Document toolboxDocument toolbox

Release 19 - Out-of-the-box alerts

Owned by Juan Tomás Alonso Nieto (Deactivated)
Feb 12, 2024
1 min read

Detection name

Detection description

Devo table / Data source / Category

Update 

SecOpsActivityAnonymousIPAddressesO365

This alert shows a anonymous IP detection made by MCAS

Cloud.office365.siem_agent 

Updated alert logic

SecOpsWinMimikatzLsadump

An adversary may attempt to dump credentials to obtain account login and credential material in the form of hashes or clear text passwords.

box.all.win

Updated alert logic 

SecOpsWinLsassMemDump

Detects and attempt to access lsass using mimikatz and/or a possible mimikatz driver load

box.all.win

Updated alert logic and updated field naming