Dec 28, 2024 · The successful establishment of a new user session following a successful authentication attempt. This typically signifies that a user has provided valid credentials or …

Oct 20, 2021 · Summarized network packet data that captures session-level details such as source/destination IPs, ports, protocol types, timestamps, and data volume, without storing full …

The creation, deletion, or alteration of firewall rules to allow or block specific network traffic. Monitoring changes to these rules is critical for detecting misconfigurations, unauthorized access, or malicious …

The full packet capture (PCAP) or session data that logs both protocol headers and payload content. This allows analysts to inspect command and control (C2) traffic, exfiltration, and other suspicious …

The registration of a new service or daemon on an operating system. Data Collection Measures: Windows Event Logs Event ID 4697 - Captures the creation of a new Windows service. Event ID …

Contextual information about an Internet-facing resource collected during a scan, including details such as open ports, running services, protocols, and versions. This metadata is typically derived from …

Oct 20, 2021 · Initial construction of new web credential material (ex: Windows EID 1200 or 4769)

Mar 13, 2023 · Network requests made by an application or domains contacted ID: DC0113

Oct 20, 2021 · Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information

Oct 20, 2021 · Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or providers.