LoFP
/
t1049
t1049
Title
Tags
administrators or power users may use this command for troubleshooting.
t1018
t1033
t1049
t1069
t1069.001
t1069.002
t1087
t1087.001
t1087.002
t1201
endpoint
splunk
administrators or power users may use this powershell commandlet for troubleshooting.
t1018
t1033
t1049
t1059
t1059.001
t1069
t1069.002
t1087
t1087.001
endpoint
splunk
commonly used by administrators for troubleshooting
t1016
t1018
t1033
t1049
t1057
t1082
t1083
t1124
t1201
cisco
sigma
false positives will be present based on many factors. tune the correlation as needed to reduce too many triggers.
t1003
t1012
t1016
t1033
t1049
t1059
t1069
t1082
t1112
t1115
t1222
t1529
t1548
t1552
endpoint
splunk
legitimate activities
t1027
t1049
t1083
t1518
t1518.001
t1553
t1553.001
t1562
t1562.001
macos
linux
sigma
network administrator can use this tool for auditing process.
t1049
t1555
endpoint
splunk
uncommon user command activity can be due to an engineer logging onto a server instance in order to perform manual troubleshooting or reconfiguration.
t1016
t1033
t1049
t1057
t1082
ml
elastic
LoFP
/
t1049