Analytics Alerts
Browse the Cortex analytics alert reference.
155 alerts match the current filters. tactic: TA0001 ✕
Show list14 tactics · 40 techniques · cell shade = number of matching alerts; click a cell to list them.
Reconnaissance
6 alerts
Resource Development
2 alerts
Initial Access
155 alerts
- Valid Accounts (87)
- Phishing (46)
- Trusted Relationship (14)
- User Execution (10)
- External Remote Services (9)
- Unsecured Credentials (9)
- Steal Application Access Token (8)
- Exploit Public-Facing Application (6)
- Phishing for Information (6)
- Brute Force (5)
- Proxy (5)
- Account Manipulation (4)
- Exfiltration Over Alternative Protocol (4)
- Impair Defenses (4)
- Server Software Component (4)
- Modify Authentication Process (3)
- Resource Hijacking (3)
- Abuse Elevation Control Mechanism (2)
- Application Layer Protocol (2)
- Cloud Service Discovery (2)
- Command and Scripting Interpreter (2)
- Compromise Accounts (2)
- Data from Information Repositories (2)
- Forge Web Credentials (2)
- Impersonation (2)
- Non-Standard Port (2)
- Automated Collection (1)
- Automated Exfiltration (1)
- Cloud Service Dashboard (1)
- Data Destruction (1)
- Domain or Tenant Policy Modification (1)
- Exploitation of Remote Services (1)
- Hardware Additions (1)
- Multi-Factor Authentication Request Generation (1)
- OS Credential Dumping (1)
- Process Injection (1)
- Remote Services (1)
- Software Extensions (1)
- Supply Chain Compromise (1)
- Use Alternate Authentication Material (1)
Execution
12 alerts
Persistence
13 alerts
- Valid Accounts (8)
- Account Manipulation (4)
- External Remote Services (4)
- Server Software Component (4)
- Domain or Tenant Policy Modification (1)
- Forge Web Credentials (1)
- Multi-Factor Authentication Request Generation (1)
- Remote Services (1)
- Software Extensions (1)
- Supply Chain Compromise (1)
- Trusted Relationship (1)
Privilege Escalation
7 alerts
Defense Evasion
12 alerts
Credential Access
17 alerts
- Valid Accounts (13)
- Unsecured Credentials (9)
- Steal Application Access Token (8)
- Brute Force (5)
- Exploit Public-Facing Application (2)
- Forge Web Credentials (2)
- Phishing (2)
- Trusted Relationship (2)
- Account Manipulation (1)
- Command and Scripting Interpreter (1)
- Modify Authentication Process (1)
- Multi-Factor Authentication Request Generation (1)
- OS Credential Dumping (1)
- Use Alternate Authentication Material (1)
- User Execution (1)
Discovery
2 alerts
Lateral Movement
3 alerts
Collection
3 alerts
Command and Control
7 alerts
Exfiltration
5 alerts
Impact
4 alerts