| Active Directory Reset password |
None |
Response |
| Block Indicators |
None |
Response |
| Crowdstrike Malware Triage |
None |
Response |
| Delete Detected Files |
Executable File Written in Administrative SMB Share |
Response |
| Email Notification for Malware |
None |
Response |
| Internal Host SSH Investigate |
None |
Investigation |
| Internal Host SSH Log4j Investigate |
None |
Investigation |
| Internal Host SSH Log4j Response |
None |
Response |
| Internal Host WinRM Investigate |
None |
Investigation |
| Internal Host WinRM Log4j Investigate |
None |
Investigation |
| Internal Host WinRM Response |
None |
Investigation |
| Log4j Investigate |
Curl Download and Bash ExecutionWget Download and Bash ExecutionLinux Java Spawning ShellJava Class File download by Java User AgentOutbound Network Connection from Java Using Default PortsLog4Shell JNDI Payload Injection AttemptLog4Shell JNDI Payload Injection with Outbound ConnectionDetect Outbound LDAP Traffic |
Investigate |
| Log4j Respond |
Curl Download and Bash ExecutionWget Download and Bash ExecutionLinux Java Spawning ShellJava Class File download by Java User AgentOutbound Network Connection from Java Using Default PortsLog4Shell JNDI Payload Injection AttemptLog4Shell JNDI Payload Injection with Outbound ConnectionDetect Outbound LDAP Traffic |
Response |
| Log4j Splunk Investigation |
None |
Investigation |
| Malware Hunt and Contain |
None |
Response |
| Ransomware Investigate and Contain |
Conti Common Exec parameter |
Response |
| Risk Notable Block Indicators |
None |
Response |
| Risk Notable Enrich |
None |
Investigation |
| Risk Notable Import Data |
None |
Investigation |
| Risk Notable Investigate |
None |
Investigation |
| Risk Notable Merge Events |
None |
Investigation |
| Risk Notable Mitigate |
None |
Response |
| Risk Notable Preprocess |
None |
Investigation |
| Risk Notable Protect Assets and Users |
None |
Response |
| Risk Notable Review Indicators |
None |
Response |
| Risk Notable Verdict |
None |
Response |