Changelog
21/06/23 Deleted/Changed:
- RENAMED: CoreBackUp Deletion in correlation with other related security alerts > Detect CoreBackUp Deletion Activity from related Security Alerts
- RENAMED: NOBELIUM - suspicious rundll32.exe execution of vbscript (Normalized Process Events) > Midnight Blizzard - suspicious rundll32.exe execution of vbscript (Normalized Process Events)
- DELETED: MSHTML vulnerability CVE-2021-40444 attack > Depreciated, deleted
- RENAMED: Potential beaconing activity (ASIM Network Session schema) > Network Port Sweep from External Network (ASIM Network Session schema)
- RENAMED: Powershell Empire cmdlets seen in command line > Powershell Empire Cmdlets Executed in Command Line
- DELETED: Rare client observed with high reverse DNS lookup count > Deleted
- NEW: Sign-ins from IPs that attempt sign-ins to disabled accounts
- NEW: Threat Essentials - User Assigned Privileged Role