| C2-NamedPipe |
High |
📦 Microsoft Defender XDR |
| Caramel Tsunami Actor IOC - July 2021 |
High |
📦 Windows Forwarded Events |
| CDM_ContinuousDiagnostics&Mitigation_PostureChanged |
Medium |
📦 ContinuousDiagnostics&Mitigation |
| Certified Pre-Owned - backup of CA private key - rule 1 |
Medium |
📦 FalconFriday |
| Certified Pre-Owned - backup of CA private key - rule 2 |
Medium |
📦 FalconFriday |
| Certified Pre-Owned - TGTs requested with certificate authentication |
Medium |
📦 FalconFriday |
| Changes made to AWS CloudTrail logs |
Low |
📦 Amazon Web Services |
| Changes to Amazon VPC settings |
Low |
📦 Amazon Web Services |
| Changes to Application Logout URL |
Low |
📄 Standalone Content |
| Changes to Application Ownership |
Medium |
📄 Standalone Content |
| Changes to AWS Elastic Load Balancer security groups |
Low |
📦 Amazon Web Services |
| Changes to AWS Security Group ingress and egress settings |
Low |
📦 Amazon Web Services |
| Changes to internet facing AWS RDS Database instances |
Low |
📦 Amazon Web Services |
| Changes to PIM Settings |
High |
📄 Standalone Content |
| Check Point Exposure Management - Alert Ingestion Anomaly |
Medium |
📦 Check Point Cyberint Alerts |
| Chia_Crypto_Mining IOC - June 2021 |
Low |
📦 Windows Forwarded Events |
| Cisco - firewall block but success logon to Microsoft Entra ID |
Medium |
📄 Standalone Content |
| Cisco ASA - average attack detection rate increase |
Low |
📦 CiscoASA |
| Cisco ASA - threat detection message fired |
Medium |
📦 CiscoASA |
| Cisco Cloud Security - Connection to non-corporate private network |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Connection to Unpopular Website Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Crypto Miner User-Agent Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Empty User Agent Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Hack Tool User-Agent Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Rare User Agent Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Request Allowed to harmful/malicious URI category |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Request to blocklisted file type |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - URI contains IP address |
Medium |
📦 CiscoUmbrella |
| Cisco Cloud Security - Windows PowerShell User-Agent Detected |
Medium |
📦 CiscoUmbrella |
| Cisco Duo - AD sync failed |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - Admin password reset |
High |
📦 CiscoDuoSecurity |
| Cisco Duo - Admin user created |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - Admin user deleted |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - Authentication device new location |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - Multiple admin 2FA failures |
High |
📦 CiscoDuoSecurity |
| Cisco Duo - Multiple user login failures |
High |
📦 CiscoDuoSecurity |
| Cisco Duo - Multiple users deleted |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - New access device |
Medium |
📦 CiscoDuoSecurity |
| Cisco Duo - Unexpected authentication factor |
Medium |
📦 CiscoDuoSecurity |
| Cisco SDWAN - Intrusion Events |
High |
📦 Cisco SD-WAN |
| Cisco SDWAN - IPS Event Threshold |
High |
📦 Cisco SD-WAN |
| Cisco SDWAN - Maleware Events |
High |
📦 Cisco SD-WAN |
| Cisco SDWAN - Monitor Critical IPs |
High |
📦 Cisco SD-WAN |
| Cisco SE - Connection to known C2 server |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Dropper activity on host |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Generic IOC |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Malware execusion on host |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Malware outbreak |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Multiple malware on host |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Policy update failure |
Medium |
📦 Cisco Secure Endpoint |
| Cisco SE - Possible webshell |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Ransomware Activity |
High |
📦 Cisco Secure Endpoint |
| Cisco SE - Unexpected binary file |
Medium |
📦 Cisco Secure Endpoint |
| Cisco SE High Events Last Hour |
High |
📦 Cisco Secure Endpoint |
| Cisco SEG - DLP policy violation |
Medium |
📦 CiscoSEG |
| Cisco SEG - Malicious attachment not blocked |
High |
📦 CiscoSEG |
| Cisco SEG - Multiple large emails sent to external recipient |
Medium |
📦 CiscoSEG |
| Cisco SEG - Multiple suspiciuos attachments received |
High |
📦 CiscoSEG |
| Cisco SEG - Possible outbreak |
Medium |
📦 CiscoSEG |
| Cisco SEG - Potential phishing link |
Medium |
📦 CiscoSEG |
| Cisco SEG - Suspicious link |
High |
📦 CiscoSEG |
| Cisco SEG - Suspicious sender domain |
Medium |
📦 CiscoSEG |
| Cisco SEG - Unexpected attachment |
High |
📦 CiscoSEG |
| Cisco SEG - Unexpected link |
Medium |
📦 CiscoSEG |
| Cisco SEG - Unscannable attacment |
Medium |
📦 CiscoSEG |
| Cisco Umbrella - Connection to non-corporate private network |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Connection to Unpopular Website Detected |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Crypto Miner User-Agent Detected |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Empty User Agent Detected |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Hack Tool User-Agent Detected |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Rare User Agent Detected |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Request Allowed to harmful/malicious URI category |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Request to blocklisted file type |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - URI contains IP address |
Medium |
🔗 GitHub Only |
| Cisco Umbrella - Windows PowerShell User-Agent Detected |
Medium |
🔗 GitHub Only |
| Cisco WSA - Access to unwanted site |
High |
📦 CiscoWSA |
| Cisco WSA - Internet access from public IP |
Medium |
📦 CiscoWSA |
| Cisco WSA - Multiple attempts to download unwanted file |
Medium |
📦 CiscoWSA |
| Cisco WSA - Multiple errors to resource from risky category |
Medium |
📦 CiscoWSA |
| Cisco WSA - Multiple errors to URL |
Medium |
📦 CiscoWSA |
| Cisco WSA - Multiple infected files |
High |
📦 CiscoWSA |
| Cisco WSA - Suspected protocol abuse |
Medium |
📦 CiscoWSA |
| Cisco WSA - Unexpected file type |
Medium |
📦 CiscoWSA |
| Cisco WSA - Unexpected uploads |
High |
📦 CiscoWSA |
| Cisco WSA - Unexpected URL |
Medium |
📦 CiscoWSA |
| Cisco WSA - Unscannable file or scan error |
Medium |
📦 CiscoWSA |
| CiscoISE - Command executed with the highest privileges from new IP |
Medium |
📦 Cisco ISE |
| CiscoISE - Attempt to delete local store logs |
Medium |
📦 Cisco ISE |
| CiscoISE - Backup failed |
Medium |
📦 Cisco ISE |
| CiscoISE - Certificate has expired |
Medium |
📦 Cisco ISE |
| CiscoISE - Command executed with the highest privileges by new user |
Medium |
📦 Cisco ISE |
| CiscoISE - Device changed IP in last 24 hours |
Medium |
📦 Cisco ISE |
| CiscoISE - Device PostureStatus changed to non-compliant |
Medium |
📦 Cisco ISE |
| CiscoISE - ISE administrator password has been reset |
Medium |
📦 Cisco ISE |
| CiscoISE - Log collector was suspended |
Medium |
📦 Cisco ISE |
| CiscoISE - Log files deleted |
Medium |
📦 Cisco ISE |
| Claroty - Asset Down |
High |
📦 Claroty |
| Claroty - Critical baseline deviation |
High |
📦 Claroty |
| Claroty - Login to uncommon location |
Medium |
📦 Claroty |
| Claroty - Multiple failed logins by user |
High |
📦 Claroty |
| Claroty - Multiple failed logins to same destinations |
High |
📦 Claroty |
| Claroty - New Asset |
High |
📦 Claroty |
| Claroty - Policy violation |
High |
📦 Claroty |
| Claroty - Suspicious activity |
High |
📦 Claroty |
| Claroty - Suspicious file transfer |
High |
📦 Claroty |
| Claroty - Threat detected |
High |
📦 Claroty |
| Clearing of forensic evidence from event logs using wevtutil |
High |
📦 Microsoft Defender XDR |
| ClientDeniedAccess |
Medium |
📦 Symantec VIP |
| Cloud Gateway Deleted |
Informational |
📦 Veeam |
| Cloud Gateway Pool Deleted |
Informational |
📦 Veeam |
| Cloud Gateway Pool Settings Updated |
Informational |
📦 Veeam |
| Cloud Gateway Settings Updated |
Informational |
📦 Veeam |
| Cloud Replica Permanent Failover Performed by Tenant |
High |
📦 Veeam |
| Cloudflare - Bad client IP |
Medium |
📦 Cloudflare |
| Cloudflare - Bad client IP |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Client request from country in blocklist |
Medium |
📦 Cloudflare |
| Cloudflare - Client request from country in blocklist |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Empty user agent |
Medium |
📦 Cloudflare |
| Cloudflare - Empty user agent |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Multiple error requests from single source |
Low |
📦 Cloudflare |
| Cloudflare - Multiple error requests from single source |
Low |
📦 Cloudflare CCF |
| Cloudflare - Multiple user agents for single source |
Medium |
📦 Cloudflare |
| Cloudflare - Multiple user agents for single source |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Unexpected client request |
Medium |
📦 Cloudflare |
| Cloudflare - Unexpected client request |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Unexpected POST requests |
Medium |
📦 Cloudflare |
| Cloudflare - Unexpected POST requests |
Medium |
📦 Cloudflare CCF |
| Cloudflare - Unexpected URI |
Medium |
📦 Cloudflare |
| Cloudflare - Unexpected URI |
Medium |
📦 Cloudflare CCF |
| Cloudflare - WAF Allowed threat |
High |
📦 Cloudflare |
| Cloudflare - WAF Allowed threat |
High |
📦 Cloudflare CCF |
| Cloudflare - XSS probing pattern in request |
Medium |
📦 Cloudflare |
| Cloudflare - XSS probing pattern in request |
Medium |
📦 Cloudflare CCF |
| CloudFormation policy created then used for privilege escalation |
High |
📦 Amazon Web Services |
| CloudNGFW By Palo Alto Networks - possible internal to external port scanning |
Low |
📦 Azure Cloud NGFW By Palo Alto Networks |
| CloudNGFW By Palo Alto Networks - Threat signatures from Unusual IP addresses |
Medium |
📦 Azure Cloud NGFW By Palo Alto Networks |
| CMMC 2.0 Level 1 (Foundational) Readiness Posture |
Medium |
📦 CybersecurityMaturityModelCertification(CMMC)2.0 |
| CMMC 2.0 Level 2 (Advanced) Readiness Posture |
Medium |
📦 CybersecurityMaturityModelCertification(CMMC)2.0 |
| Cognni Incidents for Highly Sensitive Business Information |
High |
📦 Cognni |
| Cognni Incidents for Highly Sensitive Financial Information |
High |
📦 Cognni |
| Cognni Incidents for Highly Sensitive Governance Information |
High |
📦 Cognni |
| Cognni Incidents for Highly Sensitive HR Information |
High |
📦 Cognni |
| Cognni Incidents for Highly Sensitive Legal Information |
High |
📦 Cognni |
| Cognni Incidents for Low Sensitivity Business Information |
Low |
📦 Cognni |
| Cognni Incidents for Low Sensitivity Financial Information |
Low |
📦 Cognni |
| Cognni Incidents for Low Sensitivity Governance Information |
Low |
📦 Cognni |
| Cognni Incidents for Low Sensitivity HR Information |
Low |
📦 Cognni |
| Cognni Incidents for Low Sensitivity Legal Information |
Low |
📦 Cognni |
| Cognni Incidents for Medium Sensitivity Business Information |
Medium |
📦 Cognni |
| Cognni Incidents for Medium Sensitivity Financial Information |
Medium |
📦 Cognni |
| Cognni Incidents for Medium Sensitivity Governance Information |
Medium |
📦 Cognni |
| Cognni Incidents for Medium Sensitivity HR Information |
Medium |
📦 Cognni |
| Cognni Incidents for Medium Sensitivity Legal Information |
Medium |
📦 Cognni |
| COM Event System Loading New DLL |
Medium |
📄 Standalone Content |
| COM Registry Key Modified to Point to File in Color Profile Folder |
Medium |
📄 Standalone Content |
| Commvault Cloud Alert |
Medium |
📦 Commvault Security IQ |
| Component Object Model Hijacking - Vault7 trick |
Medium |
📦 FalconFriday |
| Conditional Access - A Conditional Access app exclusion has changed |
Low |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access Device platforms condition has changed (the Device platforms condition can be spoofed) |
Low |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access policy was deleted |
Low |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access policy was disabled |
Low |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access policy was put into report-only mode |
Low |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access policy was updated |
Informational |
📦 Microsoft Entra ID |
| Conditional Access - A Conditional Access user/group/role exclusion has changed |
High |
📦 Microsoft Entra ID |
| Conditional Access - A new Conditional Access policy was created |
Informational |
📦 Microsoft Entra ID |
| Conditional Access - Dynamic Group Exclusion Changes |
High |
📦 Microsoft Entra ID |
| Conditional Access Policy Modified by New User |
Medium |
📄 Standalone Content |
| Configuration Backup Failed |
High |
📦 Veeam |
| Configuration Backup Job Failed |
Medium |
📦 Veeam |
| Configuration Backup Job Settings Updated |
Informational |
📦 Veeam |
| Connection to Backup Repository Lost |
High |
📦 Veeam |
| Contrast ADR - DLP SQL Injection Correlation |
High |
📦 ContrastADR |
| Contrast ADR - EDR Alert Correlation |
Medium |
📦 ContrastADR |
| Contrast ADR - Exploited Attack Event |
High |
📦 ContrastADR |
| Contrast ADR - Exploited Attack in Production |
High |
📦 ContrastADR |
| Contrast ADR - Security Incident Alert |
Medium |
📦 ContrastADR |
| Contrast ADR - WAF Alert Correlation |
Medium |
📦 ContrastADR |
| Contrast Blocks |
Low |
📦 Contrast Protect |
| Contrast Exploits |
High |
📦 Contrast Protect |
| Contrast Probes |
Informational |
📦 Contrast Protect |
| Contrast Suspicious |
Medium |
📦 Contrast Protect |
| Copilot - File Uploads Disabled |
High |
📦 Microsoft Copilot |
| Copilot - Jailbreak Attempt Detected |
High |
📦 Microsoft Copilot |
| Copilot - Plugin Created by Non-Admin User |
High |
📦 Microsoft Copilot |
| Copilot - Plugin Tampering (Enable and Disable Within 5 Minutes) |
Medium |
📦 Microsoft Copilot |
| Corelight - C2 DGA Detected Via Repetitive Failures |
Medium |
📦 Corelight |
| Corelight - External Proxy Detected |
Low |
📦 Corelight |
| Corelight - Forced External Outbound SMB |
Medium |
📦 Corelight |
| Corelight - Multiple Compressed Files Transferred over HTTP |
Medium |
📦 Corelight |
| Corelight - Multiple files sent over HTTP with abnormal requests |
Medium |
📦 Corelight |
| Corelight - Network Service Scanning Multiple IP Addresses |
Medium |
📦 Corelight |
| Corelight - Possible Typo Squatting or Punycode Phishing HTTP Request |
Medium |
📦 Corelight |
| Corelight - Possible Webshell |
Medium |
📦 Corelight |
| Corelight - Possible Webshell (Rare PUT or POST) |
Medium |
📦 Corelight |
| Corelight - SMTP Email containing NON Ascii Characters within the Subject |
Low |
📦 Corelight |
| Correlate Unfamiliar sign-in properties & atypical travel alerts |
High |
📦 Microsoft Entra ID Protection |
| Cortex XDR Incident - High |
High |
📦 Cortex XDR |
| Cortex XDR Incident - Low |
Low |
📦 Cortex XDR |
| Cortex XDR Incident - Medium |
Medium |
📦 Cortex XDR |
| Create Incident for XDR Alerts |
High |
📦 Trend Micro Vision One |
| Create Incidents from IronDefense |
Medium |
📦 IronNet IronDefense |
| Created CRUD S3 policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Creating keys with encrypt policy without MFA |
Medium |
📦 Amazon Web Services |
| Creation of Access Key for IAM User |
Medium |
📦 Amazon Web Services |
| Creation of CRUD DynamoDB policy and then privilege escalation. |
Medium |
📦 Amazon Web Services |
| Creation of CRUD KMS policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Creation of CRUD Lambda policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Creation of DataPipeline policy and then privilege escalation. |
High |
📦 Amazon Web Services |
| Creation of EC2 policy and then privilege escalation |
High |
📦 Amazon Web Services |
| Creation of expensive computes in Azure |
Low |
📦 Azure Activity |
| Creation of Glue policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Creation of Lambda policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Creation of new CRUD IAM policy and then privilege escalation. |
Medium |
📦 Amazon Web Services |
| Creation of SSM policy and then privilege escalation |
Medium |
📦 Amazon Web Services |
| Credential added after admin consented to Application |
Medium |
📦 Microsoft Entra ID |
| Credential Dumping Tools - File Artifacts |
High |
📦 Attacker Tools Threat Protection Essentials |
| Credential Dumping Tools - Service Installation |
High |
📦 Attacker Tools Threat Protection Essentials |
| Credential errors stateful anomaly on database |
Medium |
📦 Azure SQL Database solution for sentinel |
| Credential Record Deleted |
High |
📦 Veeam |
| Credential Record Updated |
High |
📦 Veeam |
| CreepyDrive request URL sequence |
High |
📄 Standalone Content |
| CreepyDrive URLs |
High |
📄 Standalone Content |
| Critical or High Severity Detections by User |
High |
📦 CrowdStrike Falcon Endpoint Protection |
| Critical Risks |
High |
📦 RidgeSecurity |
| Critical Severity Detection |
High |
📦 CrowdStrike Falcon Endpoint Protection |
| Critical Severity Incident |
High |
📦 Morphisec |
| Critical Threat Detected |
Medium |
📦 VMware Carbon Black Cloud |
| Cross-Cloud Password Spray detection |
Medium |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| Cross-Cloud Suspicious Compute resource creation in GCP |
Low |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| Cross-Cloud Suspicious user activity observed in GCP Envourment |
Medium |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| Cross-Cloud Unauthorized Credential Access Detection From AWS RDS Login |
Medium |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| Cross-tenant Access Settings Organization Added |
Medium |
📦 Microsoft Entra ID |
| Cross-tenant Access Settings Organization Deleted |
Medium |
📦 Microsoft Entra ID |
| Cross-tenant Access Settings Organization Inbound Collaboration Settings Changed |
Medium |
📦 Microsoft Entra ID |
| Cross-tenant Access Settings Organization Inbound Direct Settings Changed |
Medium |
📦 Microsoft Entra ID |
| Cross-tenant Access Settings Organization Outbound Collaboration Settings Changed |
Medium |
📦 Microsoft Entra ID |
| Cross-tenant Access Settings Organization Outbound Direct Settings Changed |
Medium |
📦 Microsoft Entra ID |
| CTERA Mass Access Denied Detection Analytic |
High |
📦 CTERA |
| CTERA Mass Deletions Detection Analytic |
High |
📦 CTERA |
| CTERA Mass Permissions Changes Detection Analytic |
High |
📦 CTERA |
| CyberArk - High-Risk Actions Outside Business Hours |
High |
📦 CyberArkAudit |
| CyberArk - Multiple Failed Actions Followed by Success (15m) |
Medium |
📦 CyberArkAudit |
| CyberArk - Sensitive Safe/Permission/Entitlement Changes (with customData) |
Low |
📦 CyberArkAudit |
| CyberArkEPM - Attack attempt not blocked |
High |
📦 CyberArkEPM |
| CyberArkEPM - MSBuild usage as LOLBin |
Medium |
📦 CyberArkEPM |
| CyberArkEPM - Multiple attack types |
High |
📦 CyberArkEPM |
| CyberArkEPM - Possible execution of Powershell Empire |
High |
📦 CyberArkEPM |
| CyberArkEPM - Process started from different locations |
Medium |
📦 CyberArkEPM |
| CyberArkEPM - Renamed Windows binary |
High |
📦 CyberArkEPM |
| CyberArkEPM - Uncommon process Internet access |
High |
📦 CyberArkEPM |
| CyberArkEPM - Uncommon Windows process started from System folder |
Medium |
📦 CyberArkEPM |
| CyberArkEPM - Unexpected executable extension |
Medium |
📦 CyberArkEPM |
| CyberArkEPM - Unexpected executable location |
Medium |
📦 CyberArkEPM |
| CyberBlindSpot - Any Issue Detected ⚠️ |
Informational |
📦 CTM360 |
| Cyble Advisory Alerts Advisory ⚠️ |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Assets |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Bitbucket |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Cloud Storage |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Compromised Endpoint Cookies |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Compromised Files |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Cyble Web Applications |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Darkweb Data Breaches |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Darkweb Ransomware Leak |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Discord Keyword |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Discovered Subdomain |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Docker |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Domain Expiry Alert |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Domain Watchlist |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Flash Report |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Github |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Hacktivism |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts I2P Monitoring |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts IOC'S |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts IP Risk Score |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Leaked Credentials |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Malicious Ads Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts New Vulnerability Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts News Feed Alert |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts OSINT Mention Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts OT/ICS Threat Activity Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Pastebin |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Phishing Domain Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Physical Threat Alert |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Postman API Exposure Detection |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Product Vulnerability Detected |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Social Media Monitoring |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts SSL Certificate Expiry |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Suspicious Domain |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts TOR Links |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Vulnerability |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Website Defacement Content |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Website Defacement Keyword |
Low |
📦 Cyble Vision |
| Cyble Vision Alerts Website Defacement URL |
Low |
📦 Cyble Vision |
| CybleVision Alerts Cyber Crime Forum Alerts |
Low |
📦 Cyble Vision |
| CybleVision Alerts Darkweb Marketplace Alerts |
Low |
📦 Cyble Vision |
| CybleVision Alerts Mobile Apps |
Low |
📦 Cyble Vision |
| CybleVision Alerts Stealer Logs |
Low |
📦 Cyble Vision |
| CybleVision Alerts Telegram Mentions |
Low |
📦 Cyble Vision |
| CYFIRMA - Attack Surface - Cloud Weakness High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Cloud Weakness Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Configuration High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Configuration Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Domain/IP Vulnerability Exposure High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Domain/IP Vulnerability Exposure Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Malicious Domain/IP Reputation High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Malicious Domain/IP Reputation Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Open Ports High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Open Ports Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Weak Certificate Exposure - High Rule |
High |
📦 Cyfirma Attack Surface |
| CYFIRMA - Attack Surface - Weak Certificate Exposure - Medium Rule |
Medium |
📦 Cyfirma Attack Surface |
| CYFIRMA - Brand Intelligence - Domain Impersonation High Rule |
High |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Domain Impersonation Medium Rule |
Medium |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Executive/People Impersonation High Rule |
High |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Executive/People Impersonation Medium Rule |
Medium |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Malicious Mobile App High Rule |
High |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Malicious Mobile App Medium Rule |
Medium |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Product/Solution High Rule |
High |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Product/Solution Medium Rule |
Medium |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Social Media Handle Impersonation Detected High Rule |
High |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Brand Intelligence - Social Media Handle Impersonation Detected Medium Rule |
Medium |
📦 Cyfirma Brand Intelligence |
| CYFIRMA - Compromised Employees Detection Rule |
High |
📦 Cyfirma Compromised Accounts |
| CYFIRMA - Customer Accounts Leaks Detection Rule |
High |
📦 Cyfirma Compromised Accounts |
| CYFIRMA - Data Breach and Web Monitoring - Dark Web High Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Data Breach and Web Monitoring - Dark Web Medium Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - Data Breach and Web Monitoring - Phishing Campaign Detection Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Data Breach and Web Monitoring - Phishing Campaign Detection Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - Data Breach and Web Monitoring - Ransomware Exposure Detected Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Data Breach and Web Monitoring - Ransomware Exposure Detected Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - High Severity Asset based Vulnerabilities Rule Alert |
High |
📦 Cyfirma Vulnerabilities Intel |
| CYFIRMA - High Severity Attack Surface based Vulnerabilities Rule Alert |
High |
📦 Cyfirma Vulnerabilities Intel |
| CYFIRMA - High severity Command & Control Network Indicators with Block Recommendation Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Command & Control Network Indicators with Monitor Recommendation Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity File Hash Indicators with Block Action and Malware |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity File Hash Indicators with Block Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity File Hash Indicators with Monitor Action and Malware |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity File Hash Indicators with Monitor Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Block Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Network Indicators with Block Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Network Indicators with Monitor Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Phishing Network Indicators - Block Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Malicious Phishing Network Indicators - Monitor Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity TOR Node Network Indicators - Block Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity TOR Node Network Indicators - Monitor Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Trojan File Hash Indicators with Block Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Trojan File Hash Indicators with Monitor Action Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Trojan Network Indicators - Block Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - High severity Trojan Network Indicators - Monitor Recommended Rule |
High |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium Severity Asset based Vulnerabilities Rule Alert |
Medium |
📦 Cyfirma Vulnerabilities Intel |
| CYFIRMA - Medium Severity Attack Surface based Vulnerabilities Rule |
Medium |
📦 Cyfirma Vulnerabilities Intel |
| CYFIRMA - Medium severity Command & Control Network Indicators with Block Recommendation Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Command & Control Network Indicators with Monitor Recommendation Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity File Hash Indicators with Block Action and Malware |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity File Hash Indicators with Block Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity File Hash Indicators with Monitor Action and Malware |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity File Hash Indicators with Monitor Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Block Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Network Indicators Associated with Malware - Monitor Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Network Indicators with Block Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Network Indicators with Monitor Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Phishing Network Indicators - Block Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Malicious Phishing Network Indicators - Monitor Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity TOR Node Network Indicators - Block Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity TOR Node Network Indicators - Monitor Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Trojan File Hash Indicators with Block Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Trojan File Hash Indicators with Monitor Action Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Trojan Network Indicators - Block Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Medium severity Trojan Network Indicators - Monitor Recommended Rule |
Medium |
📦 Cyfirma Cyber Intelligence |
| CYFIRMA - Public Accounts Leaks Detection Rule |
High |
📦 Cyfirma Compromised Accounts |
| CYFIRMA - Social and Public Exposure - Social Media Threats Activity Detected Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Social Media Threats Activity Detected Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Confidential Files Information Exposure Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Confidential Files Information Exposure Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Exposure of PII/CII in Public Domain Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Exposure of PII/CII in Public Domain Rule |
Medium |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Source Code Exposure on Public Repositories Rule |
High |
📦 Cyfirma Digital Risk |
| CYFIRMA - Social and Public Exposure - Source Code Exposure on Public Repositories Rule |
Medium |
📦 Cyfirma Digital Risk |
| Cynerio - Exploitation Attempt of IoT device |
High |
📦 Cynerio |
| Cynerio - IoT - Default password |
High |
📦 Cynerio |
| Cynerio - IoT - Weak password |
High |
📦 Cynerio |
| Cynerio - Medical device scanning |
Medium |
📦 Cynerio |
| Cynerio - Suspicious Connection to External Address |
High |
📦 Cynerio |
| Cyren Feed Outage Detection |
Medium |
📦 CyrenThreatIntelligence |
| Cyren High-Risk IP Indicators |
High |
📦 CyrenThreatIntelligence |
| Cyren High-Risk URL Indicators |
High |
📦 CyrenThreatIntelligence |