Okta Risk Threshold Exceeded
Valid Accounts, Brute Force
Risk
Windows Common Abused Cmd Shell Risk Behavior
File and Directory Permissions Modification, System Network Connections Discovery, System Owner/User Discovery, System Shutdown/Reboot, System Network Config...
Azure AD Block User Consent For Risky Apps Disabled
Impair Defenses
Azure Active Directory High Risk Sign-in
Compromise Accounts, Cloud Accounts, Brute Force, Password Spraying
AWS S3 Exfiltration Behavior Identified
Transfer Data to Cloud Account
Active Directory Lateral Movement Identified
Exploitation of Remote Services
Risk Rule for Dev Sec Ops by Repository
Malicious Image, User Execution
Azure AD User Consent Blocked for Risky Application
Steal Application Access Token
O365 Block User Consent For Risky Apps Disabled
Impair Defenses
O365 User Consent Blocked for Risky Application
Steal Application Access Token
ProxyShell ProxyNotShell Behavior Detected
Exploit Public-Facing Application, External Remote Services
Windows Modify Registry Risk Behavior
Modify Registry
Windows Post Exploitation Risk Behavior
Query Registry, System Network Connections Discovery, Permission Groups Discovery, System Network Configuration Discovery, OS Credential Dumping, System Info...
Active Directory Privilege Escalation Identified
Domain Policy Modification
Steal or Forge Authentication Certificates Behavior Identified
Steal or Forge Authentication Certificates
Log4Shell CVE-2021-44228 Exploitation
Ingress Tool Transfer, Exploit Public-Facing Application, Command and Scripting Interpreter, External Remote Services
Living Off The Land
Ingress Tool Transfer, Exploit Public-Facing Application, Command and Scripting Interpreter, External Remote Services
Linux Persistence and Privilege Escalation Risk Behavior
Abuse Elevation Control Mechanism