LoFP
/
t1074
t1074
Title
Tags
administrators may transfer file ownership during employee leave or absence to ensure continued operations by a new or existing employee.
t1074
google_workspace
elastic
generally used to copy configs or ios images
t1074
t1105
t1560
t1560.001
cisco
sigma
if known behavior is causing false positives, it can be exempted from the rule.
t1053
t1053.003
t1074
t1078
t1552
t1552.007
gcp
aws
azure
sigma
traffic mirroring may be done by a system or network administrator. verify whether the user identity, user agent, and/or hostname should be making changes in your environment. traffic mirroring from unfamiliar users or hosts should be investigated. if known behavior is causing false positives, it can be exempted from the rule.
t1020
t1074
aws
elastic
LoFP
/
t1074