Security Alerts Rules
9 detection rules in this category.
| Rule | Severity | MITRE | Source |
|---|---|---|---|
| Command and control | Critical | T1071 | SecurityAlert |
| Credential theft activity | Critical | T1003 | SecurityAlert |
| Data exfiltration | Critical | T1567 | SecurityAlert |
| High severity security alert | Critical | Various | SecurityAlert |
| Lateral movement | Critical | T1021 | SecurityAlert |
| Malware detected | Critical | T1204.002 | SecurityAlert |
| Medium severity security alert | High | Various | SecurityAlert |
| Privilege escalation | Critical | T1068 | SecurityAlert |
| Ransomware activity | Critical | T1486 | SecurityAlert |
Command and control
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1071 (Command and Control) |
Command and control activity detected
Conditions
- Match: all
categoryContainsCommandAndControl
Credential theft activity
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1003 (Credential Access) |
Credential theft activity detected
Conditions
- Match: all
categoryContainsCredentialAccess
Data exfiltration
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1567 (Exfiltration) |
Potential data exfiltration detected
Conditions
- Match: all
categoryContainsExfiltration
High severity security alert
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | Various (Multiple) |
High severity Microsoft Defender alert
Conditions
- Match: all
severityEqualshigh
Lateral movement
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1021 (Lateral Movement) |
Lateral movement detected
Conditions
- Match: all
categoryContainsLateralMovement
Malware detected
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1204.002 (Execution) |
Malware detected by Microsoft Defender
Conditions
- Match: all
categoryContainsMalware
Medium severity security alert
| Property | Value |
|---|---|
| Severity | 🟠 High |
| Source | SecurityAlert |
| MITRE | Various (Multiple) |
Medium severity Microsoft Defender alert
Conditions
- Match: all
severityEqualsmedium
Privilege escalation
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1068 (Privilege Escalation) |
Privilege escalation detected
Conditions
- Match: all
categoryContainsPrivilegeEscalation
Ransomware activity
| Property | Value |
|---|---|
| Severity | 🔴 Critical |
| Source | SecurityAlert |
| MITRE | T1486 (Impact) |
Potential ransomware activity detected
Conditions
- Match: all
categoryContainsRansomware