The Devo Threat Research Team has just released their January OOTB Alerts for you! This release, available now from the Security Operations Content Manager and brings the total of OOTB Alerts to a whopping 480! With this release the team added proxy and Windows detections providing more coverage for the following MITRE tactics and Techniques:
| MITRE Tactic | MITRE Technique |
|---|---|
| Execution | System Services |
| Command and Control | Application Layer Protocol |
| Command and Control | Ingress Tool Transfer |
| Defense Evasion | Valid Accounts |
| Collection | Data from Local System |
| Defense Evasion | Masquerading |
| Exfiltration | Exfiltration Over Web Services |
| Exfiltration | Exfiltration Over Alternative Protocol |
These alerts were created with our new research process which should decrease false positives and allow for more actionable alerts.
Read the full release notes here!
Sample of 5 Alerts include din this release:
SecOpsOutboundTrafficToDeviceFlaggedAsThreat A record flagged a destination host from a threat intelligence match list.
SecOpsLolbinDatasvcutil Detects a potentially malicious execution of DataSvcUtil binary.
SecOpsWinSensitiveFiles Detects a new process which involves a Windows local system sensitive file.
SecOpsWinTFTPExecution Detects a potentially malicious execution of TFTP.
SecOpsWinWebclientClassUse Detects a potentially malicious WebClient method execution.