box.all.win
- Former user (Deleted)
- Virginia Camuñas Núñez
- Laszlo Frazer
Scope
This union table collects information from multiple tables containing system events generated and sent from Windows machines. Working with this table will help you monitor and detect any threats or suspicious behavior in Windows-related events.
Send data to Devo
Among the 17 compatible data sources, the most popular and security-critical are:
Secure it
The following Exchange Alert Packs, Activeboards, and Query Pack help monitor events from this table:
Alert Packs:
Steal or Forge Kerberos Tickets (MITRE Att&ck Technique: T1558)
System Owner | User Discovery (MITRE Att&ck Technique: T1033)
System Binary Proxy Execution (MITRE Att&ck Technique: T1218)
Credentials from Password Stores (MITRE Att&ck Technique: T1555)
Hide Artifacts (MITRE Att&ck Technique: T1564)
File and Directory Discovery (MITRE Att&ck Technique: T1083)
Activeboards:
Query:
Active Directory Threat Detection