| TacitRed - High Confidence Compromise |
High |
📦 TacitRedThreatIntelligence |
| TacitRed - Repeat Compromise Detection |
High |
📦 TacitRedThreatIntelligence |
| Tampering to AWS CloudTrail logs |
High |
📦 Amazon Web Services |
| Tanium Threat Response Alerts |
High |
📦 Tanium |
| Tape Erase Job Started |
High |
📦 Veeam |
| Tape Library Deleted |
Informational |
📦 Veeam |
| Tape Media Pool Deleted |
Informational |
📦 Veeam |
| Tape Media Vault Deleted |
Informational |
📦 Veeam |
| Tape Medium Deleted |
High |
📦 Veeam |
| Tape Server Deleted |
Informational |
📦 Veeam |
| TEARDROP memory-only dropper |
High |
📦 Microsoft Defender XDR |
| Tenable.ad Active Directory attacks pathways ⚠️ |
Low |
📦 TenableAD |
| Tenable.ad DCShadow ⚠️ |
High |
📦 TenableAD |
| Tenable.ad DCSync ⚠️ |
High |
📦 TenableAD |
| Tenable.ad Golden Ticket ⚠️ |
High |
📦 TenableAD |
| Tenable.ad Indicators of Attack ⚠️ |
Low |
📦 TenableAD |
| Tenable.ad Indicators of Exposures ⚠️ |
Low |
📦 TenableAD |
| Tenable.ad LSASS Memory ⚠️ |
High |
📦 TenableAD |
| Tenable.ad Password Guessing ⚠️ |
High |
📦 TenableAD |
| Tenable.ad Password issues ⚠️ |
Low |
📦 TenableAD |
| Tenable.ad Password Spraying ⚠️ |
High |
📦 TenableAD |
| Tenable.ad privileged accounts issues ⚠️ |
Low |
📦 TenableAD |
| Tenable.ad user accounts issues ⚠️ |
Low |
📦 TenableAD |
| Tenant Password Changed |
High |
📦 Veeam |
| Tenant Quota Changed |
Informational |
📦 Veeam |
| Tenant Quota Deleted |
Informational |
📦 Veeam |
| Tenant Replica Started |
Informational |
📦 Veeam |
| Tenant Replica Stopped |
High |
📦 Veeam |
| Tenant State Changed |
Informational |
📦 Veeam |
| The download of potentially risky files from the Discord Content Delivery Network (CDN) (ASIM Web Session) |
Medium |
📦 Web Session Essentials |
| Theom - Critical data in API headers or body |
High |
📦 Theom |
| Theom - Dark Data with large fin value |
High |
📦 Theom |
| Theom - Dev secrets exposed |
High |
📦 Theom |
| Theom - Dev secrets unencrypted |
High |
📦 Theom |
| Theom - Financial data exposed |
High |
📦 Theom |
| Theom - Financial data unencrypted |
High |
📦 Theom |
| Theom - Healthcare data exposed |
High |
📦 Theom |
| Theom - Healthcare data unencrypted |
High |
📦 Theom |
| Theom - Least priv large value shadow DB |
High |
📦 Theom |
| Theom - National IDs exposed |
High |
📦 Theom |
| Theom - National IDs unencrypted |
High |
📦 Theom |
| Theom - Overprovisioned Roles Shadow DB |
High |
📦 Theom |
| Theom - Shadow DB large datastore value |
High |
📦 Theom |
| Theom - Shadow DB with atypical accesses |
High |
📦 Theom |
| Theom - Unencrypted public data stores |
High |
📦 Theom |
| Theom Critical Risks |
High |
📦 Theom |
| Theom High Risks |
High |
📦 Theom |
| Theom Insights |
Low |
📦 Theom |
| Theom Low Risks |
High |
📦 Theom |
| Theom Medium Risks |
High |
📦 Theom |
| Third party integrated apps |
High |
📦 SenservaPro |
| Threat Connect TI map Domain entity to DnsEvents |
Medium |
📦 ThreatConnect |
| Threat Essentials - Mail redirect via ExO transport rule |
Medium |
📦 SecurityThreatEssentialSolution |
| Threat Essentials - Mass Cloud resource deletions Time Series Anomaly |
Medium |
📦 SecurityThreatEssentialSolution |
| Threat Essentials - Multiple admin membership removals from newly created admin. |
Medium |
📦 SecurityThreatEssentialSolution |
| Threat Essentials - NRT User added to Microsoft Entra ID Privileged Groups |
Medium |
📦 SecurityThreatEssentialSolution |
| Threat Essentials - Time series anomaly for data size transferred to public internet |
Medium |
📦 SecurityThreatEssentialSolution |
| Threat Essentials - User Assigned Privileged Role |
High |
📦 SecurityThreatEssentialSolution |
| ThreatConnect TI map Email entity to OfficeActivity |
Medium |
📦 ThreatConnect |
| ThreatConnect TI map Email entity to SigninLogs |
Medium |
📦 ThreatConnect |
| ThreatConnect TI map IP entity to Network Session Events (ASIM Network Session schema) |
Medium |
📦 ThreatConnect |
| ThreatConnect TI Map URL Entity to OfficeActivity Data |
Medium |
📦 ThreatConnect |
| Threats detected by Eset |
Low |
📦 Eset Security Management Center |
| Threats detected by ESET |
Low |
📦 ESETPROTECT |
| TI map Domain entity to Cloud App Events |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map Domain Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence |
| TI Map Domain Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to Dns Events (ASIM DNS Schema) |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to Dns Events (ASIM DNS Schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to DnsEvents |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to DnsEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to EmailEvents |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to EmailEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to EmailUrlInfo |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to EmailUrlInfo |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to PaloAlto |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to PaloAlto |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to PaloAlto CommonSecurityLog |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to PaloAlto CommonSecurityLog |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to SecurityAlert |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to SecurityAlert |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to Syslog |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to Syslog |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Domain entity to Web Session Events (ASIM Web Session schema) |
Medium |
📦 Threat Intelligence |
| TI map Domain entity to Web Session Events (ASIM Web Session schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to AzureActivity |
Medium |
📦 Threat Intelligence |
| TI map Email entity to AzureActivity |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to Cloud App Events |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to EmailEvents |
Medium |
📦 Threat Intelligence |
| TI map Email entity to EmailEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to OfficeActivity |
Medium |
📦 Threat Intelligence |
| TI map Email entity to OfficeActivity |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to PaloAlto CommonSecurityLog |
Medium |
📦 Threat Intelligence |
| TI map Email entity to PaloAlto CommonSecurityLog |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to SecurityAlert |
Medium |
📦 Threat Intelligence |
| TI map Email entity to SecurityAlert |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to SecurityEvent |
Medium |
📦 Threat Intelligence |
| TI map Email entity to SecurityEvent |
Medium |
📦 Threat Intelligence (NEW) |
| TI map Email entity to SigninLogs |
Medium |
📦 Threat Intelligence |
| TI map Email entity to SigninLogs |
Medium |
📦 Threat Intelligence (NEW) |
| TI map File Hash to CommonSecurityLog Event |
Medium |
📦 Threat Intelligence |
| TI map File Hash to CommonSecurityLog Event |
Medium |
📦 Threat Intelligence (NEW) |
| TI map File Hash to DeviceFileEvents Event |
Medium |
📦 Threat Intelligence |
| TI map File Hash to DeviceFileEvents Event |
Medium |
📦 Threat Intelligence (NEW) |
| TI map File Hash to Security Event |
Medium |
📦 Threat Intelligence |
| TI map File Hash to Security Event |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to AppServiceHTTPLogs |
Medium |
📦 Threat Intelligence |
| TI map IP entity to AppServiceHTTPLogs |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to AWSCloudTrail |
Medium |
📦 Threat Intelligence |
| TI map IP entity to AWSCloudTrail |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to Azure Key Vault logs |
Medium |
📦 Threat Intelligence |
| TI map IP entity to Azure Key Vault logs |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to Azure SQL Security Audit Events |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to Azure SQL Security Audit Events |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to AzureActivity |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to AzureActivity |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to AzureFirewall |
Medium |
📦 Threat Intelligence |
| TI map IP entity to AzureFirewall |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to AzureNetworkAnalytics_CL (NSG Flow Logs) |
Medium |
📦 Threat Intelligence |
| TI map IP entity to AzureNetworkAnalytics_CL (NSG Flow Logs) |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to Cloud App Events |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to CommonSecurityLog |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to CommonSecurityLog |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to DNS Events (ASIM DNS schema) |
Medium |
📦 Threat Intelligence |
| TI map IP entity to DNS Events (ASIM DNS schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to DnsEvents |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to DnsEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to Duo Security |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to Duo Security |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to GitHub_CL |
Medium |
📦 Threat Intelligence |
| TI map IP entity to GitHub_CL |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to LastPass data |
Medium |
📦 Lastpass Enterprise Activity Monitoring |
| TI map IP entity to Network Session Events (ASIM Network Session schema) |
Medium |
📦 Threat Intelligence |
| TI map IP entity to Network Session Events (ASIM Network Session schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to OfficeActivity |
Medium |
📦 Threat Intelligence |
| TI map IP entity to OfficeActivity |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to SigninLogs |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to SigninLogs |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to VMConnection |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to VMConnection |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map IP Entity to W3CIISLog |
Medium |
📦 Threat Intelligence |
| TI Map IP Entity to W3CIISLog |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to Web Session Events (ASIM Web Session schema) |
Medium |
📦 Threat Intelligence |
| TI map IP entity to Web Session Events (ASIM Web Session schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TI map IP entity to Workday(ASimAuditEventLogs) |
Medium |
📦 Threat Intelligence |
| TI map IP entity to Workday(ASimAuditEventLogs) |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to AuditLogs |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to AuditLogs |
Medium |
📦 Threat Intelligence (NEW) |
| TI map URL entity to Cloud App Events |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to DeviceNetworkEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to EmailUrlInfo |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to EmailUrlInfo |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to OfficeActivity Data [Deprecated] |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to PaloAlto Data |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to PaloAlto Data |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to SecurityAlert Data |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to SecurityAlert Data |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to Syslog Data |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to Syslog Data |
Medium |
📦 Threat Intelligence (NEW) |
| TI Map URL Entity to UrlClickEvents |
Medium |
📦 Threat Intelligence |
| TI Map URL Entity to UrlClickEvents |
Medium |
📦 Threat Intelligence (NEW) |
| TI map URL entity to Web Session Events (ASIM Web Session schema) |
Medium |
📦 Threat Intelligence (NEW) |
| TIE Active Directory attacks pathways |
Low |
📦 Tenable App |
| TIE DCShadow |
High |
📦 Tenable App |
| TIE DCSync |
High |
📦 Tenable App |
| TIE Golden Ticket |
High |
📦 Tenable App |
| TIE Indicators of Attack |
Low |
📦 Tenable App |
| TIE Indicators of Exposures |
Low |
📦 Tenable App |
| TIE LSASS Memory |
High |
📦 Tenable App |
| TIE Password Guessing |
High |
📦 Tenable App |
| TIE Password issues |
Low |
📦 Tenable App |
| TIE Password Spraying |
High |
📦 Tenable App |
| TIE privileged accounts issues |
Low |
📦 Tenable App |
| TIE user accounts issues |
Low |
📦 Tenable App |
| Time series anomaly detection for total volume of traffic |
Medium |
📄 Standalone Content |
| Time series anomaly for data size transferred to public internet |
Medium |
📄 Standalone Content |
| Tomcat - Commands in URI |
High |
📦 Tomcat |
| Tomcat - Known malicious user agent |
High |
📦 Tomcat |
| Tomcat - Multiple client errors from single IP address |
Medium |
📦 Tomcat |
| Tomcat - Multiple empty requests from same IP |
Medium |
📦 Tomcat |
| Tomcat - Multiple server errors from single IP address |
Medium |
📦 Tomcat |
| Tomcat - Put file and get file from same IP address |
Medium |
📦 Tomcat |
| Tomcat - Request from localhost IP address |
Medium |
📦 Tomcat |
| Tomcat - Request to sensitive files |
High |
📦 Tomcat |
| Tomcat - Server errors after multiple requests from same IP |
Medium |
📦 Tomcat |
| Tomcat - Sql injection patterns |
High |
📦 Tomcat |
| Trend Micro CAS - DLP violation |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Infected user |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Multiple infected users |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Possible phishing mail |
Medium |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Ransomware infection |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Ransomware outbreak |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Suspicious filename |
Medium |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Threat detected and not blocked |
High |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Unexpected file on file share |
Medium |
📦 Trend Micro Cloud App Security |
| Trend Micro CAS - Unexpected file via mail |
Medium |
📦 Trend Micro Cloud App Security |
| Trust Monitor Event |
Medium |
📄 Standalone Content |
| Trusted Developer Utilities Proxy Execution |
Medium |
📦 FalconFriday |