|
Splunk Code Injection via custom dashboard leading to RCE
|
|
T1210
|
Hunting
|
Splunk Vulnerabilities
|
2026-05-14
|
|
Splunk RCE PDFgen Render
|
Splunk
|
T1210
|
TTP
|
Splunk Vulnerabilities
|
2026-05-14
|
|
Splunk RCE Through Arbitrary File Write to Windows System Root
|
Splunk
|
T1210
|
Hunting
|
Splunk Vulnerabilities
|
2026-05-14
|
|
Splunk App for Lookup File Editing RCE via User XSLT
|
|
T1210
|
Hunting
|
Splunk Vulnerabilities
|
2026-05-14
|
|
Splunk RCE via User XSLT
|
|
T1210
|
Hunting
|
Splunk Vulnerabilities
|
2026-05-14
|
|
Windows Excel Spawning Microsoft Project Application
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.003
|
Anomaly
|
PathWiper
|
2026-05-13
|
|
Windows AD Suspicious Attribute Modification
|
Windows Event Log Security 5136
|
T1222.001
T1550
|
TTP
|
Sneaky Active Directory Persistence Tricks
|
2026-05-13
|
|
Windows RDP Bitmap Cache File Creation
|
Sysmon EventID 11
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Windows Remote Management Execute Shell
|
Windows Event Log Security 4688, Sysmon EventID 1
|
T1021.006
|
Anomaly
|
Crypto Stealer
|
2026-05-13
|
|
Impacket Lateral Movement Commandline Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.002
T1021.003
T1047
T1543.003
|
TTP
|
Storm-0501 Ransomware, Data Destruction, Prestige Ransomware, CISA AA22-277A, Active Directory Lateral Movement, Gozi Malware, Industroyer2, WhisperGate, Compromised Windows Host, Graceful Wipe Out Attack, Volt Typhoon
|
2026-05-13
|
|
Windows Azure PowerShell Module Installation Via PowerShell Script
|
Powershell Script Block Logging 4104
|
T1021.007
T1069.003
T1078
T1098
T1136.003
|
Anomaly
|
Azure Active Directory Privilege Escalation, Azure Active Directory Persistence, Azure Active Directory Account Takeover
|
2026-05-13
|
|
Remote Process Instantiation via WinRM and Winrs
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.006
|
TTP
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Default RDP File Creation By Non MSTSC Process
|
Sysmon EventID 11, Sysmon EventID 1
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Enable RDP In Other Port Number
|
Sysmon EventID 13
|
T1021
|
TTP
|
Windows RDP Artifacts and Defense Evasion, Interlock Ransomware, Windows Registry Abuse, Prohibited Traffic Allowed or Protocol Mismatch
|
2026-05-13
|
|
Windows SpeechRuntime COM Hijacking DLL Load
|
Sysmon EventID 7
|
T1021.003
|
TTP
|
Compromised Windows Host, Scattered Lapsus$ Hunters, Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Process Execution From RDP Share
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
T1059
T1105
|
Anomaly
|
Hidden Cobra Malware
|
2026-05-13
|
|
Linux SSH Remote Services Script Execute
|
Sysmon for Linux EventID 1
|
T1021.004
|
TTP
|
VoidLink Cloud-Native Linux Malware, Linux Living Off The Land, Hellcat Ransomware
|
2026-05-13
|
|
Windows Replication Through Removable Media
|
Sysmon EventID 11
|
T1091
|
TTP
|
China-Nexus Threat Activity, NjRAT, Salt Typhoon, APT37 Rustonotto and FadeStealer, PlugX, Derusbi, Chaos Ransomware
|
2026-05-13
|
|
Rubeus Kerberos Ticket Exports Through Winlogon Access
|
Sysmon EventID 10
|
T1550.003
|
TTP
|
Scattered Lapsus$ Hunters, Active Directory Kerberos Attacks, ZOVWiper, BlackSuit Ransomware, CISA AA23-347A
|
2026-05-13
|
|
Windows Default Rdp File Unhidden
|
Sysmon EventID 1
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Windows RDP Server Registry Entry Created
|
Sysmon EventID 13
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Windows RDP Client Launched with Admin Session
|
Sysmon EventID 1
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Impacket Lateral Movement smbexec CommandLine Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.002
T1021.003
T1047
T1543.003
|
TTP
|
Data Destruction, Prestige Ransomware, CISA AA22-277A, Active Directory Lateral Movement, Industroyer2, WhisperGate, Compromised Windows Host, Graceful Wipe Out Attack, Volt Typhoon
|
2026-05-13
|
|
Rubeus Command Line Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1550.003
T1558.003
T1558.004
|
TTP
|
Scattered Lapsus$ Hunters, Active Directory Kerberos Attacks, ZOVWiper, BlackSuit Ransomware, Active Directory Privilege Escalation, CISA AA23-347A
|
2026-05-13
|
|
Impacket Lateral Movement WMIExec Commandline Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.002
T1021.003
T1047
T1543.003
|
TTP
|
Storm-0501 Ransomware, Data Destruction, Prestige Ransomware, CISA AA22-277A, Active Directory Lateral Movement, Gozi Malware, Industroyer2, WhisperGate, Compromised Windows Host, Graceful Wipe Out Attack, Volt Typhoon
|
2026-05-13
|
|
Windows Remote Services Allow Rdp In Firewall
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
|
Anomaly
|
Azorult, Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Windows Steal Authentication Certificates - ESC1 Authentication
|
Windows Event Log Security 4887, Windows Event Log Security 4768
|
T1550
T1649
|
TTP
|
Compromised Windows Host, Windows Certificate Services
|
2026-05-13
|
|
Remote Process Instantiation via DCOM and PowerShell
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.003
|
TTP
|
Compromised Windows Host, Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Process Executed From Removable Media
|
Sysmon EventID 13, Sysmon EventID 1
|
T1025
T1091
T1200
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2026-05-13
|
|
Windows Suspicious Named Pipe
|
Sysmon EventID 18, Sysmon EventID 17
|
T1021.002
T1055
T1559
|
TTP
|
Cobalt Strike, Trickbot, Hellcat Ransomware, Meterpreter, LockBit Ransomware, DarkSide Ransomware, Tuoni, Gozi Malware, BlackByte Ransomware, APT37 Rustonotto and FadeStealer, Remote Monitoring and Management Software, Graceful Wipe Out Attack, Brute Ratel C4
|
2026-05-13
|
|
Mmc LOLBAS Execution Process Spawn
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.003
T1218.014
|
TTP
|
XML Runner Loader, Water Gamayun, Living Off The Land, Active Directory Lateral Movement
|
2026-05-13
|
|
Detect Computer Changed with Anonymous Account
|
Windows Event Log Security 4742
|
T1210
|
Hunting
|
Detect Zerologon Attack
|
2026-05-13
|
|
Windows RDP Login Session Was Established
|
Windows Event Log Security 4624
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Allow Inbound Traffic By Firewall Rule Registry
|
Sysmon EventID 13
|
T1021.001
|
TTP
|
NjRAT, Azorult, Windows Registry Abuse, Medusa Ransomware, PlugX, Prohibited Traffic Allowed or Protocol Mismatch
|
2026-05-13
|
|
Windows Special Privileged Logon On Multiple Hosts
|
Windows Event Log Security 4672
|
T1021.002
T1087
T1135
|
TTP
|
Compromised Windows Host, Active Directory Privilege Escalation, Active Directory Lateral Movement
|
2026-05-13
|
|
Windows SpeechRuntime Suspicious Child Process
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.003
|
TTP
|
Compromised Windows Host, Active Directory Lateral Movement
|
2026-05-13
|
|
Mimikatz PassTheTicket CommandLine Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1550.003
|
TTP
|
Scattered Lapsus$ Hunters, Active Directory Kerberos Attacks, CISA AA22-320A, Sandworm Tools, CISA AA23-347A
|
2026-05-13
|
|
Windows WPDBusEnum Registry Key Modification
|
Sysmon EventID 13, Sysmon EventID 12
|
T1025
T1091
T1200
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2026-05-13
|
|
Detect PsExec With accepteula Flag
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.002
|
TTP
|
SamSam Ransomware, HAFNIUM Group, VanHelsing Ransomware, Storm-0501 Ransomware, DHS Report TA18-074A, Rhysida Ransomware, DarkSide Ransomware, Medusa Ransomware, Active Directory Lateral Movement, IcedID, CISA AA22-320A, Sandworm Tools, BlackByte Ransomware, Cactus Ransomware, Seashell Blizzard, DarkGate Malware, Volt Typhoon
|
2026-05-13
|
|
Windows Remote Services Allow Remote Assistance
|
Sysmon EventID 13
|
T1021.001
|
Anomaly
|
Azorult
|
2026-05-13
|
|
Windows Remote Host Computer Management Access
|
Windows Event Log Security 4688, Sysmon EventID 1
|
T1021.006
|
Anomaly
|
Medusa Ransomware
|
2026-05-13
|
|
Windows Remote Services Rdp Enable
|
Sysmon EventID 13
|
T1021.001
|
TTP
|
Azorult, Windows RDP Artifacts and Defense Evasion, BlackSuit Ransomware, Medusa Ransomware
|
2026-05-13
|
|
Possible Lateral Movement PowerShell Spawn
|
Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.003
T1021.006
T1047
T1053.005
T1059.001
T1218.014
T1543.003
|
Anomaly
|
Microsoft WSUS CVE-2025-59287, Malicious PowerShell, Scheduled Tasks, CISA AA24-241A, Active Directory Lateral Movement, Hermetic Wiper, Data Destruction
|
2026-05-13
|
|
Active Directory Lateral Movement Identified
|
|
T1210
|
Correlation
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Process With NetExec Command Line Parameters
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1550.003
T1558.003
T1558.004
|
TTP
|
Active Directory Kerberos Attacks, Active Directory Privilege Escalation
|
2026-05-13
|
|
Detection of tools built by NirSoft
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1072
|
Anomaly
|
Emotet Malware DHS Report TA18-201A
|
2026-05-13
|
|
Interactive Session on Remote Endpoint with PowerShell
|
Powershell Script Block Logging 4104
|
T1021.006
|
TTP
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Windows RDP Connection Successful
|
Windows Event Log RemoteConnectionManager 1149
|
T1563.002
|
Hunting
|
NetSupport RMM Tool Abuse, Active Directory Lateral Movement, BlackByte Ransomware, Windows RDP Artifacts and Defense Evasion, Interlock Ransomware
|
2026-05-13
|
|
Allow Inbound Traffic In Firewall Rule
|
Powershell Script Block Logging 4104
|
T1021.001
|
TTP
|
NetSupport RMM Tool Abuse, Prohibited Traffic Allowed or Protocol Mismatch
|
2026-05-13
|
|
Kerberos TGT Request Using RC4 Encryption
|
Windows Event Log Security 4768
|
T1550
|
TTP
|
Active Directory Kerberos Attacks, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Remote Desktop Process Running On System
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
|
Hunting
|
Windows RDP Artifacts and Defense Evasion, Hidden Cobra Malware, Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Suspicious C2 Named Pipe
|
Sysmon EventID 18, Sysmon EventID 17
|
T1021.002
T1055
T1559
|
TTP
|
Storm-0501 Ransomware, Cobalt Strike, Trickbot, Hellcat Ransomware, Meterpreter, LockBit Ransomware, DarkSide Ransomware, Tuoni, Gozi Malware, BlackByte Ransomware, APT37 Rustonotto and FadeStealer, Remote Monitoring and Management Software, Graceful Wipe Out Attack, Brute Ratel C4
|
2026-05-13
|
|
Remote Process Instantiation via DCOM and PowerShell Script Block
|
Powershell Script Block Logging 4104
|
T1021.003
|
TTP
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Windows RMM Named Pipe
|
Sysmon EventID 18, Sysmon EventID 17
|
T1021.002
T1055
T1559
|
Anomaly
|
Command And Control, Seashell Blizzard, Scattered Lapsus$ Hunters, GhostRedirector IIS Module and Rungan Backdoor, CISA AA24-241A, Gozi Malware, Insider Threat, Scattered Spider, Cactus Ransomware, Ransomware, Remote Monitoring and Management Software, Interlock Ransomware
|
2026-05-13
|
|
Windows USBSTOR Registry Key Modification
|
Sysmon EventID 13, Sysmon EventID 12
|
T1025
T1091
T1200
|
Anomaly
|
APT37 Rustonotto and FadeStealer, Data Protection
|
2026-05-13
|
|
Windows PuTTY Suite Utility Execution
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.004
|
Anomaly
|
Command And Control, Active Directory Lateral Movement
|
2026-05-13
|
|
Remote Process Instantiation via WinRM and PowerShell Script Block
|
Powershell Script Block Logging 4104
|
T1021.006
|
TTP
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Windows Protocol Tunneling with Plink
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.004
T1572
|
TTP
|
CISA AA22-257A
|
2026-05-13
|
|
Windows Theme File Creation in Unusual Location
|
Sysmon EventID 11
|
T1021.002
T1187
T1557.001
|
Anomaly
|
Spearphishing Attachments
|
2026-05-13
|
|
Windows PUA Named Pipe
|
Sysmon EventID 18, Sysmon EventID 17
|
T1021.002
T1055
T1559
|
Anomaly
|
SamSam Ransomware, HAFNIUM Group, VanHelsing Ransomware, DHS Report TA18-074A, Rhysida Ransomware, DarkSide Ransomware, Medusa Ransomware, Active Directory Lateral Movement, IcedID, CISA AA22-320A, BlackByte Ransomware, Sandworm Tools, Cactus Ransomware, Seashell Blizzard, DarkGate Malware, Volt Typhoon
|
2026-05-13
|
|
Powershell Remote Services Add TrustedHost
|
Powershell Script Block Logging 4104
|
T1021.006
|
TTP
|
DarkGate Malware
|
2026-05-13
|
|
Windows MSTSC RDP Commandline
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
|
Anomaly
|
Windows RDP Artifacts and Defense Evasion, Medusa Ransomware
|
2026-05-13
|
|
Windows Remote Service Rdpwinst Tool Execution
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
|
TTP
|
Azorult, Windows RDP Artifacts and Defense Evasion, Compromised Windows Host, Scattered Lapsus$ Hunters
|
2026-05-13
|
|
Executable File Written in Administrative SMB Share
|
Windows Event Log Security 5145
|
T1021.002
|
TTP
|
VanHelsing Ransomware, Trickbot, Prestige Ransomware, Active Directory Lateral Movement, IcedID, BlackSuit Ransomware, Hermetic Wiper, Industroyer2, Compromised Windows Host, Graceful Wipe Out Attack, Data Destruction
|
2026-05-13
|
|
Windows Service Create with Tscon
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1543.003
T1563.002
|
TTP
|
Windows RDP Artifacts and Defense Evasion, Compromised Windows Host, Active Directory Lateral Movement
|
2026-05-13
|
|
Remote Process Instantiation via WinRM and PowerShell
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.006
|
TTP
|
Active Directory Lateral Movement
|
2026-05-13
|
|
Unknown Process Using The Kerberos Protocol
|
Sysmon EventID 3, Sysmon EventID 1
|
T1550
|
TTP
|
Active Directory Kerberos Attacks, BlackSuit Ransomware
|
2026-05-13
|
|
Wsmprovhost LOLBAS Execution Process Spawn
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.006
|
TTP
|
CISA AA24-241A, Active Directory Lateral Movement, Hellcat Ransomware
|
2026-05-13
|
|
Windows RDP File Execution
|
Windows Event Log Security 4688, Sysmon EventID 1, CrowdStrike ProcessRollup2
|
T1021.001
T1598.002
|
TTP
|
Windows RDP Artifacts and Defense Evasion, Interlock Ransomware, Spearphishing Attachments
|
2026-05-13
|
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
T1068
T1133
T1190
T1210
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2026-05-13
|
|
Cisco IOS XE Remote Access Probe Burst
|
Cisco IOS Logs
|
T1018
T1021.004
T1046
|
Anomaly
|
Salt Typhoon
|
2026-05-20
|
|
ESXi Shell Access Enabled
|
VMWare ESXi Syslog
|
T1021
|
TTP
|
ESXi Post Compromise, Black Basta Ransomware
|
2026-05-13
|
|
ESXi SSH Enabled
|
VMWare ESXi Syslog
|
T1021.004
|
TTP
|
ESXi Post Compromise, Hellcat Ransomware, Black Basta Ransomware
|
2026-05-13
|
|
Okta Multiple Failed Requests to Access Applications
|
Okta
|
T1538
T1550.004
|
Hunting
|
Okta Account Takeover
|
2026-05-13
|
|
Cisco IOS XE VTY Access Class Tampering
|
Cisco IOS Logs
|
T1021
T1562
|
Anomaly
|
Salt Typhoon
|
2026-05-20
|
|
Microsoft Intune Device Health Scripts
|
Azure Monitor Activity
|
T1021.007
T1072
T1105
T1202
|
Hunting
|
Azure Active Directory Account Takeover
|
2026-05-13
|
|
Microsoft Intune Mobile Apps
|
Azure Monitor Activity
|
T1021.007
T1072
T1105
T1202
|
Hunting
|
Azure Active Directory Account Takeover
|
2026-05-13
|
|
Microsoft Intune Manual Device Management
|
Azure Monitor Activity
|
T1021.007
T1072
T1529
|
Hunting
|
Azure Active Directory Account Takeover
|
2026-05-13
|
|
AWS Bedrock Invoke Model Access Denied
|
AWS CloudTrail
|
T1078
T1550
|
TTP
|
AWS Bedrock Security
|
2026-05-13
|
|
Microsoft Intune DeviceManagementConfigurationPolicies
|
Azure Monitor Activity
|
T1021.007
T1072
T1484
T1685
T1686
|
Hunting
|
Azure Active Directory Account Takeover
|
2026-05-13
|
|
Remote Desktop Network Traffic
|
Zeek Conn
|
T1021.001
|
Anomaly
|
SamSam Ransomware, Hidden Cobra Malware, Active Directory Lateral Movement, Ryuk Ransomware, Windows RDP Artifacts and Defense Evasion
|
2026-05-13
|
|
Cisco Privileged Account Creation with HTTP Command Execution
|
|
T1021.004
T1078
T1136
|
Correlation
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
Cisco Secure Firewall - Communication Over Suspicious Ports
|
Cisco Secure Firewall Threat Defense Connection Event
|
T1021
T1055
T1059.001
T1105
T1219
T1571
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Static Tundra Smart Install Abuse
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1190
T1210
T1499
|
TTP
|
Cisco Smart Install Remote Code Execution CVE-2018-0171, Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Privileged Account Creation with Suspicious SSH Activity
|
|
T1021.004
T1078
T1136
|
Correlation
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
Cisco Secure Firewall - SSH Connection to Non-Standard Port
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1021.004
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|
|
Cisco Network Interface Modifications
|
Cisco IOS Logs
|
T1021
T1133
T1556
|
Anomaly
|
Cisco Smart Install Remote Code Execution CVE-2018-0171
|
2026-05-13
|
|
Cisco Secure Firewall - Veeam CVE-2023-27532 Exploitation Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1003.001
T1059.001
T1190
T1210
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
Cisco Secure Firewall - Lumma Stealer Activity
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1027
T1190
T1204
T1210
|
TTP
|
Lumma Stealer, Cisco Secure Firewall Threat Defense Analytics
|
2026-05-13
|
|
SMB Traffic Spike
|
|
T1021.002
|
Anomaly
|
Ransomware, Hidden Cobra Malware, Emotet Malware DHS Report TA18-201A, DHS Report TA18-074A
|
2026-05-13
|
|
Cisco Secure Firewall - SSH Connection to sshd_operns
|
Cisco Secure Firewall Threat Defense Intrusion Event
|
T1021.004
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics, Salt Typhoon
|
2026-05-13
|