lowqe

FortiSandbox Alert Details Alert ID: FORTI-OBFUSCATED-1027-7842 Alert Time: 2024-02-19 11:30:22 EST Severity: HIGH (88/100) Source: Fortinet FortiSandbox Rule: “Obfuscated JavaScript Detected – Potential Malware Downloader” MITRE ATT&CK: T1027.002 – Obfuscated Files or Information: Software Packing Alert Details: File Analysis Report: File Name: invoice_7842.jsFile Size: 124 KBSHA256: a1b2c3d4e5f67890a1b2c3d4e5f67890a1b2c3d4Source: Email attachment to user in FinanceSubmission Time: 11:15 … Read more

Splunk Alert Details Alert ID: SPLUNK-LOG-CLEAR-1070-7842 Alert Time: 2024-02-19 16:30:45 EST Severity: HIGH (85/100) Source: Splunk Enterprise Security Rule: “Security Logs Cleared – Potential Cover-up” MITRE ATT&CK: T1070.001 – Indicator Removal: Clear Windows Event Logs Alert Details: Correlated Events: Windows Event ID 1102 (Security Log Cleared): Time: 16:25 ESTHost: SEC-SRV-045 (Security Server)User: SYSTEM (via wevtutil)Log: … Read more

Darktrace Alert Details Alert ID: DARKTRACE-TRAFFIC-SIG-1205-7842 Alert Time: 2024-02-19 09:30:22 EST Severity: HIGH (85/100) Source: Darktrace Enterprise Immune System Rule: “Unusual Beaconing Pattern – Potential C2 Signaling” MITRE ATT&CK: T1205 – Traffic Signaling Alert Details: Detection: Anomalous network traffic pattern consistent with C2 signaling Host: DEV-WS-078 (Development Workstation) User: alexchen (Alex Chen, Developer) Time: 09:15-09:30 … Read more

Microsoft Defender Alert Details Alert ID: MD-DEFENSE-IMPAIR-1562-7842 Alert Time: 2024-02-19 14:15:33 EST Severity: CRITICAL (95/100) Source: Microsoft Defender for Endpoint Rule: “Tampering with Defender Security Settings Detected” MITRE ATT&CK: T1562.001 – Impair Defenses: Disable or Modify Tools Alert Details: Detection: Attempt to disable Windows Defender real-time protection Host: IT-WS-112 (IT Department) User: bjones (Brian Jones … Read more

Imperva Alert Details Alert ID: IMPERVA-WEB-SHELL-1505-7842 Alert Time: 2024-02-18 10:30:22 EST Severity: CRITICAL (95/100) Source: Imperva Web Application Firewall + RASP Rule: “Web Shell Detected on Server” MITRE ATT&CK: T1505.003 – Server Software Component: Web Shell Alert Details: Detection: Malicious file uploaded to web server – PHP web shell Server: WEB-SRV-045 (Public-Facing Web Server) Application: … Read more

Sysmon Alert Details Alert ID: SYSMON-ACCESSIBILITY-1015-7842 Alert Time: 2024-02-18 15:30:15 EST Severity: HIGH (88/100) Source: Sysmon (Event ID 1 – Process Creation) Rule: “Sethc.exe (Sticky Keys) Process Creation – Potential Persistence” MITRE ATT&CK: T1015 – Accessibility Features Alert Details: Event ID: 1 (Process Creation) Time: 15:25 EST Host: SEC-WS-023 (Security Team Workstation) User: SYSTEM (via … Read more

Splunk Alert Details Alert ID: SPLUNK-SCHTASK-1053-7842 Alert Time: 2024-02-18 11:30:45 EST Severity: HIGH (82/100) Source: Splunk Enterprise Security Rule: “Scheduled Task Created with SYSTEM Privileges” MITRE ATT&CK: T1053.005 – Scheduled Task Alert Details: Correlated Events: Windows Event ID 4698 (Scheduled Task Created): Time: 11:25 ESTHost: HR-WS-045 (HR Department)User: SYSTEMTask Name: “WindowsUpdateTask”Task XML: 2024-02-18T11:30:00 PT1H P1D … Read more

HP Wolf Security Alert Details Alert ID: HP-WOLF-UEFI-1542-7842 Alert Time: 2024-02-18 14:30:22 EST Severity: CRITICAL (98/100) Source: HP Wolf Security (Hardware-Enforced Security) Rule: “UEFI Firmware Modification Detected” MITRE ATT&CK: T1542.001 – Pre-OS Boot: System Firmware Alert Details: Detection: UEFI firmware integrity check failed on boot Host: EXEC-WS-001 (CEO’s Laptop – Surface Laptop 5) User: cjohnson … Read more

Microsoft Defender Alert Details Alert ID: MD-OFFICE-STARTUP-1137-7842 Alert Time: 2024-02-18 09:30:15 EST Severity: HIGH (85/100) Source: Microsoft Defender for Endpoint Rule: “Office Application Startup Persistence Detected” MITRE ATT&CK: T1137.001 – Office Application Startup: Office Template Macros Alert Details: Detection: Malicious macro added to Office template for persistence Host: FIN-WS-078 (Finance Department) User: bturner (Brian Turner, … Read more

Sysmon Alert Details Alert ID: SYSMON-INDIRECT-1202-7842 Alert Time: 2024-02-19 10:30:15 EST Severity: HIGH (82/100) Source: Sysmon (Event ID 1 – Process Creation) Rule: “Indirect Command Execution via Forfiles.exe” MITRE ATT&CK: T1202 – Indirect Command Execution Alert Details: Event ID: 1 (Process Creation) Time: 10:25 EST Host: ENG-WS-034 (Engineering Workstation) User: rpatel (Raj Patel, Engineer) Process … Read more