/
Release 19 - Out-of-the-box alerts
Document toolboxDocument toolbox

Release 19 - Out-of-the-box alerts

Owned by Juan Tomás Alonso Nieto (Deactivated)
Feb 12, 2024
1 min read

Detection name

Detection description

Devo table / Data source / Category

Update 

SecOpsActivityAnonymousIPAddressesO365

This alert shows a anonymous IP detection made by MCAS

Cloud.office365.siem_agent 

Updated alert logic

SecOpsWinMimikatzLsadump

An adversary may attempt to dump credentials to obtain account login and credential material in the form of hashes or clear text passwords.

box.all.win

Updated alert logic 

SecOpsWinLsassMemDump

Detects and attempt to access lsass using mimikatz and/or a possible mimikatz driver load

box.all.win

Updated alert logic and updated field naming

Related content

Release 17 - Out-of-the-box alerts
Release 17 - Out-of-the-box alerts
Devo latest
More like this
Release 20 - Out-of-the-box alerts
Release 20 - Out-of-the-box alerts
Devo latest
More like this
Release 18 - Out-of-the-box alerts
Release 18 - Out-of-the-box alerts
Devo latest
More like this
Release 16 - Out-of-the-box alerts
Release 16 - Out-of-the-box alerts
Devo latest
More like this
Release 25 - Out-of-the-box alerts
Release 25 - Out-of-the-box alerts
Devo latest
More like this
Release 10 - Out-of-the-box alerts
Release 10 - Out-of-the-box alerts
Devo latest
More like this