Malicious AD Activity

Description

This anomaly contains multiple detection methods that look at Windows Event Logs for malicious activity (e.g., clearning audit logs). Check associated detection methods for an exhastive list of what triggers this anomaly.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat, Security Monitoring, Compliance

Category

Account Compromise, IAM Analytics, Insider Threat, Lateral Movement, Zero Trust

Alert Volume

Low

Journey

Stage 4

MITRE ATT&CK Tactics

Persistence
Privilege Escalation
Initial Access
Lateral Movement

MITRE ATT&CK Techniques

Valid Accounts
Pass the Ticket

MITRE Threat Groups

APT18
APT28
APT33
APT39
APT41
Carbanak
Chimera
Dragonfly 2.0
FIN10
FIN4
FIN5
FIN6
FIN8
Leviathan
Night Dragon
OilRig
PittyTiger
Sandworm Team
Silence
Soft Cell
Suckfly
TEMP.Veles
Threat Group-3390
UNC2452
Wizard Spider
menuPass

Data Sources

Windows Security
Authentication