Analytics Alerts
Browse the Cortex analytics alert reference.
194 alerts match the current filters. tactic: TA0006 ✕
Show list10 tactics · 37 techniques · cell shade = number of matching alerts; click a cell to list them.
Resource Development
14 alerts
Initial Access
17 alerts
- Valid Accounts (13)
- Unsecured Credentials (9)
- Steal Application Access Token (8)
- Brute Force (5)
- Exploit Public-Facing Application (2)
- Forge Web Credentials (2)
- Phishing (2)
- Trusted Relationship (2)
- Account Manipulation (1)
- Command and Scripting Interpreter (1)
- Modify Authentication Process (1)
- Multi-Factor Authentication Request Generation (1)
- OS Credential Dumping (1)
- Use Alternate Authentication Material (1)
- User Execution (1)
Execution
11 alerts
Persistence
11 alerts
Privilege Escalation
4 alerts
Defense Evasion
7 alerts
Credential Access
194 alerts
- Unsecured Credentials (55)
- Brute Force (49)
- OS Credential Dumping (21)
- Credentials from Password Stores (18)
- Valid Accounts (18)
- Steal Application Access Token (15)
- Compromise Accounts (14)
- Steal or Forge Authentication Certificates (12)
- Steal or Forge Kerberos Tickets (12)
- Adversary-in-the-Middle (10)
- Modify Authentication Process (9)
- User Execution (9)
- Account Discovery (7)
- Forge Web Credentials (6)
- Use Alternate Authentication Material (6)
- Account Manipulation (5)
- Forced Authentication (5)
- Data from Cloud Storage (3)
- File and Directory Discovery (3)
- Multi-Factor Authentication Request Generation (3)
- Network Sniffing (3)
- Cloud Service Discovery (2)
- Exploit Public-Facing Application (2)
- Input Capture (2)
- Phishing (2)
- Rogue Domain Controller (2)
- System Service Discovery (2)
- Trusted Relationship (2)
- Command and Scripting Interpreter (1)
- Deobfuscate/Decode Files or Information (1)
- Exploitation of Remote Services (1)
- Hide Artifacts (1)
- Remote Services (1)
- Steal Web Session Cookie (1)
- System Information Discovery (1)
- System Owner/User Discovery (1)
- Windows Management Instrumentation (1)
Discovery
15 alerts
- Account Discovery (7)
- Steal or Forge Authentication Certificates (4)
- Credentials from Password Stores (3)
- File and Directory Discovery (3)
- Network Sniffing (3)
- OS Credential Dumping (3)
- Brute Force (2)
- Cloud Service Discovery (2)
- System Service Discovery (2)
- Steal or Forge Kerberos Tickets (1)
- System Information Discovery (1)
- System Owner/User Discovery (1)
- Unsecured Credentials (1)
Lateral Movement
8 alerts