t1059.009 | LoFP

t1059.009

Title	Tags
legitimate administrative activity and normal database operations may trigger this detection. common false positives include initial database startup and configuration, patch deployment and version updates, regular administrative tasks using extended stored procedures, and application servers that legitimately use ole automation.	t1059.009 t1505.001 windows splunk
valid usage of s3 browser for iam loginprofile listing and/or creation	t1059 t1059.009 t1078 t1078.004 aws sigma
valid usage of s3 browser for iam user and/or accesskey creation	t1059 t1059.009 t1078 t1078.004 aws sigma
valid usage of s3 browser with accidental creation of default inline iam policy without changing default s3 bucket name placeholder value	t1059 t1059.009 t1078 t1078.004 aws sigma