| M2131_AssetStoppedLogging |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_DataConnectorAddedChangedRemoved |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_EventLogManagementPostureChanged_EL0 |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_EventLogManagementPostureChanged_EL1 |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_EventLogManagementPostureChanged_EL2 |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_EventLogManagementPostureChanged_EL3 |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_LogRetentionLessThan1Year |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M2131_RecommendedDatatableUnhealthy |
Medium |
📦 MaturityModelForEventLogManagementM2131 |
| M365D Alerts Correlation to non-Microsoft Network device network activity involved in successful sign-in Activity |
Medium |
📄 Standalone Content |
| Mail redirect via ExO transport rule |
Medium |
📦 Microsoft 365 |
| Mail.Read Permissions Granted to Application |
Medium |
📦 Microsoft Entra ID |
| Malformed user agent |
Medium |
📄 Standalone Content |
| Malicious BEC Inbox Rule |
Medium |
📦 Business Email Compromise - Financial Fraud |
| Malicious Inbox Rule |
Medium |
📦 Microsoft 365 |
| Malicious web application requests linked with Microsoft Defender for Endpoint (formerly Microsoft Defender ATP) alerts |
Medium |
📦 Web Shells Threat Protection |
| Malware Activity Detected |
High |
📦 Veeam |
| Malware attachment delivered |
Medium |
📦 ProofPointTap |
| Malware Detected |
Medium |
📦 Symantec Endpoint Protection |
| Malware Detection Exclusions List Updated |
Medium |
📦 Veeam |
| Malware Detection Session Finished |
Informational |
📦 Veeam |
| Malware Detection Settings Updated |
High |
📦 Veeam |
| Malware Event Detected |
Medium |
📦 Veeam |
| Malware in the recycle bin |
Medium |
📦 Endpoint Threat Protection Essentials |
| Malware in the recycle bin (Normalized Process Events) |
Medium |
📄 Standalone Content |
| Malware Link Clicked |
Medium |
📦 ProofPointTap |
| Mass Cloud resource deletions Time Series Anomaly |
Medium |
📦 Azure Activity |
| Mass Download & copy to USB device by single user |
Medium |
📄 Standalone Content |
| Mass secret retrieval from Azure Key Vault |
Low |
📦 Azure Key Vault |
| Match Legitimate Name or Location - 2 |
Medium |
📦 FalconFriday |
| McAfee ePO - Agent Handler down |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Attempt uninstall McAfee agent |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Deployment failed |
High |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Error sending alert |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - File added to exceptions |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Firewall disabled |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Logging error occurred |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Multiple threats on same host |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Scanning engine disabled |
Low |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Spam Email detected |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Task error |
Medium |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Threat was not blocked |
High |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Unable to clean or delete infected file |
High |
📦 McAfee ePolicy Orchestrator |
| McAfee ePO - Update failed |
Medium |
📦 McAfee ePolicy Orchestrator |
| Medium severity malicious activity detected |
Medium |
📦 Azure Firewall |
| Mercury - Domain, Hash and IP IOCs - August 2022 |
High |
📄 Standalone Content |
| MFA Fatigue (OKTA) |
Medium |
📦 Okta Single Sign-On |
| MFA Rejected by User |
Medium |
📦 Microsoft Entra ID |
| MFA Spamming followed by Successful login |
High |
📦 Microsoft Entra ID |
| Microsoft COVID-19 file hash indicator matches |
Medium |
📦 PaloAlto-PAN-OS |
| Microsoft Defender for Endpoint (MDE) signatures for Azure Synapse pipelines and Azure Data Factory |
High |
📄 Standalone Content |
| Microsoft Entra ID Health Monitoring Agent Registry Keys Access |
Medium |
📄 Standalone Content |
| Microsoft Entra ID Health Service Agents Registry Keys Access |
Medium |
📄 Standalone Content |
| Microsoft Entra ID Hybrid Health AD FS New Server |
Medium |
📦 Azure Activity |
| Microsoft Entra ID Hybrid Health AD FS Service Delete |
Medium |
📦 Azure Activity |
| Microsoft Entra ID Hybrid Health AD FS Suspicious Application |
Medium |
📦 Azure Activity |
| Microsoft Entra ID Local Device Join Information and Transport Key Registry Keys Access |
Medium |
📦 Windows Security Events |
| Microsoft Entra ID PowerShell accessing non-Entra ID resources |
Low |
📦 Microsoft Entra ID |
| Microsoft Entra ID Rare UserAgent App Sign-in |
Medium |
📦 FalconFriday |
| Microsoft Entra ID Role Management Permission Grant |
High |
📦 Microsoft Entra ID |
| Microsoft Entra ID UserAgent OS Missmatch |
Medium |
📦 FalconFriday |
| Midnight Blizzard - Script payload stored in Registry |
Medium |
📄 Standalone Content |
| Midnight Blizzard - suspicious rundll32.exe execution of vbscript |
Medium |
📄 Standalone Content |
| Midnight Blizzard - suspicious rundll32.exe execution of vbscript (Normalized Process Events) |
Medium |
📄 Standalone Content |
| Mimecast Audit - Logon Authentication Failed |
High |
📦 Mimecast |
| Mimecast Audit - Logon Authentication Failed |
High |
📦 MimecastAudit |
| Mimecast Data Leak Prevention - Hold |
Informational |
📦 Mimecast |
| Mimecast Data Leak Prevention - Hold |
Informational |
📦 MimecastSEG |
| Mimecast Data Leak Prevention - Notifications |
High |
📦 Mimecast |
| Mimecast Data Leak Prevention - Notifications |
High |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - Attachment Protect |
High |
📦 Mimecast |
| Mimecast Secure Email Gateway - Attachment Protect |
High |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - AV |
Informational |
📦 Mimecast |
| Mimecast Secure Email Gateway - AV |
Informational |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - Impersonation Protect |
High |
📦 Mimecast |
| Mimecast Secure Email Gateway - Impersonation Protect |
High |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - Internal Email Protect |
High |
📦 Mimecast |
| Mimecast Secure Email Gateway - Internal Email Protect |
High |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - Spam Event Thread |
Low |
📦 Mimecast |
| Mimecast Secure Email Gateway - Spam Event Thread |
Low |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - URL Protect |
High |
📦 Mimecast |
| Mimecast Secure Email Gateway - URL Protect |
High |
📦 MimecastSEG |
| Mimecast Secure Email Gateway - Virus |
Informational |
📦 Mimecast |
| Mimecast Secure Email Gateway - Virus |
Informational |
📦 MimecastSEG |
| Mimecast Targeted Threat Protection - Attachment Protect |
High |
📦 Mimecast |
| Mimecast Targeted Threat Protection - Attachment Protect |
High |
📦 MimecastTTP |
| Mimecast Targeted Threat Protection - Impersonation Protect |
High |
📦 Mimecast |
| Mimecast Targeted Threat Protection - Impersonation Protect |
High |
📦 MimecastTTP |
| Mimecast Targeted Threat Protection - URL Protect |
High |
📦 Mimecast |
| Mimecast Targeted Threat Protection - URL Protect |
High |
📦 MimecastTTP |
| Missing Domain Controller Heartbeat |
High |
📄 Standalone Content |
| Modification of Accessibility Features |
Medium |
📄 Standalone Content |
| Modified domain federation trust settings |
High |
📦 Microsoft Entra ID |
| Monitor AWS Credential abuse or hijacking |
Low |
📦 Amazon Web Services |
| MosaicLoader |
High |
📦 Microsoft Defender XDR |
| Multi-Factor Authentication Disabled |
High |
📦 Veeam |
| Multi-Factor Authentication Disabled for a User |
Medium |
📦 Cloud Identity Threat Protection Essentials |
| Multi-Factor Authentication for User Disabled |
High |
📦 Veeam |
| Multi-Factor Authentication Token Revoked |
Medium |
📦 Veeam |
| Multi-Factor Authentication User Locked |
High |
📦 Veeam |
| Multiple admin membership removals from newly created admin. |
Medium |
📦 Microsoft Entra ID |
| Multiple failed attempts of NetBackup login |
Medium |
📦 Veritas NetBackup |
| Multiple Password Reset by user |
Low |
📄 Standalone Content |
| Multiple RDP connections from Single System |
Low |
📄 Standalone Content |
| Multiple scans in the network (Microsoft Defender for IoT) |
High |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Multiple Sources Affected by the Same TI Destination |
Medium |
📦 Azure Firewall |
| Multiple Teams deleted by a single user |
Low |
📦 Microsoft 365 |
| Multiple users email forwarded to same destination |
Medium |
📦 Microsoft 365 |