Analytics Alerts
Browse the Cortex analytics alert reference.
249 alerts match the current filters. tactic: TA0005 ✕
Show list12 tactics · 56 techniques · cell shade = number of matching alerts; click a cell to list them.
Initial Access
12 alerts
Execution
10 alerts
Persistence
21 alerts
- Hijack Execution Flow (6)
- Modify Authentication Process (4)
- Account Manipulation (3)
- Masquerading (3)
- Use Alternate Authentication Material (3)
- Create or Modify System Process (2)
- Hide Artifacts (2)
- Impair Defenses (2)
- Process Injection (2)
- Valid Accounts (2)
- Cloud Application Integration (1)
- Compromise Host Software Binary (1)
- Create Account (1)
- Domain or Tenant Policy Modification (1)
- Scheduled Task/Job (1)
- System Binary Proxy Execution (1)
Privilege Escalation
16 alerts
Defense Evasion
249 alerts
- Impair Defenses (82)
- Masquerading (24)
- System Binary Proxy Execution (22)
- Process Injection (15)
- Valid Accounts (15)
- Hide Artifacts (14)
- Impersonation (12)
- User Execution (10)
- Abuse Elevation Control Mechanism (9)
- Indicator Removal (9)
- Modify Authentication Process (9)
- Modify Cloud Compute Infrastructure (9)
- Obfuscated Files or Information (9)
- Hijack Execution Flow (8)
- Phishing (7)
- Domain or Tenant Policy Modification (5)
- Deobfuscate/Decode Files or Information (4)
- Virtualization/Sandbox Evasion (4)
- Account Manipulation (3)
- Application Layer Protocol (3)
- Data Destruction (3)
- OS Credential Dumping (3)
- Use Alternate Authentication Material (3)
- Create or Modify System Process (2)
- Data Encrypted for Impact (2)
- Data Manipulation (2)
- Data from Cloud Storage (2)
- File and Directory Permissions Modification (2)
- Reflective Code Loading (2)
- Remote Services (2)
- Rogue Domain Controller (2)
- Rootkit (2)
- Transfer Data to Cloud Account (2)
- Trusted Relationship (2)
- Unused/Unsupported Cloud Regions (2)
- Access Token Manipulation (1)
- Cloud Application Integration (1)
- Cloud Infrastructure Discovery (1)
- Cloud Service Discovery (1)
- Compromise Host Software Binary (1)
- Create Account (1)
- Credentials from Password Stores (1)
- Email Collection (1)
- Exfiltration Over Alternative Protocol (1)
- Exploitation for Defense Evasion (1)
- Indirect Command Execution (1)
- Ingress Tool Transfer (1)
- Modify Registry (1)
- Proxy (1)
- Scheduled Task/Job (1)
- Service Stop (1)
- Subvert Trust Controls (1)
- Trusted Developer Utilities Proxy Execution (1)
- Unsecured Credentials (1)
- Weaken Encryption (1)
- Web Service (1)
Credential Access
7 alerts
Discovery
4 alerts
Lateral Movement
2 alerts
Collection
3 alerts
Command and Control
6 alerts
Exfiltration
3 alerts