List Local User Account Created
Description Adversaries may create local accounts to perform malicious activities. Those accounts can then be used to logon to the
Read MoreWhere Every Failure Becomes A Manual
Description Adversaries may create local accounts to perform malicious activities. Those accounts can then be used to logon to the
Read MoreDescription Adversaries may use macro enabled files go gain access to the network. If the macros are not enabled the
Read MoreDescription This KQL query searches for unwanted or malicious applications detected by Fortinet. Qurery Microsoft Sentinel References
Read MoreDescription This KQL query look for malicious DNS names detected by Fortinet based on Sentinel Threat Intelligence indicators. Risk Explain
Read MoreDescription This KQL query looks for malicious network traffic detected by Fortinet from LAN to WAN. Risk Explain what risk
Read MoreDescription The EmailClusterId which can be assigned to a mail is the identifier for the group of similar emails clustered based on
Read MoreDescription Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment
Read MoreDescription Detection opportunity: Launching PowerShell scripts from windowsapps directory This pseudo-detector looks for the execution of PowerShell scripts from the windowsapps directory.
Read MoreDescription Adversaries may create a new process with a different token to escalate privileges and bypass access controls. Processes can
Read More