Deprecated Detections

Name	Data Source	Technique	Type	Analytic Story	Date
AWS Cross Account Activity From Previously Unseen Account	AWS CloudTrail	N/A	Anomaly	Suspicious Cloud Authentication Activities	2024-11-14
aws detect attach to role policy		Valid Accounts	Hunting	AWS Cross Account Activity	2024-11-14
aws detect permanent key creation		Valid Accounts	Hunting	AWS Cross Account Activity	2024-11-14
aws detect role creation		Valid Accounts	Hunting	AWS Cross Account Activity	2024-11-14
aws detect sts assume role abuse		Valid Accounts	Hunting	AWS Cross Account Activity	2024-11-14
aws detect sts get session token abuse		Use Alternate Authentication Material	Hunting	AWS Cross Account Activity	2024-11-14
AWS SAML Access by Provider User and Principal	AWS CloudTrail AssumeRoleWithSAML	Valid Accounts	Anomaly	Cloud Federated Credential Abuse	2024-11-14
GitHub Actions Disable Security Workflow	GitHub Webhooks	Compromise Software Supply Chain	Anomaly	Dev Sec Ops	2025-02-10
Github Commit Changes In Master	GitHub Webhooks	Trusted Relationship	Anomaly	Dev Sec Ops	2024-11-14
Github Commit In Develop	GitHub Webhooks	Trusted Relationship	Anomaly	Dev Sec Ops	2024-11-14
GitHub Dependabot Alert	GitHub Webhooks	Compromise Software Dependencies and Development Tools	Anomaly	Dev Sec Ops	2025-02-10
GitHub Pull Request from Unknown User	GitHub Webhooks	Compromise Software Dependencies and Development Tools	Anomaly	Dev Sec Ops	2025-02-10
Known Services Killed by Ransomware	Windows Event Log System 7036	Inhibit System Recovery	TTP	BlackMatter Ransomware, Compromised Windows Host, LockBit Ransomware, Ransomware	2025-02-07
Remote Desktop Network Bruteforce	Sysmon EventID 3	Password Guessing	TTP	Compromised User Account, Ryuk Ransomware, SamSam Ransomware	2025-01-10
Suspicious Driver Loaded Path	Sysmon EventID 6	Windows Service	TTP	AgentTesla, BlackByte Ransomware, CISA AA22-320A, Snake Keylogger, XMRig	2025-02-06
Suspicious Event Log Service Behavior	Windows Event Log Security 1100	Clear Windows Event Logs	Hunting	Clop Ransomware, Ransomware, Windows Log Manipulation	2025-02-10
Suspicious Process File Path	CrowdStrike ProcessRollup2, Sysmon EventID 1, Windows Event Log Security 4688	Create or Modify System Process	TTP	AgentTesla, Amadey, AsyncRAT, Azorult, BlackByte Ransomware, Brute Ratel C4, CISA AA23-347A, Chaos Ransomware, Crypto Stealer, DarkCrystal RAT, DarkGate Malware, Data Destruction, Double Zero Destructor, Graceful Wipe Out Attack, Handala Wiper, Hermetic Wiper, IcedID, Industroyer2, LockBit Ransomware, Meduza Stealer, MoonPeak, Phemedrone Stealer, PlugX, Prestige Ransomware, Qakbot, RedLine Stealer, Remcos, Rhysida Ransomware, Swift Slicer, Trickbot, ValleyRAT, Volt Typhoon, Warzone RAT, WhisperGate, XMRig	2025-02-10