Best practices for event logging and threat detection
Tags
country: Netherlands Japan New Zealand Singapore United Kingdom United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Cloud Services - T1021.007 Dns - T1071.004 Dns - T1590.002 Mshta - T1218.005 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Services - T1569 Vulnerability Scanning - T1595.002 Mshta - T1170 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID fcbdee4e-b055-4289-81bb-11679e1c757c
Fingerprint e571b2158df0fd85
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 15, 2024, 11:30 p.m.
Added to db Sept. 16, 2024, 1:41 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Best practices for event logging and threat detection
Title Best practices for event logging and threat detection
Detected Hints/Tags/Attributes 69/3/10
Source URLs
Redirection Url
Details Source https://socfortress.medium.com/best-practices-for-event-logging-and-threat-detection-97635045a852?source=rss------cybersecurity-5
URL Provider
Details Provider Source level domain
Details medium.com socfortress.medium.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 27 
www.socfortress.co
Details File 240 
wmic.exe
Details File 59 
ntdsutil.exe
Details File 2126 
cmd.exe
Details File 456 
mshta.exe
Details File 1018 
rundll32.exe
Details File 1 
resvr32.exe
Details File 27 
contact_form.html
Details Url 27 
https://www.socfortress.co
Details Url 27 
https://www.socfortress.co/contact_form.html