Security Operations: Out of the Box Alerts Release 11

Related products: Security Operations

The Devo Threat Research Team has just released their January OOTB Alerts for you! This release, available now from the Security Operations Content Manager and brings the total of OOTB Alerts to a whopping 480!  With this release the team added proxy and Windows detections providing more coverage for the following MITRE tactics and Techniques:

MITRE Tactic MITRE Technique
Execution System Services
Command and Control Application Layer Protocol
Command and Control Ingress Tool Transfer
Defense Evasion Valid Accounts
Collection Data from Local System
Defense Evasion Masquerading
Exfiltration Exfiltration Over Web Services
Exfiltration Exfiltration Over Alternative Protocol


These alerts were created with our new research process which should decrease false positives and allow for more actionable alerts.

Read the full release notes here!


Sample of 5 Alerts include din this release:

SecOpsOutboundTrafficToDeviceFlaggedAsThreat A record flagged a destination host from a threat intelligence match list.

SecOpsLolbinDatasvcutil Detects a potentially malicious execution of DataSvcUtil binary.

SecOpsWinSensitiveFiles Detects a new process which involves a Windows local system sensitive file.

SecOpsWinTFTPExecution Detects a potentially malicious execution of TFTP.

SecOpsWinWebclientClassUse Detects a potentially malicious WebClient method execution.

Be the first to reply!