LoFP
/
t1564.003
t1564.003
Title
Tags
false positives are not expected with this detection, unless within the organization there is a legitimate need for headless browsing accessing mockbin.org or mocky.io.
t1564.003
endpoint
splunk
false positives may be present if the application is legitimately used, filter by user or endpoint as needed.
t1059
t1564.003
t1564.006
endpoint
splunk
this hunting analytic is meant to assist with baselining and understanding headless browsing in use. filter as needed.
t1564.003
endpoint
splunk
LoFP
/
t1564.003