ertugrulakbas
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2 aydan daha uzun süredir login olmayan kulullanıcı varsa uyar | |
| 30 günden uzun süredir şifre degiştirmeyen kullanıcı olursa uyar | |
| 4 saatten uzun RDP i açık kalan olursa uyar | |
| 4 saatten uzun VPN i açık kalan olursa uyar | |
| 5 dakikada 1000 MB veya daha fazla download eden veya 10 dakikada aynı hedef IP/Domain den 500 MB download eden olursa uyar | |
| 72 saatten fazla süredir IP degiştirmeyen cihaz (MAC) olursa uyar | |
| Abnormail mail to/from acbfgtysss.xy for the organization | |
| Abnormal activity duration/session count | |
| Abnormal amount of bytes transmitted | |
| Abnormal amount of bytes transmitted over DNS - firewall |
We can make this file beautiful and searchable if this error is corrected: No commas found in this CSV file in line 0.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1 dakikada 10'dan fazla hatali giris | |
| 10 dakika içerisinde 10 defa basarisiz giris denemesindne sonra basarili oturum testpiti | |
| 445 Port Events | |
| A basic application group was changed | |
| A basic application group was changed | |
| A basic application group was created | |
| A basic application group was deleted | |
| A change was made to the Windows Firewall exception list. A rule was added | |
| A change was made to the Windows Firewall exception list. A rule was deleted | |
| A change was made to the Windows Firewall exception list. A rule was modified |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ID | Name | Description | |
|---|---|---|---|
| S0622 | AppleSeed | AppleSeed can disguise JavaScript files as PDFs.[2] | |
| G0007 | APT28 | APT28 has renamed the WinRAR utility to avoid detection.[3] | |
| G0016 | APT29 | APT29 has set the hostnames of its C2 infrastructure to match legitimate hostnames in the victim environment. They have also used IP addresses originating from the same country as the victim for their VPN infrastructure.[4] | |
| G0050 | APT32 | APT32 has disguised a Cobalt Strike beacon as a Flash Installer.[5] | |
| S0635 | BoomBox | BoomBox has the ability to mask malicious data strings as PDF files.[6] | |
| G0060 | BRONZE BUTLER | BRONZE BUTLER has masked executables with document file icons including Word and Adobe PDF.[7] | |
| S0497 | Dacls | The Dacls Mach-O binary has been disguised as a .nib file.[8] | |
| G0074 | Dragonfly 2.0 | Dragonfly 2.0 created accounts disguised as legitimate backup and service accounts as well as an email administration account.[9][10] | |
| S0634 | EnvyScout | EnvyScout has used folder icons for malicious files to lure victims into opening them.[6] |