The Devo SciSec Team (Devo’s Threat Research Team) has released our third alert pack in all Devo domains! This alert pack brings our SecOps related content to our non-SecOps customers and can help jumpstart your threat coverage. 

Alert Pack - Initial Access

This release brings a multitude of detections that will alert when an attacker is using common initial access tactics.  These alerts will provide your team with actionable information as soon as the attackers attempt to gain access to your environments and attempt to start making longer lasting impacts to your systems.

Complete information on this threat vector.

“Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.”
 

Download now directly from Devo Exchange by clicking here.

Full release notes and details of every alert in this Alert Pack.

Here is a sample of a few of the alerts included:
SecOpsO365PhishAttempt - Adversaries may send victims emails containing malicious attachments or links, typically to execute malicious code on victim systems.

SecOpsWinAdminRemoteLogon - Detects remote logins by an administrative user account. Administrative account names are tailored to the organization's specific naming conventions.

SecOpsProofpointTAPUserReceivedMalwareEmail - Proofpoint TAP detected a user receiving an email with a malware score of 75 or higher. Records indicating the email was permitted will have a higher signal score compared to those automatically blocked by Proofpoint.

SecOpsAWSRootLogin - This detection filters by cloudtrail events with ConsoleLogin as eventName and userName equal to root.

SecOpsO365PowerShellActivity - This alert catches uses of PowerShell in the O365 environment.