| Ubiquiti - Connection to known malicious IP or C2 |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - connection to non-corporate DNS server |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Large ICMP to external server |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Possible connection to cryptominning pool |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - RDP from external source |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - SSH from external source |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Unknown MAC Joined AP |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Unusual DNS connection |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Unusual FTP connection to external server |
Medium |
📦 Ubiquiti UniFi |
| Ubiquiti - Unusual traffic |
Medium |
📦 Ubiquiti UniFi |
| Unauthorized device in the network (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Unauthorized DHCP configuration in the network (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Unauthorized PLC changes (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Unauthorized remote access to the network (Microsoft Defender for IoT) |
Medium |
📦 IoTOTThreatMonitoringwithDefenderforIoT |
| Unauthorized user access across AWS and Azure |
Medium |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| UniFi Site Manager: Console firmware likely security-relevant |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Controller Connection State Change |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Data Connector Health |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Device Offline |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: External WAN IP changed |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Firmware Update Available |
Low |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: IPS signature count dropped >50% |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: IPS/IDS disabled or misconfigured |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: ISP Downtime |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: ISP High Latency |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: ISP Packet Loss |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: ISP SLA Breach |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Multiple Devices Offline |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: New critical notifications appeared |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: New Device Adopted |
Informational |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: New WAN issue index recorded |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: New WAN2 (secondary) issue recorded |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Pending firmware updates outstanding for 7d+ |
Low |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: Site Health Critical |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: System log shipping disabled |
High |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: WAN uptime below 99% |
Medium |
📦 UniFi Site Manager (CCF) |
| UniFi Site Manager: WiFi quality degraded (high TX retry) |
Low |
📦 UniFi Site Manager (CCF) |
| Unused IaaS Policy |
High |
📦 Authomize |
| Unusual Anomaly |
Medium |
🔗 GitHub Only |
| Unusual identity creation using exchange powershell |
High |
📄 Standalone Content |
| Unusual Volume of file deletion by users |
High |
📦 Microsoft Defender XDR |
| Unusual Volume of Password Updated or Removed |
Low |
📦 Lastpass Enterprise Activity Monitoring |
| URL Added to Application from Unknown Domain |
High |
📄 Standalone Content |
| User Accessed Suspicious URL Categories |
Medium |
📦 SymantecProxySG |
| User account added to built in domain local or global group |
Low |
📄 Standalone Content |
| User account created and deleted within 10 mins |
Medium |
📄 Standalone Content |
| User Account Created Using Incorrect Naming Format |
Low |
📄 Standalone Content |
| User account created without expected attributes defined |
Low |
📄 Standalone Content |
| User account enabled and disabled within 10 mins |
Medium |
📄 Standalone Content |
| User Accounts - Sign in Failure due to CA Spikes |
Medium |
📦 Microsoft Entra ID |
| User Added to Admin Role |
Low |
📦 Business Email Compromise - Financial Fraud |
| User added to Microsoft Entra ID Privileged Groups |
Medium |
📦 Microsoft Entra ID |
| User agent search for log4j exploitation attempt |
High |
📦 Apache Log4j Vulnerability Detection |
| User Assigned New Privileged Role |
High |
📦 Microsoft Entra ID |
| User assigned to a default admin role |
High |
📦 Authomize |
| User impersonation by Identity Protection alerts |
Medium |
📦 Multi Cloud Attack Coverage Essentials - Resource Abuse |
| User joining Zoom meeting from suspicious timezone |
Low |
📄 Standalone Content |
| User Login from Different Countries within 3 hours |
High |
📦 Okta Single Sign-On |
| User login from different countries within 3 hours (Uses Authentication Normalization) |
High |
📄 Standalone Content |
| User or Group Added |
High |
📦 Veeam |
| User or Group Deleted |
High |
📦 Veeam |
| User Session Impersonation(Okta) |
Medium |
📦 Okta Single Sign-On |
| User Sign in from different countries |
Medium |
📦 Salesforce Service Cloud |
| User State changed from Guest to Member |
Medium |
📄 Standalone Content |
| User without MFA |
Medium |
📦 Authomize |
| UserAccountDisabled |
Medium |
📦 SenservaPro |
| Users searching for VIP user activity |
Low |
📄 Standalone Content |
| Utimaco ESKM - Burst of KMIP DESTROY operations by a single user |
High |
📦 Utimaco Enterprise Secure Key Manager |
| Utimaco ESKM - Multiple KMIP authentication failures from same IP |
Medium |
📦 Utimaco Enterprise Secure Key Manager |
| Utimaco ESKM - PERMISSION_DENIED burst for a KMIP user |
Medium |
📦 Utimaco Enterprise Secure Key Manager |