This article shows you which technology works with each hunting technique.
Endpoint
Technology /Technique |
VMware Carbon Black EDR (direct) |
VMware Carbon Black Cloud Enterprise EDR (direct) |
CrowdStrike Falcon (Falcon Data Replicator required) |
Elastic Endpoint Security (direct) |
SentinelOne |
Microsoft Defender for Endpoint |
|
---|---|---|---|---|---|---|---|
SIEM |
Splunk |
Sumo Logic |
|||||
Anomalous Process Creation - Database Applications |
![]() |
![]() |
![]() |
||||
Anomalous Process Creation - Productivity Applications |
![]() |
![]() |
|||||
Anomalous Process Creation - Web Server Applications |
![]() |
![]() |
![]() |
||||
Execution from User Directories |
![]() |
![]() |
|||||
Historical Scripting Interpreter Activity |
![]() |
![]() |
|||||
Legitimate Services for Command-and-Control |
![]() |
||||||
Scripted Web Downloader |
![]() |
||||||
Successive Reconnaissance Commands |
![]() |
![]() |
|||||
Cloud
Technology /Technique |
Amazon Web Services (AWS) (direct) |
Azure (direct) |
Google Workspace (direct) |
Microsoft 365 (direct) |
Okta (direct) |
OneLogin (direct) |
---|---|---|---|---|---|---|
App Consent Grants |
![]() |
![]() |
![]() |
![]() |
||
EC2 Modifications |
![]() |
|||||
EC2 Unused or Unsupported Cloud Regions |
![]() |
|||||
Geo infeasibility |
![]() |
![]() |
![]() |
![]() |
||
IAM New User |
![]() |
|||||
Login from Datacenter |
![]() |
|||||
RDS Modifications |
![]() |
|||||
Suspicious Inbox Rules |
![]() |
Comments
0 comments
Please sign in to leave a comment.