lowqe

Microsoft Defender Alert Details Alert ID: MD-BOOKMARK-DISCOVERY-1217-7842 Alert Time: 2024-02-23 16:30:45 EST Severity: MEDIUM (68/100) Source: Microsoft Defender for Endpoint Rule: “Browser Bookmark Access – Potential Reconnaissance” MITRE ATT&CK: T1217 – Browser Bookmark Discovery Alert Details: Detection: Process accessing browser bookmark files Host: MKT-WS-112 (Marketing Workstation) User: sjones (Sarah Jones, Marketing Manager) Time: 16:25 EST … Read more

AWS GuardDuty Alert Details Alert ID: GUARDDUTY-CLOUD-DISCOVERY-1580-7842 Alert Time: 2024-02-23 10:30:22 EST Severity: HIGH (85/100) Source: AWS GuardDuty Rule: “Unauthorized API Calls – Cloud Infrastructure Discovery” MITRE ATT&CK: T1580 – Cloud Infrastructure Discovery Alert Details: Detection: Multiple Describe/List API calls from unusual source AWS Account: 123456789012 (Production) IAM User: svc_ci_cd (CI/CD Service Account) Source IP: … Read more

CrowdStrike Alert Details Alert ID: CS-APP-DISCOVERY-1010-7842 Alert Time: 2024-02-23 11:30:22 EST Severity: MEDIUM (65/100) Source: CrowdStrike Falcon EDR Rule: “Suspicious Window Enumeration – Potential Credential Theft Prep” MITRE ATT&CK: T1010 – Application Window Discovery Alert Details: Detection: Process enumerating open windows/titles, potentially for credential theft Host: FIN-WS-078 (Finance Workstation) User: bturner (Brian Turner, Accountant) Time: … Read more

Microsoft Defender for Identity Alert Details Alert ID: MDI-ACCT-DISCOVERY-1087-7842 Alert Time: 2024-02-23 14:15:33 EST Severity: MEDIUM (72/100) Source: Microsoft Defender for Identity Rule: “Suspicious Account Enumeration via SAMR” MITRE ATT&CK: T1087.002 – Account Discovery: Domain Account Alert Details: Detection: Multiple SAMR (Security Account Manager Remote) queries from single host Source Host: ENG-WS-045 (Engineering Workstation) User: … Read more

Okta Alert Details Alert ID: OKTA-MFA-BOMB-1621-7842 Alert Time: 2024-02-23 09:30:22 EST Severity: HIGH (88/100) Source: Okta Identity Cloud Rule: “Multiple MFA Push Requests – Potential MFA Fatigue Attack” MITRE ATT&CK: T1621 – Multi-Factor Authentication Request Generation Alert Details: Detection: User received multiple MFA push notifications in short time window User: cjohnson@company.com (CEO) Application: Okta Verify … Read more

Microsoft Defender for Identity Alert Details Alert ID: MDI-EXPLOIT-1212-7842 Alert Time: 2024-02-22 10:30:15 EST Severity: CRITICAL (95/100) Source: Microsoft Defender for Identity Rule: “Suspicious ZéroLogon Attempt Detected (CVE-2020-1472)” MITRE ATT&CK: T1212 – Exploitation for Credential Access Alert Details: Detection: Possible ZéroLogon exploit attempt against domain controller Target: DC-02 (Secondary Domain Controller) Time: 10:25 EST Exploit … Read more

Darktrace Alert Details Alert ID: DARKTRACE-REMOTE-DISCOVERY-1018-7842 Alert Time: 2024-02-24 10:30:22 EST Severity: MEDIUM (72/100) Source: Darktrace Enterprise Immune System Rule: “LDAP Query Anomaly – Potential Domain Reconnaissance” MITRE ATT&CK: T1018 – Remote System Discovery Alert Details: Detection: Unusual volume of LDAP queries from single host Source Host: 192.168.45.78 (ENG-WS-045 – Engineering) Time: 10:15-10:30 EST LDAP … Read more

Microsoft Purview Alert Details Alert ID: PURVIEW-AUTO-COLLECT-1119-7842 Alert Time: 2024-02-27 14:15:33 EST Severity: HIGH (82/100) Source: Microsoft Purview Data Loss Prevention Rule: “Automated Script Collecting Sensitive Data” MITRE ATT&CK: T1119 – Automated Collection Alert Details: Detection: PowerShell script automatically collecting and archiving sensitive files User: bturner@company.com (Brian Turner, Finance) Host: FIN-WS-078 Time: 14:00-14:15 EST Script … Read more

CrowdStrike Alert Details Alert ID: CS-SYSINFO-1082-7842 Alert Time: 2024-02-25 09:30:15 EST Severity: MEDIUM (72/100) Source: CrowdStrike Falcon EDR Rule: “System Information Discovery – Reconnaissance Commands” MITRE ATT&CK: T1082 – System Information Discovery Alert Details: Detection: Multiple system information gathering commands executed from single process Host: SALES-WS-045 (Sales Department) User: mwilson@company.com (Mike Wilson, Sales Rep) Time: … Read more

Varonis Alert Details Alert ID: VARONIS-NETWORK-DATA-1039-7842 Alert Time: 2024-02-26 10:30:22 EST Severity: HIGH (88/100) Source: Varonis Data Security Platform Rule: “Mass File Access from Network Share – Potential Data Harvesting” MITRE ATT&CK: T1039 – Data from Network Shared Drive Alert Details: Detection: User accessing unusually high number of files from network share User: bturner@company.com (Brian … Read more