{ "authors": [ "MITRE" ], "category": "data-component", "description": "Data components are parts of data sources. ", "name": "mitre-data-component", "source": "https://github.com/mitre/cti", "type": "mitre-data-component", "uuid": "d2c1cf9e-c581-4a70-b1c5-12e6de3f0e83", "values": [ { "description": "Opening of an active directory object, typically to collect/read its value (ex: Windows EID 4661)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "type": "detects" }, { "dest-uuid": "5c6de881-bc70-4070-855a-7a9631a407f7", "type": "included-in" }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "type": "detects" } ], "uuid": "5c6de881-bc70-4070-855a-7a9631a407f7", "value": "Active Directory Object Access" }, { "description": "Initial construction of a new active directory object (ex: Windows EID 5137)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "18b236d8-7224-488f-9d2f-50076a0f653a", "type": "included-in" }, { "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", "type": "detects" }, { "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", "type": "detects" }, { "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "type": "detects" }, { "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", "type": "detects" }, { "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", "type": "detects" } ], "uuid": "18b236d8-7224-488f-9d2f-50076a0f653a", "value": "Active Directory Object Creation" }, { "description": "A user requested active directory credentials, such as a ticket or token (ex: Windows EID 4769)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "02d090b6-8157-48da-98a2-517f7edd49fc", "type": "included-in" }, { "dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b", "type": "detects" }, { "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", "type": "detects" }, { "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "type": "detects" }, { "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", "type": "detects" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "type": "detects" }, { "dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee", "type": "detects" } ], "uuid": "02d090b6-8157-48da-98a2-517f7edd49fc", "value": "Active Directory Credential Request" }, { "description": "Removal of an active directory object (ex: Windows EID 5141)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "type": "detects" }, { "dest-uuid": "9085a576-636a-455b-91d2-c2921bbe6d1d", "type": "included-in" }, { "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", "type": "detects" } ], "uuid": "9085a576-636a-455b-91d2-c2921bbe6d1d", "value": "Active Directory Object Deletion" }, { "description": "Changes made to an active directory object (ex: Windows EID 5163 or 5136)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", "type": "detects" }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "type": "detects" }, { "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", "type": "detects" }, { "dest-uuid": "5b8b466b-2c81-4fe7-946f-d677a74ae3db", "type": "included-in" }, { "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "type": "detects" }, { "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", "type": "detects" }, { "dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc", "type": "detects" }, { "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", "type": "detects" }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "type": "detects" }, { "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" }, { "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" } ], "uuid": "5b8b466b-2c81-4fe7-946f-d677a74ae3db", "value": "Active Directory Object Modification" }, { "description": "Opening a Registry Key, typically to read the associated value (ex: Windows EID 4656)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "type": "detects" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "type": "detects" }, { "dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d", "type": "detects" }, { "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "type": "detects" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "type": "detects" }, { "dest-uuid": "ed0dd8aa-1677-4551-bb7d-8da767617e1b", "type": "included-in" } ], "uuid": "ed0dd8aa-1677-4551-bb7d-8da767617e1b", "value": "Windows Registry Key Access" }, { "description": "Initial construction of a new Registry Key (ex: Windows EID 4656 or Sysmon EID 12)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939", "type": "detects" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67", "type": "detects" }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7f70fae7-a68d-4730-a83a-f260b9606129", "type": "included-in" }, { "dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04", "type": "detects" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", "type": "detects" }, { "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" } ], "uuid": "7f70fae7-a68d-4730-a83a-f260b9606129", "value": "Windows Registry Key Creation" }, { "description": "Removal of a Registry Key (ex: Windows EID 4658 or Sysmon EID 12)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1177a4c5-31c8-400c-8544-9071166afa0e", "type": "included-in" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" } ], "uuid": "1177a4c5-31c8-400c-8544-9071166afa0e", "value": "Windows Registry Key Deletion" }, { "description": "Changes made to a Registry Key and/or Key value (ex: Windows EID 4657 or Sysmon EID 13|14)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "type": "detects" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "type": "detects" }, { "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "type": "detects" }, { "dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c", "type": "detects" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", "type": "detects" }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "type": "detects" }, { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "type": "detects" }, { "dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", "type": "detects" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "type": "detects" }, { "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", "type": "detects" }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", "type": "detects" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "type": "detects" }, { "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", "type": "detects" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "type": "detects" }, { "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", "type": "detects" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04", "type": "detects" }, { "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", "type": "detects" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "type": "detects" }, { "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", "type": "detects" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "type": "detects" }, { "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", "type": "detects" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "da85d358-741a-410d-9433-20d6269a6170", "type": "included-in" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "type": "detects" }, { "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" }, { "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", "type": "detects" }, { "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "type": "detects" } ], "uuid": "da85d358-741a-410d-9433-20d6269a6170", "value": "Windows Registry Key Modification" }, { "description": "An attempt by a user to gain access to a network or computing resource, often by providing credentials (ex: Windows EID 4776 or /var/log/auth.log)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "type": "detects" }, { "dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3", "type": "detects" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "type": "detects" }, { "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", "type": "detects" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "type": "detects" }, { "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", "type": "detects" }, { "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", "type": "detects" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "type": "detects" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "type": "detects" }, { "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", "type": "detects" }, { "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "type": "detects" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "type": "detects" }, { "dest-uuid": "a953ca55-921a-44f7-9b8d-3d40141aa17e", "type": "included-in" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "type": "detects" }, { "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", "type": "detects" }, { "dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc", "type": "detects" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "type": "detects" }, { "dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f", "type": "detects" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "type": "detects" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", "type": "detects" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "type": "detects" } ], "uuid": "a953ca55-921a-44f7-9b8d-3d40141aa17e", "value": "User Account Authentication" }, { "description": "Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "type": "detects" }, { "dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119", "type": "detects" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "type": "detects" }, { "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "type": "detects" }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "type": "detects" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "type": "detects" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "type": "detects" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "type": "detects" }, { "dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26", "type": "detects" }, { "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "type": "detects" }, { "dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9", "type": "detects" }, { "dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "type": "detects" }, { "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "type": "detects" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "type": "detects" }, { "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", "type": "detects" }, { "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", "type": "detects" }, { "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", "type": "detects" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927", "type": "detects" }, { "dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "type": "detects" }, { "dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f", "type": "detects" }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "type": "detects" }, { "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", "type": "detects" }, { "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c", "type": "detects" }, { "dest-uuid": "6a5d222a-a7e0-4656-b110-782c33098289", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", "type": "detects" }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", "type": "detects" }, { "dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3", "type": "detects" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "type": "detects" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "type": "detects" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "type": "detects" }, { "dest-uuid": "9664ad0e-789e-40ac-82e2-d7b17fbe8fb3", "type": "detects" }, { "dest-uuid": "9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa", "type": "included-in" }, { "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", "type": "detects" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "type": "detects" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "type": "detects" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "type": "detects" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "type": "detects" }, { "dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634", "type": "detects" }, { "dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92", "type": "detects" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" }, { "dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc", "type": "detects" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "type": "detects" }, { "dest-uuid": "bb5e59c4-abe7-40c7-8196-e373cb1e5974", "type": "detects" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "type": "detects" }, { "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", "type": "detects" }, { "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", "type": "detects" }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "type": "detects" }, { "dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada", "type": "detects" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "type": "detects" }, { "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", "type": "detects" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "type": "detects" }, { "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "type": "detects" }, { "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", "type": "detects" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "type": "detects" }, { "dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "type": "detects" }, { "dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6", "type": "detects" }, { "dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a", "type": "detects" }, { "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "type": "detects" } ], "uuid": "9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa", "value": "Application Log Content" }, { "description": "Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7", "type": "detects" }, { "dest-uuid": "58ef998c-f3bf-4985-b487-b1005f5c05d1", "type": "included-in" }, { "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" } ], "uuid": "58ef998c-f3bf-4985-b487-b1005f5c05d1", "value": "Cloud Storage Access" }, { "description": "Initial construction of a new account (ex: Windows EID 4720 or /etc/passwd logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "type": "detects" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b", "type": "detects" }, { "dest-uuid": "deb22295-7e37-4a3b-ac6f-c86666fbe63d", "type": "included-in" }, { "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "type": "detects" } ], "uuid": "deb22295-7e37-4a3b-ac6f-c86666fbe63d", "value": "User Account Creation" }, { "description": "Removal of an account (ex: Windows EID 4726 or /var/log access/authentication logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "d6257b8e-869c-41c0-8731-fdca40858a91", "type": "included-in" } ], "uuid": "d6257b8e-869c-41c0-8731-fdca40858a91", "value": "User Account Deletion" }, { "description": "Operating system function/method calls executed by a process", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0042a9f5-f053-4769-b3ef-9ad018dfa298", "type": "detects" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "type": "detects" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "type": "detects" }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d", "type": "detects" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "type": "detects" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "type": "detects" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "type": "detects" }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "type": "detects" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "type": "detects" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "type": "detects" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "type": "detects" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "type": "detects" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "type": "detects" }, { "dest-uuid": "34a80bc4-80f2-46e6-94ff-f3265a4b657c", "type": "detects" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "type": "detects" }, { "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", "type": "detects" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "type": "detects" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "type": "detects" }, { "dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06", "type": "detects" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "type": "detects" }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "type": "detects" }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "type": "detects" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", "type": "detects" }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "type": "detects" }, { "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", "type": "detects" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "type": "detects" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "type": "detects" }, { "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "type": "detects" }, { "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", "type": "detects" }, { "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", "type": "detects" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "type": "detects" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", "type": "detects" }, { "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "type": "detects" }, { "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", "type": "detects" }, { "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", "type": "detects" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "type": "detects" }, { "dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04", "type": "detects" }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "type": "detects" }, { "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", "type": "detects" }, { "dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5", "type": "detects" }, { "dest-uuid": "9bde2f9d-a695-4344-bfac-f2dce13d121e", "type": "included-in" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "type": "detects" }, { "dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", "type": "detects" }, { "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "type": "detects" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "type": "detects" }, { "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", "type": "detects" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "type": "detects" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "type": "detects" }, { "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", "type": "detects" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "type": "detects" }, { "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "type": "detects" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "type": "detects" }, { "dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744", "type": "detects" }, { "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", "type": "detects" }, { "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", "type": "detects" }, { "dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4", "type": "detects" }, { "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", "type": "detects" }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "type": "detects" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "type": "detects" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "type": "detects" } ], "uuid": "9bde2f9d-a695-4344-bfac-f2dce13d121e", "value": "OS API Execution" }, { "description": "Contextual data about an account, which may include a username, user ID, environmental data, etc.", "meta": { "refs": [] }, "related": [ { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "b5d0492b-cda4-421c-8e51-ed2b8d85c5d0", "type": "included-in" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "type": "detects" }, { "dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023", "type": "detects" }, { "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" } ], "uuid": "b5d0492b-cda4-421c-8e51-ed2b8d85c5d0", "value": "User Account Metadata" }, { "description": "Changes made to an account, such as permissions and/or membership in specific groups (ex: Windows EID 4738 or /var/log access/authentication logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3", "type": "detects" }, { "dest-uuid": "35d30338-5bfa-41b0-a170-ec06dfd75f64", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "6fa224c7-5091-4595-bf15-3fc9fe2f2c7c", "type": "detects" }, { "dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215", "type": "detects" }, { "dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a", "type": "detects" }, { "dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd", "type": "detects" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0", "type": "detects" }, { "dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc", "type": "detects" }, { "dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d", "type": "detects" }, { "dest-uuid": "d27b0089-2c39-4b6c-84ff-303e48657e77", "type": "included-in" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" } ], "uuid": "d27b0089-2c39-4b6c-84ff-303e48657e77", "value": "User Account Modification" }, { "description": "Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "f5468e67-51c7-4756-9b4f-65707708e7fa", "type": "included-in" } ], "uuid": "f5468e67-51c7-4756-9b4f-65707708e7fa", "value": "Network Share Access" }, { "description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005cc321-08ce-4d17-b1ea-cb5275926520", "type": "detects" }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "type": "detects" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "type": "detects" }, { "dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13", "type": "detects" }, { "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", "type": "detects" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "type": "detects" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "type": "detects" }, { "dest-uuid": "181a9f8c-c780-4f1f-91a8-edb770e904ba", "type": "included-in" }, { "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "type": "detects" }, { "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", "type": "detects" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "type": "detects" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "type": "detects" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "type": "detects" }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", "type": "detects" }, { "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "type": "detects" }, { "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", "type": "detects" }, { "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "type": "detects" }, { "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", "type": "detects" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "type": "detects" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", "type": "detects" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "type": "detects" }, { "dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1", "type": "detects" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "800f9819-7007-4540-a520-40e655876800", "type": "detects" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "type": "detects" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "type": "detects" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "type": "detects" }, { "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "type": "detects" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "type": "detects" }, { "dest-uuid": "939808a7-121d-467a-b028-4441ee8b7cee", "type": "detects" }, { "dest-uuid": "986f80f7-ff0e-4f48-87bd-0394814bbce5", "type": "detects" }, { "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "type": "detects" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "type": "detects" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "type": "detects" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "type": "detects" }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "type": "detects" }, { "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", "type": "detects" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "type": "detects" }, { "dest-uuid": "d916f176-a1ca-4a78-9fdd-4058bc28162e", "type": "detects" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "type": "detects" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "type": "detects" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "type": "detects" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "type": "detects" }, { "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", "type": "detects" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "type": "detects" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "type": "detects" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "type": "detects" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "type": "detects" } ], "uuid": "181a9f8c-c780-4f1f-91a8-edb770e904ba", "value": "Network Connection Creation" }, { "description": "Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "59ec10d9-546b-4b8e-bccb-fa85f71e5055", "type": "included-in" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" } ], "uuid": "59ec10d9-546b-4b8e-bccb-fa85f71e5055", "value": "Cloud Storage Creation" }, { "description": "Initial construction of new web credential material (ex: Windows EID 1200 or 4769)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", "type": "detects" }, { "dest-uuid": "5f7c9def-0ddf-423b-b1f8-fb2ddeed0ce3", "type": "included-in" }, { "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", "type": "detects" } ], "uuid": "5f7c9def-0ddf-423b-b1f8-fb2ddeed0ce3", "value": "Web Credential Creation" }, { "description": "Deactivation or stoppage of a cloud service (ex: AWS Cloudtrail StopLogging)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d", "type": "detects" }, { "dest-uuid": "ec0612c5-2644-4c50-bcac-82586974fedd", "type": "included-in" } ], "uuid": "ec0612c5-2644-4c50-bcac-82586974fedd", "value": "Cloud Service Disable" }, { "description": "Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "4c41e296-b8d2-4a37-b789-eb565c87c00c", "type": "included-in" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" } ], "uuid": "4c41e296-b8d2-4a37-b789-eb565c87c00c", "value": "Cloud Storage Deletion" }, { "description": "An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", "type": "detects" }, { "dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156", "type": "detects" }, { "dest-uuid": "fcc4811f-9cc8-4db5-8097-4d8242a380de", "type": "included-in" } ], "uuid": "fcc4811f-9cc8-4db5-8097-4d8242a380de", "value": "Cloud Storage Enumeration" }, { "description": "An extracted list of cloud services (ex: AWS ECS ListServices)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "8c826308-2760-492f-9e36-4f0f7e23bcac", "type": "included-in" }, { "dest-uuid": "cfb525cc-5494-401d-a82b-2539ca46a561", "type": "detects" }, { "dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db", "type": "detects" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "type": "detects" } ], "uuid": "8c826308-2760-492f-9e36-4f0f7e23bcac", "value": "Cloud Service Enumeration" }, { "description": "Initial construction of a new scheduled job (ex: Windows EID 4698 or /var/log cron logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", "type": "detects" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", "type": "detects" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "type": "detects" }, { "dest-uuid": "f42df6f0-6395-4f0c-9376-525a031f00c3", "type": "included-in" } ], "uuid": "f42df6f0-6395-4f0c-9376-525a031f00c3", "value": "Scheduled Job Creation" }, { "description": "Initial construction of a successful new user logon following an authentication attempt. (e.g. Windows EID 4624, /var/log/utmp, or /var/log/wmtp)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "type": "detects" }, { "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "type": "detects" }, { "dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a", "type": "detects" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "type": "detects" }, { "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", "type": "detects" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "type": "detects" }, { "dest-uuid": "45241b9e-9bbc-4826-a2cc-78855e51ca09", "type": "detects" }, { "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "type": "detects" }, { "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f", "type": "detects" }, { "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc", "type": "detects" }, { "dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", "type": "detects" }, { "dest-uuid": "8861073d-d1b8-4941-82ce-dce621d398f0", "type": "detects" }, { "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", "type": "detects" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "type": "detects" }, { "dest-uuid": "9ce98c86-8d30-4043-ba54-0784d478d0b5", "type": "included-in" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "type": "detects" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "type": "detects" }, { "dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc", "type": "detects" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "type": "detects" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "type": "detects" }, { "dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3", "type": "detects" }, { "dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416", "type": "detects" }, { "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "type": "detects" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "type": "detects" }, { "dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f", "type": "detects" }, { "dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e", "type": "detects" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "type": "detects" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "type": "detects" } ], "uuid": "9ce98c86-8d30-4043-ba54-0784d478d0b5", "value": "Logon Session Creation" }, { "description": "Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner", "meta": { "refs": [] }, "related": [ { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" }, { "dest-uuid": "e214eb6d-de8f-4154-9015-6d47915fbed1", "type": "included-in" } ], "uuid": "e214eb6d-de8f-4154-9015-6d47915fbed1", "value": "Cloud Storage Metadata" }, { "description": "Contextual data about a cloud service and activity around it such as name, type, or purpose/function", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "b33d36e3-d7ea-4895-8eed-19a08a8f7c4f", "type": "included-in" } ], "uuid": "b33d36e3-d7ea-4895-8eed-19a08a8f7c4f", "value": "Cloud Service Metadata" }, { "description": "Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "45977f14-1bcc-4ec4-ac14-a30fd3a11f44", "type": "included-in" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" } ], "uuid": "45977f14-1bcc-4ec4-ac14-a30fd3a11f44", "value": "Cloud Storage Modification" }, { "description": "Changes made to a cloud service, including its settings and/or data (ex: AWS CloudTrail DeleteTrail or DeleteConfigRule)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "ca00366b-83a1-4c7b-a0ce-8ff950a7c87f", "type": "detects" }, { "dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d", "type": "detects" }, { "dest-uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e", "type": "included-in" }, { "dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3", "type": "detects" } ], "uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e", "value": "Cloud Service Modification" }, { "description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "type": "detects" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74", "type": "detects" }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "type": "detects" }, { "dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7", "type": "detects" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "type": "detects" }, { "dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9", "type": "detects" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "type": "detects" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "type": "detects" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "type": "detects" }, { "dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d", "type": "detects" }, { "dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41", "type": "detects" }, { "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", "type": "detects" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "type": "detects" }, { "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "type": "detects" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "type": "detects" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "type": "detects" }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "type": "detects" }, { "dest-uuid": "3772e279-27d6-477a-9fe3-c6beb363594c", "type": "included-in" }, { "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", "type": "detects" }, { "dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "type": "detects" }, { "dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c", "type": "detects" }, { "dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d", "type": "detects" }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "type": "detects" }, { "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "type": "detects" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "type": "detects" }, { "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", "type": "detects" }, { "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", "type": "detects" }, { "dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd", "type": "detects" }, { "dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4", "type": "detects" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "type": "detects" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "type": "detects" }, { "dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a", "type": "detects" }, { "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", "type": "detects" }, { "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", "type": "detects" }, { "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "type": "detects" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "type": "detects" }, { "dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b", "type": "detects" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "type": "detects" }, { "dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262", "type": "detects" }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "type": "detects" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "type": "detects" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", "type": "detects" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "type": "detects" }, { "dest-uuid": "800f9819-7007-4540-a520-40e655876800", "type": "detects" }, { "dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a", "type": "detects" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "type": "detects" }, { "dest-uuid": "83a766f8-1501-4b3a-a2de-2e2849e8dfc1", "type": "detects" }, { "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", "type": "detects" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "type": "detects" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "type": "detects" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "type": "detects" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "type": "detects" }, { "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "type": "detects" }, { "dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82", "type": "detects" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "type": "detects" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "type": "detects" }, { "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "type": "detects" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "type": "detects" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "type": "detects" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "type": "detects" }, { "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", "type": "detects" }, { "dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118", "type": "detects" }, { "dest-uuid": "ba04e672-da86-4e69-aa15-0eca5db25f43", "type": "detects" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "type": "detects" }, { "dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46", "type": "detects" }, { "dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada", "type": "detects" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "type": "detects" }, { "dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc", "type": "detects" }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "type": "detects" }, { "dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2", "type": "detects" }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "type": "detects" }, { "dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f", "type": "detects" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "type": "detects" }, { "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", "type": "detects" }, { "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc", "type": "detects" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "type": "detects" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "type": "detects" }, { "dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df", "type": "detects" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "type": "detects" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "type": "detects" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "type": "detects" }, { "dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5", "type": "detects" }, { "dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235", "type": "detects" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "type": "detects" }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "type": "detects" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "type": "detects" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "type": "detects" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "type": "detects" }, { "dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade", "type": "detects" }, { "dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6", "type": "detects" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "type": "detects" } ], "uuid": "3772e279-27d6-477a-9fe3-c6beb363594c", "value": "Network Traffic Content" }, { "description": "An attempt by a user to gain access to a network or computing resource by providing web credentials (ex: Windows EID 1202)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", "type": "detects" }, { "dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814", "type": "detects" }, { "dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a", "type": "detects" }, { "dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c", "type": "detects" }, { "dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0", "type": "detects" }, { "dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51", "type": "detects" }, { "dest-uuid": "ff93f688-d7a4-49cf-9c79-a14454da8428", "type": "included-in" } ], "uuid": "ff93f688-d7a4-49cf-9c79-a14454da8428", "value": "Web Credential Usage" }, { "description": "Changes made to a firewall rule, typically to allow/block specific network traffic (ex: Windows EID 4950 or Write/Delete entries within Azure Firewall Rule Collection Activity Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "type": "detects" }, { "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "d2ff4b56-8351-4ed8-b0fb-d8605366005f", "type": "included-in" } ], "uuid": "d2ff4b56-8351-4ed8-b0fb-d8605366005f", "value": "Firewall Rule Modification" }, { "description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "type": "detects" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3", "type": "detects" }, { "dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7", "type": "detects" }, { "dest-uuid": "0f4fb01b-d57a-4375-b7a2-342c9d3248f7", "type": "detects" }, { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "type": "detects" }, { "dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd", "type": "detects" }, { "dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9", "type": "detects" }, { "dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6", "type": "detects" }, { "dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7", "type": "detects" }, { "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "type": "detects" }, { "dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230", "type": "detects" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "type": "detects" }, { "dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6", "type": "detects" }, { "dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01", "type": "detects" }, { "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "type": "detects" }, { "dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d", "type": "detects" }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "type": "detects" }, { "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "type": "detects" }, { "dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b", "type": "detects" }, { "dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de", "type": "detects" }, { "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b", "type": "detects" }, { "dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5", "type": "detects" }, { "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "type": "detects" }, { "dest-uuid": "5ca3c7ec-55b2-4587-9376-cf6c96f8047a", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "type": "detects" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "type": "detects" }, { "dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b", "type": "detects" }, { "dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3", "type": "detects" }, { "dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", "type": "detects" }, { "dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b", "type": "detects" }, { "dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1", "type": "detects" }, { "dest-uuid": "800f9819-7007-4540-a520-40e655876800", "type": "detects" }, { "dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665", "type": "detects" }, { "dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91", "type": "detects" }, { "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", "type": "detects" }, { "dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd", "type": "detects" }, { "dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc", "type": "detects" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "type": "detects" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "type": "detects" }, { "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", "type": "detects" }, { "dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b", "type": "detects" }, { "dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8", "type": "detects" }, { "dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "type": "detects" }, { "dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d", "type": "detects" }, { "dest-uuid": "a7f22107-02e5-4982-9067-6625d4a1765a", "type": "included-in" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18", "type": "detects" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "type": "detects" }, { "dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166", "type": "detects" }, { "dest-uuid": "ba04e672-da86-4e69-aa15-0eca5db25f43", "type": "detects" }, { "dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4", "type": "detects" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b", "type": "detects" }, { "dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd", "type": "detects" }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "type": "detects" }, { "dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213", "type": "detects" }, { "dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6", "type": "detects" }, { "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", "type": "detects" }, { "dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120", "type": "detects" }, { "dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df", "type": "detects" }, { "dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161", "type": "detects" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "type": "detects" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "type": "detects" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "type": "detects" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "type": "detects" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "type": "detects" }, { "dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433", "type": "detects" }, { "dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163", "type": "detects" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "type": "detects" }, { "dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317", "type": "detects" }, { "dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755", "type": "detects" }, { "dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7", "type": "detects" }, { "dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6", "type": "detects" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "type": "detects" } ], "uuid": "a7f22107-02e5-4982-9067-6625d4a1765a", "value": "Network Traffic Flow" }, { "description": "Contextual data about a scheduled job, which may include information such as name, timing, command(s), etc.", "meta": { "refs": [] }, "related": [ { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "7b375092-3a61-448d-900a-77c9a4bde4dc", "type": "included-in" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "type": "detects" } ], "uuid": "7b375092-3a61-448d-900a-77c9a4bde4dc", "value": "Scheduled Job Metadata" }, { "description": "Changes made to a scheduled job, such as modifications to the execution launch (ex: Windows EID 4702 or /var/log cron logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "faa34cf6-cf32-4dc9-bd6a-8f7a606ff65b", "type": "included-in" } ], "uuid": "faa34cf6-cf32-4dc9-bd6a-8f7a606ff65b", "value": "Scheduled Job Modification" }, { "description": "An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "23e4ee78-26f3-4fcf-ba43-ab953962f96c", "type": "included-in" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "type": "detects" }, { "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", "type": "detects" } ], "uuid": "23e4ee78-26f3-4fcf-ba43-ab953962f96c", "value": "Kernel Module Load" }, { "description": "Contextual data about a logon session, such as username, logon type, access tokens (security context, user SIDs, logon identifiers, and logon SID), and any activity associated within it", "meta": { "refs": [] }, "related": [ { "dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d", "type": "detects" }, { "dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2", "type": "detects" }, { "dest-uuid": "39b9db72-8b48-4595-a18d-db5bbba3091b", "type": "included-in" }, { "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", "type": "detects" }, { "dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1", "type": "detects" }, { "dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493", "type": "detects" }, { "dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925", "type": "detects" }, { "dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81", "type": "detects" }, { "dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f", "type": "detects" }, { "dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27", "type": "detects" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "type": "detects" }, { "dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65", "type": "detects" }, { "dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2", "type": "detects" } ], "uuid": "39b9db72-8b48-4595-a18d-db5bbba3091b", "value": "Logon Session Metadata" }, { "description": "Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "b9a1578e-8653-4103-be23-cb52e0b1816e", "type": "included-in" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" } ], "uuid": "b9a1578e-8653-4103-be23-cb52e0b1816e", "value": "Named Pipe Metadata" }, { "description": "API calls utilized by an application that could indicate malicious activity", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0cdd66ad-26ac-4338-a764-4972a1e17ee3", "type": "detects" }, { "dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad", "type": "detects" }, { "dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b", "type": "detects" }, { "dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2", "type": "detects" }, { "dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19", "type": "detects" }, { "dest-uuid": "1d44f529-6fe6-489f-8a01-6261ac43f05e", "type": "detects" }, { "dest-uuid": "1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee", "type": "detects" }, { "dest-uuid": "20b0931a-8952-42ca-975f-775bad295f1a", "type": "detects" }, { "dest-uuid": "233fe2c0-cb41-4765-b454-e0087597fbce", "type": "detects" }, { "dest-uuid": "27d18e87-8f32-4be1-b456-39b90454360f", "type": "detects" }, { "dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258", "type": "detects" }, { "dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c", "type": "detects" }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "type": "detects" }, { "dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286", "type": "detects" }, { "dest-uuid": "4f14e30b-8b57-4a7b-9093-2c0778ea99cf", "type": "detects" }, { "dest-uuid": "51636761-2e35-44bf-9e56-e337adf97174", "type": "detects" }, { "dest-uuid": "5ae32c6a-2d12-4b8f-81ca-f862f2be0962", "type": "included-in" }, { "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", "type": "detects" }, { "dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1", "type": "detects" }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "type": "detects" }, { "dest-uuid": "6ffad4be-bfe0-424f-abde-4d9a84a800ad", "type": "detects" }, { "dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160", "type": "detects" }, { "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", "type": "detects" }, { "dest-uuid": "74e6003f-c7f4-4047-983b-708cc19b96b6", "type": "detects" }, { "dest-uuid": "7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3", "type": "detects" }, { "dest-uuid": "789ef15a-34d9-4b32-a779-8cbbc9eb32f5", "type": "detects" }, { "dest-uuid": "8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", "type": "detects" }, { "dest-uuid": "9558a84e-2d5e-4872-918e-d847494a8ffc", "type": "detects" }, { "dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242", "type": "detects" }, { "dest-uuid": "b7c0e45f-0206-4f75-96e7-fe7edad3aaff", "type": "detects" }, { "dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692", "type": "detects" }, { "dest-uuid": "c548d8c4-a0a3-4a24-bb79-2a84abbc7b36", "type": "detects" }, { "dest-uuid": "cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", "type": "detects" }, { "dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a", "type": "detects" }, { "dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4", "type": "detects" }, { "dest-uuid": "dc01774a-d1c1-45fb-b506-0a5d1d6593d9", "type": "detects" }, { "dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780", "type": "detects" }, { "dest-uuid": "f05fc151-aa62-47e3-ae57-2d1b23d64bf6", "type": "detects" }, { "dest-uuid": "f856eaab-e84a-4265-a8a2-7bf37e5dc2fc", "type": "detects" }, { "dest-uuid": "fc53309d-ebd5-4573-9242-57024ebdad4f", "type": "detects" } ], "uuid": "5ae32c6a-2d12-4b8f-81ca-f862f2be0962", "value": "API Calls" }, { "description": "Queried domain name system (DNS) registry data highlighting current domain to IP address resolutions (ex: dig/nslookup queries)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "type": "detects" }, { "dest-uuid": "2e521444-7295-4dec-96c1-7595b2df7811", "type": "included-in" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "type": "detects" }, { "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", "type": "detects" }, { "dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5", "type": "detects" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "type": "detects" } ], "uuid": "2e521444-7295-4dec-96c1-7595b2df7811", "value": "Active DNS" }, { "description": "Opening of a data storage device with an assigned drive letter or mount point", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "type": "detects" }, { "dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5", "type": "detects" }, { "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "type": "detects" }, { "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", "type": "detects" }, { "dest-uuid": "73ff2dcc-24b1-4368-b9dc-706dd9e68354", "type": "included-in" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "type": "detects" } ], "uuid": "73ff2dcc-24b1-4368-b9dc-706dd9e68354", "value": "Drive Access" }, { "description": "Opening a file, which makes the file contents available to the requestor (ex: Windows EID 4663)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "type": "detects" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "type": "detects" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "type": "detects" }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "type": "detects" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "type": "detects" }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "type": "detects" }, { "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "type": "detects" }, { "dest-uuid": "235b7491-2d2b-4617-9a52-3c0783680f71", "type": "included-in" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "type": "detects" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "type": "detects" }, { "dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d", "type": "detects" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "type": "detects" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "type": "detects" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "type": "detects" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "type": "detects" }, { "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", "type": "detects" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d", "type": "detects" }, { "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", "type": "detects" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "type": "detects" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "type": "detects" }, { "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "type": "detects" }, { "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "type": "detects" }, { "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", "type": "detects" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3", "type": "detects" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "type": "detects" }, { "dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969", "type": "detects" }, { "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", "type": "detects" }, { "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", "type": "detects" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "type": "detects" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "type": "detects" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "type": "detects" }, { "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", "type": "detects" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "type": "detects" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "type": "detects" }, { "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", "type": "detects" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "type": "detects" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "type": "detects" } ], "uuid": "235b7491-2d2b-4617-9a52-3c0783680f71", "value": "File Access" }, { "description": "Opening of a process by another process, typically to read memory of the target process (ex: Sysmon EID 10)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff", "type": "detects" }, { "dest-uuid": "1887a270-576a-4049-84de-ef746b2572d6", "type": "included-in" }, { "dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72", "type": "detects" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "type": "detects" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", "type": "detects" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", "type": "detects" }, { "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", "type": "detects" }, { "dest-uuid": "8252f135-ed26-4ce1-ae61-f26e94429a19", "type": "detects" }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "type": "detects" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "type": "detects" }, { "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "type": "detects" }, { "dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744", "type": "detects" }, { "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", "type": "detects" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" } ], "uuid": "1887a270-576a-4049-84de-ef746b2572d6", "value": "Process Access" }, { "description": "Initial construction of a new container (ex: docker create )", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "type": "detects" }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "a5ae90ca-0c4b-481c-959f-0eb18a7ff953", "type": "included-in" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" } ], "uuid": "a5ae90ca-0c4b-481c-959f-0eb18a7ff953", "value": "Container Creation" }, { "description": "Initial construction of a drive letter or mount point to a data storage device", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "type": "detects" }, { "dest-uuid": "3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f", "type": "included-in" }, { "dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef", "type": "detects" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "type": "detects" }, { "dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9", "type": "detects" }, { "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", "type": "detects" } ], "uuid": "3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f", "value": "Drive Creation" }, { "description": "An extracted list of containers (ex: docker ps)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", "type": "detects" }, { "dest-uuid": "91b3ed33-d1b5-4c4b-a896-76c55eb3cfd8", "type": "included-in" } ], "uuid": "91b3ed33-d1b5-4c4b-a896-76c55eb3cfd8", "value": "Container Enumeration" }, { "description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "type": "detects" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "type": "detects" }, { "dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688", "type": "detects" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "type": "detects" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "type": "detects" }, { "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "type": "detects" }, { "dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5", "type": "detects" }, { "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "type": "detects" }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "type": "detects" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "type": "detects" }, { "dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "type": "detects" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "type": "detects" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "type": "detects" }, { "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "type": "detects" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "type": "detects" }, { "dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f", "type": "detects" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "type": "detects" }, { "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "type": "detects" }, { "dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c", "type": "detects" }, { "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "type": "detects" }, { "dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72", "type": "detects" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "type": "detects" }, { "dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec", "type": "detects" }, { "dest-uuid": "1bae753e-8e52-4055-a66d-2ead90303ca9", "type": "detects" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "type": "detects" }, { "dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004", "type": "detects" }, { "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc", "type": "detects" }, { "dest-uuid": "208884f1-7b83-4473-ac22-4e1cf6c41471", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d", "type": "detects" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "type": "detects" }, { "dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee", "type": "detects" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "type": "detects" }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "type": "detects" }, { "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "type": "detects" }, { "dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c", "type": "detects" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "type": "detects" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "type": "detects" }, { "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "type": "detects" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "type": "detects" }, { "dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f", "type": "detects" }, { "dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d", "type": "detects" }, { "dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21", "type": "detects" }, { "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "type": "detects" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "type": "detects" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "type": "detects" }, { "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "type": "detects" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "type": "detects" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "type": "detects" }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "type": "detects" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "type": "detects" }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "type": "detects" }, { "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", "type": "detects" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "type": "detects" }, { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "type": "detects" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "type": "detects" }, { "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", "type": "detects" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "type": "detects" }, { "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a", "type": "detects" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927", "type": "detects" }, { "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", "type": "detects" }, { "dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06", "type": "detects" }, { "dest-uuid": "4a2975db-414e-4c0c-bd92-775987514b4b", "type": "detects" }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "type": "detects" }, { "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "type": "detects" }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "type": "detects" }, { "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", "type": "detects" }, { "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", "type": "detects" }, { "dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87", "type": "detects" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "type": "detects" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf", "type": "detects" }, { "dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054", "type": "detects" }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8", "type": "detects" }, { "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "type": "detects" }, { "dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163", "type": "detects" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "type": "detects" }, { "dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd", "type": "detects" }, { "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", "type": "detects" }, { "dest-uuid": "63220765-d418-44de-8fae-694b3912317d", "type": "detects" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "type": "detects" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "type": "detects" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "type": "detects" }, { "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf", "type": "detects" }, { "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", "type": "detects" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "type": "detects" }, { "dest-uuid": "685f917a-e95e-4ba0-ade1-c7d354dae6e0", "type": "included-in" }, { "dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1", "type": "detects" }, { "dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530", "type": "detects" }, { "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "type": "detects" }, { "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", "type": "detects" }, { "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", "type": "detects" }, { "dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf", "type": "detects" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "type": "detects" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "type": "detects" }, { "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "type": "detects" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "type": "detects" }, { "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", "type": "detects" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "type": "detects" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", "type": "detects" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "type": "detects" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "type": "detects" }, { "dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", "type": "detects" }, { "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", "type": "detects" }, { "dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0", "type": "detects" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "type": "detects" }, { "dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331", "type": "detects" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "type": "detects" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", "type": "detects" }, { "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "type": "detects" }, { "dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4", "type": "detects" }, { "dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3", "type": "detects" }, { "dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497", "type": "detects" }, { "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "type": "detects" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "type": "detects" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "type": "detects" }, { "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", "type": "detects" }, { "dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969", "type": "detects" }, { "dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d", "type": "detects" }, { "dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819", "type": "detects" }, { "dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e", "type": "detects" }, { "dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5", "type": "detects" }, { "dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe", "type": "detects" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "type": "detects" }, { "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", "type": "detects" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "type": "detects" }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "type": "detects" }, { "dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d", "type": "detects" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "type": "detects" }, { "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", "type": "detects" }, { "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", "type": "detects" }, { "dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242", "type": "detects" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "type": "detects" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "type": "detects" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776", "type": "detects" }, { "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", "type": "detects" }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "type": "detects" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "type": "detects" }, { "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", "type": "detects" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "type": "detects" }, { "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "type": "detects" }, { "dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd", "type": "detects" }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "type": "detects" }, { "dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" }, { "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a", "type": "detects" }, { "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", "type": "detects" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", "type": "detects" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "type": "detects" }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "type": "detects" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "type": "detects" }, { "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", "type": "detects" }, { "dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", "type": "detects" }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "type": "detects" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "type": "detects" }, { "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", "type": "detects" }, { "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", "type": "detects" }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "type": "detects" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "type": "detects" }, { "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", "type": "detects" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "type": "detects" }, { "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", "type": "detects" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "type": "detects" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "type": "detects" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "type": "detects" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", "type": "detects" }, { "dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4", "type": "detects" }, { "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "type": "detects" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "type": "detects" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "type": "detects" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", "type": "detects" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "type": "detects" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "type": "detects" }, { "dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7", "type": "detects" }, { "dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56", "type": "detects" }, { "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "type": "detects" }, { "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "type": "detects" }, { "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "type": "detects" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "type": "detects" }, { "dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88", "type": "detects" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "type": "detects" }, { "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", "type": "detects" }, { "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", "type": "detects" }, { "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", "type": "detects" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "type": "detects" }, { "dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d", "type": "detects" }, { "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "type": "detects" }, { "dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d", "type": "detects" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24", "type": "detects" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "type": "detects" }, { "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", "type": "detects" }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "type": "detects" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "type": "detects" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" }, { "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", "type": "detects" }, { "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", "type": "detects" }, { "dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436", "type": "detects" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "type": "detects" }, { "dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b", "type": "detects" }, { "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", "type": "detects" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "type": "detects" }, { "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", "type": "detects" }, { "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "type": "detects" } ], "uuid": "685f917a-e95e-4ba0-ade1-c7d354dae6e0", "value": "Command Execution" }, { "description": "Initial construction of a new file (ex: Sysmon EID 11)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "type": "detects" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "0533ab23-3f7d-463f-9bd8-634d27e4dee1", "type": "detects" }, { "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", "type": "detects" }, { "dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5", "type": "detects" }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "type": "detects" }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096", "type": "detects" }, { "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "type": "detects" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "type": "detects" }, { "dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011", "type": "detects" }, { "dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c", "type": "detects" }, { "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "type": "detects" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "type": "detects" }, { "dest-uuid": "2b3bfe19-d59a-460d-93bb-2f546adc2d2c", "type": "included-in" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "type": "detects" }, { "dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597", "type": "detects" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "type": "detects" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1", "type": "detects" }, { "dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", "type": "detects" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "type": "detects" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "type": "detects" }, { "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "type": "detects" }, { "dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe", "type": "detects" }, { "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", "type": "detects" }, { "dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "type": "detects" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", "type": "detects" }, { "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "63220765-d418-44de-8fae-694b3912317d", "type": "detects" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "type": "detects" }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "type": "detects" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e", "type": "detects" }, { "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", "type": "detects" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "type": "detects" }, { "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", "type": "detects" }, { "dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "type": "detects" }, { "dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04", "type": "detects" }, { "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", "type": "detects" }, { "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", "type": "detects" }, { "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", "type": "detects" }, { "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", "type": "detects" }, { "dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b", "type": "detects" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", "type": "detects" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "type": "detects" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", "type": "detects" }, { "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", "type": "detects" }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "type": "detects" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", "type": "detects" }, { "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb", "type": "detects" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "type": "detects" }, { "dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56", "type": "detects" }, { "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" }, { "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "type": "detects" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "type": "detects" }, { "dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add", "type": "detects" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9", "type": "detects" }, { "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", "type": "detects" }, { "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", "type": "detects" } ], "uuid": "2b3bfe19-d59a-460d-93bb-2f546adc2d2c", "value": "File Creation" }, { "description": "Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "type": "detects" }, { "dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939", "type": "detects" }, { "dest-uuid": "05645013-2fed-4066-8bdc-626b2e201dd4", "type": "included-in" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" } ], "uuid": "05645013-2fed-4066-8bdc-626b2e201dd4", "value": "WMI Creation" }, { "description": "Initial construction of a new instance (ex: instance.insert within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" }, { "dest-uuid": "b5b0e8ae-7436-4951-950a-7b83c4dd3f2c", "type": "included-in" }, { "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", "type": "detects" } ], "uuid": "b5b0e8ae-7436-4951-950a-7b83c4dd3f2c", "value": "Instance Creation" }, { "description": "Initial construction of a virtual machine image (ex: Azure Compute Service Images PUT)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", "type": "detects" }, { "dest-uuid": "800f9819-7007-4540-a520-40e655876800", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "b008766d-f34f-4ded-b712-659f59aaed6e", "type": "included-in" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" } ], "uuid": "b008766d-f34f-4ded-b712-659f59aaed6e", "value": "Image Creation" }, { "description": "Contextual data about a container and activity around it such as name, ID, image, or status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "df508a43-65f5-453f-8b8f-4b5d64e60a21", "type": "included-in" } ], "uuid": "df508a43-65f5-453f-8b8f-4b5d64e60a21", "value": "Container Metadata" }, { "description": "Contextual data about a cluster and activity around it such as name, namespace, age, or status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "fafaa705-ec08-4405-ac62-288c252e520d", "type": "included-in" } ], "uuid": "fafaa705-ec08-4405-ac62-288c252e520d", "value": "Cluster Metadata" }, { "description": "Code, strings, and other signatures that compromise a malicious payload", "meta": { "refs": [] }, "related": [ { "dest-uuid": "167b48f7-76e9-4fcb-9e8d-7121f7bf56c3", "type": "included-in" }, { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "type": "detects" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "type": "detects" }, { "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", "type": "detects" }, { "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", "type": "detects" } ], "uuid": "167b48f7-76e9-4fcb-9e8d-7121f7bf56c3", "value": "Malware Content" }, { "description": "Network requests made by an application or domains contacted", "meta": { "refs": [] }, "related": [ { "dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d", "type": "detects" }, { "dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258", "type": "detects" }, { "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", "type": "detects" }, { "dest-uuid": "2ccc3d39-9598-4d32-9657-42e1c7095d26", "type": "detects" }, { "dest-uuid": "5abfc5e6-3c56-49e7-ad72-502d01acf28b", "type": "detects" }, { "dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6", "type": "detects" }, { "dest-uuid": "764ee29e-48d6-4934-8e6b-7a606aaaafc0", "type": "included-in" }, { "dest-uuid": "939808a7-121d-467a-b028-4441ee8b7cee", "type": "detects" }, { "dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5", "type": "detects" }, { "dest-uuid": "986f80f7-ff0e-4f48-87bd-0394814bbce5", "type": "detects" }, { "dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380", "type": "detects" }, { "dest-uuid": "d916f176-a1ca-4a78-9fdd-4058bc28162e", "type": "detects" }, { "dest-uuid": "fd211238-f767-4599-8c0d-9dca36624626", "type": "detects" } ], "uuid": "764ee29e-48d6-4934-8e6b-7a606aaaafc0", "value": "Network Communication" }, { "description": "Device configuration options that are not typically utilized by benign applications", "meta": { "refs": [] }, "related": [ { "dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13", "type": "detects" }, { "dest-uuid": "6c62144a-cd5c-401c-ada9-58c4c74cd9d2", "type": "included-in" } ], "uuid": "6c62144a-cd5c-401c-ada9-58c4c74cd9d2", "value": "Protected Configuration" }, { "description": "The initial construction of an executable managed by the OS, that may involve one or more tasks or threads. (e.g. Win EID 4688, Sysmon EID 1, cmd.exe > net use, etc.)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "005cc321-08ce-4d17-b1ea-cb5275926520", "type": "detects" }, { "dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662", "type": "detects" }, { "dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b", "type": "detects" }, { "dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055", "type": "detects" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104", "type": "detects" }, { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "type": "detects" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "type": "detects" }, { "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "type": "detects" }, { "dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22", "type": "detects" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "type": "detects" }, { "dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32", "type": "detects" }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "type": "detects" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "type": "detects" }, { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "type": "detects" }, { "dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc", "type": "detects" }, { "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "type": "detects" }, { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "type": "detects" }, { "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "type": "detects" }, { "dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c", "type": "detects" }, { "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "type": "detects" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "type": "detects" }, { "dest-uuid": "1bae753e-8e52-4055-a66d-2ead90303ca9", "type": "detects" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "type": "detects" }, { "dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d", "type": "detects" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "type": "detects" }, { "dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "type": "detects" }, { "dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e", "type": "detects" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "type": "detects" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "type": "detects" }, { "dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6", "type": "detects" }, { "dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c", "type": "detects" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "type": "detects" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107", "type": "detects" }, { "dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6", "type": "detects" }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "type": "detects" }, { "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "type": "detects" }, { "dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa", "type": "detects" }, { "dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529", "type": "detects" }, { "dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580", "type": "detects" }, { "dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f", "type": "detects" }, { "dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643", "type": "detects" }, { "dest-uuid": "34a80bc4-80f2-46e6-94ff-f3265a4b657c", "type": "detects" }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "type": "detects" }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "type": "detects" }, { "dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb", "type": "detects" }, { "dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8", "type": "detects" }, { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "type": "detects" }, { "dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e", "type": "detects" }, { "dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4", "type": "detects" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "type": "detects" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "type": "detects" }, { "dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44", "type": "detects" }, { "dest-uuid": "3d20385b-24ef-40e1-9f56-f39750379077", "type": "included-in" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0", "type": "detects" }, { "dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "type": "detects" }, { "dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517", "type": "detects" }, { "dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927", "type": "detects" }, { "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", "type": "detects" }, { "dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c", "type": "detects" }, { "dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4a2975db-414e-4c0c-bd92-775987514b4b", "type": "detects" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "type": "detects" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "type": "detects" }, { "dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830", "type": "detects" }, { "dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470", "type": "detects" }, { "dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0", "type": "detects" }, { "dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49", "type": "detects" }, { "dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c", "type": "detects" }, { "dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4", "type": "detects" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", "type": "detects" }, { "dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", "type": "detects" }, { "dest-uuid": "63220765-d418-44de-8fae-694b3912317d", "type": "detects" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "type": "detects" }, { "dest-uuid": "635cbe30-392d-4e27-978e-66774357c762", "type": "detects" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "type": "detects" }, { "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", "type": "detects" }, { "dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", "type": "detects" }, { "dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1", "type": "detects" }, { "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "type": "detects" }, { "dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6", "type": "detects" }, { "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", "type": "detects" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "type": "detects" }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "type": "detects" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "type": "detects" }, { "dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08", "type": "detects" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "type": "detects" }, { "dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177", "type": "detects" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1", "type": "detects" }, { "dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18", "type": "detects" }, { "dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", "type": "detects" }, { "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", "type": "detects" }, { "dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475", "type": "detects" }, { "dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327", "type": "detects" }, { "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "type": "detects" }, { "dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497", "type": "detects" }, { "dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d", "type": "detects" }, { "dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc", "type": "detects" }, { "dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade", "type": "detects" }, { "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", "type": "detects" }, { "dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852", "type": "detects" }, { "dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580", "type": "detects" }, { "dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58", "type": "detects" }, { "dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938", "type": "detects" }, { "dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414", "type": "detects" }, { "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", "type": "detects" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "type": "detects" }, { "dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c", "type": "detects" }, { "dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36", "type": "detects" }, { "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", "type": "detects" }, { "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", "type": "detects" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "type": "detects" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "type": "detects" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", "type": "detects" }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "type": "detects" }, { "dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829", "type": "detects" }, { "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", "type": "detects" }, { "dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d", "type": "detects" }, { "dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c", "type": "detects" }, { "dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56", "type": "detects" }, { "dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "type": "detects" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "type": "detects" }, { "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", "type": "detects" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0", "type": "detects" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "type": "detects" }, { "dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63", "type": "detects" }, { "dest-uuid": "bef8aaee-961d-4359-a308-4c2182bcedff", "type": "detects" }, { "dest-uuid": "bf147104-abf9-4221-95d1-e81585859441", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", "type": "detects" }, { "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", "type": "detects" }, { "dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19", "type": "detects" }, { "dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896", "type": "detects" }, { "dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8", "type": "detects" }, { "dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839", "type": "detects" }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "type": "detects" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "type": "detects" }, { "dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979", "type": "detects" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "type": "detects" }, { "dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96", "type": "detects" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "type": "detects" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "type": "detects" }, { "dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1", "type": "detects" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", "type": "detects" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "type": "detects" }, { "dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6", "type": "detects" }, { "dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7", "type": "detects" }, { "dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56", "type": "detects" }, { "dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534", "type": "detects" }, { "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" }, { "dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c", "type": "detects" }, { "dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67", "type": "detects" }, { "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "type": "detects" }, { "dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735", "type": "detects" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "type": "detects" }, { "dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391", "type": "detects" }, { "dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549", "type": "detects" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "type": "detects" }, { "dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf", "type": "detects" }, { "dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3", "type": "detects" }, { "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", "type": "detects" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "type": "detects" }, { "dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995", "type": "detects" }, { "dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077", "type": "detects" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" }, { "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", "type": "detects" }, { "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", "type": "detects" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "type": "detects" }, { "dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b", "type": "detects" }, { "dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b", "type": "detects" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "type": "detects" }, { "dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407", "type": "detects" }, { "dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1", "type": "detects" }, { "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "type": "detects" } ], "uuid": "3d20385b-24ef-40e1-9f56-f39750379077", "value": "Process Creation" }, { "description": "Initial construction of a new pod (ex: kubectl apply|run)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "5263cb33-08cc-4a68-820f-004e1e400d76", "type": "included-in" }, { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "type": "detects" } ], "uuid": "5263cb33-08cc-4a68-820f-004e1e400d76", "value": "Pod Creation" }, { "description": "Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "type": "detects" }, { "dest-uuid": "1dad5aa4-4bb5-45e4-9e42-55d40003cfa6", "type": "included-in" }, { "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", "type": "detects" } ], "uuid": "1dad5aa4-4bb5-45e4-9e42-55d40003cfa6", "value": "Certificate Registration" }, { "description": "Logged network traffic in response to a scan showing both protocol header and body values", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "type": "detects" }, { "dest-uuid": "04a5a8ab-3bc8-4c83-95c9-55274a89786d", "type": "detects" }, { "dest-uuid": "09312b1a-c3c6-4b45-9844-3ccc78e5d82f", "type": "detects" }, { "dest-uuid": "0dcbbf4f-929c-489a-b66b-9b820d3f7f0e", "type": "included-in" }, { "dest-uuid": "155207c0-7f53-4f13-a06b-0a9907ef5096", "type": "detects" }, { "dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421", "type": "detects" }, { "dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a", "type": "detects" }, { "dest-uuid": "24286c33-d4a4-4419-85c2-1d094a896c26", "type": "detects" }, { "dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9", "type": "detects" }, { "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", "type": "detects" }, { "dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e", "type": "detects" }, { "dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d", "type": "detects" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "type": "detects" }, { "dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c", "type": "detects" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "type": "detects" }, { "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", "type": "detects" }, { "dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0", "type": "detects" }, { "dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701", "type": "detects" }, { "dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54", "type": "detects" }, { "dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2", "type": "detects" }, { "dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884", "type": "detects" }, { "dest-uuid": "c071d8c1-3b3a-4f22-9407-ca4e96921069", "type": "detects" }, { "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", "type": "detects" }, { "dest-uuid": "df1bc34d-1634-4c93-b89e-8120994fce77", "type": "detects" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "type": "detects" }, { "dest-uuid": "e5d550f3-2202-4634-85f2-4a200a1d49b3", "type": "detects" }, { "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", "type": "detects" } ], "uuid": "0dcbbf4f-929c-489a-b66b-9b820d3f7f0e", "value": "Response Content" }, { "description": "Initial construction of a new snapshot (ex: AWS create-snapshot)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "3da222e6-53f3-451c-a239-0b405c009432", "type": "included-in" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" }, { "dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1", "type": "detects" } ], "uuid": "3da222e6-53f3-451c-a239-0b405c009432", "value": "Snapshot Creation" }, { "description": "Activation or invocation of a container (ex: docker start or docker restart)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "type": "detects" }, { "dest-uuid": "5fe82895-28e5-4aac-845e-dc886b63be2e", "type": "included-in" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" } ], "uuid": "5fe82895-28e5-4aac-845e-dc886b63be2e", "value": "Container Start" }, { "description": "Initial construction of a new service/daemon (ex: Windows EID 4697 or /var/log daemon logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "5297a638-1382-4f0c-8472-0d21830bf705", "type": "included-in" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e", "type": "detects" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "type": "detects" }, { "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "type": "detects" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" }, { "dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4", "type": "detects" } ], "uuid": "5297a638-1382-4f0c-8472-0d21830bf705", "value": "Service Creation" }, { "description": "Initial construction of a cloud volume (ex: AWS create-volume)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "dad75cc7-5bae-4175-adb4-ca1962d8650e", "type": "included-in" } ], "uuid": "dad75cc7-5bae-4175-adb4-ca1962d8650e", "value": "Volume Creation" }, { "description": "Deactivation or stoppage of a cloud service (ex: Write/Delete entries within Azure Firewall Activity Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b", "type": "detects" }, { "dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c", "type": "detects" }, { "dest-uuid": "c97d0171-f6e0-4415-85ff-4082fdb8c72a", "type": "included-in" } ], "uuid": "c97d0171-f6e0-4415-85ff-4082fdb8c72a", "value": "Firewall Disable" }, { "description": "Removal of a file (ex: Sysmon EID 23, macOS ESF EID ES_EVENT_TYPE_AUTH_UNLINK, or Linux commands auditd unlink, rename, rmdir, unlinked, or renameat rules)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "type": "detects" }, { "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "type": "detects" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "type": "detects" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927", "type": "detects" }, { "dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054", "type": "detects" }, { "dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c", "type": "detects" }, { "dest-uuid": "e905dad2-00d6-477c-97e8-800427abd0e8", "type": "included-in" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" } ], "uuid": "e905dad2-00d6-477c-97e8-800427abd0e8", "value": "File Deletion" }, { "description": "Removal of an instance (ex: instance.delete within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", "type": "detects" }, { "dest-uuid": "7561ed50-16cb-4826-82c7-c1ddca61785e", "type": "included-in" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" } ], "uuid": "7561ed50-16cb-4826-82c7-c1ddca61785e", "value": "Instance Deletion" }, { "description": "Removal of a virtual machine image (ex: Azure Compute Service Images DELETE)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "8b4ca854-ac08-47da-b24f-601b28a39aff", "type": "included-in" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" } ], "uuid": "8b4ca854-ac08-47da-b24f-601b28a39aff", "value": "Image Deletion" }, { "description": "Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4", "type": "detects" }, { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "type": "detects" }, { "dest-uuid": "3551476e-14f5-4e48-a518-e82135329e03", "type": "included-in" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49", "type": "detects" }, { "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "type": "detects" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "type": "detects" } ], "uuid": "3551476e-14f5-4e48-a518-e82135329e03", "value": "Driver Load" }, { "description": "Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking", "meta": { "refs": [] }, "related": [ { "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "type": "detects" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "f5a9a1dd-82f9-41a3-85b8-13e5b9cd6c79", "type": "included-in" } ], "uuid": "f5a9a1dd-82f9-41a3-85b8-13e5b9cd6c79", "value": "Driver Metadata" }, { "description": "Changes made to a drive letter or mount point of a data storage device", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9", "type": "detects" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "type": "detects" }, { "dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967", "type": "detects" }, { "dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba", "type": "detects" }, { "dest-uuid": "4dcd8ba3-2075-4f8b-941e-39884ffaac08", "type": "included-in" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac", "type": "detects" } ], "uuid": "4dcd8ba3-2075-4f8b-941e-39884ffaac08", "value": "Drive Modification" }, { "description": "Logged domain name system (DNS) data highlighting timelines of domain to IP address resolutions (ex: passive DNS)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "type": "detects" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "type": "detects" }, { "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", "type": "detects" }, { "dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5", "type": "detects" }, { "dest-uuid": "cc150ad8-ecfa-4340-9aaa-d21165873bd4", "type": "included-in" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "type": "detects" } ], "uuid": "cc150ad8-ecfa-4340-9aaa-d21165873bd4", "value": "Passive DNS" }, { "description": "Information about domain name assignments and other domain metadata (ex: WHOIS)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "type": "detects" }, { "dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3", "type": "detects" }, { "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", "type": "detects" }, { "dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba", "type": "detects" }, { "dest-uuid": "ff9b665a-598b-4bcb-8b2a-a87566aa1256", "type": "included-in" } ], "uuid": "ff9b665a-598b-4bcb-8b2a-a87566aa1256", "value": "Domain Registration" }, { "description": "Removal of a snapshot (ex: AWS delete-snapshot)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "16e07530-764b-4d83-bae0-cdbfc31bf21d", "type": "included-in" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" } ], "uuid": "16e07530-764b-4d83-bae0-cdbfc31bf21d", "value": "Snapshot Deletion" }, { "description": "Removal of a a cloud volume (ex: AWS delete-volume)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "3acecdde-c327-4498-9bb8-33a2e63c6c57", "type": "included-in" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" } ], "uuid": "3acecdde-c327-4498-9bb8-33a2e63c6c57", "value": "Volume Deletion" }, { "description": "An extracted list of available firewalls and/or their associated settings/rules (ex: Azure Network Firewall CLI Show commands)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "bf91faa8-0049-4870-810a-4df55e0b77ee", "type": "included-in" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "type": "detects" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "type": "detects" } ], "uuid": "bf91faa8-0049-4870-810a-4df55e0b77ee", "value": "Firewall Enumeration" }, { "description": "An extracted list of available groups and/or their associated settings (ex: AWS list-groups)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "type": "detects" }, { "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "type": "detects" }, { "dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af", "type": "detects" }, { "dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e", "type": "detects" }, { "dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c", "type": "detects" }, { "dest-uuid": "8e44412e-3238-4d64-8878-4f11e27784fe", "type": "included-in" }, { "dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b", "type": "detects" } ], "uuid": "8e44412e-3238-4d64-8878-4f11e27784fe", "value": "Group Enumeration" }, { "description": "An extracted list of instances within a cloud environment (ex: instance.list within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "2a80d95f-08c4-48e3-833e-151ef19d90f5", "type": "included-in" }, { "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", "type": "detects" } ], "uuid": "2a80d95f-08c4-48e3-833e-151ef19d90f5", "value": "Instance Enumeration" }, { "description": "An extracted list of pods within a cluster (ex: kubectl get pods)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336", "type": "detects" }, { "dest-uuid": "07688e40-a7fa-4436-937f-1216674341a0", "type": "included-in" } ], "uuid": "07688e40-a7fa-4436-937f-1216674341a0", "value": "Pod Enumeration" }, { "description": "An extracted list of snapshops within a cloud environment (ex: AWS describe-snapshots)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", "type": "detects" }, { "dest-uuid": "ffd73905-2e51-4f2d-8549-e72fb0eb6c38", "type": "included-in" } ], "uuid": "ffd73905-2e51-4f2d-8549-e72fb0eb6c38", "value": "Snapshot Enumeration" }, { "description": "The execution of a text file that contains code via the interpreter (e.g. Powershell, WMI, Windows EID 4104, etc.)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58", "type": "detects" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "type": "detects" }, { "dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b", "type": "detects" }, { "dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "type": "detects" }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "type": "detects" }, { "dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619", "type": "detects" }, { "dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5", "type": "detects" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6", "type": "detects" }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a", "type": "detects" }, { "dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0", "type": "detects" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "type": "detects" }, { "dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0", "type": "detects" }, { "dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9", "type": "detects" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "type": "detects" }, { "dest-uuid": "9f387817-df83-432a-b56b-a8fb7f71eedd", "type": "included-in" }, { "dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d", "type": "detects" }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b", "type": "detects" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "type": "detects" }, { "dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48", "type": "detects" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "type": "detects" }, { "dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7", "type": "detects" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "type": "detects" }, { "dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe", "type": "detects" } ], "uuid": "9f387817-df83-432a-b56b-a8fb7f71eedd", "value": "Script Execution" }, { "description": "An extracted list of available volumes within a cloud environment (ex: AWS describe-volumes)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d", "type": "detects" }, { "dest-uuid": "ec225357-8197-47a4-a9cd-57741d592877", "type": "included-in" } ], "uuid": "ec225357-8197-47a4-a9cd-57741d592877", "value": "Volume Enumeration" }, { "description": "Contextual data about a firewall and activity around it such as name, policy, or status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "746f095a-f84c-4ccc-90a5-c7caa5c100a2", "type": "included-in" }, { "dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384", "type": "detects" }, { "dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58", "type": "detects" } ], "uuid": "746f095a-f84c-4ccc-90a5-c7caa5c100a2", "value": "Firewall Metadata" }, { "description": "Contextual data about a file, which may include information such as name, the content (ex: signature, headers, or data/media), user/owner, permissions, etc.", "meta": { "refs": [] }, "related": [ { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "type": "detects" }, { "dest-uuid": "0533ab23-3f7d-463f-9bd8-634d27e4dee1", "type": "detects" }, { "dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345", "type": "detects" }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "type": "detects" }, { "dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e", "type": "detects" }, { "dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720", "type": "detects" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "2f41939b-54c3-41d6-8f8b-35f1ec18ed97", "type": "detects" }, { "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "type": "detects" }, { "dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082", "type": "detects" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "type": "detects" }, { "dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee", "type": "detects" }, { "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "type": "detects" }, { "dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5", "type": "detects" }, { "dest-uuid": "639e87f3-acb6-448a-9645-258f20da4bc5", "type": "included-in" }, { "dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", "type": "detects" }, { "dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197", "type": "detects" }, { "dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961", "type": "detects" }, { "dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc", "type": "detects" }, { "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00", "type": "detects" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "type": "detects" }, { "dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5", "type": "detects" }, { "dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916", "type": "detects" }, { "dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617", "type": "detects" }, { "dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b", "type": "detects" }, { "dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377", "type": "detects" }, { "dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062", "type": "detects" }, { "dest-uuid": "e51137a5-1cdc-499e-911a-abaedaa5ac86", "type": "detects" }, { "dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4", "type": "detects" }, { "dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d", "type": "detects" }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "type": "detects" } ], "uuid": "639e87f3-acb6-448a-9645-258f20da4bc5", "value": "File Metadata" }, { "description": "Changes made to firmware, including its settings and/or data, such as MBR (Master Boot Record) and VBR (Volume Boot Record)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "type": "detects" }, { "dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4", "type": "detects" }, { "dest-uuid": "791481f8-e96a-41be-b089-a088763083d4", "type": "detects" }, { "dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e", "type": "detects" }, { "dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc", "type": "detects" }, { "dest-uuid": "b9d031bb-d150-4fc6-8025-688201bf3ffd", "type": "included-in" }, { "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "type": "detects" }, { "dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89", "type": "detects" } ], "uuid": "b9d031bb-d150-4fc6-8025-688201bf3ffd", "value": "Firmware Modification" }, { "description": "Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9", "type": "detects" }, { "dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334", "type": "detects" }, { "dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771", "type": "detects" }, { "dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff", "type": "detects" }, { "dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3", "type": "detects" }, { "dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b", "type": "detects" }, { "dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3", "type": "detects" }, { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "type": "detects" }, { "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "type": "detects" }, { "dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "1f9012ef-1e10-4e48-915e-e03563435fe8", "type": "detects" }, { "dest-uuid": "208884f1-7b83-4473-ac22-4e1cf6c41471", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8", "type": "detects" }, { "dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c", "type": "detects" }, { "dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c", "type": "detects" }, { "dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "type": "detects" }, { "dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e", "type": "detects" }, { "dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490", "type": "detects" }, { "dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d", "type": "detects" }, { "dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9", "type": "detects" }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "type": "detects" }, { "dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc", "type": "detects" }, { "dest-uuid": "3a40f208-a9c1-4efa-a598-4003c3681fb8", "type": "detects" }, { "dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a", "type": "detects" }, { "dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "type": "detects" }, { "dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927", "type": "detects" }, { "dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611", "type": "detects" }, { "dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179", "type": "detects" }, { "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", "type": "detects" }, { "dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f", "type": "detects" }, { "dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054", "type": "detects" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2", "type": "detects" }, { "dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b", "type": "detects" }, { "dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb", "type": "detects" }, { "dest-uuid": "63220765-d418-44de-8fae-694b3912317d", "type": "detects" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9", "type": "detects" }, { "dest-uuid": "69e5226d-05dc-4f15-95d7-44f5ed78d06e", "type": "detects" }, { "dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4", "type": "detects" }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "type": "detects" }, { "dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5", "type": "detects" }, { "dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69", "type": "detects" }, { "dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21", "type": "detects" }, { "dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236", "type": "detects" }, { "dest-uuid": "7efba77e-3bc4-4ca5-8292-d8201dcd64b5", "type": "detects" }, { "dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d", "type": "detects" }, { "dest-uuid": "84572de3-9583-4c73-aabd-06ea88123dd8", "type": "included-in" }, { "dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3", "type": "detects" }, { "dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103", "type": "detects" }, { "dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d", "type": "detects" }, { "dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5", "type": "detects" }, { "dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd", "type": "detects" }, { "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", "type": "detects" }, { "dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279", "type": "detects" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6", "type": "detects" }, { "dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21", "type": "detects" }, { "dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931", "type": "detects" }, { "dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2", "type": "detects" }, { "dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2", "type": "detects" }, { "dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "type": "detects" }, { "dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b", "type": "detects" }, { "dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f", "type": "detects" }, { "dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99", "type": "detects" }, { "dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0", "type": "detects" }, { "dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf", "type": "detects" }, { "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "type": "detects" }, { "dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253", "type": "detects" }, { "dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591", "type": "detects" }, { "dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f", "type": "detects" }, { "dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33", "type": "detects" }, { "dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb", "type": "detects" }, { "dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c", "type": "detects" }, { "dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605", "type": "detects" }, { "dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211", "type": "detects" }, { "dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" }, { "dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11", "type": "detects" }, { "dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e", "type": "detects" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "type": "detects" }, { "dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "type": "detects" }, { "dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5", "type": "detects" }, { "dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd", "type": "detects" }, { "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", "type": "detects" }, { "dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d", "type": "detects" } ], "uuid": "84572de3-9583-4c73-aabd-06ea88123dd8", "value": "File Modification" }, { "description": "Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group", "meta": { "refs": [] }, "related": [ { "dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce", "type": "detects" }, { "dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2", "type": "detects" }, { "dest-uuid": "8d8c7cac-94cf-4726-8989-cab33851168c", "type": "included-in" } ], "uuid": "8d8c7cac-94cf-4726-8989-cab33851168c", "value": "Group Metadata" }, { "description": "Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "05d5b5b4-ef93-4807-b05f-33d8c5a35bc5", "type": "included-in" }, { "dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27", "type": "detects" }, { "dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306", "type": "detects" } ], "uuid": "05d5b5b4-ef93-4807-b05f-33d8c5a35bc5", "value": "Group Modification" }, { "description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3", "type": "detects" }, { "dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7", "type": "detects" }, { "dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9", "type": "detects" }, { "dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0", "type": "detects" }, { "dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172", "type": "detects" }, { "dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01", "type": "detects" }, { "dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858", "type": "detects" }, { "dest-uuid": "39131305-9282-45e4-ac3b-591d2d4fc3ef", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7", "type": "detects" }, { "dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5", "type": "detects" }, { "dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a", "type": "detects" }, { "dest-uuid": "4f14e30b-8b57-4a7b-9093-2c0778ea99cf", "type": "detects" }, { "dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d", "type": "detects" }, { "dest-uuid": "670a4d75-103b-4b14-8a9e-4652fa795edd", "type": "detects" }, { "dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da", "type": "detects" }, { "dest-uuid": "85a533a4-5fa4-4dba-b45d-f0717bedd6e6", "type": "included-in" }, { "dest-uuid": "8605a0ec-b44a-4e98-a7fc-87d4bd3acb66", "type": "detects" }, { "dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59", "type": "detects" }, { "dest-uuid": "9558a84e-2d5e-4872-918e-d847494a8ffc", "type": "detects" }, { "dest-uuid": "a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "bef8aaee-961d-4359-a308-4c2182bcedff", "type": "detects" }, { "dest-uuid": "c08366bb-8d11-4921-853f-f0a3b6a2a1da", "type": "detects" }, { "dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4", "type": "detects" }, { "dest-uuid": "c6e17ca2-08b5-4379-9786-89bd05241831", "type": "detects" }, { "dest-uuid": "cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3", "type": "detects" }, { "dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783", "type": "detects" }, { "dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab", "type": "detects" }, { "dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd", "type": "detects" }, { "dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57", "type": "detects" }, { "dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc", "type": "detects" } ], "uuid": "85a533a4-5fa4-4dba-b45d-f0717bedd6e6", "value": "Host Status" }, { "description": "Contextual data about an instance and activity around it such as name, type, or status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1", "type": "detects" }, { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "45fd904d-6eb0-4b50-8478-a961f09f898b", "type": "included-in" }, { "dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761", "type": "detects" }, { "dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4", "type": "detects" }, { "dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c", "type": "detects" } ], "uuid": "45fd904d-6eb0-4b50-8478-a961f09f898b", "value": "Instance Metadata" }, { "description": "Contextual data about a virtual machine image such as name, resource group, state, or type", "meta": { "refs": [] }, "related": [ { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", "type": "detects" }, { "dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d", "type": "detects" }, { "dest-uuid": "b597a220-6510-4397-b0d8-342cd2c58827", "type": "included-in" } ], "uuid": "b597a220-6510-4397-b0d8-342cd2c58827", "value": "Image Metadata" }, { "description": "Changes made to an instance, including its settings and/or control data (ex: instance.addResourcePolicies or instances.setMetadata within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1", "type": "detects" }, { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "45d0ff14-b9c4-41f5-8603-156657c20b75", "type": "included-in" } ], "uuid": "45d0ff14-b9c4-41f5-8603-156657c20b75", "value": "Instance Modification" }, { "description": "Changes made to a virtual machine image, including setting and/or control data (ex: Azure Compute Service Images PATCH)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "071a09b1-8945-46fd-8bb7-6bcc89400963", "type": "included-in" }, { "dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f", "type": "detects" } ], "uuid": "071a09b1-8945-46fd-8bb7-6bcc89400963", "value": "Image Modification" }, { "description": "Activation or invocation of an instance (ex: instance.start within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1", "type": "detects" }, { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5", "type": "detects" }, { "dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec", "type": "detects" }, { "dest-uuid": "f8213cde-6b3a-420d-9ab7-41c9af1a919f", "type": "included-in" } ], "uuid": "f8213cde-6b3a-420d-9ab7-41c9af1a919f", "value": "Instance Start" }, { "description": "Deactivation or stoppage of an instance (ex: instance.stop within GCP Audit Logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1", "type": "detects" }, { "dest-uuid": "1361e324-b594-4c0e-a517-20cee32b8d7f", "type": "included-in" }, { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" } ], "uuid": "1361e324-b594-4c0e-a517-20cee32b8d7f", "value": "Instance Stop" }, { "description": "Attaching a module into the memory of a process/program, typically to access shared resources/features provided by the module (ex: Sysmon EID 7)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5", "type": "detects" }, { "dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65", "type": "detects" }, { "dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d", "type": "detects" }, { "dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847", "type": "detects" }, { "dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf", "type": "detects" }, { "dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d", "type": "detects" }, { "dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53", "type": "detects" }, { "dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad", "type": "detects" }, { "dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64", "type": "detects" }, { "dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34", "type": "detects" }, { "dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336", "type": "detects" }, { "dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42", "type": "detects" }, { "dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8", "type": "detects" }, { "dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670", "type": "detects" }, { "dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83", "type": "detects" }, { "dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4", "type": "detects" }, { "dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a", "type": "detects" }, { "dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f", "type": "detects" }, { "dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462", "type": "detects" }, { "dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc", "type": "detects" }, { "dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba", "type": "detects" }, { "dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f", "type": "detects" }, { "dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc", "type": "detects" }, { "dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825", "type": "detects" }, { "dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35", "type": "detects" }, { "dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd", "type": "detects" }, { "dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071", "type": "detects" }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "type": "detects" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "type": "detects" }, { "dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c", "type": "detects" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "type": "detects" }, { "dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5", "type": "detects" }, { "dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a", "type": "detects" }, { "dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db", "type": "detects" }, { "dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7", "type": "detects" }, { "dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec", "type": "detects" }, { "dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab", "type": "detects" }, { "dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae", "type": "detects" }, { "dest-uuid": "c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1", "type": "included-in" }, { "dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd", "type": "detects" }, { "dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67", "type": "detects" }, { "dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b", "type": "detects" }, { "dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4", "type": "detects" }, { "dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3", "type": "detects" }, { "dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a", "type": "detects" }, { "dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4", "type": "detects" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "type": "detects" }, { "dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84", "type": "detects" }, { "dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed", "type": "detects" }, { "dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490", "type": "detects" }, { "dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335", "type": "detects" } ], "uuid": "c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1", "value": "Module Load" }, { "description": "Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information", "meta": { "refs": [] }, "related": [ { "dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0", "type": "detects" }, { "dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf", "type": "detects" }, { "dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970", "type": "detects" }, { "dest-uuid": "93a6e38c-02a5-44d8-9035-b2e08459f31f", "type": "included-in" }, { "dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0", "type": "detects" }, { "dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1", "type": "detects" }, { "dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15", "type": "detects" }, { "dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf", "type": "detects" } ], "uuid": "93a6e38c-02a5-44d8-9035-b2e08459f31f", "value": "Malware Metadata" }, { "description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.", "meta": { "refs": [] }, "related": [ { "dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073", "type": "detects" }, { "dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0", "type": "detects" }, { "dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2", "type": "detects" }, { "dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b", "type": "detects" }, { "dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1", "type": "detects" }, { "dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830", "type": "detects" }, { "dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497", "type": "detects" }, { "dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a", "type": "detects" }, { "dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736", "type": "detects" }, { "dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2", "type": "detects" }, { "dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b", "type": "detects" }, { "dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48", "type": "detects" }, { "dest-uuid": "ee575f4a-2d4f-48f6-b18b-89067760adc1", "type": "included-in" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "type": "detects" }, { "dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6", "type": "detects" } ], "uuid": "ee575f4a-2d4f-48f6-b18b-89067760adc1", "value": "Process Metadata" }, { "description": "Contextual data about a pod and activity around it such as name, ID, namespace, or status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "c0edd522-0aef-46b3-8efa-2bd334ce4242", "type": "included-in" } ], "uuid": "c0edd522-0aef-46b3-8efa-2bd334ce4242", "value": "Pod Metadata" }, { "description": "Changes made to a process, or its contents, typically to write and/or execute code in the memory of the target process (ex: Sysmon EID 8)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6", "type": "detects" }, { "dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d", "type": "detects" }, { "dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47", "type": "detects" }, { "dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054", "type": "detects" }, { "dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605", "type": "detects" }, { "dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662", "type": "detects" }, { "dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4", "type": "detects" }, { "dest-uuid": "d5fca4e4-e47a-487b-873f-3d22f8865e96", "type": "included-in" }, { "dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744", "type": "detects" }, { "dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f", "type": "detects" }, { "dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99", "type": "detects" }, { "dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945", "type": "detects" } ], "uuid": "d5fca4e4-e47a-487b-873f-3d22f8865e96", "value": "Process Modification" }, { "description": "Changes made to a pod, including its settings and/or control data (ex: kubectl set|patch|edit)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92", "type": "detects" }, { "dest-uuid": "672b2ebd-4310-4efe-bf03-7ab005298a74", "type": "included-in" } ], "uuid": "672b2ebd-4310-4efe-bf03-7ab005298a74", "value": "Pod Modification" }, { "description": "Contextual data about an Internet-facing resource gathered from a scan, such as running services or ports", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2", "type": "detects" }, { "dest-uuid": "1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da", "type": "included-in" }, { "dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0", "type": "detects" }, { "dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337", "type": "detects" }, { "dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795", "type": "detects" }, { "dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9", "type": "detects" }, { "dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5", "type": "detects" } ], "uuid": "1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da", "value": "Response Metadata" }, { "description": "Contextual data about a snapshot, which may include information such as ID, type, and status", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "8bc66f94-54a9-4be4-bdd1-fe90df643774", "type": "included-in" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" }, { "dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1", "type": "detects" } ], "uuid": "8bc66f94-54a9-4be4-bdd1-fe90df643774", "value": "Snapshot Metadata" }, { "description": "Contextual data about a service/daemon, which may include information such as name, service executable, start type, etc.", "meta": { "refs": [] }, "related": [ { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0", "type": "detects" }, { "dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65", "type": "detects" }, { "dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979", "type": "detects" }, { "dest-uuid": "74fa567d-bc90-425c-8a41-3c703abb221c", "type": "included-in" }, { "dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c", "type": "detects" }, { "dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd", "type": "detects" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" }, { "dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6", "type": "detects" }, { "dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7", "type": "detects" }, { "dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a", "type": "detects" } ], "uuid": "74fa567d-bc90-425c-8a41-3c703abb221c", "value": "Service Metadata" }, { "description": "Established, compromised, or otherwise acquired social media personas", "meta": { "refs": [] }, "related": [ { "dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d", "type": "detects" }, { "dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a", "type": "detects" }, { "dest-uuid": "8fb2f315-1aca-4cef-ae0d-8105e1f95985", "type": "included-in" }, { "dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928", "type": "detects" }, { "dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8", "type": "detects" } ], "uuid": "8fb2f315-1aca-4cef-ae0d-8105e1f95985", "value": "Social Media" }, { "description": "Changes made to a snapshop, such as metadata and control data (ex: AWS modify-snapshot-attribute)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6", "type": "detects" }, { "dest-uuid": "f1eb6ea9-f3ab-414f-af35-2d5427199984", "type": "included-in" } ], "uuid": "f1eb6ea9-f3ab-414f-af35-2d5427199984", "value": "Snapshot Modification" }, { "description": "Changes made to a service/daemon, such as changes to name, description, and/or start type (ex: Windows EID 7040 or /var/log daemon logs)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5", "type": "detects" }, { "dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c", "type": "detects" }, { "dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32", "type": "detects" }, { "dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba", "type": "detects" }, { "dest-uuid": "66531bc6-a509-4868-8314-4d599e91d222", "type": "included-in" }, { "dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584", "type": "detects" }, { "dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b", "type": "detects" } ], "uuid": "66531bc6-a509-4868-8314-4d599e91d222", "value": "Service Modification" }, { "description": "Contextual data about a cloud volume and activity around it, such as id, type, state, and size", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0f72bf50-35b3-419d-ab95-70f9b6a818dd", "type": "included-in" }, { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" } ], "uuid": "0f72bf50-35b3-419d-ab95-70f9b6a818dd", "value": "Volume Metadata" }, { "description": "Changes made to a cloud volume, including its settings and control data (ex: AWS modify-volume)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90", "type": "detects" }, { "dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665", "type": "detects" }, { "dest-uuid": "d46272ce-a0fe-4256-855e-738de7bb63ee", "type": "included-in" } ], "uuid": "d46272ce-a0fe-4256-855e-738de7bb63ee", "value": "Volume Modification" }, { "description": "Notifications generated by the OS", "meta": { "refs": [] }, "related": [ { "dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b", "type": "detects" }, { "dest-uuid": "233fe2c0-cb41-4765-b454-e0087597fbce", "type": "detects" }, { "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", "type": "detects" }, { "dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e", "type": "detects" }, { "dest-uuid": "789ef15a-34d9-4b32-a779-8cbbc9eb32f5", "type": "detects" }, { "dest-uuid": "9ef05e3d-52db-4c12-be4f-519214bbe91f", "type": "detects" }, { "dest-uuid": "bf0ff551-a5a7-40e5-bff9-f9405011b1f4", "type": "included-in" }, { "dest-uuid": "d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d", "type": "detects" }, { "dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780", "type": "detects" }, { "dest-uuid": "ec4c4baa-026f-43e8-8f56-58c36f3162dd", "type": "detects" }, { "dest-uuid": "f856eaab-e84a-4265-a8a2-7bf37e5dc2fc", "type": "detects" } ], "uuid": "bf0ff551-a5a7-40e5-bff9-f9405011b1f4", "value": "System Notifications" }, { "description": "Permissions declared in an application's manifest or property list file", "meta": { "refs": [] }, "related": [ { "dest-uuid": "08ea902d-ecb5-47ed-a453-2798057bb2d3", "type": "detects" }, { "dest-uuid": "0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", "type": "detects" }, { "dest-uuid": "11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", "type": "detects" }, { "dest-uuid": "1d1b1558-c833-482e-aabb-d07ef6eae63d", "type": "detects" }, { "dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258", "type": "detects" }, { "dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8", "type": "detects" }, { "dest-uuid": "3775a580-a1d1-46c4-8147-c614a715f2e9", "type": "detects" }, { "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "type": "detects" }, { "dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286", "type": "detects" }, { "dest-uuid": "4c58b7c6-a839-4789-bda9-9de33e4d4512", "type": "detects" }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "type": "detects" }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "type": "detects" }, { "dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc", "type": "detects" }, { "dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242", "type": "detects" }, { "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", "type": "detects" }, { "dest-uuid": "a8e971b8-8dc7-4514-8249-ae95427ec467", "type": "detects" }, { "dest-uuid": "a9fa0d30-a8ff-45bf-922e-7720da0b7922", "type": "detects" }, { "dest-uuid": "ab7400b7-3476-4776-9545-ef3fa373de63", "type": "detects" }, { "dest-uuid": "b1c95426-2550-4621-8028-ceebf28b3a47", "type": "detects" }, { "dest-uuid": "b1e0bb80-23d4-44f2-b919-7e9c54898f43", "type": "included-in" }, { "dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002", "type": "detects" }, { "dest-uuid": "d446b9f0-06a9-4a8d-97ee-298cfee84f14", "type": "detects" }, { "dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd", "type": "detects" }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "type": "detects" }, { "dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", "type": "detects" }, { "dest-uuid": "e2c2249a-eb82-4614-8dd4-9c514dde65e2", "type": "detects" }, { "dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780", "type": "detects" }, { "dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", "type": "detects" } ], "uuid": "b1e0bb80-23d4-44f2-b919-7e9c54898f43", "value": "Permissions Requests" }, { "description": "System prompts triggered when an application requests new or additional permissions", "meta": { "refs": [] }, "related": [ { "dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13", "type": "detects" }, { "dest-uuid": "08ea902d-ecb5-47ed-a453-2798057bb2d3", "type": "detects" }, { "dest-uuid": "0b761f2b-197a-40f2-b100-8152cb957c0c", "type": "detects" }, { "dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc", "type": "detects" }, { "dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242", "type": "detects" }, { "dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848", "type": "detects" }, { "dest-uuid": "e2f72131-14d1-411f-8e8c-aa3453dd5456", "type": "included-in" } ], "uuid": "e2f72131-14d1-411f-8e8c-aa3453dd5456", "value": "Permissions Request" }, { "description": "Exit of a running process (ex: Sysmon EID 5 or Windows EID 4689)", "meta": { "refs": [] }, "related": [ { "dest-uuid": "20b0931a-8952-42ca-975f-775bad295f1a", "type": "detects" }, { "dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b", "type": "detects" }, { "dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529", "type": "detects" }, { "dest-uuid": "61f1d40e-f3d0-4cc6-aa2d-937b6204194f", "type": "included-in" }, { "dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579", "type": "detects" } ], "uuid": "61f1d40e-f3d0-4cc6-aa2d-937b6204194f", "value": "Process Termination" }, { "description": "Settings visible to the user on the device", "meta": { "refs": [] }, "related": [ { "dest-uuid": "0cdd66ad-26ac-4338-a764-4972a1e17ee3", "type": "detects" }, { "dest-uuid": "0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d", "type": "detects" }, { "dest-uuid": "11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e", "type": "detects" }, { "dest-uuid": "1d1b1558-c833-482e-aabb-d07ef6eae63d", "type": "detects" }, { "dest-uuid": "2aa78dfd-cb6f-4c70-9408-137cfd96be49", "type": "detects" }, { "dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69", "type": "detects" }, { "dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2", "type": "detects" }, { "dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286", "type": "detects" }, { "dest-uuid": "4c58b7c6-a839-4789-bda9-9de33e4d4512", "type": "detects" }, { "dest-uuid": "56c2b384-77f8-461f-a71a-76f7888ebfb6", "type": "included-in" }, { "dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760", "type": "detects" }, { "dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e", "type": "detects" }, { "dest-uuid": "79cb02f4-ac4e-4335-8b51-425c9573cce1", "type": "detects" }, { "dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4", "type": "detects" }, { "dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc", "type": "detects" }, { "dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242", "type": "detects" }, { "dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad", "type": "detects" }, { "dest-uuid": "a8e971b8-8dc7-4514-8249-ae95427ec467", "type": "detects" }, { "dest-uuid": "a9fa0d30-a8ff-45bf-922e-7720da0b7922", "type": "detects" }, { "dest-uuid": "ab7400b7-3476-4776-9545-ef3fa373de63", "type": "detects" }, { "dest-uuid": "acf8fd2a-dc98-43b4-8d37-64e10728e591", "type": "detects" }, { "dest-uuid": "b1c95426-2550-4621-8028-ceebf28b3a47", "type": "detects" }, { "dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b", "type": "detects" }, { "dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002", "type": "detects" }, { "dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62", "type": "detects" }, { "dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6", "type": "detects" }, { "dest-uuid": "dc01774a-d1c1-45fb-b506-0a5d1d6593d9", "type": "detects" }, { "dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86", "type": "detects" }, { "dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780", "type": "detects" }, { "dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3", "type": "detects" }, { "dest-uuid": "f05fc151-aa62-47e3-ae57-2d1b23d64bf6", "type": "detects" }, { "dest-uuid": "fc53309d-ebd5-4573-9242-57024ebdad4f", "type": "detects" }, { "dest-uuid": "fcb11f06-ce0e-490b-bcc1-04a1623579f0", "type": "detects" } ], "uuid": "56c2b384-77f8-461f-a71a-76f7888ebfb6", "value": "System Settings" } ], "version": 1 }