or Port Mismatch
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1048.003
|
Anomaly
|
Command And Control, Cisco Secure Firewall Threat Defense Analytics, Prohibited Traffic Allowed or Protocol Mismatch
|
2026-05-13
|
|
Detect Outbound SMB Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Cisco Secure Access Firewall
|
T1071.002
|
TTP
|
Cisco Secure Access Analytics, Hidden Cobra Malware, DHS Report TA18-074A, NOBELIUM Group, Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Detect Unauthorized Assets by MAC address
|
|
N/A
|
TTP
|
Asset Tracking
|
2026-05-13
|
|
Cisco Secure Firewall - Oracle E-Business Suite Exploitation
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1190
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Oracle E-Business Suite Exploitation
|
2026-05-13
|
|
Cisco Secure Firewall - Binary File Type Download
|
Cisco Secure Firewall Threat Defense File Event
|
T1059
T1203
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Detect Traffic Mirroring
|
Cisco IOS Logs
|
T1020.001
T1200
T1498
|
TTP
|
Router and Infrastructure Security
|
2026-05-13
|
|
DNS Kerberos Coercion
|
Suricata, Sysmon EventID 22
|
T1071.004
T1187
T1557.001
|
TTP
|
Local Privilege Escalation With KrbRelayUp, Kerberos Coercion with DNS, Compromised Windows Host, Suspicious DNS Traffic
|
2026-05-13
|
|
Cisco Secure Firewall - Possibly Compromised Host
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1059
T1203
T1587.001
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Connection to File Sharing Domain
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1071.001
T1090.002
T1105
T1567.002
T1588.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Excessive DNS Failures
|
|
T1071.004
|
Anomaly
|
Command And Control, Suspicious DNS Traffic
|
2026-05-13
|
|
Cisco SNMP Community String Configuration Changes
|
Cisco IOS Logs
|
T1040
T1552
T1685
|
Anomaly
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Cisco Secure Firewall - Lumma Stealer Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1027
T1190
T1204
T1210
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Lumma Stealer
|
2026-05-13
|
|
Windows Spearphishing Attachment Connect To None MS Office Domain
|
Sysmon EventID 22
|
T1566.001
|
Hunting
|
Spearphishing Attachments, MuddyWater, AsyncRAT
|
2026-05-13
|
|
Cisco SD-WAN - Uncommon User-Agent Multi-URI Activity
|
Cisco SD-WAN Service Proxy Access Logs
|
T1595
|
Hunting
|
Cisco Catalyst SD-WAN Analytics
|
2026-05-13
|
|
SMB Traffic Spike
|
|
T1021.002
|
Anomaly
|
Emotet Malware DHS Report TA18-201A, DHS Report TA18-074A, Ransomware, Hidden Cobra Malware
|
2026-05-13
|
|
Cisco Secure Firewall - High Volume of Intrusion Events Per Host
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1059
T1071
T1595.002
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Detect IPv6 Network Infrastructure Threats
|
Cisco IOS Logs
|
T1200
T1498
T1557.002
|
TTP
|
Router and Infrastructure Security, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Hosts receiving high volume of network traffic from email server
|
|
T1114.002
|
Anomaly
|
Collection and Staging
|
2026-05-13
|
|
Cisco SA - Access to Anonymizer Services
|
Cisco Secure Access DNS
|
T1090.003
|
Anomaly
|
Cisco Secure Access Analytics
|
2026-06-09
|
|
Detect Windows DNS SIGRed via Splunk Stream
|
|
T1203
|
TTP
|
Windows DNS SIGRed CVE-2020-1350
|
2026-05-13
|
|
Detect Outbound LDAP Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Cisco Secure Access Firewall, Palo Alto Network Traffic
|
T1059
T1190
|
Hunting
|
Cisco Secure Access Analytics, Cisco Secure Firewall Threat Defense Analytics, Log4Shell CVE-2021-44228
|
2026-05-13
|
|
Cisco Secure Firewall - SSH Connection to sshd_operns
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1021.004
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|