Detection Pipeline

Real-time tracking of AI analysis phases

Live Feed Active
๐Ÿ“ฅ New Ingest
0
๐Ÿ”Ž Enriching
0
๐Ÿง  AI Triaging
6
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
low
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
medium
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
high
cbe928a6...
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
โœ… Triaged & Cased
176
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
high
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
high
service.NIX-Host_Based_Firewall_Disabled
๐Ÿ–ฅ๏ธ fusionserver
00326-NIX-Host_Based_Firewall_Disabled
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
informational
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.YARA Detection in Memory
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection in Memory - Windows_Trojan_Generic_9997489c
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ win-91lccq536b4
New Code Atypical Path
medium
service.windows_process_creation/proc_creation_win_cmd_rmdir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
Directory Removal Via Rmdir
low
service.windows_process_creation/proc_creation_win_cmd_rmdir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
Directory Removal Via Rmdir
high
service.windows_process_creation/proc_creation_win_cmd_dir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
File And SubFolder Enumeration Via Dir Command
low
service.windows_process_creation/proc_creation_win_cmd_rmdir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
Directory Removal Via Rmdir
low
service.windows_process_creation/proc_creation_win_cmd_dir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
File And SubFolder Enumeration Via Dir Command
low
service.windows_process_creation/proc_creation_win_cmd_dir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
File And SubFolder Enumeration Via Dir Command
low
service.windows_process_creation/proc_creation_win_cmd_dir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
File And SubFolder Enumeration Via Dir Command
low
service.windows_process_creation/proc_creation_win_cmd_rmdir_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
Directory Removal Via Rmdir
low
service.windows_process_creation/proc_creation_win_svchost_masqueraded_execution
๐Ÿ–ฅ๏ธ win-91lccq536b4
Suspicious Process Masquerading As SvcHost.EXE
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.New Process From Atypical Path
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
New Process from Atypical Path
low
managed.Malicious PowerShell Commandlets - ProcessCreation
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Malicious PowerShell Commandlets - ProcessCreation
high
service.windows_process_creation/proc_creation_win_whoami_execution_from_high_priv_process
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Whoami.EXE Execution From Privileged Process
high
service.windows_process_creation/proc_creation_win_susp_local_system_owner_account_discovery
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Local Accounts Discovery
high
managed.Malicious PowerShell Commandlets - ProcessCreation
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Malicious PowerShell Commandlets - ProcessCreation
high
managed.Malicious PowerShell Commandlets - ProcessCreation
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Malicious PowerShell Commandlets - ProcessCreation
high
service.windows_process_creation/proc_creation_win_powershell_malicious_cmdlets
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Malicious PowerShell Commandlets - ProcessCreation
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 9164
critical
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 3600
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 8396
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
critical
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
critical
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 8460
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.windows_process_creation/proc_creation_win_hostname_execution
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Suspicious Execution of Hostname
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 644
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 2440
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
critical
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 7784
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Process Killed PID 7640
high
general.RealTime Monitoring Tampering
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Realtime Monitoring Tampering
medium
service.WIN-Set-MpPreference_Disabled
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00088-WIN-Set-MpPreference_Disabled
high
service.WIN-PS_Invoke_Expression_Usage
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
00023-WIN-PS_Invoke_Expression_Usage
high
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Change PowerShell Policies to an Insecure Level
high
service.windows_process_creation/proc_creation_win_csc_susp_dynamic_compilation
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Dynamic .NET Compilation Via Csc.EXE
high
service.windows_process_creation/proc_creation_win_powershell_download_iex
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
PowerShell Download and Execution Cradles
high
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Non Interactive PowerShell Process Spawned
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
service.windows_process_creation/proc_creation_win_netsh_fw_add_rule
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Firewall Rule Added Via Netsh.EXE
low
service.windows_process_creation/proc_creation_win_msiexec_embedding
๐Ÿ–ฅ๏ธ desktop-atsepsk
Suspicious MsiExec Embedding Parent
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
service.windows_process_creation/proc_creation_win_susp_web_request_cmd_and_cmdlets
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Usage Of Web Request Commands And Cmdlets
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
low
service.windows_process_creation/proc_creation_win_svchost_masqueraded_execution
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Suspicious Process Masquerading As SvcHost.EXE
informational
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
service.windows_process_creation/proc_creation_win_msiexec_execute_dll
๐Ÿ–ฅ๏ธ desktop-atsepsk
Suspicious Msiexec Execute Arbitrary DLL
high
general.New Process from Atypical Path
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Process from Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
informational
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
informational
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
service.windows_process_creation/proc_creation_win_powershell_non_interactive_execution
๐Ÿ–ฅ๏ธ desktop-atsepsk
Non Interactive PowerShell Process Spawned
low
service.windows_process_creation/proc_creation_win_powershell_set_policies_to_unsecure_level
๐Ÿ–ฅ๏ธ desktop-atsepsk
Change PowerShell Policies to an Insecure Level
low
general.YARA Detection on Disk
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection on Disk - Macos_Infostealer_Wallets_8e469ea0
low
general.YARA Detection in Memory
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection in Memory - Windows_Trojan_Generic_9997489c
low
service.NIX-Touch_Timestomping
๐Ÿ–ฅ๏ธ fusionserver
00087-NIX-Touch_Timestomping
informational
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
informational
general.YARA Detection in Memory
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection in Memory - Windows_Trojan_Generic_9997489c
informational
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
low
service.NIX-Touch_Timestomping
๐Ÿ–ฅ๏ธ fusionserver
00087-NIX-Touch_Timestomping
low
general.New Process From Atypical Path
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
New Process from Atypical Path
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
service.windows_process_creation/proc_creation_win_susp_web_request_cmd_and_cmdlets
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Usage Of Web Request Commands And Cmdlets
low
service.windows_process_creation/proc_creation_win_svchost_masqueraded_execution
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Suspicious Process Masquerading As SvcHost.EXE
informational
general.YARA Detection in Memory
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection in Memory - Windows_Trojan_Generic_9997489c
low
general.YARA Detection in Memory
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection in Memory - Windows_Trojan_Generic_9997489c
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
informational
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
high
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
service.windows_process_creation/proc_creation_win_expand_cabinet_files
๐Ÿ–ฅ๏ธ desktop-3nfb237
Potentially Suspicious Cabinet File Expansion
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Sensitive Process Accessed
low
service.windows_process_creation/proc_creation_win_susp_web_request_cmd_and_cmdlets
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Usage Of Web Request Commands And Cmdlets
low
service.windows_process_creation/proc_creation_win_svchost_masqueraded_execution
๐Ÿ–ฅ๏ธ df-labsdc01.dflabs.local
Suspicious Process Masquerading As SvcHost.EXE
informational
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
informational
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
high
general.YARA Detection on Disk
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection on Disk - Macos_Infostealer_Wallets_8e469ea0
low
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
high
general.YARA Detection on Disk
๐Ÿ–ฅ๏ธ desktop-atsepsk
YARA Detection on Disk - Macos_Infostealer_Wallets_8e469ea0
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
high
general.Sensitive Process Accessed
๐Ÿ–ฅ๏ธ desktop-3nfb237
Sensitive Process Accessed
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-atsepsk
New Code Atypical Path
high
general.NEW FILE WRITE BYTES SAMPLE GRAB
๐Ÿ–ฅ๏ธ desktop-3nfb237
New Code Atypical Path
low