├── .gitignore ├── DataSources ├── AMAG │ └── Symmetry_Access_Control │ │ ├── 2_ds_amag_symmetry_access_control.md │ │ ├── Ps │ │ ├── pC_amagbadgeaccess.md │ │ ├── pC_cefamagbadgeaccess1.md │ │ ├── pC_cefamagbadgeaccess2.md │ │ ├── pC_cefamagbadgeaccessfailed1.md │ │ ├── pC_cefamagbadgeaccessfailed2.md │ │ ├── pC_cefamagbadgeaccessfailed3.md │ │ └── pC_samagbadgeaccess.md │ │ ├── RM │ │ ├── r_m_amag_symmetry_access_control_Abnormal_Authentication_&_Access.md │ │ ├── r_m_amag_symmetry_access_control_Physical_Security.md │ │ └── r_m_amag_symmetry_access_control_Privileged_Activity.md │ │ └── ds_amag_symmetry_access_control.md ├── AMD │ └── Pensando │ │ ├── Ps │ │ └── pC_pensandoflowcreate.md │ │ ├── RM │ │ ├── r_m_amd_pensando_Lateral_Movement.md │ │ └── r_m_amd_pensando_Malware.md │ │ └── ds_amd_pensando.md ├── APC │ └── APC │ │ ├── Ps │ │ ├── pC_apcauthenticationfailed.md │ │ ├── pC_apcdlpemailalertin.md │ │ ├── pC_apcdlpemailalertinfailed.md │ │ ├── pC_apcnetworkalert.md │ │ └── pC_apcremotelogon.md │ │ ├── RM │ │ ├── r_m_apc_apc_Abnormal_Authentication_&_Access.md │ │ ├── r_m_apc_apc_Compromised_Credentials.md │ │ ├── r_m_apc_apc_Lateral_Movement.md │ │ ├── r_m_apc_apc_Malware.md │ │ ├── r_m_apc_apc_Privilege_Abuse.md │ │ ├── r_m_apc_apc_Privilege_Escalation.md │ │ ├── r_m_apc_apc_Privileged_Activity.md │ │ └── r_m_apc_apc_Ransomware.md │ │ └── ds_apc_apc.md ├── ASUPIM │ └── ASUPIM │ │ ├── Ps │ │ └── pC_cefasupimprintevent.md │ │ ├── RM │ │ ├── r_m_asupim_asupim_Abnormal_Authentication_&_Access.md │ │ └── r_m_asupim_asupim_Data_Leak.md │ │ └── ds_asupim_asupim.md ├── AVI_Networks │ └── Load_Balancer │ │ ├── Ps │ │ └── pC_avilbapplogin.md │ │ ├── RM │ │ ├── r_m_avi_networks_load_balancer_Abnormal_Authentication_&_Access.md │ │ ├── r_m_avi_networks_load_balancer_Compromised_Credentials.md │ │ ├── r_m_avi_networks_load_balancer_Data_Access.md │ │ ├── r_m_avi_networks_load_balancer_Lateral_Movement.md │ │ ├── r_m_avi_networks_load_balancer_Malware.md │ │ ├── r_m_avi_networks_load_balancer_Privilege_Abuse.md │ │ ├── r_m_avi_networks_load_balancer_Privileged_Activity.md │ │ └── r_m_avi_networks_load_balancer_Ransomware.md │ │ └── ds_avi_networks_load_balancer.md ├── Abnormal_Security │ └── Abnormal_Security │ │ ├── Ps │ │ ├── pC_abnormaldlpemailalert.md │ │ └── pC_abnormalsecurityalert.md │ │ ├── RM │ │ ├── r_m_abnormal_security_abnormal_security_Compromised_Credentials.md │ │ ├── r_m_abnormal_security_abnormal_security_Data_Leak.md │ │ ├── r_m_abnormal_security_abnormal_security_Lateral_Movement.md │ │ ├── r_m_abnormal_security_abnormal_security_Malware.md │ │ ├── r_m_abnormal_security_abnormal_security_Phishing.md │ │ ├── r_m_abnormal_security_abnormal_security_Privilege_Abuse.md │ │ ├── r_m_abnormal_security_abnormal_security_Privileged_Activity.md │ │ └── r_m_abnormal_security_abnormal_security_Workforce_Protection.md │ │ └── ds_abnormal_security_abnormal_security.md ├── Absolute │ └── Absolute_SIEM_Connector │ │ ├── Ps │ │ ├── pC_absoluteappactivity.md │ │ ├── pC_absoluteappactivity1.md │ │ ├── pC_absoluteapplogin.md │ │ └── pC_cefabsolutesecurityalert.md │ │ ├── RM │ │ ├── r_m_absolute_absolute_siem_connector_Abnormal_Authentication_&_Access.md │ │ ├── r_m_absolute_absolute_siem_connector_Account_Manipulation.md │ │ ├── r_m_absolute_absolute_siem_connector_Compromised_Credentials.md │ │ ├── r_m_absolute_absolute_siem_connector_Data_Access.md │ │ ├── r_m_absolute_absolute_siem_connector_Data_Leak.md │ │ ├── r_m_absolute_absolute_siem_connector_Lateral_Movement.md │ │ ├── r_m_absolute_absolute_siem_connector_Malware.md │ │ ├── r_m_absolute_absolute_siem_connector_Privilege_Abuse.md │ │ ├── r_m_absolute_absolute_siem_connector_Privilege_Escalation.md │ │ ├── r_m_absolute_absolute_siem_connector_Privileged_Activity.md │ │ └── r_m_absolute_absolute_siem_connector_Ransomware.md │ │ └── ds_absolute_absolute_siem_connector.md ├── Accellion │ └── Kiteworks │ │ ├── 2_ds_accellion_kiteworks.md │ │ ├── Ps │ │ ├── pC_acceliondlpalert.md │ │ ├── pC_accelionkiteapp3.md │ │ ├── pC_accelionkiteappactivity2.md │ │ ├── pC_accelionkiteappactivity3.md │ │ ├── pC_accelionkiteappactivity4.md │ │ ├── pC_accelionkiteappactivity5.md │ │ ├── pC_accelionkiteappactivity6.md │ │ ├── pC_accelionkiteappactivityemailalert.md │ │ ├── pC_accelionkiteappadminlogin.md │ │ ├── pC_accelionkiteappdeletedraft.md │ │ ├── pC_accelionkiteappdownload.md │ │ ├── pC_accelionkiteappdownload1.md │ │ ├── pC_accelionkiteappfiledelete.md │ │ ├── pC_accelionkiteappfiledelete1.md │ │ ├── pC_accelionkiteappfilewithdraw.md │ │ ├── pC_accelionkiteapplogin1.md │ │ ├── pC_accelionkiteappnetworksetting.md │ │ ├── pC_accelionkiteapppasswordchange.md │ │ ├── pC_accelionkiteappresetpassword.md │ │ ├── pC_accelionkiteappsetting.md │ │ ├── pC_accelionkiteappsystem.md │ │ ├── pC_accelionkiteappuserdelete.md │ │ ├── pC_accelionkitefailedapplogin.md │ │ ├── pC_kiteworksaccountlockout1.md │ │ ├── pC_kiteworksaccountunlocked1.md │ │ ├── pC_kiteworksaccountunlocked2.md │ │ ├── pC_kiteworksfailedapplogin1.md │ │ ├── pC_kiteworkspasswordchange1.md │ │ ├── pC_qkiteworksappactivity.md │ │ ├── pC_qkiteworksappactivity1.md │ │ ├── pC_qkiteworksappactivity2.md │ │ ├── pC_qkiteworksappactivity3.md │ │ ├── pC_qkiteworksappactivity4.md │ │ ├── pC_qkiteworksappactivity5.md │ │ ├── pC_qkiteworksapplogin.md │ │ ├── pC_qkiteworksapplogin1.md │ │ ├── pC_qkiteworksemailout.md │ │ ├── pC_qkiteworksemailout1.md │ │ ├── pC_qkiteworksfiledelete.md │ │ ├── pC_qkiteworksfiledownload.md │ │ ├── pC_qkiteworksfiledownload1.md │ │ ├── pC_qkiteworksfiledownload2.md │ │ ├── pC_qkiteworksfilepermissionchange.md │ │ ├── pC_qkiteworksfileread.md │ │ ├── pC_qkiteworksfileread1.md │ │ ├── pC_qkiteworksfileupload.md │ │ ├── pC_qkiteworksfileupload1.md │ │ ├── pC_qkiteworksfilewrite.md │ │ └── pC_qkiteworkspasswordchange.md │ │ ├── RM │ │ ├── r_m_accellion_kiteworks_Abnormal_Authentication_&_Access.md │ │ ├── r_m_accellion_kiteworks_Account_Manipulation.md │ │ ├── r_m_accellion_kiteworks_Brute_Force_Attack.md │ │ ├── r_m_accellion_kiteworks_Compromised_Credentials.md │ │ ├── r_m_accellion_kiteworks_Data_Access.md │ │ ├── r_m_accellion_kiteworks_Data_Exfiltration.md │ │ ├── r_m_accellion_kiteworks_Data_Leak.md │ │ ├── r_m_accellion_kiteworks_Destruction_of_Data.md │ │ ├── r_m_accellion_kiteworks_Lateral_Movement.md │ │ ├── r_m_accellion_kiteworks_Malware.md │ │ ├── r_m_accellion_kiteworks_Phishing.md │ │ ├── r_m_accellion_kiteworks_Privilege_Abuse.md │ │ ├── r_m_accellion_kiteworks_Privilege_Escalation.md │ │ ├── r_m_accellion_kiteworks_Privileged_Activity.md │ │ ├── r_m_accellion_kiteworks_Ransomware.md │ │ └── r_m_accellion_kiteworks_Workforce_Protection.md │ │ └── ds_accellion_kiteworks.md ├── AccessIT │ └── Universal.NET │ │ ├── Ps │ │ └── pC_accessitbadgeaccess.md │ │ ├── RM │ │ ├── r_m_accessit_universal.net_Abnormal_Authentication_&_Access.md │ │ ├── r_m_accessit_universal.net_Physical_Security.md │ │ └── r_m_accessit_universal.net_Privileged_Activity.md │ │ └── ds_accessit_universal.net.md ├── Adaxes │ └── Adaxes │ │ ├── Ps │ │ └── pC_sadaxesappactivity.md │ │ ├── RM │ │ ├── r_m_adaxes_adaxes_Abnormal_Authentication_&_Access.md │ │ ├── r_m_adaxes_adaxes_Account_Manipulation.md │ │ ├── r_m_adaxes_adaxes_Compromised_Credentials.md │ │ ├── r_m_adaxes_adaxes_Data_Access.md │ │ ├── r_m_adaxes_adaxes_Data_Leak.md │ │ ├── r_m_adaxes_adaxes_Lateral_Movement.md │ │ ├── r_m_adaxes_adaxes_Malware.md │ │ ├── r_m_adaxes_adaxes_Privilege_Abuse.md │ │ ├── r_m_adaxes_adaxes_Privilege_Escalation.md │ │ ├── r_m_adaxes_adaxes_Privileged_Activity.md │ │ └── r_m_adaxes_adaxes_Ransomware.md │ │ └── ds_adaxes_adaxes.md ├── Admin_By_Request │ └── Admin_By_Request │ │ ├── Ps │ │ ├── pC_adminbyrequestprivilegedaccess.md │ │ └── pC_adminbyrequestprivilegedobjectaccess.md │ │ ├── RM │ │ ├── r_m_admin_by_request_admin_by_request_Abnormal_Authentication_&_Access.md │ │ ├── r_m_admin_by_request_admin_by_request_Malware.md │ │ ├── r_m_admin_by_request_admin_by_request_Privilege_Abuse.md │ │ └── r_m_admin_by_request_admin_by_request_Privileged_Activity.md │ │ └── ds_admin_by_request_admin_by_request.md ├── Airlock │ ├── Application_Whitelisting │ │ ├── Ps │ │ │ ├── pC_airlockappwhitelistingappactivity.md │ │ │ └── pC_airlockappwhitelistingappactivity1.md │ │ ├── RM │ │ │ ├── r_m_airlock_application_whitelisting_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_airlock_application_whitelisting_Account_Manipulation.md │ │ │ ├── r_m_airlock_application_whitelisting_Compromised_Credentials.md │ │ │ ├── r_m_airlock_application_whitelisting_Data_Access.md │ │ │ ├── r_m_airlock_application_whitelisting_Data_Leak.md │ │ │ ├── r_m_airlock_application_whitelisting_Lateral_Movement.md │ │ │ ├── r_m_airlock_application_whitelisting_Malware.md │ │ │ ├── r_m_airlock_application_whitelisting_Privilege_Abuse.md │ │ │ ├── r_m_airlock_application_whitelisting_Privilege_Escalation.md │ │ │ ├── r_m_airlock_application_whitelisting_Privileged_Activity.md │ │ │ └── r_m_airlock_application_whitelisting_Ransomware.md │ │ └── ds_airlock_application_whitelisting.md │ └── Web_Application_Firewall │ │ ├── 2_ds_airlock_web_application_firewall.md │ │ ├── Ps │ │ ├── pC_airlockcreatefolder.md │ │ ├── pC_airlockdisconnect.md │ │ ├── pC_airlockfiledelete.md │ │ ├── pC_airlockfiledownload.md │ │ ├── pC_airlockfiledownloadfailed.md │ │ ├── pC_airlockfileupload.md │ │ ├── pC_airlockfileuploadfailed.md │ │ ├── pC_airlockfirewallnetworkconnection.md │ │ ├── pC_airlockloginfailed.md │ │ ├── pC_airlockloginsuccess.md │ │ ├── pC_airlocklogout.md │ │ ├── pC_airlocknetworkconnection.md │ │ └── pC_airlockrenamefolder.md │ │ ├── RM │ │ ├── r_m_airlock_web_application_firewall_Abnormal_Authentication_&_Access.md │ │ ├── r_m_airlock_web_application_firewall_Account_Manipulation.md │ │ ├── r_m_airlock_web_application_firewall_Brute_Force_Attack.md │ │ ├── r_m_airlock_web_application_firewall_Compromised_Credentials.md │ │ ├── r_m_airlock_web_application_firewall_Data_Access.md │ │ ├── r_m_airlock_web_application_firewall_Data_Exfiltration.md │ │ ├── r_m_airlock_web_application_firewall_Data_Leak.md │ │ ├── r_m_airlock_web_application_firewall_Destruction_of_Data.md │ │ ├── r_m_airlock_web_application_firewall_Lateral_Movement.md │ │ ├── r_m_airlock_web_application_firewall_Malware.md │ │ ├── r_m_airlock_web_application_firewall_Phishing.md │ │ ├── r_m_airlock_web_application_firewall_Privilege_Abuse.md │ │ ├── r_m_airlock_web_application_firewall_Privilege_Escalation.md │ │ ├── r_m_airlock_web_application_firewall_Privileged_Activity.md │ │ └── r_m_airlock_web_application_firewall_Ransomware.md │ │ └── ds_airlock_web_application_firewall.md ├── Akamai │ ├── Akamai_Siem │ │ ├── Ps │ │ │ └── pC_akamaisecurityalert.md │ │ ├── RM │ │ │ ├── r_m_akamai_akamai_siem_Compromised_Credentials.md │ │ │ ├── r_m_akamai_akamai_siem_Lateral_Movement.md │ │ │ ├── r_m_akamai_akamai_siem_Malware.md │ │ │ └── r_m_akamai_akamai_siem_Privileged_Activity.md │ │ └── ds_akamai_akamai_siem.md │ └── Cloud_Akamai │ │ ├── Ps │ │ └── pC_akamaiwebactivity.md │ │ ├── RM │ │ ├── r_m_akamai_cloud_akamai_Abnormal_Authentication_&_Access.md │ │ ├── r_m_akamai_cloud_akamai_Compromised_Credentials.md │ │ ├── r_m_akamai_cloud_akamai_Cryptomining.md │ │ ├── r_m_akamai_cloud_akamai_Data_Exfiltration.md │ │ ├── r_m_akamai_cloud_akamai_Data_Leak.md │ │ ├── r_m_akamai_cloud_akamai_Lateral_Movement.md │ │ ├── r_m_akamai_cloud_akamai_Malware.md │ │ ├── r_m_akamai_cloud_akamai_Phishing.md │ │ ├── r_m_akamai_cloud_akamai_Privilege_Abuse.md │ │ ├── r_m_akamai_cloud_akamai_Privileged_Activity.md │ │ ├── r_m_akamai_cloud_akamai_Ransomware.md │ │ └── r_m_akamai_cloud_akamai_Workforce_Protection.md │ │ └── ds_akamai_cloud_akamai.md ├── Alert_Logic │ └── Alert_Logic │ │ ├── Ps │ │ └── pC_jsonalertlogicnetworkalert.md │ │ ├── RM │ │ ├── r_m_alert_logic_alert_logic_Compromised_Credentials.md │ │ └── r_m_alert_logic_alert_logic_Malware.md │ │ └── ds_alert_logic_alert_logic.md ├── AlgoSec │ └── Firewall_Analyzer │ │ ├── Ps │ │ └── pC_cefalgosecnetworkalert.md │ │ ├── RM │ │ ├── r_m_algosec_firewall_analyzer_Compromised_Credentials.md │ │ └── r_m_algosec_firewall_analyzer_Malware.md │ │ └── ds_algosec_firewall_analyzer.md ├── Amazon │ ├── AWS_Bastion │ │ ├── Ps │ │ │ ├── pC_bastionfailedlogon.md │ │ │ └── pC_bastionremotelogon.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_bastion_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_amazon_aws_bastion_Brute_Force_Attack.md │ │ │ ├── r_m_amazon_aws_bastion_Compromised_Credentials.md │ │ │ ├── r_m_amazon_aws_bastion_Lateral_Movement.md │ │ │ ├── r_m_amazon_aws_bastion_Malware.md │ │ │ ├── r_m_amazon_aws_bastion_Privilege_Abuse.md │ │ │ ├── r_m_amazon_aws_bastion_Privilege_Escalation.md │ │ │ ├── r_m_amazon_aws_bastion_Privileged_Activity.md │ │ │ └── r_m_amazon_aws_bastion_Ransomware.md │ │ └── ds_amazon_aws_bastion.md │ ├── AWS_CloudTrail │ │ ├── 2_ds_amazon_aws_cloudtrail.md │ │ ├── Ps │ │ │ ├── pC_awsaddusertogroupjson.md │ │ │ ├── pC_awsassumerolejson.md │ │ │ ├── pC_awsattachgrouppolicyjson.md │ │ │ ├── pC_awsattachrolepolicyjson.md │ │ │ ├── pC_awsattachuserpolicyjson.md │ │ │ ├── pC_awsattachvolumejson.md │ │ │ ├── pC_awscloudtrailappactivity.md │ │ │ ├── pC_awsconsoleloginjson.md │ │ │ ├── pC_awscopyobjectjson.md │ │ │ ├── pC_awscreateaccesskeyjson.md │ │ │ ├── pC_awscreatebucketjson.md │ │ │ ├── pC_awscreatefunctionjson.md │ │ │ ├── pC_awscreategroupjson.md │ │ │ ├── pC_awscreateimagejson.md │ │ │ ├── pC_awscreatekeypairjson.md │ │ │ ├── pC_awscreateloginprofilejson.md │ │ │ ├── pC_awscreatepolicyjson.md │ │ │ ├── pC_awscreatepolicyversionjson.md │ │ │ ├── pC_awscreaterolejson.md │ │ │ ├── pC_awscreatesnapshotjson.md │ │ │ ├── pC_awscreateuserjson.md │ │ │ ├── pC_awscreatevolumejson.md │ │ │ ├── pC_awsgeneralactivity.md │ │ │ ├── pC_awsgetconsolescreenshotjson.md │ │ │ ├── pC_awsgetobjectjson.md │ │ │ ├── pC_awsgetpassworddatajson.md │ │ │ ├── pC_awslistattachedgrouppoliciesjson.md │ │ │ ├── pC_awslistattachedrolepoliciesjson.md │ │ │ ├── pC_awslistattacheduserpoliciesjson.md │ │ │ ├── pC_awslistgrouppoliciesjson.md │ │ │ ├── pC_awslistrolepoliciesjson.md │ │ │ ├── pC_awslistuserpoliciesjson.md │ │ │ ├── pC_awsmodifyimageattributejson.md │ │ │ ├── pC_awsmodifyinstanceattributejson.md │ │ │ ├── pC_awsmodifysnapshotattributejson.md │ │ │ ├── pC_awsmodifyvolumejson.md │ │ │ ├── pC_awsputbucketacljson.md │ │ │ ├── pC_awsputbucketcorsjson.md │ │ │ ├── pC_awsputbucketpolicyjson.md │ │ │ ├── pC_awsputbucketpublicaccessblockjson.md │ │ │ ├── pC_awsputgrouppolicyjson.md │ │ │ ├── pC_awsputkeypolicyjson.md │ │ │ ├── pC_awsputobjectacljson.md │ │ │ ├── pC_awsputobjectjson.md │ │ │ ├── pC_awsputrolepolicyjson.md │ │ │ ├── pC_awsputuserpolicyjson.md │ │ │ ├── pC_awsrenewrolejson.md │ │ │ ├── pC_awsruninstancesjson.md │ │ │ ├── pC_awssendcommandjson.md │ │ │ ├── pC_awssendsshpublickeyjson.md │ │ │ ├── pC_awssetpolicyversionjson.md │ │ │ ├── pC_awsswitchrolejson.md │ │ │ ├── pC_awsupdateassumerolepolicyjson.md │ │ │ ├── pC_awsupdatefunctioncodejson.md │ │ │ ├── pC_awsupdatefunctionconfigurationjson.md │ │ │ ├── pC_awsupdateloginprofilejson.md │ │ │ ├── pC_sawscloudtrailactivityjson.md │ │ │ ├── pC_sawscloudtrailassumedrolejson.md │ │ │ ├── pC_sawscloudtrailiam.md │ │ │ ├── pC_sawscloudtrailloginjson.md │ │ │ ├── pC_sawscloudtrails3activity.md │ │ │ ├── pC_sawsdataaccess.md │ │ │ └── pC_sawss3cloudstorageactivity.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_cloudtrail_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Account_Manipulation.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Cloud_Data_Protection.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Compromised_Credentials.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Cryptomining.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Data_Access.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Data_Leak.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Lateral_Movement.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Malware.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Privilege_Abuse.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Privilege_Escalation.md │ │ │ ├── r_m_amazon_aws_cloudtrail_Privileged_Activity.md │ │ │ └── r_m_amazon_aws_cloudtrail_Ransomware.md │ │ └── ds_amazon_aws_cloudtrail.md │ ├── AWS_CloudWatch │ │ ├── Ps │ │ │ ├── pC_cefawscloudwatchnetflowconnection.md │ │ │ ├── pC_cefawsnetflowconnection.md │ │ │ ├── pC_cefawsvpcnetflowconnection.md │ │ │ ├── pC_sawsnetflowconnection.md │ │ │ └── pC_sawsnetflowconnectionreject.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_cloudwatch_Compromised_Credentials.md │ │ │ ├── r_m_amazon_aws_cloudwatch_Data_Exfiltration.md │ │ │ ├── r_m_amazon_aws_cloudwatch_Lateral_Movement.md │ │ │ └── r_m_amazon_aws_cloudwatch_Malware.md │ │ └── ds_amazon_aws_cloudwatch.md │ ├── AWS_GuardDuty │ │ ├── 2_ds_amazon_aws_guardduty.md │ │ ├── Ps │ │ │ ├── pC_cefawsguardduty.md │ │ │ ├── pC_cefawsguarddutydiscoveryalert.md │ │ │ ├── pC_cefawsguarddutysecurityalert1.md │ │ │ ├── pC_cefawsguarddutysecurityalert10.md │ │ │ ├── pC_cefawsguarddutysecurityalert11.md │ │ │ ├── pC_cefawsguarddutysecurityalert12.md │ │ │ ├── pC_cefawsguarddutysecurityalert13.md │ │ │ ├── pC_cefawsguarddutysecurityalert14.md │ │ │ ├── pC_cefawsguarddutysecurityalert15.md │ │ │ ├── pC_cefawsguarddutysecurityalert16.md │ │ │ ├── pC_cefawsguarddutysecurityalert17.md │ │ │ ├── pC_cefawsguarddutysecurityalert18.md │ │ │ ├── pC_cefawsguarddutysecurityalert2.md │ │ │ ├── pC_cefawsguarddutysecurityalert3.md │ │ │ ├── pC_cefawsguarddutysecurityalert4.md │ │ │ ├── pC_cefawsguarddutysecurityalert5.md │ │ │ ├── pC_cefawsguarddutysecurityalert6.md │ │ │ ├── pC_cefawsguarddutysecurityalert7.md │ │ │ ├── pC_cefawsguarddutysecurityalert8.md │ │ │ └── pC_cefawsguarddutysecurityalert9.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_guardduty_Compromised_Credentials.md │ │ │ ├── r_m_amazon_aws_guardduty_Lateral_Movement.md │ │ │ ├── r_m_amazon_aws_guardduty_Malware.md │ │ │ └── r_m_amazon_aws_guardduty_Privileged_Activity.md │ │ └── ds_amazon_aws_guardduty.md │ ├── AWS_Redshift │ │ ├── Ps │ │ │ └── pC_cefawsredshiftdbquery.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_redshift_Compromised_Credentials.md │ │ │ └── r_m_amazon_aws_redshift_Data_Access.md │ │ └── ds_amazon_aws_redshift.md │ ├── AWS_WAF │ │ ├── Ps │ │ │ └── pC_awswafwebactivity.md │ │ ├── RM │ │ │ ├── r_m_amazon_aws_waf_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_amazon_aws_waf_Compromised_Credentials.md │ │ │ ├── r_m_amazon_aws_waf_Cryptomining.md │ │ │ ├── r_m_amazon_aws_waf_Data_Exfiltration.md │ │ │ ├── r_m_amazon_aws_waf_Data_Leak.md │ │ │ ├── r_m_amazon_aws_waf_Lateral_Movement.md │ │ │ ├── r_m_amazon_aws_waf_Malware.md │ │ │ ├── r_m_amazon_aws_waf_Phishing.md │ │ │ ├── r_m_amazon_aws_waf_Privilege_Abuse.md │ │ │ ├── r_m_amazon_aws_waf_Privileged_Activity.md │ │ │ ├── r_m_amazon_aws_waf_Ransomware.md │ │ │ └── r_m_amazon_aws_waf_Workforce_Protection.md │ │ └── ds_amazon_aws_waf.md │ └── Amazon_RDS │ │ ├── Ps │ │ ├── pC_amazonrdsdatabaselogin.md │ │ ├── pC_amazonrdsdatabaseoperation.md │ │ └── pC_amazonrdsdatabaseoperation1.md │ │ ├── RM │ │ ├── r_m_amazon_amazon_rds_Compromised_Credentials.md │ │ └── r_m_amazon_amazon_rds_Data_Access.md │ │ └── ds_amazon_amazon_rds.md ├── Anywhere365 │ └── Anywhere365 │ │ ├── Ps │ │ └── pC_anywhere365appactivity.md │ │ ├── RM │ │ ├── r_m_anywhere365_anywhere365_Abnormal_Authentication_&_Access.md │ │ ├── r_m_anywhere365_anywhere365_Account_Manipulation.md │ │ ├── r_m_anywhere365_anywhere365_Compromised_Credentials.md │ │ ├── r_m_anywhere365_anywhere365_Data_Access.md │ │ ├── r_m_anywhere365_anywhere365_Data_Leak.md │ │ ├── r_m_anywhere365_anywhere365_Lateral_Movement.md │ │ ├── r_m_anywhere365_anywhere365_Malware.md │ │ ├── r_m_anywhere365_anywhere365_Privilege_Abuse.md │ │ ├── r_m_anywhere365_anywhere365_Privilege_Escalation.md │ │ ├── r_m_anywhere365_anywhere365_Privileged_Activity.md │ │ └── r_m_anywhere365_anywhere365_Ransomware.md │ │ └── ds_anywhere365_anywhere365.md ├── Apache │ ├── Apache │ │ ├── Ps │ │ │ ├── pC_apachewebactivity1.md │ │ │ └── pC_chcomwebactivity.md │ │ ├── RM │ │ │ ├── r_m_apache_apache_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_apache_apache_Compromised_Credentials.md │ │ │ ├── r_m_apache_apache_Cryptomining.md │ │ │ ├── r_m_apache_apache_Data_Exfiltration.md │ │ │ ├── r_m_apache_apache_Data_Leak.md │ │ │ ├── r_m_apache_apache_Lateral_Movement.md │ │ │ ├── r_m_apache_apache_Malware.md │ │ │ ├── r_m_apache_apache_Phishing.md │ │ │ ├── r_m_apache_apache_Privilege_Abuse.md │ │ │ ├── r_m_apache_apache_Privileged_Activity.md │ │ │ ├── r_m_apache_apache_Ransomware.md │ │ │ └── r_m_apache_apache_Workforce_Protection.md │ │ └── ds_apache_apache.md │ ├── Apache_Guacamole │ │ ├── Ps │ │ │ ├── pC_apacheapplogin1.md │ │ │ ├── pC_apachefailedapplogin1.md │ │ │ └── pC_apachefailedapplogin2.md │ │ ├── RM │ │ │ ├── r_m_apache_apache_guacamole_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_apache_apache_guacamole_Compromised_Credentials.md │ │ │ ├── r_m_apache_apache_guacamole_Data_Access.md │ │ │ ├── r_m_apache_apache_guacamole_Lateral_Movement.md │ │ │ ├── r_m_apache_apache_guacamole_Malware.md │ │ │ ├── r_m_apache_apache_guacamole_Privilege_Abuse.md │ │ │ ├── r_m_apache_apache_guacamole_Privileged_Activity.md │ │ │ └── r_m_apache_apache_guacamole_Ransomware.md │ │ └── ds_apache_apache_guacamole.md │ ├── Apache_Subversion │ │ ├── 2_ds_apache_apache_subversion.md │ │ ├── Ps │ │ │ ├── pC_ssvnappactivity.md │ │ │ ├── pC_ssvnappactivity1.md │ │ │ ├── pC_ssvnappactivity2.md │ │ │ ├── pC_ssvnappactivity3.md │ │ │ ├── pC_ssvnappactivity4.md │ │ │ ├── pC_ssvnappactivity5.md │ │ │ ├── pC_ssvnappactivity6.md │ │ │ ├── pC_ssvnappactivity7.md │ │ │ └── pC_ssvnappactivity8.md │ │ ├── RM │ │ │ ├── r_m_apache_apache_subversion_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_apache_apache_subversion_Account_Manipulation.md │ │ │ ├── r_m_apache_apache_subversion_Compromised_Credentials.md │ │ │ ├── r_m_apache_apache_subversion_Data_Access.md │ │ │ ├── r_m_apache_apache_subversion_Data_Leak.md │ │ │ ├── r_m_apache_apache_subversion_Lateral_Movement.md │ │ │ ├── r_m_apache_apache_subversion_Malware.md │ │ │ ├── r_m_apache_apache_subversion_Privilege_Abuse.md │ │ │ ├── r_m_apache_apache_subversion_Privilege_Escalation.md │ │ │ ├── r_m_apache_apache_subversion_Privileged_Activity.md │ │ │ └── r_m_apache_apache_subversion_Ransomware.md │ │ └── ds_apache_apache_subversion.md │ └── Cassandra │ │ ├── Ps │ │ ├── pC_cassandradbactivityfailed.md │ │ ├── pC_cassandradblogin.md │ │ └── pC_cassandradbupdate.md │ │ ├── RM │ │ ├── r_m_apache_cassandra_Compromised_Credentials.md │ │ └── r_m_apache_cassandra_Data_Access.md │ │ └── ds_apache_cassandra.md ├── AppSense_Application_Manager │ └── AppSense_Application_Manager │ │ ├── Ps │ │ ├── pC_appsenseprocessalert.md │ │ └── pC_leefappsenseprocessalert.md │ │ ├── RM │ │ ├── r_m_appsense_application_manager_appsense_application_manager_Compromised_Credentials.md │ │ └── r_m_appsense_application_manager_appsense_application_manager_Malware.md │ │ └── ds_appsense_application_manager_appsense_application_manager.md ├── Apple │ └── macOS │ │ ├── Ps │ │ └── pC_osxlocallogon.md │ │ ├── RM │ │ ├── r_m_apple_macos_Abnormal_Authentication_&_Access.md │ │ ├── r_m_apple_macos_Compromised_Credentials.md │ │ ├── r_m_apple_macos_Lateral_Movement.md │ │ ├── r_m_apple_macos_Malware.md │ │ ├── r_m_apple_macos_Privilege_Abuse.md │ │ ├── r_m_apple_macos_Privilege_Escalation.md │ │ └── r_m_apple_macos_Privileged_Activity.md │ │ └── ds_apple_macos.md ├── Arbor │ └── Arbor │ │ ├── Ps │ │ └── pC_arbornetworkfail.md │ │ ├── RM │ │ ├── r_m_arbor_arbor_Lateral_Movement.md │ │ └── r_m_arbor_arbor_Malware.md │ │ └── ds_arbor_arbor.md ├── Arista_Networks │ └── Awake_Security │ │ ├── Ps │ │ └── pC_aristanetworksawakesecurityalert.md │ │ ├── RM │ │ ├── r_m_arista_networks_awake_security_Compromised_Credentials.md │ │ ├── r_m_arista_networks_awake_security_Lateral_Movement.md │ │ ├── r_m_arista_networks_awake_security_Malware.md │ │ └── r_m_arista_networks_awake_security_Privileged_Activity.md │ │ └── ds_arista_networks_awake_security.md ├── Armis │ └── Armis │ │ ├── Ps │ │ └── pC_armisalertiot.md │ │ ├── RM │ │ └── r_m_armis_armis_Compromised_Credentials.md │ │ └── ds_armis_armis.md ├── AssetView │ └── AssetView │ │ ├── Ps │ │ ├── pC_assetviewfiledownloadactivity.md │ │ ├── pC_assetviewfilewrite.md │ │ ├── pC_assetviewprintactivity.md │ │ ├── pC_assetviewsecurityalert.md │ │ └── pC_assetviewusbactivity.md │ │ ├── RM │ │ ├── r_m_assetview_assetview_Abnormal_Authentication_&_Access.md │ │ ├── r_m_assetview_assetview_Compromised_Credentials.md │ │ ├── r_m_assetview_assetview_Data_Access.md │ │ ├── r_m_assetview_assetview_Data_Exfiltration.md │ │ ├── r_m_assetview_assetview_Data_Leak.md │ │ ├── r_m_assetview_assetview_Lateral_Movement.md │ │ ├── r_m_assetview_assetview_Malware.md │ │ ├── r_m_assetview_assetview_Privilege_Abuse.md │ │ ├── r_m_assetview_assetview_Privileged_Activity.md │ │ └── r_m_assetview_assetview_Ransomware.md │ │ └── ds_assetview_assetview.md ├── Atlassian │ └── Atlassian_BitBucket │ │ ├── Ps │ │ └── pC_satlassianbitbucketappactivity.md │ │ ├── RM │ │ ├── r_m_atlassian_atlassian_bitbucket_Abnormal_Authentication_&_Access.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Account_Manipulation.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Compromised_Credentials.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Data_Access.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Data_Leak.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Lateral_Movement.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Malware.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Privilege_Abuse.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Privilege_Escalation.md │ │ ├── r_m_atlassian_atlassian_bitbucket_Privileged_Activity.md │ │ └── r_m_atlassian_atlassian_bitbucket_Ransomware.md │ │ └── ds_atlassian_atlassian_bitbucket.md ├── Attivo │ └── BOTsink │ │ ├── Ps │ │ ├── pC_cefattivonetworkconnection.md │ │ └── pC_cefattivosecurityalert.md │ │ ├── RM │ │ ├── r_m_attivo_botsink_Compromised_Credentials.md │ │ ├── r_m_attivo_botsink_Lateral_Movement.md │ │ ├── r_m_attivo_botsink_Malware.md │ │ └── r_m_attivo_botsink_Privileged_Activity.md │ │ └── ds_attivo_botsink.md ├── Auth0 │ └── Auth0 │ │ ├── Ps │ │ ├── pC_auth0loginfailed.md │ │ ├── pC_auth0loginfailed1.md │ │ ├── pC_auth0loginsuccess.md │ │ ├── pC_auth0passwordbreached.md │ │ └── pC_auth0passwordchangefailed.md │ │ ├── RM │ │ ├── r_m_auth0_auth0_Abnormal_Authentication_&_Access.md │ │ ├── r_m_auth0_auth0_Brute_Force_Attack.md │ │ ├── r_m_auth0_auth0_Compromised_Credentials.md │ │ ├── r_m_auth0_auth0_Data_Access.md │ │ ├── r_m_auth0_auth0_Lateral_Movement.md │ │ ├── r_m_auth0_auth0_Malware.md │ │ ├── r_m_auth0_auth0_Privilege_Abuse.md │ │ ├── r_m_auth0_auth0_Privilege_Escalation.md │ │ ├── r_m_auth0_auth0_Privileged_Activity.md │ │ └── r_m_auth0_auth0_Ransomware.md │ │ └── ds_auth0_auth0.md ├── Avaya │ ├── Avaya_Ethernet_Routing_Switch │ │ ├── Ps │ │ │ ├── pC_avayaswitchauthfailed.md │ │ │ ├── pC_avayaswitchauthfailed1.md │ │ │ ├── pC_avayaswitchauthsuccessful.md │ │ │ └── pC_avayaswitchauthsuccessful1.md │ │ ├── RM │ │ │ ├── r_m_avaya_avaya_ethernet_routing_switch_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_avaya_avaya_ethernet_routing_switch_Compromised_Credentials.md │ │ │ ├── r_m_avaya_avaya_ethernet_routing_switch_Lateral_Movement.md │ │ │ ├── r_m_avaya_avaya_ethernet_routing_switch_Malware.md │ │ │ └── r_m_avaya_avaya_ethernet_routing_switch_Ransomware.md │ │ └── ds_avaya_avaya_ethernet_routing_switch.md │ └── Avaya_VPN │ │ ├── Ps │ │ ├── pC_savayafailedvpnlogin.md │ │ └── pC_savayavpnlogin.md │ │ ├── RM │ │ ├── r_m_avaya_avaya_vpn_Abnormal_Authentication_&_Access.md │ │ ├── r_m_avaya_avaya_vpn_Compromised_Credentials.md │ │ ├── r_m_avaya_avaya_vpn_Lateral_Movement.md │ │ ├── r_m_avaya_avaya_vpn_Malware.md │ │ ├── r_m_avaya_avaya_vpn_Physical_Security.md │ │ ├── r_m_avaya_avaya_vpn_Privilege_Abuse.md │ │ └── r_m_avaya_avaya_vpn_Ransomware.md │ │ └── ds_avaya_avaya_vpn.md ├── Axway │ └── Axway_SFTP │ │ ├── Ps │ │ ├── pC_axwayremotelogon.md │ │ └── pC_axwaysftpfileupload.md │ │ ├── RM │ │ ├── r_m_axway_axway_sftp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_axway_axway_sftp_Compromised_Credentials.md │ │ ├── r_m_axway_axway_sftp_Lateral_Movement.md │ │ ├── r_m_axway_axway_sftp_Malware.md │ │ ├── r_m_axway_axway_sftp_Privilege_Abuse.md │ │ ├── r_m_axway_axway_sftp_Privilege_Escalation.md │ │ ├── r_m_axway_axway_sftp_Privileged_Activity.md │ │ └── r_m_axway_axway_sftp_Ransomware.md │ │ └── ds_axway_axway_sftp.md ├── BIND │ └── BIND │ │ ├── Ps │ │ ├── pC_binddnsquery.md │ │ ├── pC_binddnsquery2.md │ │ ├── pC_binddnsquery3.md │ │ └── pC_binddnsquery4.md │ │ ├── RM │ │ └── r_m_bind_bind_Malware.md │ │ └── ds_bind_bind.md ├── Badge │ └── Badge │ │ ├── 2_ds_badge_badge.md │ │ ├── Ps │ │ ├── pC_physicalbadgeaccess2.md │ │ ├── pC_sfailedphysicalaccessunknown.md │ │ ├── pC_sfailedphysicalaccessunknown1.md │ │ ├── pC_sfailedphysicalbadgeaccess7.md │ │ ├── pC_sphysicalaccessunknown.md │ │ ├── pC_sphysicalaccessunknown1.md │ │ ├── pC_sphysicalbadgeaccess.md │ │ ├── pC_sphysicalbadgeaccess2.md │ │ ├── pC_sphysicalbadgeaccess4.md │ │ ├── pC_sphysicalbadgeaccess5.md │ │ ├── pC_sphysicalbadgeaccess6.md │ │ ├── pC_sphysicalbadgeaccess7.md │ │ ├── pC_sphysicalbadgeaccess9.md │ │ └── pC_syslogphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_badge_badge_Abnormal_Authentication_&_Access.md │ │ ├── r_m_badge_badge_Physical_Security.md │ │ └── r_m_badge_badge_Privileged_Activity.md │ │ └── ds_badge_badge.md ├── Badgepoint │ └── Badgepoint │ │ ├── Ps │ │ ├── pC_badgepointphysicalbadgeaccess.md │ │ └── pC_badgepointphysicalbadgeaccess1.md │ │ ├── RM │ │ ├── r_m_badgepoint_badgepoint_Abnormal_Authentication_&_Access.md │ │ ├── r_m_badgepoint_badgepoint_Physical_Security.md │ │ └── r_m_badgepoint_badgepoint_Privileged_Activity.md │ │ └── ds_badgepoint_badgepoint.md ├── Barracuda │ ├── Barracuda_Email_Security_Gateway │ │ ├── 2_ds_barracuda_barracuda_email_security_gateway.md │ │ ├── Ps │ │ │ ├── pC_barracudadlpemailalertout.md │ │ │ ├── pC_barracudadlpemailalertout1.md │ │ │ ├── pC_barracudadlpemailalertoutfailed.md │ │ │ ├── pC_barracudaemail.md │ │ │ └── pC_syslogbarracudaemail.md │ │ ├── RM │ │ │ ├── r_m_barracuda_barracuda_email_security_gateway_Data_Leak.md │ │ │ ├── r_m_barracuda_barracuda_email_security_gateway_Malware.md │ │ │ ├── r_m_barracuda_barracuda_email_security_gateway_Phishing.md │ │ │ ├── r_m_barracuda_barracuda_email_security_gateway_Privilege_Abuse.md │ │ │ ├── r_m_barracuda_barracuda_email_security_gateway_Privileged_Activity.md │ │ │ └── r_m_barracuda_barracuda_email_security_gateway_Workforce_Protection.md │ │ └── ds_barracuda_barracuda_email_security_gateway.md │ └── Barracuda_Firewall │ │ ├── 2_ds_barracuda_barracuda_firewall.md │ │ ├── Ps │ │ ├── pC_barracudaaccountinglogin.md │ │ ├── pC_barracudaaccountinglogout.md │ │ ├── pC_barracudafailedvpnlogin.md │ │ ├── pC_barracudafirewallnetworkconnection.md │ │ ├── pC_barracudafirewallnetworkconnection1.md │ │ ├── pC_barracudaloginpeer.md │ │ ├── pC_barracudalogoutpeer.md │ │ ├── pC_barracudaremotelogon.md │ │ └── pC_barracudavpnlogin.md │ │ ├── RM │ │ ├── r_m_barracuda_barracuda_firewall_Abnormal_Authentication_&_Access.md │ │ ├── r_m_barracuda_barracuda_firewall_Account_Manipulation.md │ │ ├── r_m_barracuda_barracuda_firewall_Brute_Force_Attack.md │ │ ├── r_m_barracuda_barracuda_firewall_Compromised_Credentials.md │ │ ├── r_m_barracuda_barracuda_firewall_Data_Access.md │ │ ├── r_m_barracuda_barracuda_firewall_Data_Exfiltration.md │ │ ├── r_m_barracuda_barracuda_firewall_Data_Leak.md │ │ ├── r_m_barracuda_barracuda_firewall_Lateral_Movement.md │ │ ├── r_m_barracuda_barracuda_firewall_Malware.md │ │ ├── r_m_barracuda_barracuda_firewall_Phishing.md │ │ ├── r_m_barracuda_barracuda_firewall_Physical_Security.md │ │ ├── r_m_barracuda_barracuda_firewall_Privilege_Abuse.md │ │ ├── r_m_barracuda_barracuda_firewall_Privilege_Escalation.md │ │ ├── r_m_barracuda_barracuda_firewall_Privileged_Activity.md │ │ └── r_m_barracuda_barracuda_firewall_Ransomware.md │ │ └── ds_barracuda_barracuda_firewall.md ├── BeyondTrust │ ├── BeyondInsight │ │ ├── 2_ds_beyondtrust_beyondinsight.md │ │ ├── Ps │ │ │ ├── pC_beyondaccountadd.md │ │ │ ├── pC_beyondaccountdelete.md │ │ │ ├── pC_beyondaccountretrieve.md │ │ │ ├── pC_beyondaccountunlock.md │ │ │ ├── pC_beyondactivityapprove.md │ │ │ ├── pC_beyondactivitycancel.md │ │ │ ├── pC_beyondactivitydeny.md │ │ │ ├── pC_beyondactivityexpire.md │ │ │ ├── pC_beyondactivityupdate.md │ │ │ ├── pC_beyondtrustaccountadd.md │ │ │ ├── pC_beyondtrustappactivity6.md │ │ │ ├── pC_beyondtrustappactivity7.md │ │ │ ├── pC_beyondtrustappactivity8.md │ │ │ ├── pC_cefbeyondtrustappactivity.md │ │ │ ├── pC_cefbeyondtrustappactivity1.md │ │ │ ├── pC_cefbeyondtrustappactivity2.md │ │ │ ├── pC_cefbeyondtrustapplogin.md │ │ │ ├── pC_leefbeyondtrustaccountpasswordchangefailed.md │ │ │ ├── pC_leefbeyondtrustaccountpasswordchangefailed1.md │ │ │ ├── pC_leefbeyondtrustappactivity.md │ │ │ ├── pC_leefbeyondtrustappactivity1.md │ │ │ ├── pC_leefbeyondtrustappactivity10.md │ │ │ ├── pC_leefbeyondtrustappactivity2.md │ │ │ ├── pC_leefbeyondtrustappactivity3.md │ │ │ ├── pC_leefbeyondtrustappactivity4.md │ │ │ ├── pC_leefbeyondtrustappactivity5.md │ │ │ ├── pC_leefbeyondtrustappactivity6.md │ │ │ ├── pC_leefbeyondtrustappactivity7.md │ │ │ ├── pC_leefbeyondtrustappactivity8.md │ │ │ ├── pC_leefbeyondtrustappactivity9.md │ │ │ ├── pC_leefbeyondtrustapplogin.md │ │ │ ├── pC_leefbeyondtrustapplogin1.md │ │ │ ├── pC_leefbeyondtrustfailedapplogin.md │ │ │ ├── pC_leefbeyondtrustfailedlogon.md │ │ │ └── pC_leefbeyondtrustfailedlogon1.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondinsight_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Account_Manipulation.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Data_Leak.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Malware.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondinsight_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondinsight_Ransomware.md │ │ └── ds_beyondtrust_beyondinsight.md │ ├── BeyondTrust │ │ ├── Ps │ │ │ ├── pC_beyondtrustprivilegedaccess1.md │ │ │ ├── pC_sliebsoftaccountswitch.md │ │ │ └── pC_syslogliebsoftaccountswitch1.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_Privilege_Escalation.md │ │ │ └── r_m_beyondtrust_beyondtrust_Privileged_Activity.md │ │ └── ds_beyondtrust_beyondtrust.md │ ├── BeyondTrust_PasswordSafe │ │ ├── Ps │ │ │ ├── pC_beyondtrustpasswordsafe.md │ │ │ ├── pC_beyondtrustpasswordsafeapplogin.md │ │ │ ├── pC_beyondtrustpasswordsafeapplogin1.md │ │ │ └── pC_beyondtrustpasswordsafefailedapplogin.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_passwordsafe_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondtrust_passwordsafe_Ransomware.md │ │ └── ds_beyondtrust_beyondtrust_passwordsafe.md │ ├── BeyondTrust_PowerBroker │ │ ├── Ps │ │ │ ├── pC_beyondtrustprivilegedaccess.md │ │ │ ├── pC_beyondtrustprivilegedaccess2.md │ │ │ ├── pC_beyondtrustprivilegedaccess3.md │ │ │ ├── pC_beyondtrustprocesscreated.md │ │ │ └── pC_qbeyondtrustprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Account_Manipulation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Audit_Tampering.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Cryptomining.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Data_Exfiltration.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Evasion.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Phishing.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_powerbroker_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondtrust_powerbroker_Ransomware.md │ │ └── ds_beyondtrust_beyondtrust_powerbroker.md │ ├── BeyondTrust_Privilege_Management │ │ ├── Ps │ │ │ ├── pC_avectolocallogon.md │ │ │ ├── pC_avectoprocesscreated.md │ │ │ └── pC_avectoprocesscreated1.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Account_Manipulation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Audit_Tampering.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Cryptomining.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Data_Exfiltration.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Evasion.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Phishing.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privilege_management_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondtrust_privilege_management_Ransomware.md │ │ └── ds_beyondtrust_beyondtrust_privilege_management.md │ ├── BeyondTrust_Privileged_Identity │ │ ├── 2_ds_beyondtrust_beyondtrust_privileged_identity.md │ │ ├── Ps │ │ │ ├── pC_beyondtrustpiaccountpasswordchange.md │ │ │ ├── pC_beyondtrustpiaccountpasswordchange1.md │ │ │ ├── pC_beyondtrustpiaccountswitch.md │ │ │ ├── pC_beyondtrustpiappactivity.md │ │ │ ├── pC_beyondtrustpiappactivity10.md │ │ │ ├── pC_beyondtrustpiappactivity4.md │ │ │ ├── pC_beyondtrustpiappactivity5.md │ │ │ ├── pC_beyondtrustpiappactivity6.md │ │ │ ├── pC_beyondtrustpiappactivity8.md │ │ │ ├── pC_beyondtrustpiappactivity9.md │ │ │ ├── pC_beyondtrustpiapplogin.md │ │ │ ├── pC_beyondtrustpipasswordaccess.md │ │ │ ├── pC_beyondtrustpiprivilegeaccess.md │ │ │ ├── pC_beyondtrustpiprivilegedaccess.md │ │ │ ├── pC_beyondtrustpiprivilegedaccess1.md │ │ │ ├── pC_cefliebsoftappactivity1.md │ │ │ ├── pC_cefliebsoftappactivity2.md │ │ │ ├── pC_cefliebsoftappactivity3.md │ │ │ ├── pC_cefliebsoftappactivity4.md │ │ │ ├── pC_cefliebsoftappactivity5.md │ │ │ ├── pC_liebermanerpm.md │ │ │ ├── pC_sliebsoftapplogin.md │ │ │ └── pC_syslogliebsoftaccountswitch.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Account_Manipulation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Data_Leak.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_privileged_identity_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondtrust_privileged_identity_Ransomware.md │ │ └── ds_beyondtrust_beyondtrust_privileged_identity.md │ ├── BeyondTrust_Secure_Remote_Access │ │ ├── Ps │ │ │ ├── pC_beyondtrustappactivity.md │ │ │ ├── pC_beyondtrustapplogin.md │ │ │ └── pC_beyondtrustfailedapplogin.md │ │ ├── RM │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Account_Manipulation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Compromised_Credentials.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Data_Access.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Data_Leak.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Lateral_Movement.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Malware.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Privilege_Abuse.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Privilege_Escalation.md │ │ │ ├── r_m_beyondtrust_beyondtrust_secure_remote_access_Privileged_Activity.md │ │ │ └── r_m_beyondtrust_beyondtrust_secure_remote_access_Ransomware.md │ │ └── ds_beyondtrust_beyondtrust_secure_remote_access.md │ └── Secure_Remote_Access │ │ ├── Ps │ │ ├── pC_beyondtrustappactivity1.md │ │ ├── pC_beyondtrustappactivity2.md │ │ ├── pC_beyondtrustappactivity3.md │ │ ├── pC_beyondtrustappactivity4.md │ │ └── pC_beyondtrustappactivity5.md │ │ ├── RM │ │ ├── r_m_beyondtrust_secure_remote_access_Abnormal_Authentication_&_Access.md │ │ ├── r_m_beyondtrust_secure_remote_access_Account_Manipulation.md │ │ ├── r_m_beyondtrust_secure_remote_access_Compromised_Credentials.md │ │ ├── r_m_beyondtrust_secure_remote_access_Data_Access.md │ │ ├── r_m_beyondtrust_secure_remote_access_Data_Leak.md │ │ ├── r_m_beyondtrust_secure_remote_access_Lateral_Movement.md │ │ ├── r_m_beyondtrust_secure_remote_access_Malware.md │ │ ├── r_m_beyondtrust_secure_remote_access_Privilege_Abuse.md │ │ ├── r_m_beyondtrust_secure_remote_access_Privilege_Escalation.md │ │ ├── r_m_beyondtrust_secure_remote_access_Privileged_Activity.md │ │ └── r_m_beyondtrust_secure_remote_access_Ransomware.md │ │ └── ds_beyondtrust_secure_remote_access.md ├── Bitdefender │ └── GravityZone │ │ ├── 2_ds_bitdefender_gravityzone.md │ │ ├── Ps │ │ ├── pC_cefbitdefendergravityzonealert.md │ │ ├── pC_gravityzonesecurityalertaph.md │ │ ├── pC_gravityzonesecurityalertaph1.md │ │ ├── pC_gravityzonesecurityalertav.md │ │ ├── pC_gravityzonesecurityalertav1.md │ │ ├── pC_gravityzonesecurityalertavc.md │ │ ├── pC_gravityzonesecurityalertavc1.md │ │ ├── pC_gravityzonesecurityalertfw.md │ │ ├── pC_gravityzonesecurityalerthd.md │ │ ├── pC_gravityzonesecurityalertnewincident.md │ │ ├── pC_gravityzonesecurityalertnewlogin.md │ │ └── pC_gravityzonewebactivitydenied.md │ │ ├── RM │ │ ├── r_m_bitdefender_gravityzone_Abnormal_Authentication_&_Access.md │ │ ├── r_m_bitdefender_gravityzone_Compromised_Credentials.md │ │ ├── r_m_bitdefender_gravityzone_Cryptomining.md │ │ ├── r_m_bitdefender_gravityzone_Data_Access.md │ │ ├── r_m_bitdefender_gravityzone_Data_Exfiltration.md │ │ ├── r_m_bitdefender_gravityzone_Data_Leak.md │ │ ├── r_m_bitdefender_gravityzone_Lateral_Movement.md │ │ ├── r_m_bitdefender_gravityzone_Malware.md │ │ ├── r_m_bitdefender_gravityzone_Phishing.md │ │ ├── r_m_bitdefender_gravityzone_Privilege_Abuse.md │ │ ├── r_m_bitdefender_gravityzone_Privileged_Activity.md │ │ └── r_m_bitdefender_gravityzone_Ransomware.md │ │ └── ds_bitdefender_gravityzone.md ├── Bitglass │ └── Bitglass_CASB │ │ ├── 2_ds_bitglass_bitglass_casb.md │ │ ├── Ps │ │ ├── pC_bitglassapplogin.md │ │ ├── pC_bitglassapploginfailed.md │ │ ├── pC_bitglassdlpemailalertout.md │ │ ├── pC_bitglassfailedlogin.md │ │ ├── pC_bitglassfiledownload.md │ │ ├── pC_bitglassfiledownload1.md │ │ ├── pC_bitglassfileread.md │ │ ├── pC_bitglassfilewrite.md │ │ ├── pC_cefbitglassapplogin1.md │ │ └── pC_cefbitglassdlpalert.md │ │ ├── RM │ │ ├── r_m_bitglass_bitglass_casb_Abnormal_Authentication_&_Access.md │ │ ├── r_m_bitglass_bitglass_casb_Compromised_Credentials.md │ │ ├── r_m_bitglass_bitglass_casb_Data_Access.md │ │ ├── r_m_bitglass_bitglass_casb_Data_Exfiltration.md │ │ ├── r_m_bitglass_bitglass_casb_Data_Leak.md │ │ ├── r_m_bitglass_bitglass_casb_Lateral_Movement.md │ │ ├── r_m_bitglass_bitglass_casb_Malware.md │ │ ├── r_m_bitglass_bitglass_casb_Phishing.md │ │ ├── r_m_bitglass_bitglass_casb_Privilege_Abuse.md │ │ ├── r_m_bitglass_bitglass_casb_Privileged_Activity.md │ │ ├── r_m_bitglass_bitglass_casb_Ransomware.md │ │ └── r_m_bitglass_bitglass_casb_Workforce_Protection.md │ │ └── ds_bitglass_bitglass_casb.md ├── BlackBerry │ └── BlackBerry_Protect │ │ ├── 2_ds_blackberry_blackberry_protect.md │ │ ├── Ps │ │ ├── pC_cefcylancealert.md │ │ ├── pC_cylancealert.md │ │ ├── pC_cylancealert1.md │ │ ├── pC_cylancealert2.md │ │ ├── pC_cylancealert3.md │ │ ├── pC_cylancedlpalert.md │ │ ├── pC_cylanceprocessalert.md │ │ ├── pC_cylanceprotectfilealert.md │ │ ├── pC_cylanceprotectsecurityalert.md │ │ ├── pC_cylancesecurityalert.md │ │ ├── pC_cylancesecurityalert1.md │ │ └── pC_scylanceappactivity.md │ │ ├── RM │ │ ├── r_m_blackberry_blackberry_protect_Abnormal_Authentication_&_Access.md │ │ ├── r_m_blackberry_blackberry_protect_Account_Manipulation.md │ │ ├── r_m_blackberry_blackberry_protect_Compromised_Credentials.md │ │ ├── r_m_blackberry_blackberry_protect_Data_Access.md │ │ ├── r_m_blackberry_blackberry_protect_Data_Exfiltration.md │ │ ├── r_m_blackberry_blackberry_protect_Data_Leak.md │ │ ├── r_m_blackberry_blackberry_protect_Lateral_Movement.md │ │ ├── r_m_blackberry_blackberry_protect_Malware.md │ │ ├── r_m_blackberry_blackberry_protect_Privilege_Abuse.md │ │ ├── r_m_blackberry_blackberry_protect_Privilege_Escalation.md │ │ ├── r_m_blackberry_blackberry_protect_Privileged_Activity.md │ │ └── r_m_blackberry_blackberry_protect_Ransomware.md │ │ └── ds_blackberry_blackberry_protect.md ├── BlueCat_Networks │ ├── BlueCat_Networks_Adonis │ │ ├── Ps │ │ │ └── pC_leefdnsquery.md │ │ ├── RM │ │ │ └── r_m_bluecat_networks_bluecat_networks_adonis_Malware.md │ │ └── ds_bluecat_networks_bluecat_networks_adonis.md │ └── BlueCat_Networks_DHCP │ │ ├── Ps │ │ ├── pC_bluecatnetworksdhcp.md │ │ └── pC_cefbcnbddsdhcp.md │ │ ├── RM │ │ └── r_m_bluecat_networks_bluecat_networks_dhcp_Enrichment.md │ │ └── ds_bluecat_networks_bluecat_networks_dhcp.md ├── Box │ └── Box_Cloud_Content_Management │ │ ├── 2_ds_box_box_cloud_content_management.md │ │ ├── Ps │ │ ├── pC_boxactivity.md │ │ ├── pC_boxactivity1.md │ │ ├── pC_boxactivity2.md │ │ ├── pC_boxskyformationfileactivity.md │ │ ├── pC_cefboxapplogin.md │ │ ├── pC_cefboxfileactivity.md │ │ ├── pC_cefskyformationfileactivity.md │ │ └── pC_qboxappactivity.md │ │ ├── RM │ │ ├── r_m_box_box_cloud_content_management_Abnormal_Authentication_&_Access.md │ │ ├── r_m_box_box_cloud_content_management_Account_Manipulation.md │ │ ├── r_m_box_box_cloud_content_management_Compromised_Credentials.md │ │ ├── r_m_box_box_cloud_content_management_Data_Access.md │ │ ├── r_m_box_box_cloud_content_management_Data_Exfiltration.md │ │ ├── r_m_box_box_cloud_content_management_Data_Leak.md │ │ ├── r_m_box_box_cloud_content_management_Destruction_of_Data.md │ │ ├── r_m_box_box_cloud_content_management_Lateral_Movement.md │ │ ├── r_m_box_box_cloud_content_management_Malware.md │ │ ├── r_m_box_box_cloud_content_management_Privilege_Abuse.md │ │ ├── r_m_box_box_cloud_content_management_Privilege_Escalation.md │ │ ├── r_m_box_box_cloud_content_management_Privileged_Activity.md │ │ └── r_m_box_box_cloud_content_management_Ransomware.md │ │ └── ds_box_box_cloud_content_management.md ├── Brivo │ └── Brivo │ │ ├── Ps │ │ └── pC_brivobadgeaccess.md │ │ ├── RM │ │ ├── r_m_brivo_brivo_Abnormal_Authentication_&_Access.md │ │ ├── r_m_brivo_brivo_Physical_Security.md │ │ └── r_m_brivo_brivo_Privileged_Activity.md │ │ └── ds_brivo_brivo.md ├── Bromium │ ├── Bromium_Advanced_Endpoint_Security │ │ ├── Ps │ │ │ ├── pC_cefbromiumbemsecurityalert.md │ │ │ ├── pC_cefbromiumbemsecurityalert1.md │ │ │ ├── pC_cefbromiumsecurityalert.md │ │ │ └── pC_cefbromiumsecurityalert1.md │ │ ├── RM │ │ │ ├── r_m_bromium_bromium_advanced_endpoint_security_Compromised_Credentials.md │ │ │ ├── r_m_bromium_bromium_advanced_endpoint_security_Lateral_Movement.md │ │ │ ├── r_m_bromium_bromium_advanced_endpoint_security_Malware.md │ │ │ └── r_m_bromium_bromium_advanced_endpoint_security_Privileged_Activity.md │ │ └── ds_bromium_bromium_advanced_endpoint_security.md │ └── Bromium_Secure_Platform │ │ ├── Ps │ │ ├── pC_cefbromiumfilepermissionchange.md │ │ ├── pC_cefbromiumfileread.md │ │ └── pC_cefbromiumfilewrite.md │ │ ├── RM │ │ ├── r_m_bromium_bromium_secure_platform_Compromised_Credentials.md │ │ ├── r_m_bromium_bromium_secure_platform_Data_Access.md │ │ ├── r_m_bromium_bromium_secure_platform_Data_Exfiltration.md │ │ ├── r_m_bromium_bromium_secure_platform_Data_Leak.md │ │ ├── r_m_bromium_bromium_secure_platform_Malware.md │ │ ├── r_m_bromium_bromium_secure_platform_Privilege_Abuse.md │ │ ├── r_m_bromium_bromium_secure_platform_Privileged_Activity.md │ │ └── r_m_bromium_bromium_secure_platform_Ransomware.md │ │ └── ds_bromium_bromium_secure_platform.md ├── CA_Technologies │ └── CA_Privileged_Access_Manager_Server_Control │ │ ├── Ps │ │ ├── pC_pamaccountswitch1.md │ │ ├── pC_pamaccountswitch2.md │ │ ├── pC_pamapplogin.md │ │ ├── pC_pamauthfailed.md │ │ ├── pC_pamauthfailed1.md │ │ ├── pC_pamauthsuccessful.md │ │ └── pC_pamremotelogon.md │ │ ├── RM │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Compromised_Credentials.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Data_Access.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Lateral_Movement.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Malware.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Privilege_Abuse.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Privilege_Escalation.md │ │ ├── r_m_ca_technologies_ca_privileged_access_manager_server_control_Privileged_Activity.md │ │ └── r_m_ca_technologies_ca_privileged_access_manager_server_control_Ransomware.md │ │ └── ds_ca_technologies_ca_privileged_access_manager_server_control.md ├── CDS │ └── CDS │ │ ├── Ps │ │ ├── pC_cdsaccountauth.md │ │ └── pC_cdsuserlogin.md │ │ ├── RM │ │ ├── r_m_cds_cds_Abnormal_Authentication_&_Access.md │ │ ├── r_m_cds_cds_Brute_Force_Attack.md │ │ ├── r_m_cds_cds_Compromised_Credentials.md │ │ ├── r_m_cds_cds_Lateral_Movement.md │ │ ├── r_m_cds_cds_Malware.md │ │ ├── r_m_cds_cds_Privilege_Abuse.md │ │ ├── r_m_cds_cds_Privilege_Escalation.md │ │ ├── r_m_cds_cds_Privileged_Activity.md │ │ └── r_m_cds_cds_Ransomware.md │ │ └── ds_cds_cds.md ├── Carbon_Black_EDR │ └── Carbon_Black_EDR │ │ ├── Ps │ │ └── pC_cefcarbonblackfilealert.md │ │ ├── RM │ │ ├── r_m_carbon_black_edr_carbon_black_edr_Data_Exfiltration.md │ │ ├── r_m_carbon_black_edr_carbon_black_edr_Malware.md │ │ ├── r_m_carbon_black_edr_carbon_black_edr_Privilege_Abuse.md │ │ └── r_m_carbon_black_edr_carbon_black_edr_Privileged_Activity.md │ │ └── ds_carbon_black_edr_carbon_black_edr.md ├── CatoNetworks │ └── Cato_Cloud │ │ ├── Ps │ │ ├── pC_cefcatonetworksnetworkalert.md │ │ ├── pC_cefcatonetworksvpnend.md │ │ ├── pC_cefcatonetworksvpnlogin.md │ │ └── pC_cefcatonetworkswebactivity.md │ │ ├── RM │ │ ├── r_m_catonetworks_cato_cloud_Abnormal_Authentication_&_Access.md │ │ ├── r_m_catonetworks_cato_cloud_Account_Manipulation.md │ │ ├── r_m_catonetworks_cato_cloud_Brute_Force_Attack.md │ │ ├── r_m_catonetworks_cato_cloud_Compromised_Credentials.md │ │ ├── r_m_catonetworks_cato_cloud_Cryptomining.md │ │ ├── r_m_catonetworks_cato_cloud_Data_Access.md │ │ ├── r_m_catonetworks_cato_cloud_Data_Exfiltration.md │ │ ├── r_m_catonetworks_cato_cloud_Data_Leak.md │ │ ├── r_m_catonetworks_cato_cloud_Lateral_Movement.md │ │ ├── r_m_catonetworks_cato_cloud_Malware.md │ │ ├── r_m_catonetworks_cato_cloud_Phishing.md │ │ ├── r_m_catonetworks_cato_cloud_Physical_Security.md │ │ ├── r_m_catonetworks_cato_cloud_Privilege_Abuse.md │ │ ├── r_m_catonetworks_cato_cloud_Privilege_Escalation.md │ │ ├── r_m_catonetworks_cato_cloud_Privileged_Activity.md │ │ ├── r_m_catonetworks_cato_cloud_Ransomware.md │ │ └── r_m_catonetworks_cato_cloud_Workforce_Protection.md │ │ └── ds_catonetworks_cato_cloud.md ├── CenturyLink │ └── Adaptive_Threat_Intelligence │ │ ├── Ps │ │ └── pC_centurylinksecurityalert.md │ │ ├── RM │ │ ├── r_m_centurylink_adaptive_threat_intelligence_Compromised_Credentials.md │ │ ├── r_m_centurylink_adaptive_threat_intelligence_Lateral_Movement.md │ │ ├── r_m_centurylink_adaptive_threat_intelligence_Malware.md │ │ └── r_m_centurylink_adaptive_threat_intelligence_Privileged_Activity.md │ │ └── ds_centurylink_adaptive_threat_intelligence.md ├── Check_Point │ ├── Avanan │ │ ├── 2_ds_check_point_avanan.md │ │ ├── Ps │ │ │ ├── pC_avanandlpalert.md │ │ │ ├── pC_avanandlpalert1.md │ │ │ ├── pC_avanandlpemailalert4.md │ │ │ ├── pC_avanansecurityalert.md │ │ │ └── pC_avanansecurityalert1.md │ │ ├── RM │ │ │ ├── r_m_check_point_avanan_Compromised_Credentials.md │ │ │ ├── r_m_check_point_avanan_Data_Exfiltration.md │ │ │ ├── r_m_check_point_avanan_Data_Leak.md │ │ │ ├── r_m_check_point_avanan_Lateral_Movement.md │ │ │ ├── r_m_check_point_avanan_Malware.md │ │ │ ├── r_m_check_point_avanan_Phishing.md │ │ │ ├── r_m_check_point_avanan_Privilege_Abuse.md │ │ │ ├── r_m_check_point_avanan_Privileged_Activity.md │ │ │ └── r_m_check_point_avanan_Workforce_Protection.md │ │ └── ds_check_point_avanan.md │ ├── Endpoint_Security │ │ ├── 2_ds_check_point_endpoint_security.md │ │ ├── Ps │ │ │ ├── pC_cefcheckpointalert.md │ │ │ ├── pC_cefcheckpointalert3.md │ │ │ ├── pC_leefcheckpointalert1.md │ │ │ ├── pC_leefcheckpointalert2.md │ │ │ ├── pC_qcheckpointalert.md │ │ │ ├── pC_scheckpointalert.md │ │ │ ├── pC_scheckpointalert1.md │ │ │ ├── pC_scheckpointalert2.md │ │ │ ├── pC_scheckpointalert3.md │ │ │ └── pC_scheckpointalert4.md │ │ ├── RM │ │ │ ├── r_m_check_point_endpoint_security_Compromised_Credentials.md │ │ │ ├── r_m_check_point_endpoint_security_Lateral_Movement.md │ │ │ ├── r_m_check_point_endpoint_security_Malware.md │ │ │ └── r_m_check_point_endpoint_security_Privileged_Activity.md │ │ └── ds_check_point_endpoint_security.md │ ├── Identity_Awareness │ │ ├── 2_ds_check_point_identity_awareness.md │ │ ├── Ps │ │ │ ├── pC_checkpointnetworkconnection5.md │ │ │ ├── pC_checkpointvpnlogin4.md │ │ │ ├── pC_checkpointvpnlogin5.md │ │ │ ├── pC_checkpointvpnlogout1.md │ │ │ └── pC_checkpointvpnlogout2.md │ │ ├── RM │ │ │ ├── r_m_check_point_identity_awareness_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_check_point_identity_awareness_Account_Manipulation.md │ │ │ ├── r_m_check_point_identity_awareness_Brute_Force_Attack.md │ │ │ ├── r_m_check_point_identity_awareness_Compromised_Credentials.md │ │ │ ├── r_m_check_point_identity_awareness_Data_Access.md │ │ │ ├── r_m_check_point_identity_awareness_Data_Exfiltration.md │ │ │ ├── r_m_check_point_identity_awareness_Data_Leak.md │ │ │ ├── r_m_check_point_identity_awareness_Lateral_Movement.md │ │ │ ├── r_m_check_point_identity_awareness_Malware.md │ │ │ ├── r_m_check_point_identity_awareness_Phishing.md │ │ │ ├── r_m_check_point_identity_awareness_Physical_Security.md │ │ │ ├── r_m_check_point_identity_awareness_Privilege_Abuse.md │ │ │ ├── r_m_check_point_identity_awareness_Privilege_Escalation.md │ │ │ └── r_m_check_point_identity_awareness_Ransomware.md │ │ └── ds_check_point_identity_awareness.md │ ├── NGFW │ │ ├── 2_ds_check_point_ngfw.md │ │ ├── Ps │ │ │ ├── pC_cefcheckpointauthsuccessful.md │ │ │ ├── pC_cefcheckpointauthsuccessful1.md │ │ │ ├── pC_cefcheckpointauthsuccessful2.md │ │ │ ├── pC_cefcheckpointfirewall.md │ │ │ ├── pC_cefcheckpointfirewall1.md │ │ │ ├── pC_cefcheckpointfirewall2.md │ │ │ ├── pC_cefcheckpointfirewall3.md │ │ │ ├── pC_cefcheckpointfirewall4.md │ │ │ ├── pC_cefcheckpointfirewall5.md │ │ │ ├── pC_cefcheckpointfirewallaccept.md │ │ │ ├── pC_cefcheckpointlogout1.md │ │ │ ├── pC_cefcheckpointlogout2.md │ │ │ ├── pC_cefcheckpointvpnlogin2.md │ │ │ ├── pC_cefcheckpointvpnlogin3.md │ │ │ ├── pC_cefcheckpointvpnlogin4.md │ │ │ ├── pC_checkpoint5599networkconnection.md │ │ │ ├── pC_checkpointauthfailed.md │ │ │ ├── pC_checkpointauthsuccessful.md │ │ │ ├── pC_checkpointauthsuccessful1.md │ │ │ ├── pC_checkpointdlpalertout.md │ │ │ ├── pC_checkpointdlpemailalert.md │ │ │ ├── pC_checkpointfirewall1.md │ │ │ ├── pC_checkpointfirewallaccept.md │ │ │ ├── pC_checkpointfirewallaccept2.md │ │ │ ├── pC_checkpointfirewallallow2.md │ │ │ ├── pC_checkpointfirewalldrop.md │ │ │ ├── pC_checkpointfirewalldrop2.md │ │ │ ├── pC_checkpointfirewallnetworkalert.md │ │ │ ├── pC_checkpointfirewallnetworkalert1.md │ │ │ ├── pC_checkpointfirewallnetworkconnection1.md │ │ │ ├── pC_checkpointfirewallnetworkconnection2.md │ │ │ ├── pC_checkpointfirewallnetworkconnection3.md │ │ │ ├── pC_checkpointfirewallnetworkconnection4.md │ │ │ ├── pC_checkpointfirewallnetworkconnectionaccept.md │ │ │ ├── pC_checkpointfirewallnetworkconnectiondrop.md │ │ │ ├── pC_checkpointfirewallreject1.md │ │ │ ├── pC_checkpointlocallogon.md │ │ │ ├── pC_checkpointnetworkalert3.md │ │ │ ├── pC_checkpointnetworkalert6.md │ │ │ ├── pC_checkpointnetworkconnectionaccept1.md │ │ │ ├── pC_checkpointnetworkconnectionaccept2.md │ │ │ ├── pC_checkpointnetworkconnectionallow.md │ │ │ ├── pC_checkpointnetworkconnectiondrop1.md │ │ │ ├── pC_checkpointnetworkdecrypt.md │ │ │ ├── pC_checkpointnetworkencrypt.md │ │ │ ├── pC_checkpointproxy.md │ │ │ ├── pC_checkpointproxy1.md │ │ │ ├── pC_checkpointproxy2.md │ │ │ ├── pC_checkpointurlfiltering.md │ │ │ ├── pC_checkpointvpnauthentication.md │ │ │ ├── pC_checkpointvpnconnection.md │ │ │ ├── pC_checkpointvpnfirewall.md │ │ │ ├── pC_checkpointvpnlogin6.md │ │ │ ├── pC_checkpointvpnlogout.md │ │ │ ├── pC_checkpointwebactivity.md │ │ │ ├── pC_checkpointwebactivity1.md │ │ │ ├── pC_leefcheckpointalert.md │ │ │ ├── pC_leefcheckpointfirewall1.md │ │ │ ├── pC_leefcheckpointfirewall2.md │ │ │ ├── pC_leefcheckpointfirewall3.md │ │ │ ├── pC_leefcheckpointfirewall4.md │ │ │ ├── pC_rawcheckpointfirewall1.md │ │ │ ├── pC_rawcheckpointfirewall2.md │ │ │ ├── pC_rawcheckpointfirewallaccept.md │ │ │ ├── pC_rawcheckpointfirewallallow.md │ │ │ ├── pC_rawcheckpointfirewalldrop.md │ │ │ ├── pC_scheckpointfirewallaccept.md │ │ │ ├── pC_scheckpointfirewallallow.md │ │ │ ├── pC_scheckpointfirewallblock.md │ │ │ ├── pC_scheckpointfirewalldrop.md │ │ │ ├── pC_scheckpointfwnetworkconnection.md │ │ │ ├── pC_scheckpointproxy.md │ │ │ ├── pC_smartdashboardapplogin.md │ │ │ ├── pC_syslogcheckpointapplogin.md │ │ │ └── pC_syslogcheckpointapplogin1.md │ │ ├── RM │ │ │ ├── r_m_check_point_ngfw_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_check_point_ngfw_Account_Manipulation.md │ │ │ ├── r_m_check_point_ngfw_Brute_Force_Attack.md │ │ │ ├── r_m_check_point_ngfw_Compromised_Credentials.md │ │ │ ├── r_m_check_point_ngfw_Cryptomining.md │ │ │ ├── r_m_check_point_ngfw_Data_Access.md │ │ │ ├── r_m_check_point_ngfw_Data_Exfiltration.md │ │ │ ├── r_m_check_point_ngfw_Data_Leak.md │ │ │ ├── r_m_check_point_ngfw_Lateral_Movement.md │ │ │ ├── r_m_check_point_ngfw_Malware.md │ │ │ ├── r_m_check_point_ngfw_Phishing.md │ │ │ ├── r_m_check_point_ngfw_Physical_Security.md │ │ │ ├── r_m_check_point_ngfw_Privilege_Abuse.md │ │ │ ├── r_m_check_point_ngfw_Privilege_Escalation.md │ │ │ ├── r_m_check_point_ngfw_Privileged_Activity.md │ │ │ ├── r_m_check_point_ngfw_Ransomware.md │ │ │ └── r_m_check_point_ngfw_Workforce_Protection.md │ │ └── ds_check_point_ngfw.md │ ├── Security_Gateway │ │ ├── 2_ds_check_point_security_gateway.md │ │ ├── Ps │ │ │ ├── pC_cefcheckpointvpnend.md │ │ │ ├── pC_cefcheckpointvpnlogin.md │ │ │ ├── pC_cefcheckpointvpnlogin1.md │ │ │ ├── pC_cefconnectravpnchangeip.md │ │ │ ├── pC_cefconnectravpnlogin.md │ │ │ ├── pC_cefconnectravpnloginfailed.md │ │ │ ├── pC_cefconnectravpnlogout.md │ │ │ ├── pC_checkpointconnectrafailedvpnlogin.md │ │ │ ├── pC_checkpointconnectravpnlogin.md │ │ │ ├── pC_checkpointconnectravpnlogin1.md │ │ │ ├── pC_checkpointconnectravpnlogout.md │ │ │ ├── pC_checkpointfailedvpnlogin.md │ │ │ ├── pC_checkpointvpnlogin.md │ │ │ ├── pC_checkpointvpnlogin1.md │ │ │ ├── pC_checkpointvpnlogin2.md │ │ │ ├── pC_connectrafailedvpnlogin.md │ │ │ ├── pC_connectravpnend.md │ │ │ ├── pC_connectravpnlogin.md │ │ │ ├── pC_rsyslogchkpntvpnend.md │ │ │ ├── pC_rsyslogchkpntvpnsetip.md │ │ │ └── pC_rsyslogchkpntvpnstart.md │ │ ├── RM │ │ │ ├── r_m_check_point_security_gateway_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_check_point_security_gateway_Account_Manipulation.md │ │ │ ├── r_m_check_point_security_gateway_Brute_Force_Attack.md │ │ │ ├── r_m_check_point_security_gateway_Compromised_Credentials.md │ │ │ ├── r_m_check_point_security_gateway_Data_Access.md │ │ │ ├── r_m_check_point_security_gateway_Data_Exfiltration.md │ │ │ ├── r_m_check_point_security_gateway_Data_Leak.md │ │ │ ├── r_m_check_point_security_gateway_Lateral_Movement.md │ │ │ ├── r_m_check_point_security_gateway_Malware.md │ │ │ ├── r_m_check_point_security_gateway_Phishing.md │ │ │ ├── r_m_check_point_security_gateway_Physical_Security.md │ │ │ ├── r_m_check_point_security_gateway_Privilege_Abuse.md │ │ │ ├── r_m_check_point_security_gateway_Privilege_Escalation.md │ │ │ └── r_m_check_point_security_gateway_Ransomware.md │ │ └── ds_check_point_security_gateway.md │ ├── Security_Gateway_Virtual_Edition_(vSEC) │ │ ├── Ps │ │ │ ├── pC_connectraauthfailed.md │ │ │ ├── pC_connectraauthsuccessful.md │ │ │ └── pC_connectravpnlogin1.md │ │ ├── RM │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Compromised_Credentials.md │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Lateral_Movement.md │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Malware.md │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Physical_Security.md │ │ │ ├── r_m_check_point_security_gateway_virtual_edition_(vsec)_Privilege_Abuse.md │ │ │ └── r_m_check_point_security_gateway_virtual_edition_(vsec)_Ransomware.md │ │ └── ds_check_point_security_gateway_virtual_edition_(vsec).md │ └── Threat_Prevention │ │ ├── 2_ds_check_point_threat_prevention.md │ │ ├── Ps │ │ ├── pC_cefcheckpointnetworkalert.md │ │ ├── pC_checkpointfirewall2.md │ │ ├── pC_checkpointnetworkalert.md │ │ ├── pC_checkpointnetworkalert1.md │ │ ├── pC_checkpointnetworkalert2.md │ │ ├── pC_checkpointnetworkalert4.md │ │ └── pC_syslogcheckpointnetworkalert.md │ │ ├── RM │ │ ├── r_m_check_point_threat_prevention_Compromised_Credentials.md │ │ ├── r_m_check_point_threat_prevention_Lateral_Movement.md │ │ └── r_m_check_point_threat_prevention_Malware.md │ │ └── ds_check_point_threat_prevention.md ├── Cimtrak │ └── Cimtrak │ │ ├── Ps │ │ ├── pC_cimtrakfiledelete.md │ │ ├── pC_cimtrakfilewrite1.md │ │ └── pC_cimtrakfilewrite2.md │ │ ├── RM │ │ ├── r_m_cimtrak_cimtrak_Compromised_Credentials.md │ │ ├── r_m_cimtrak_cimtrak_Data_Access.md │ │ ├── r_m_cimtrak_cimtrak_Data_Exfiltration.md │ │ ├── r_m_cimtrak_cimtrak_Data_Leak.md │ │ ├── r_m_cimtrak_cimtrak_Destruction_of_Data.md │ │ ├── r_m_cimtrak_cimtrak_Malware.md │ │ ├── r_m_cimtrak_cimtrak_Privilege_Abuse.md │ │ ├── r_m_cimtrak_cimtrak_Privileged_Activity.md │ │ └── r_m_cimtrak_cimtrak_Ransomware.md │ │ └── ds_cimtrak_cimtrak.md ├── Cisco │ ├── ACI │ │ ├── Ps │ │ │ ├── pC_ciscoauthenticationfailed.md │ │ │ ├── pC_ciscoauthenticationsuccessful.md │ │ │ └── pC_ciscoconfigchange1.md │ │ ├── RM │ │ │ ├── r_m_cisco_aci_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_aci_Compromised_Credentials.md │ │ │ ├── r_m_cisco_aci_Lateral_Movement.md │ │ │ ├── r_m_cisco_aci_Malware.md │ │ │ └── r_m_cisco_aci_Ransomware.md │ │ └── ds_cisco_aci.md │ ├── ACS │ │ ├── Ps │ │ │ ├── pC_ciscoacsauthfailed.md │ │ │ ├── pC_ciscoacsauthsuccess.md │ │ │ ├── pC_ciscoacsauthsuccess2.md │ │ │ └── pC_ciscoacssystemactivity1.md │ │ ├── RM │ │ │ ├── r_m_cisco_acs_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_acs_Account_Manipulation.md │ │ │ ├── r_m_cisco_acs_Compromised_Credentials.md │ │ │ ├── r_m_cisco_acs_Data_Access.md │ │ │ ├── r_m_cisco_acs_Data_Leak.md │ │ │ ├── r_m_cisco_acs_Lateral_Movement.md │ │ │ ├── r_m_cisco_acs_Malware.md │ │ │ ├── r_m_cisco_acs_Privilege_Abuse.md │ │ │ ├── r_m_cisco_acs_Privilege_Escalation.md │ │ │ ├── r_m_cisco_acs_Privileged_Activity.md │ │ │ └── r_m_cisco_acs_Ransomware.md │ │ └── ds_cisco_acs.md │ ├── ADC │ │ ├── Ps │ │ │ └── pC_ciscoadcwebactivity.md │ │ ├── RM │ │ │ ├── r_m_cisco_adc_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_adc_Compromised_Credentials.md │ │ │ ├── r_m_cisco_adc_Cryptomining.md │ │ │ ├── r_m_cisco_adc_Data_Exfiltration.md │ │ │ ├── r_m_cisco_adc_Data_Leak.md │ │ │ ├── r_m_cisco_adc_Lateral_Movement.md │ │ │ ├── r_m_cisco_adc_Malware.md │ │ │ ├── r_m_cisco_adc_Phishing.md │ │ │ ├── r_m_cisco_adc_Privilege_Abuse.md │ │ │ ├── r_m_cisco_adc_Privileged_Activity.md │ │ │ ├── r_m_cisco_adc_Ransomware.md │ │ │ └── r_m_cisco_adc_Workforce_Protection.md │ │ └── ds_cisco_adc.md │ ├── Adaptive_Security_Appliance │ │ ├── 2_ds_cisco_adaptive_security_appliance.md │ │ ├── Ps │ │ │ ├── pC_asaaaacefvpnstart.md │ │ │ ├── pC_asaaaavpnstart.md │ │ │ ├── pC_asaaaavpnstop.md │ │ │ ├── pC_asanapcef7.1.7vpnstart.md │ │ │ ├── pC_asanapcefvpnend.md │ │ │ ├── pC_asanapcefvpnstart.md │ │ │ ├── pC_asasvccef7.1.7vpnend.md │ │ │ ├── pC_asasvccefvpnclose.md │ │ │ ├── pC_asasvcvpn713050end.md │ │ │ ├── pC_asasvcvpn716001start.md │ │ │ ├── pC_asasvcvpn716002end.md │ │ │ ├── pC_asasvcvpn716038start.md │ │ │ ├── pC_asasvcvpn716059start.md │ │ │ ├── pC_asasvcvpn751025start.md │ │ │ ├── pC_asasvcvpnstartiphone.md │ │ │ ├── pC_asawebactivity716003.md │ │ │ ├── pC_cefasa113004vpnstart.md │ │ │ ├── pC_cefasasvcvpnstart.md │ │ │ ├── pC_cefciscoasa113039vpnstart.md │ │ │ ├── pC_cefciscoasa721016vpnstart.md │ │ │ ├── pC_cefciscoasa722041vpnlogin.md │ │ │ ├── pC_cefciscoasaauthsuccessful.md │ │ │ ├── pC_cisco2960authfailed.md │ │ │ ├── pC_cisco2960authfailed1.md │ │ │ ├── pC_cisco2960authsuccessful.md │ │ │ ├── pC_ciscoasa113015.md │ │ │ ├── pC_ciscoasa746016.md │ │ │ ├── pC_ciscoasaauthenticationsuccessful.md │ │ │ ├── pC_ciscoasaauthfailed.md │ │ │ ├── pC_ciscoasaauthsuccessful.md │ │ │ ├── pC_ciscoasaconnectionbuilt302013.md │ │ │ ├── pC_ciscoasanetworkconnectionsuccessful.md │ │ │ ├── pC_ciscoasaprocesscreated.md │ │ │ ├── pC_ciscoasaprocesscreated1.md │ │ │ ├── pC_ciscoasavpnlogin.md │ │ │ ├── pC_ciscofileactivity.md │ │ │ ├── pC_ciscofpr113004.md │ │ │ ├── pC_ciscosshlogin.md │ │ │ ├── pC_nforwardedcefasanapvpnend.md │ │ │ ├── pC_nforwardedcefasanapvpnstart.md │ │ │ ├── pC_nforwardedcefasasvcvpnend.md │ │ │ ├── pC_nforwardedcefasasvcvpnstart.md │ │ │ ├── pC_qasa6113039vpnstart.md │ │ │ ├── pC_qasa722037vpnend.md │ │ │ ├── pC_rasaaaavpnend.md │ │ │ ├── pC_rasaaaavpnstart.md │ │ │ ├── pC_rawasa113004vpnstart.md │ │ │ ├── pC_rawasa113005.md │ │ │ ├── pC_rawasa1130051.md │ │ │ ├── pC_rawasa1130052.md │ │ │ ├── pC_rawasa713184vpnstart.md │ │ │ ├── pC_rawasa713228vpnstart.md │ │ │ ├── pC_rawasanapvpnend.md │ │ │ ├── pC_rawasasvcvpnend.md │ │ │ ├── pC_rawasasvcvpnstart.md │ │ │ ├── pC_rawciscovpnconcentratorend.md │ │ │ ├── pC_rawciscovpnconcentratorstart.md │ │ │ └── pC_sasa605005.md │ │ ├── RM │ │ │ ├── r_m_cisco_adaptive_security_appliance_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Account_Manipulation.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Audit_Tampering.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Compromised_Credentials.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Cryptomining.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Data_Access.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Data_Exfiltration.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Data_Leak.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Evasion.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Lateral_Movement.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Malware.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Phishing.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Physical_Security.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Privilege_Abuse.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Privilege_Escalation.md │ │ │ ├── r_m_cisco_adaptive_security_appliance_Privileged_Activity.md │ │ │ └── r_m_cisco_adaptive_security_appliance_Ransomware.md │ │ └── ds_cisco_adaptive_security_appliance.md │ ├── Advance_Malware_Protection_(AMP) │ │ ├── Ps │ │ │ └── pC_syslogciscoctasecurityalert.md │ │ ├── RM │ │ │ ├── r_m_cisco_advance_malware_protection_(amp)_Compromised_Credentials.md │ │ │ ├── r_m_cisco_advance_malware_protection_(amp)_Lateral_Movement.md │ │ │ ├── r_m_cisco_advance_malware_protection_(amp)_Malware.md │ │ │ └── r_m_cisco_advance_malware_protection_(amp)_Privileged_Activity.md │ │ └── ds_cisco_advance_malware_protection_(amp).md │ ├── Airespace │ │ ├── Ps │ │ │ └── pC_ciscoairespacenetworkalert.md │ │ ├── RM │ │ │ ├── r_m_cisco_airespace_Compromised_Credentials.md │ │ │ └── r_m_cisco_airespace_Malware.md │ │ └── ds_cisco_airespace.md │ ├── AnyConnect │ │ ├── Ps │ │ │ ├── pC_cefciscovpnend.md │ │ │ ├── pC_cefciscovpnstart.md │ │ │ ├── pC_ciscoprocessnetwork.md │ │ │ ├── pC_ciscovpnlogout.md │ │ │ ├── pC_ciscovpnlogout2.md │ │ │ ├── pC_ciscovpnstart.md │ │ │ ├── pC_ciscovpnstart2.md │ │ │ └── pC_ciscovpnstart3.md │ │ ├── RM │ │ │ ├── r_m_cisco_anyconnect_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_anyconnect_Account_Manipulation.md │ │ │ ├── r_m_cisco_anyconnect_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_anyconnect_Compromised_Credentials.md │ │ │ ├── r_m_cisco_anyconnect_Data_Access.md │ │ │ ├── r_m_cisco_anyconnect_Data_Exfiltration.md │ │ │ ├── r_m_cisco_anyconnect_Data_Leak.md │ │ │ ├── r_m_cisco_anyconnect_Lateral_Movement.md │ │ │ ├── r_m_cisco_anyconnect_Malware.md │ │ │ ├── r_m_cisco_anyconnect_Phishing.md │ │ │ ├── r_m_cisco_anyconnect_Physical_Security.md │ │ │ ├── r_m_cisco_anyconnect_Privilege_Abuse.md │ │ │ ├── r_m_cisco_anyconnect_Privilege_Escalation.md │ │ │ └── r_m_cisco_anyconnect_Ransomware.md │ │ └── ds_cisco_anyconnect.md │ ├── Call_Manager │ │ ├── 2_ds_cisco_call_manager.md │ │ ├── Ps │ │ │ ├── pC_ciscoappactivity.md │ │ │ ├── pC_ciscoauthfailed.md │ │ │ ├── pC_ciscoauthfailed1.md │ │ │ ├── pC_ciscoauthfailed2.md │ │ │ ├── pC_ciscoauthsuccessful.md │ │ │ ├── pC_ciscoauthsuccessful1.md │ │ │ └── pC_ciscoauthsuccessful2.md │ │ ├── RM │ │ │ ├── r_m_cisco_call_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_call_manager_Account_Manipulation.md │ │ │ ├── r_m_cisco_call_manager_Compromised_Credentials.md │ │ │ ├── r_m_cisco_call_manager_Data_Access.md │ │ │ ├── r_m_cisco_call_manager_Data_Leak.md │ │ │ ├── r_m_cisco_call_manager_Lateral_Movement.md │ │ │ ├── r_m_cisco_call_manager_Malware.md │ │ │ ├── r_m_cisco_call_manager_Privilege_Abuse.md │ │ │ ├── r_m_cisco_call_manager_Privilege_Escalation.md │ │ │ ├── r_m_cisco_call_manager_Privileged_Activity.md │ │ │ └── r_m_cisco_call_manager_Ransomware.md │ │ └── ds_cisco_call_manager.md │ ├── Catalyst_Wireless_Controller │ │ ├── Ps │ │ │ └── pC_ciscowlcremotelogon.md │ │ ├── RM │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Compromised_Credentials.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Lateral_Movement.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Malware.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Privilege_Abuse.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Privilege_Escalation.md │ │ │ ├── r_m_cisco_catalyst_wireless_controller_Privileged_Activity.md │ │ │ └── r_m_cisco_catalyst_wireless_controller_Ransomware.md │ │ └── ds_cisco_catalyst_wireless_controller.md │ ├── Cisco │ │ ├── Ps │ │ │ ├── pC_ciscosshlogin1.md │ │ │ ├── pC_duoappactivity10.md │ │ │ ├── pC_duoappactivity6.md │ │ │ ├── pC_duoappactivity7.md │ │ │ ├── pC_duoappactivity8.md │ │ │ └── pC_duoappactivity9.md │ │ ├── RM │ │ │ ├── r_m_cisco_cisco_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_cisco_Account_Manipulation.md │ │ │ ├── r_m_cisco_cisco_Compromised_Credentials.md │ │ │ ├── r_m_cisco_cisco_Data_Access.md │ │ │ ├── r_m_cisco_cisco_Data_Leak.md │ │ │ ├── r_m_cisco_cisco_Lateral_Movement.md │ │ │ ├── r_m_cisco_cisco_Malware.md │ │ │ ├── r_m_cisco_cisco_Privilege_Abuse.md │ │ │ ├── r_m_cisco_cisco_Privilege_Escalation.md │ │ │ ├── r_m_cisco_cisco_Privileged_Activity.md │ │ │ └── r_m_cisco_cisco_Ransomware.md │ │ └── ds_cisco_cisco.md │ ├── Cisco_Secure_Email │ │ ├── Ps │ │ │ └── pC_ciscoesadlpalert2.md │ │ ├── RM │ │ │ ├── r_m_cisco_cisco_secure_email_Data_Leak.md │ │ │ ├── r_m_cisco_cisco_secure_email_Malware.md │ │ │ ├── r_m_cisco_cisco_secure_email_Phishing.md │ │ │ ├── r_m_cisco_cisco_secure_email_Privilege_Abuse.md │ │ │ ├── r_m_cisco_cisco_secure_email_Privileged_Activity.md │ │ │ └── r_m_cisco_cisco_secure_email_Workforce_Protection.md │ │ └── ds_cisco_cisco_secure_email.md │ ├── CloudLock │ │ ├── Ps │ │ │ └── pC_jsonciscocloudlockdlp.md │ │ ├── RM │ │ │ ├── r_m_cisco_cloudlock_Data_Exfiltration.md │ │ │ ├── r_m_cisco_cloudlock_Data_Leak.md │ │ │ └── r_m_cisco_cloudlock_Malware.md │ │ └── ds_cisco_cloudlock.md │ ├── Cloud_Web_Security │ │ ├── Ps │ │ │ ├── pC_cwsproxy.md │ │ │ ├── pC_cwsproxy1.md │ │ │ └── pC_scwsproxy.md │ │ ├── RM │ │ │ ├── r_m_cisco_cloud_web_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_cloud_web_security_Compromised_Credentials.md │ │ │ ├── r_m_cisco_cloud_web_security_Cryptomining.md │ │ │ ├── r_m_cisco_cloud_web_security_Data_Exfiltration.md │ │ │ ├── r_m_cisco_cloud_web_security_Data_Leak.md │ │ │ ├── r_m_cisco_cloud_web_security_Lateral_Movement.md │ │ │ ├── r_m_cisco_cloud_web_security_Malware.md │ │ │ ├── r_m_cisco_cloud_web_security_Phishing.md │ │ │ ├── r_m_cisco_cloud_web_security_Privilege_Abuse.md │ │ │ ├── r_m_cisco_cloud_web_security_Privileged_Activity.md │ │ │ ├── r_m_cisco_cloud_web_security_Ransomware.md │ │ │ └── r_m_cisco_cloud_web_security_Workforce_Protection.md │ │ └── ds_cisco_cloud_web_security.md │ ├── Console │ │ ├── Ps │ │ │ └── pC_ciscoconfigchange.md │ │ ├── RM │ │ │ └── r_m_cisco_console_Enrichment.md │ │ └── ds_cisco_console.md │ ├── DHCP │ │ ├── Ps │ │ │ └── pC_ciscodhcp.md │ │ ├── RM │ │ │ └── r_m_cisco_dhcp_Enrichment.md │ │ └── ds_cisco_dhcp.md │ ├── Duo_Access_Security │ │ ├── 2_ds_cisco_duo_access_security.md │ │ ├── Ps │ │ │ ├── pC_cefduoappactivity.md │ │ │ ├── pC_cefduoappactivity1.md │ │ │ ├── pC_cefduoapplogin.md │ │ │ ├── pC_cefduoapplogin1.md │ │ │ ├── pC_cefduoauth.md │ │ │ ├── pC_cefduoauthentication.md │ │ │ ├── pC_cefduofailedapplogin1.md │ │ │ ├── pC_cefduovpnlogin.md │ │ │ ├── pC_cefduovpnloginfailed.md │ │ │ ├── pC_ciscoduoaccountlockout.md │ │ │ ├── pC_ciscoduopasswordreset.md │ │ │ ├── pC_duoappactivity.md │ │ │ ├── pC_duoappactivity1.md │ │ │ ├── pC_duoappactivity14.md │ │ │ ├── pC_duoappactivity15.md │ │ │ ├── pC_duoappactivity2.md │ │ │ ├── pC_duoappactivity3.md │ │ │ ├── pC_duoappactivity4.md │ │ │ ├── pC_duoapplogin.md │ │ │ ├── pC_duoapplogin1.md │ │ │ ├── pC_duofailedapplogin.md │ │ │ ├── pC_jsonduoauthattempt.md │ │ │ ├── pC_qduoappactivity1.md │ │ │ ├── pC_qduoappactivity2.md │ │ │ ├── pC_qduoappactivity3.md │ │ │ ├── pC_qduoappactivity4.md │ │ │ ├── pC_qduoappactivity5.md │ │ │ ├── pC_qduoapplogin.md │ │ │ ├── pC_qduoauthfailed.md │ │ │ ├── pC_qduoauthsuccessful.md │ │ │ ├── pC_qduofailedapplogin.md │ │ │ ├── pC_sduoappactivity.md │ │ │ ├── pC_sduoapplogin.md │ │ │ ├── pC_sduoauthjson.md │ │ │ ├── pC_sduoauthjson1.md │ │ │ ├── pC_sduoauthjson2.md │ │ │ ├── pC_sduoauthsetip.md │ │ │ ├── pC_sduoauthsuccessful.md │ │ │ ├── pC_sduofailedapplogin.md │ │ │ ├── pC_sduofailedapplogin1.md │ │ │ └── pC_uduoauthjson.md │ │ ├── RM │ │ │ ├── r_m_cisco_duo_access_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_duo_access_security_Account_Manipulation.md │ │ │ ├── r_m_cisco_duo_access_security_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_duo_access_security_Compromised_Credentials.md │ │ │ ├── r_m_cisco_duo_access_security_Data_Access.md │ │ │ ├── r_m_cisco_duo_access_security_Data_Leak.md │ │ │ ├── r_m_cisco_duo_access_security_Lateral_Movement.md │ │ │ ├── r_m_cisco_duo_access_security_Malware.md │ │ │ ├── r_m_cisco_duo_access_security_Physical_Security.md │ │ │ ├── r_m_cisco_duo_access_security_Privilege_Abuse.md │ │ │ ├── r_m_cisco_duo_access_security_Privilege_Escalation.md │ │ │ ├── r_m_cisco_duo_access_security_Privileged_Activity.md │ │ │ └── r_m_cisco_duo_access_security_Ransomware.md │ │ └── ds_cisco_duo_access_security.md │ ├── Firepower │ │ ├── 2_ds_cisco_firepower.md │ │ ├── Ps │ │ │ ├── pC_cefciscofirepower.md │ │ │ ├── pC_cefciscofirepowerdnsquery.md │ │ │ ├── pC_cefsourcefireestreameralert.md │ │ │ ├── pC_ciscodnsresponse.md │ │ │ ├── pC_ciscofiresightalert.md │ │ │ ├── pC_ciscoftd113004.md │ │ │ ├── pC_ciscoftd716039.md │ │ │ ├── pC_ciscoftd721016.md │ │ │ ├── pC_ciscoftd721018.md │ │ │ ├── pC_ciscoftd722041.md │ │ │ ├── pC_ciscoftd746014.md │ │ │ ├── pC_ciscoftd746015.md │ │ │ ├── pC_ciscoftd746016.md │ │ │ ├── pC_ciscoftdconnectionbuilt302013.md │ │ │ ├── pC_ciscoftdfiledownload.md │ │ │ ├── pC_ciscoftdfirewall1.md │ │ │ ├── pC_ciscoftdfirewall2.md │ │ │ ├── pC_ciscoftdfirewall3.md │ │ │ ├── pC_ciscoftdfirewall4.md │ │ │ ├── pC_ciscoftdfirewall5.md │ │ │ ├── pC_ciscoftdfirewall6.md │ │ │ ├── pC_ciscoftdfirewall7.md │ │ │ ├── pC_ciscoftdfirewall8.md │ │ │ ├── pC_ciscoftdfirewall9.md │ │ │ ├── pC_ciscoftdpermitany.md │ │ │ ├── pC_ciscoftdprocesscreated.md │ │ │ ├── pC_ciscoftdprocesscreated1.md │ │ │ ├── pC_ciscoftdprocesscreated2.md │ │ │ ├── pC_cisconetflowconnection1.md │ │ │ ├── pC_ciscosourcefirealert.md │ │ │ ├── pC_estreamerdnsquery.md │ │ │ ├── pC_firepowerdnsresponse.md │ │ │ ├── pC_firepowernetworkalert.md │ │ │ ├── pC_firepowernetworkalert1.md │ │ │ ├── pC_jsonciscofiresightalert1.md │ │ │ ├── pC_merakifirepoweractivedir.md │ │ │ ├── pC_qfiresightalert.md │ │ │ ├── pC_qfiresightalert2.md │ │ │ ├── pC_qfiresightalert3.md │ │ │ ├── pC_qfiresightalert4.md │ │ │ ├── pC_sestreamernetworkconnection.md │ │ │ ├── pC_sestreamernetworkconnection1.md │ │ │ ├── pC_sestreamernetworkconnection2.md │ │ │ ├── pC_sestreamersecurityalert.md │ │ │ ├── pC_sourcefireestreameralert.md │ │ │ ├── pC_sourcefireestreameralert2.md │ │ │ ├── pC_sourcefirenetworkalert.md │ │ │ ├── pC_sourcefirenetworkalert1.md │ │ │ ├── pC_sourcefirenetworkalert2.md │ │ │ ├── pC_sourcefirenetworkalert3.md │ │ │ ├── pC_sourcefirenetworkalert4.md │ │ │ ├── pC_sourcefirenetworkalert5.md │ │ │ ├── pC_sourcefireproxy.md │ │ │ ├── pC_sourcefireproxy1.md │ │ │ └── pC_sourcefiresecurityalert.md │ │ ├── RM │ │ │ ├── r_m_cisco_firepower_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_firepower_Account_Manipulation.md │ │ │ ├── r_m_cisco_firepower_Audit_Tampering.md │ │ │ ├── r_m_cisco_firepower_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_firepower_Compromised_Credentials.md │ │ │ ├── r_m_cisco_firepower_Cryptomining.md │ │ │ ├── r_m_cisco_firepower_Data_Access.md │ │ │ ├── r_m_cisco_firepower_Data_Exfiltration.md │ │ │ ├── r_m_cisco_firepower_Data_Leak.md │ │ │ ├── r_m_cisco_firepower_Evasion.md │ │ │ ├── r_m_cisco_firepower_Lateral_Movement.md │ │ │ ├── r_m_cisco_firepower_Malware.md │ │ │ ├── r_m_cisco_firepower_Phishing.md │ │ │ ├── r_m_cisco_firepower_Physical_Security.md │ │ │ ├── r_m_cisco_firepower_Privilege_Abuse.md │ │ │ ├── r_m_cisco_firepower_Privilege_Escalation.md │ │ │ ├── r_m_cisco_firepower_Privileged_Activity.md │ │ │ ├── r_m_cisco_firepower_Ransomware.md │ │ │ └── r_m_cisco_firepower_Workforce_Protection.md │ │ └── ds_cisco_firepower.md │ ├── ISE │ │ ├── 2_ds_cisco_ise.md │ │ ├── Ps │ │ │ ├── pC_cefciscoacsauthfailed.md │ │ │ ├── pC_cefciscoacsauthsuccessful.md │ │ │ ├── pC_cefciscoisenacfailedlogon.md │ │ │ ├── pC_cefciscoisenaclogon.md │ │ │ ├── pC_cefciscoisenaclogon1.md │ │ │ ├── pC_cefciscoisenaclogon2.md │ │ │ ├── pC_cefnaclogon.md │ │ │ ├── pC_ciscoacsnaclogon.md │ │ │ ├── pC_ciscoacsvpnlogin.md │ │ │ ├── pC_ciscoacsvpnloginfailed.md │ │ │ ├── pC_ciscoacsvpnlogout.md │ │ │ ├── pC_ciscoisenacsshlogin.md │ │ │ ├── pC_ciscoisetacacslogin.md │ │ │ ├── pC_ciscoisevpnlogout.md │ │ │ ├── pC_cisconacfailedlogon.md │ │ │ ├── pC_cisconaclogon.md │ │ │ ├── pC_cisconaclogon1.md │ │ │ ├── pC_cisconaclogon2.md │ │ │ ├── pC_cisconaclogon3.md │ │ │ ├── pC_ciseconfigchange.md │ │ │ ├── pC_ciseconfigchange1.md │ │ │ ├── pC_ciseremotelogon.md │ │ │ ├── pC_ciseremotelogon1.md │ │ │ ├── pC_ciseremotelogon2.md │ │ │ ├── pC_ciseremotelogon3.md │ │ │ ├── pC_nforwardedcefnaclogon.md │ │ │ ├── pC_qciscoacsnaclogon.md │ │ │ ├── pC_sciscoacsappactivity.md │ │ │ ├── pC_sciscoacsauthfailed.md │ │ │ ├── pC_sciscoacsauthsuccessful.md │ │ │ ├── pC_sciscoacsnacfailedlogon.md │ │ │ ├── pC_sciscoacsnaclogon.md │ │ │ ├── pC_snacfailedlogon.md │ │ │ ├── pC_snacfailedlogon1.md │ │ │ ├── pC_snacfailedlogon2.md │ │ │ ├── pC_snaclogon.md │ │ │ ├── pC_snaclogon1.md │ │ │ └── pC_snaclogon2.md │ │ ├── RM │ │ │ ├── r_m_cisco_ise_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_ise_Account_Manipulation.md │ │ │ ├── r_m_cisco_ise_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_ise_Compromised_Credentials.md │ │ │ ├── r_m_cisco_ise_Data_Access.md │ │ │ ├── r_m_cisco_ise_Data_Exfiltration.md │ │ │ ├── r_m_cisco_ise_Data_Leak.md │ │ │ ├── r_m_cisco_ise_Lateral_Movement.md │ │ │ ├── r_m_cisco_ise_Malware.md │ │ │ ├── r_m_cisco_ise_Phishing.md │ │ │ ├── r_m_cisco_ise_Physical_Security.md │ │ │ ├── r_m_cisco_ise_Privilege_Abuse.md │ │ │ ├── r_m_cisco_ise_Privilege_Escalation.md │ │ │ ├── r_m_cisco_ise_Privileged_Activity.md │ │ │ └── r_m_cisco_ise_Ransomware.md │ │ └── ds_cisco_ise.md │ ├── IronPort_Email │ │ ├── 2_ds_cisco_ironport_email.md │ │ ├── Ps │ │ │ ├── pC_ironportdlpemailalert.md │ │ │ ├── pC_lironportdlpemailalert.md │ │ │ ├── pC_sironportdlpemailalert.md │ │ │ ├── pC_sironportemailrecipient.md │ │ │ ├── pC_sironportemailsender.md │ │ │ └── pC_sironportemailsender1.md │ │ ├── RM │ │ │ ├── r_m_cisco_ironport_email_Data_Leak.md │ │ │ ├── r_m_cisco_ironport_email_Malware.md │ │ │ ├── r_m_cisco_ironport_email_Phishing.md │ │ │ ├── r_m_cisco_ironport_email_Privilege_Abuse.md │ │ │ ├── r_m_cisco_ironport_email_Privileged_Activity.md │ │ │ └── r_m_cisco_ironport_email_Workforce_Protection.md │ │ └── ds_cisco_ironport_email.md │ ├── IronPort_Web_Security │ │ ├── 2_ds_cisco_ironport_web_security.md │ │ ├── Ps │ │ │ ├── pC_ironportproxy.md │ │ │ ├── pC_ironportproxy1.md │ │ │ ├── pC_ironportproxy3.md │ │ │ ├── pC_ironportproxy4.md │ │ │ ├── pC_ironportproxyparser10.md │ │ │ ├── pC_ironportproxyparser11.md │ │ │ ├── pC_ironportproxyparser12.md │ │ │ ├── pC_ironportproxyparser13.md │ │ │ ├── pC_ironportproxyparser14.md │ │ │ ├── pC_ironportproxyparser15.md │ │ │ ├── pC_ironportproxyparser16.md │ │ │ ├── pC_ironportproxyparser3.md │ │ │ ├── pC_ironportproxyparser4.md │ │ │ ├── pC_ironportproxyparser5.md │ │ │ ├── pC_ironportproxyparser6.md │ │ │ ├── pC_ironportproxyparser7.md │ │ │ ├── pC_ironportproxyparser8.md │ │ │ └── pC_ironportproxyparser9.md │ │ ├── RM │ │ │ ├── r_m_cisco_ironport_web_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_ironport_web_security_Compromised_Credentials.md │ │ │ ├── r_m_cisco_ironport_web_security_Cryptomining.md │ │ │ ├── r_m_cisco_ironport_web_security_Data_Exfiltration.md │ │ │ ├── r_m_cisco_ironport_web_security_Data_Leak.md │ │ │ ├── r_m_cisco_ironport_web_security_Lateral_Movement.md │ │ │ ├── r_m_cisco_ironport_web_security_Malware.md │ │ │ ├── r_m_cisco_ironport_web_security_Phishing.md │ │ │ ├── r_m_cisco_ironport_web_security_Privilege_Abuse.md │ │ │ ├── r_m_cisco_ironport_web_security_Privileged_Activity.md │ │ │ ├── r_m_cisco_ironport_web_security_Ransomware.md │ │ │ └── r_m_cisco_ironport_web_security_Workforce_Protection.md │ │ └── ds_cisco_ironport_web_security.md │ ├── Meraki_MX_appliances │ │ ├── 2_ds_cisco_meraki_mx_appliances.md │ │ ├── Ps │ │ │ ├── pC_cefmerakinetworkalert.md │ │ │ ├── pC_ciscomerakivpnstart.md │ │ │ ├── pC_ciscomerakivpnstop.md │ │ │ ├── pC_ciscomerakiwebactivity.md │ │ │ ├── pC_merakiipflowstart.md │ │ │ ├── pC_merakinetworkalert.md │ │ │ ├── pC_merakinetworkconnection.md │ │ │ ├── pC_merakinetworkconnection1.md │ │ │ └── pC_merakiwebactivitydenied.md │ │ ├── RM │ │ │ ├── r_m_cisco_meraki_mx_appliances_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Account_Manipulation.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Brute_Force_Attack.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Compromised_Credentials.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Cryptomining.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Data_Access.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Data_Exfiltration.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Data_Leak.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Lateral_Movement.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Malware.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Phishing.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Physical_Security.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Privilege_Abuse.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Privilege_Escalation.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Privileged_Activity.md │ │ │ ├── r_m_cisco_meraki_mx_appliances_Ransomware.md │ │ │ └── r_m_cisco_meraki_mx_appliances_Workforce_Protection.md │ │ └── ds_cisco_meraki_mx_appliances.md │ ├── NPE │ │ ├── Ps │ │ │ └── pC_ciscoprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_cisco_npe_Account_Manipulation.md │ │ │ ├── r_m_cisco_npe_Audit_Tampering.md │ │ │ ├── r_m_cisco_npe_Compromised_Credentials.md │ │ │ ├── r_m_cisco_npe_Cryptomining.md │ │ │ ├── r_m_cisco_npe_Data_Access.md │ │ │ ├── r_m_cisco_npe_Data_Exfiltration.md │ │ │ ├── r_m_cisco_npe_Evasion.md │ │ │ ├── r_m_cisco_npe_Lateral_Movement.md │ │ │ ├── r_m_cisco_npe_Malware.md │ │ │ ├── r_m_cisco_npe_Phishing.md │ │ │ ├── r_m_cisco_npe_Privilege_Abuse.md │ │ │ ├── r_m_cisco_npe_Privilege_Escalation.md │ │ │ ├── r_m_cisco_npe_Privileged_Activity.md │ │ │ └── r_m_cisco_npe_Ransomware.md │ │ └── ds_cisco_npe.md │ ├── Netflow │ │ ├── Ps │ │ │ ├── pC_cisconetflowconnection.md │ │ │ ├── pC_cisconetflowconnection2.md │ │ │ ├── pC_jsoncisconetflowconnection.md │ │ │ └── pC_jsoncisconetflowconnection1.md │ │ ├── RM │ │ │ ├── r_m_cisco_netflow_Compromised_Credentials.md │ │ │ ├── r_m_cisco_netflow_Data_Exfiltration.md │ │ │ ├── r_m_cisco_netflow_Lateral_Movement.md │ │ │ └── r_m_cisco_netflow_Malware.md │ │ └── ds_cisco_netflow.md │ ├── Proxy_Umbrella │ │ ├── Ps │ │ │ ├── pC_ciscoumbrellanetworkconnection.md │ │ │ └── pC_ciscoumbrellaproxy.md │ │ ├── RM │ │ │ ├── r_m_cisco_proxy_umbrella_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_proxy_umbrella_Compromised_Credentials.md │ │ │ ├── r_m_cisco_proxy_umbrella_Cryptomining.md │ │ │ ├── r_m_cisco_proxy_umbrella_Data_Exfiltration.md │ │ │ ├── r_m_cisco_proxy_umbrella_Data_Leak.md │ │ │ ├── r_m_cisco_proxy_umbrella_Lateral_Movement.md │ │ │ ├── r_m_cisco_proxy_umbrella_Malware.md │ │ │ ├── r_m_cisco_proxy_umbrella_Phishing.md │ │ │ ├── r_m_cisco_proxy_umbrella_Privilege_Abuse.md │ │ │ ├── r_m_cisco_proxy_umbrella_Privileged_Activity.md │ │ │ ├── r_m_cisco_proxy_umbrella_Ransomware.md │ │ │ └── r_m_cisco_proxy_umbrella_Workforce_Protection.md │ │ └── ds_cisco_proxy_umbrella.md │ ├── Secure_Email │ │ ├── Ps │ │ │ ├── pC_ciscoesadlpalert.md │ │ │ └── pC_ciscoesadlpalert1.md │ │ ├── RM │ │ │ ├── r_m_cisco_secure_email_Data_Leak.md │ │ │ ├── r_m_cisco_secure_email_Malware.md │ │ │ ├── r_m_cisco_secure_email_Phishing.md │ │ │ ├── r_m_cisco_secure_email_Privilege_Abuse.md │ │ │ ├── r_m_cisco_secure_email_Privileged_Activity.md │ │ │ └── r_m_cisco_secure_email_Workforce_Protection.md │ │ └── ds_cisco_secure_email.md │ ├── Secure_Endpoint │ │ ├── 2_ds_cisco_secure_endpoint.md │ │ ├── Ps │ │ │ ├── pC_sciscoampalert1.md │ │ │ ├── pC_sciscoampalert10.md │ │ │ ├── pC_sciscoampalert11.md │ │ │ ├── pC_sciscoampalert13.md │ │ │ ├── pC_sciscoampalert14.md │ │ │ ├── pC_sciscoampalert15.md │ │ │ ├── pC_sciscoampalert16.md │ │ │ ├── pC_sciscoampalert2.md │ │ │ ├── pC_sciscoampalert3.md │ │ │ ├── pC_sciscoampalert5.md │ │ │ ├── pC_sciscoampalert7.md │ │ │ ├── pC_sciscoampalert8.md │ │ │ └── pC_sciscoampalert9.md │ │ ├── RM │ │ │ ├── r_m_cisco_secure_endpoint_Compromised_Credentials.md │ │ │ ├── r_m_cisco_secure_endpoint_Lateral_Movement.md │ │ │ ├── r_m_cisco_secure_endpoint_Malware.md │ │ │ └── r_m_cisco_secure_endpoint_Privileged_Activity.md │ │ └── ds_cisco_secure_endpoint.md │ ├── Secure_Network_Analytics │ │ ├── Ps │ │ │ ├── pC_cefstealthwatchnetworkalert.md │ │ │ ├── pC_leefstealthwatchnetworkalert.md │ │ │ ├── pC_sstealthwatchnetworkalert.md │ │ │ ├── pC_stealthwatchnetworkalert.md │ │ │ ├── pC_stealthwatchnetworkalert1.md │ │ │ ├── pC_stealthwatchnetworkalert2.md │ │ │ ├── pC_stealthwatchnetworkalert3.md │ │ │ └── pC_stealthwatchnetworkalert4.md │ │ ├── RM │ │ │ ├── r_m_cisco_secure_network_analytics_Compromised_Credentials.md │ │ │ └── r_m_cisco_secure_network_analytics_Malware.md │ │ └── ds_cisco_secure_network_analytics.md │ ├── Secure_Web_Appliance │ │ ├── 2_ds_cisco_secure_web_appliance.md │ │ ├── Ps │ │ │ ├── pC_ciscow3cproxy.md │ │ │ ├── pC_ciscowsasquidproxy.md │ │ │ ├── pC_ciscowsawebactivity.md │ │ │ ├── pC_ciscowsawebactivity1.md │ │ │ ├── pC_elkciscowsawebactivity.md │ │ │ ├── pC_qwsaproxy.md │ │ │ ├── pC_syslogciscowsawebactivity.md │ │ │ └── pC_syslogciscowsawebactivitynxlog.md │ │ ├── RM │ │ │ ├── r_m_cisco_secure_web_appliance_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_secure_web_appliance_Compromised_Credentials.md │ │ │ ├── r_m_cisco_secure_web_appliance_Cryptomining.md │ │ │ ├── r_m_cisco_secure_web_appliance_Data_Exfiltration.md │ │ │ ├── r_m_cisco_secure_web_appliance_Data_Leak.md │ │ │ ├── r_m_cisco_secure_web_appliance_Lateral_Movement.md │ │ │ ├── r_m_cisco_secure_web_appliance_Malware.md │ │ │ ├── r_m_cisco_secure_web_appliance_Phishing.md │ │ │ ├── r_m_cisco_secure_web_appliance_Privilege_Abuse.md │ │ │ ├── r_m_cisco_secure_web_appliance_Privileged_Activity.md │ │ │ ├── r_m_cisco_secure_web_appliance_Ransomware.md │ │ │ └── r_m_cisco_secure_web_appliance_Workforce_Protection.md │ │ └── ds_cisco_secure_web_appliance.md │ ├── TACACS │ │ ├── Ps │ │ │ ├── pC_ciscotacacsauthenticationfailed.md │ │ │ └── pC_tacacsprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_cisco_tacacs_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_tacacs_Account_Manipulation.md │ │ │ ├── r_m_cisco_tacacs_Audit_Tampering.md │ │ │ ├── r_m_cisco_tacacs_Compromised_Credentials.md │ │ │ ├── r_m_cisco_tacacs_Cryptomining.md │ │ │ ├── r_m_cisco_tacacs_Data_Access.md │ │ │ ├── r_m_cisco_tacacs_Data_Exfiltration.md │ │ │ ├── r_m_cisco_tacacs_Evasion.md │ │ │ ├── r_m_cisco_tacacs_Lateral_Movement.md │ │ │ ├── r_m_cisco_tacacs_Malware.md │ │ │ ├── r_m_cisco_tacacs_Phishing.md │ │ │ ├── r_m_cisco_tacacs_Privilege_Abuse.md │ │ │ ├── r_m_cisco_tacacs_Privilege_Escalation.md │ │ │ ├── r_m_cisco_tacacs_Privileged_Activity.md │ │ │ └── r_m_cisco_tacacs_Ransomware.md │ │ └── ds_cisco_tacacs.md │ ├── Umbrella │ │ ├── 2_ds_cisco_umbrella.md │ │ ├── Ps │ │ │ ├── pC_cefciscodnsresponsesk4.md │ │ │ ├── pC_cefciscodnsresponsesk42.md │ │ │ ├── pC_cefciscodnsresponsesk43.md │ │ │ ├── pC_cefciscodnsresponsesk44.md │ │ │ ├── pC_cefciscodnsresponsesk4adcomputers.md │ │ │ ├── pC_cefciscodnsresponsesk4adusers.md │ │ │ ├── pC_cefciscodnsresponsesk4internalnetworks.md │ │ │ ├── pC_cefciscodnsresponsesk4networks.md │ │ │ ├── pC_cefciscodnsresponsesk4roamingclient.md │ │ │ ├── pC_cefciscodnsresponsesk4roamingcomputer.md │ │ │ ├── pC_ciscodnsresponse1.md │ │ │ ├── pC_ciscodnsresponse2.md │ │ │ ├── pC_ciscoumbrellaintelligentproxy.md │ │ │ ├── pC_clciscodnsresponsesk44.md │ │ │ ├── pC_qciscodnsresponse.md │ │ │ ├── pC_sopendnsdnsresponse.md │ │ │ ├── pC_sopendnsdnsresponse1.md │ │ │ ├── pC_sopendnsdnsresponse10.md │ │ │ ├── pC_sopendnsdnsresponse2.md │ │ │ ├── pC_sopendnsdnsresponse3.md │ │ │ ├── pC_sopendnsdnsresponse4.md │ │ │ ├── pC_sopendnsdnsresponse5.md │ │ │ ├── pC_sopendnsdnsresponse6.md │ │ │ ├── pC_sopendnsdnsresponse7.md │ │ │ ├── pC_sopendnsdnsresponse8.md │ │ │ └── pC_sopendnsdnsresponse9.md │ │ ├── RM │ │ │ ├── r_m_cisco_umbrella_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cisco_umbrella_Compromised_Credentials.md │ │ │ ├── r_m_cisco_umbrella_Cryptomining.md │ │ │ ├── r_m_cisco_umbrella_Data_Exfiltration.md │ │ │ ├── r_m_cisco_umbrella_Data_Leak.md │ │ │ ├── r_m_cisco_umbrella_Lateral_Movement.md │ │ │ ├── r_m_cisco_umbrella_Malware.md │ │ │ ├── r_m_cisco_umbrella_Phishing.md │ │ │ ├── r_m_cisco_umbrella_Privilege_Abuse.md │ │ │ ├── r_m_cisco_umbrella_Privileged_Activity.md │ │ │ ├── r_m_cisco_umbrella_Ransomware.md │ │ │ └── r_m_cisco_umbrella_Workforce_Protection.md │ │ └── ds_cisco_umbrella.md │ └── Unified_Computing_System │ │ ├── Ps │ │ └── pC_ciscoucsauthenticationfailed.md │ │ ├── RM │ │ ├── r_m_cisco_unified_computing_system_Abnormal_Authentication_&_Access.md │ │ ├── r_m_cisco_unified_computing_system_Lateral_Movement.md │ │ └── r_m_cisco_unified_computing_system_Ransomware.md │ │ └── ds_cisco_unified_computing_system.md ├── Citrix │ ├── Citrix_AppFW │ │ ├── Ps │ │ │ ├── pC_citrixappfw400resp.md │ │ │ ├── pC_citrixappfwbufferoverflowcookie.md │ │ │ ├── pC_citrixappfwbufferoverflowurl.md │ │ │ ├── pC_citrixappfwcontenttype.md │ │ │ ├── pC_citrixappfwcsrftag.md │ │ │ ├── pC_citrixappfwcsrftag1.md │ │ │ ├── pC_citrixappfwdenyurl.md │ │ │ ├── pC_citrixappfwfieldconsistency.md │ │ │ ├── pC_citrixappfwfieldconsistency1.md │ │ │ ├── pC_citrixappfwfieldformat.md │ │ │ ├── pC_citrixappfwmalformedreqerr.md │ │ │ ├── pC_citrixappfwmultipleheader.md │ │ │ ├── pC_citrixappfwpolicy_hit.md │ │ │ ├── pC_citrixappfwrefererheader.md │ │ │ ├── pC_citrixappfwrefererheader1.md │ │ │ ├── pC_citrixappfwsignaturematch.md │ │ │ ├── pC_citrixappfwsql.md │ │ │ ├── pC_citrixappfwstarturl.md │ │ │ ├── pC_citrixappfwstarturl1.md │ │ │ └── pC_citrixappfwxss.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_appfw_Lateral_Movement.md │ │ │ └── r_m_citrix_citrix_appfw_Malware.md │ │ └── ds_citrix_citrix_appfw.md │ ├── Citrix_Endpoint_Management │ │ ├── Ps │ │ │ └── pC_citrixendpointmgmtactivity.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_endpoint_management_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Account_Manipulation.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Data_Access.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Data_Leak.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Malware.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_endpoint_management_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_endpoint_management_Ransomware.md │ │ └── ds_citrix_citrix_endpoint_management.md │ ├── Citrix_Gateway_ActiveSync_Connector │ │ ├── Ps │ │ │ ├── pC_citrixactivesyncappactivity.md │ │ │ └── pC_citrixactivesyncappactivityfailed.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Account_Manipulation.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Data_Access.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Data_Leak.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Malware.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_gateway_activesync_connector_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_gateway_activesync_connector_Ransomware.md │ │ └── ds_citrix_citrix_gateway_activesync_connector.md │ ├── Citrix_Netscaler │ │ ├── 2_ds_citrix_citrix_netscaler.md │ │ ├── Ps │ │ │ ├── pC_netscalerceffailedvpnlogin.md │ │ │ ├── pC_netscalercefvpnend.md │ │ │ ├── pC_netscalercefvpnstart.md │ │ │ ├── pC_netscalerprocesscreated.md │ │ │ ├── pC_rawnetscalericalogin.md │ │ │ ├── pC_rawnetscalervpnstart.md │ │ │ ├── pC_rawnetscalervpnstop.md │ │ │ └── pC_snetscalerauthfailed.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_netscaler_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_netscaler_Account_Manipulation.md │ │ │ ├── r_m_citrix_citrix_netscaler_Audit_Tampering.md │ │ │ ├── r_m_citrix_citrix_netscaler_Brute_Force_Attack.md │ │ │ ├── r_m_citrix_citrix_netscaler_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_netscaler_Cryptomining.md │ │ │ ├── r_m_citrix_citrix_netscaler_Data_Access.md │ │ │ ├── r_m_citrix_citrix_netscaler_Data_Exfiltration.md │ │ │ ├── r_m_citrix_citrix_netscaler_Data_Leak.md │ │ │ ├── r_m_citrix_citrix_netscaler_Evasion.md │ │ │ ├── r_m_citrix_citrix_netscaler_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_netscaler_Malware.md │ │ │ ├── r_m_citrix_citrix_netscaler_Phishing.md │ │ │ ├── r_m_citrix_citrix_netscaler_Physical_Security.md │ │ │ ├── r_m_citrix_citrix_netscaler_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_netscaler_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_netscaler_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_netscaler_Ransomware.md │ │ └── ds_citrix_citrix_netscaler.md │ ├── Citrix_Netscaler_VPN │ │ ├── 2_ds_citrix_citrix_netscaler_vpn.md │ │ ├── Ps │ │ │ ├── pC_cefnetscaleraaatmlogin.md │ │ │ ├── pC_citrixdeviceaaaauthfailed.md │ │ │ ├── pC_citrixdeviceaaaauthsuccess.md │ │ │ ├── pC_citrixdeviceaaauserfailed.md │ │ │ ├── pC_citrixvpnconnection.md │ │ │ ├── pC_citrixvpnlogout1.md │ │ │ ├── pC_netscalarremoteaccess.md │ │ │ ├── pC_netscalarremoteaccess1.md │ │ │ └── pC_netscalarremoteaccess2.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Account_Manipulation.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Brute_Force_Attack.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Cryptomining.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Data_Access.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Data_Exfiltration.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Data_Leak.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Malware.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Phishing.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Privileged_Activity.md │ │ │ ├── r_m_citrix_citrix_netscaler_vpn_Ransomware.md │ │ │ └── r_m_citrix_citrix_netscaler_vpn_Workforce_Protection.md │ │ └── ds_citrix_citrix_netscaler_vpn.md │ ├── Citrix_ShareFile │ │ ├── 2_ds_citrix_citrix_sharefile.md │ │ ├── Ps │ │ │ ├── pC_citrixappactivity.md │ │ │ ├── pC_citrixappactivity1.md │ │ │ ├── pC_citrixapplogin.md │ │ │ ├── pC_citrixapplogin2.md │ │ │ ├── pC_citrixapploginfail.md │ │ │ ├── pC_citrixapploginfail1.md │ │ │ ├── pC_citrixapploginfail2.md │ │ │ ├── pC_citrixfiledownload.md │ │ │ ├── pC_citrixfileshare.md │ │ │ └── pC_citrixfileupload.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_sharefile_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_sharefile_Account_Manipulation.md │ │ │ ├── r_m_citrix_citrix_sharefile_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_sharefile_Data_Access.md │ │ │ ├── r_m_citrix_citrix_sharefile_Data_Leak.md │ │ │ ├── r_m_citrix_citrix_sharefile_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_sharefile_Malware.md │ │ │ ├── r_m_citrix_citrix_sharefile_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_sharefile_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_sharefile_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_sharefile_Ransomware.md │ │ └── ds_citrix_citrix_sharefile.md │ ├── Citrix_XenApp │ │ ├── Ps │ │ │ ├── pC_cefcitrixxenappapplogin.md │ │ │ ├── pC_citrixapplogin3.md │ │ │ ├── pC_citrixapplogin4.md │ │ │ ├── pC_citrixremotelogon.md │ │ │ ├── pC_citrixremotelogon1.md │ │ │ ├── pC_citrixxenapplogin.md │ │ │ └── pC_sxenappicalogin.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_xenapp_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_xenapp_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_xenapp_Data_Access.md │ │ │ ├── r_m_citrix_citrix_xenapp_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_xenapp_Malware.md │ │ │ ├── r_m_citrix_citrix_xenapp_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_xenapp_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_xenapp_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_xenapp_Ransomware.md │ │ └── ds_citrix_citrix_xenapp.md │ ├── Citrix_XenDesktop │ │ ├── Ps │ │ │ └── pC_sxendesktopremotelogon.md │ │ ├── RM │ │ │ ├── r_m_citrix_citrix_xendesktop_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Compromised_Credentials.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Lateral_Movement.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Malware.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Privilege_Abuse.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Privilege_Escalation.md │ │ │ ├── r_m_citrix_citrix_xendesktop_Privileged_Activity.md │ │ │ └── r_m_citrix_citrix_xendesktop_Ransomware.md │ │ └── ds_citrix_citrix_xendesktop.md │ ├── Netscaler_WAF │ │ ├── Ps │ │ │ ├── pC_netscalernetworkconnection.md │ │ │ ├── pC_netscalernetworkconnection2.md │ │ │ └── pC_netscalernetworkconnection3.md │ │ ├── RM │ │ │ ├── r_m_citrix_netscaler_waf_Lateral_Movement.md │ │ │ └── r_m_citrix_netscaler_waf_Malware.md │ │ └── ds_citrix_netscaler_waf.md │ └── Web_Logging │ │ ├── Ps │ │ ├── pC_netscalerwebactivity.md │ │ └── pC_netscalerwebactivity1.md │ │ ├── RM │ │ ├── r_m_citrix_web_logging_Abnormal_Authentication_&_Access.md │ │ ├── r_m_citrix_web_logging_Compromised_Credentials.md │ │ ├── r_m_citrix_web_logging_Cryptomining.md │ │ ├── r_m_citrix_web_logging_Data_Exfiltration.md │ │ ├── r_m_citrix_web_logging_Data_Leak.md │ │ ├── r_m_citrix_web_logging_Lateral_Movement.md │ │ ├── r_m_citrix_web_logging_Malware.md │ │ ├── r_m_citrix_web_logging_Phishing.md │ │ ├── r_m_citrix_web_logging_Privilege_Abuse.md │ │ ├── r_m_citrix_web_logging_Privileged_Activity.md │ │ ├── r_m_citrix_web_logging_Ransomware.md │ │ └── r_m_citrix_web_logging_Workforce_Protection.md │ │ └── ds_citrix_web_logging.md ├── Clearsense │ └── Clearsense │ │ ├── Ps │ │ ├── pC_clearsenseappactivity.md │ │ └── pC_clearsenseapplogin.md │ │ ├── RM │ │ ├── r_m_clearsense_clearsense_Abnormal_Authentication_&_Access.md │ │ ├── r_m_clearsense_clearsense_Account_Manipulation.md │ │ ├── r_m_clearsense_clearsense_Compromised_Credentials.md │ │ ├── r_m_clearsense_clearsense_Data_Access.md │ │ ├── r_m_clearsense_clearsense_Data_Leak.md │ │ ├── r_m_clearsense_clearsense_Lateral_Movement.md │ │ ├── r_m_clearsense_clearsense_Malware.md │ │ ├── r_m_clearsense_clearsense_Privilege_Abuse.md │ │ ├── r_m_clearsense_clearsense_Privilege_Escalation.md │ │ ├── r_m_clearsense_clearsense_Privileged_Activity.md │ │ └── r_m_clearsense_clearsense_Ransomware.md │ │ └── ds_clearsense_clearsense.md ├── Clearswift_SEG │ └── Clearswift_SEG │ │ ├── Ps │ │ └── pC_clearswiftdlpemail.md │ │ ├── RM │ │ ├── r_m_clearswift_seg_clearswift_seg_Data_Leak.md │ │ ├── r_m_clearswift_seg_clearswift_seg_Malware.md │ │ ├── r_m_clearswift_seg_clearswift_seg_Phishing.md │ │ ├── r_m_clearswift_seg_clearswift_seg_Privilege_Abuse.md │ │ ├── r_m_clearswift_seg_clearswift_seg_Privileged_Activity.md │ │ └── r_m_clearswift_seg_clearswift_seg_Workforce_Protection.md │ │ └── ds_clearswift_seg_clearswift_seg.md ├── Click_Studios │ └── Passwordstate │ │ ├── 2_ds_click_studios_passwordstate.md │ │ ├── Ps │ │ ├── pC_clickstudiopasswordstateaccountdisabled.md │ │ ├── pC_clickstudiopasswordstateaccountpasswordchange.md │ │ ├── pC_clickstudiopasswordstateaccountpasswordchangefailed.md │ │ ├── pC_clickstudiopasswordstateaccountpasswordreset.md │ │ ├── pC_clickstudiopasswordstateaccountpasswordreset1.md │ │ ├── pC_clickstudiopasswordstateaccountpasswordreset2.md │ │ ├── pC_clickstudiopasswordstateappactivity.md │ │ ├── pC_clickstudiopasswordstateappactivity1.md │ │ ├── pC_clickstudiopasswordstateauthsuccess.md │ │ ├── pC_clickstudiopasswordstateauthsuccess1.md │ │ ├── pC_clickstudiopasswordstatememberremoved.md │ │ └── pC_clickstudiopasswordstateremotelogon.md │ │ ├── RM │ │ ├── r_m_click_studios_passwordstate_Abnormal_Authentication_&_Access.md │ │ ├── r_m_click_studios_passwordstate_Account_Manipulation.md │ │ ├── r_m_click_studios_passwordstate_Compromised_Credentials.md │ │ ├── r_m_click_studios_passwordstate_Data_Access.md │ │ ├── r_m_click_studios_passwordstate_Data_Leak.md │ │ ├── r_m_click_studios_passwordstate_Lateral_Movement.md │ │ ├── r_m_click_studios_passwordstate_Malware.md │ │ ├── r_m_click_studios_passwordstate_Privilege_Abuse.md │ │ ├── r_m_click_studios_passwordstate_Privilege_Escalation.md │ │ ├── r_m_click_studios_passwordstate_Privileged_Activity.md │ │ └── r_m_click_studios_passwordstate_Ransomware.md │ │ └── ds_click_studios_passwordstate.md ├── Cloud_Application │ └── Cloud_Application │ │ ├── Ps │ │ ├── pC_cefskyformationfailedlogin.md │ │ ├── pC_cefskyformationlogin2.md │ │ └── pC_cefskyformationpasswordchange.md │ │ ├── RM │ │ ├── r_m_cloud_application_cloud_application_Abnormal_Authentication_&_Access.md │ │ ├── r_m_cloud_application_cloud_application_Account_Manipulation.md │ │ ├── r_m_cloud_application_cloud_application_Compromised_Credentials.md │ │ ├── r_m_cloud_application_cloud_application_Data_Access.md │ │ ├── r_m_cloud_application_cloud_application_Lateral_Movement.md │ │ ├── r_m_cloud_application_cloud_application_Malware.md │ │ ├── r_m_cloud_application_cloud_application_Privilege_Abuse.md │ │ ├── r_m_cloud_application_cloud_application_Privileged_Activity.md │ │ └── r_m_cloud_application_cloud_application_Ransomware.md │ │ └── ds_cloud_application_cloud_application.md ├── Cloudflare │ ├── Cloudflare_CDN │ │ ├── Ps │ │ │ └── pC_cloudflarenetworkalert2.md │ │ ├── RM │ │ │ ├── r_m_cloudflare_cloudflare_cdn_Compromised_Credentials.md │ │ │ └── r_m_cloudflare_cloudflare_cdn_Malware.md │ │ └── ds_cloudflare_cloudflare_cdn.md │ ├── Cloudflare_Insights │ │ ├── 2_ds_cloudflare_cloudflare_insights.md │ │ ├── Ps │ │ │ ├── pC_cloudflareappactivity.md │ │ │ └── pC_cloudflareappactivity1.md │ │ ├── RM │ │ │ ├── r_m_cloudflare_cloudflare_insights_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Account_Manipulation.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Compromised_Credentials.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Data_Access.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Data_Leak.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Lateral_Movement.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Malware.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Privilege_Abuse.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Privilege_Escalation.md │ │ │ ├── r_m_cloudflare_cloudflare_insights_Privileged_Activity.md │ │ │ └── r_m_cloudflare_cloudflare_insights_Ransomware.md │ │ └── ds_cloudflare_cloudflare_insights.md │ └── Cloudflare_WAF │ │ ├── 2_ds_cloudflare_cloudflare_waf.md │ │ ├── Ps │ │ ├── pC_cefcloudflarenetconnection.md │ │ ├── pC_cloudflarenetworkalert.md │ │ ├── pC_skyformationcloudflarewaf.md │ │ ├── pC_skyformationcloudflarewaf1.md │ │ ├── pC_skyformationcloudflarewaf2.md │ │ ├── pC_skyformationcloudflarewaf3.md │ │ └── pC_skyformationcloudflarewaf4.md │ │ ├── RM │ │ ├── r_m_cloudflare_cloudflare_waf_Abnormal_Authentication_&_Access.md │ │ ├── r_m_cloudflare_cloudflare_waf_Compromised_Credentials.md │ │ ├── r_m_cloudflare_cloudflare_waf_Cryptomining.md │ │ ├── r_m_cloudflare_cloudflare_waf_Data_Exfiltration.md │ │ ├── r_m_cloudflare_cloudflare_waf_Data_Leak.md │ │ ├── r_m_cloudflare_cloudflare_waf_Lateral_Movement.md │ │ ├── r_m_cloudflare_cloudflare_waf_Malware.md │ │ ├── r_m_cloudflare_cloudflare_waf_Phishing.md │ │ ├── r_m_cloudflare_cloudflare_waf_Privilege_Abuse.md │ │ ├── r_m_cloudflare_cloudflare_waf_Privileged_Activity.md │ │ ├── r_m_cloudflare_cloudflare_waf_Ransomware.md │ │ └── r_m_cloudflare_cloudflare_waf_Workforce_Protection.md │ │ └── ds_cloudflare_cloudflare_waf.md ├── Code42 │ └── Code42_Incydr │ │ ├── 2_ds_code42_code42_incydr.md │ │ ├── Ps │ │ ├── pC_code42alert1.md │ │ ├── pC_code42alert2.md │ │ ├── pC_code42alert3.md │ │ ├── pC_code42appactivity.md │ │ ├── pC_code42emailoutoperations.md │ │ ├── pC_code42fileoperations.md │ │ ├── pC_code42fileoperations2.md │ │ ├── pC_code42fileoperations3.md │ │ ├── pC_code42fileoperations4.md │ │ ├── pC_code42fileread.md │ │ ├── pC_code42printoperations.md │ │ ├── pC_code42usbinsert.md │ │ └── pC_code42usbremoved.md │ │ ├── RM │ │ ├── r_m_code42_code42_incydr_Abnormal_Authentication_&_Access.md │ │ ├── r_m_code42_code42_incydr_Account_Manipulation.md │ │ ├── r_m_code42_code42_incydr_Compromised_Credentials.md │ │ ├── r_m_code42_code42_incydr_Data_Access.md │ │ ├── r_m_code42_code42_incydr_Data_Exfiltration.md │ │ ├── r_m_code42_code42_incydr_Data_Leak.md │ │ ├── r_m_code42_code42_incydr_Destruction_of_Data.md │ │ ├── r_m_code42_code42_incydr_Lateral_Movement.md │ │ ├── r_m_code42_code42_incydr_Malware.md │ │ ├── r_m_code42_code42_incydr_Phishing.md │ │ ├── r_m_code42_code42_incydr_Privilege_Abuse.md │ │ ├── r_m_code42_code42_incydr_Privilege_Escalation.md │ │ ├── r_m_code42_code42_incydr_Privileged_Activity.md │ │ ├── r_m_code42_code42_incydr_Ransomware.md │ │ └── r_m_code42_code42_incydr_Workforce_Protection.md │ │ └── ds_code42_code42_incydr.md ├── Cofense │ └── Phishme │ │ ├── Ps │ │ └── pC_cefphishmesecurityalert.md │ │ ├── RM │ │ ├── r_m_cofense_phishme_Compromised_Credentials.md │ │ ├── r_m_cofense_phishme_Lateral_Movement.md │ │ ├── r_m_cofense_phishme_Malware.md │ │ └── r_m_cofense_phishme_Privileged_Activity.md │ │ └── ds_cofense_phishme.md ├── Cognitas_CrossLink │ └── Cognitas_CrossLink │ │ ├── Ps │ │ └── pC_cognitasvpnstart.md │ │ ├── RM │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Abnormal_Authentication_&_Access.md │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Compromised_Credentials.md │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Lateral_Movement.md │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Malware.md │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Physical_Security.md │ │ ├── r_m_cognitas_crosslink_cognitas_crosslink_Privilege_Abuse.md │ │ └── r_m_cognitas_crosslink_cognitas_crosslink_Ransomware.md │ │ └── ds_cognitas_crosslink_cognitas_crosslink.md ├── Contrast_Security │ └── Contrast_Security │ │ ├── Ps │ │ └── pC_cefcontrastsecurityalert.md │ │ ├── RM │ │ ├── r_m_contrast_security_contrast_security_Compromised_Credentials.md │ │ ├── r_m_contrast_security_contrast_security_Lateral_Movement.md │ │ ├── r_m_contrast_security_contrast_security_Malware.md │ │ └── r_m_contrast_security_contrast_security_Privileged_Activity.md │ │ └── ds_contrast_security_contrast_security.md ├── CrowdStrike │ └── Falcon │ │ ├── 2_ds_crowdstrike_falcon.md │ │ ├── Ps │ │ ├── pC_cefcrowdstrikealert.md │ │ ├── pC_cefcrowdstrikeappactivity.md │ │ ├── pC_cefcrowdstrikeapplogin.md │ │ ├── pC_crowdstrikeappactivity.md │ │ ├── pC_crowdstrikeappactivity1.md │ │ ├── pC_crowdstrikeappactivity10.md │ │ ├── pC_crowdstrikeappactivity11.md │ │ ├── pC_crowdstrikeappactivity2.md │ │ ├── pC_crowdstrikeappactivity3.md │ │ ├── pC_crowdstrikeappactivity4.md │ │ ├── pC_crowdstrikeappactivity7.md │ │ ├── pC_crowdstrikeappactivity8.md │ │ ├── pC_crowdstrikeappactivity9.md │ │ ├── pC_crowdstrikeauthfailed1.md │ │ ├── pC_crowdstrikeauthfailed2.md │ │ ├── pC_crowdstrikeconfigchange.md │ │ ├── pC_crowdstrikefalconusbwrite.md │ │ ├── pC_crowdstrikefalconusbwrite1.md │ │ ├── pC_crowdstrikefilealert.md │ │ ├── pC_crowdstrikefiledelete1.md │ │ ├── pC_crowdstrikefiledownload.md │ │ ├── pC_crowdstrikefiledownload1.md │ │ ├── pC_crowdstrikefileoperations1.md │ │ ├── pC_crowdstrikefileprocessalert2.md │ │ ├── pC_crowdstrikefileread.md │ │ ├── pC_crowdstrikefileread2.md │ │ ├── pC_crowdstrikefileread3.md │ │ ├── pC_crowdstrikefilewrite.md │ │ ├── pC_crowdstrikefilewrite1.md │ │ ├── pC_crowdstrikefilewrite10.md │ │ ├── pC_crowdstrikefilewrite11.md │ │ ├── pC_crowdstrikefilewrite12.md │ │ ├── pC_crowdstrikefilewrite13.md │ │ ├── pC_crowdstrikefilewrite14.md │ │ ├── pC_crowdstrikefilewrite2.md │ │ ├── pC_crowdstrikefilewrite3.md │ │ ├── pC_crowdstrikefilewrite4.md │ │ ├── pC_crowdstrikefilewrite5.md │ │ ├── pC_crowdstrikefilewrite6.md │ │ ├── pC_crowdstrikefilewrite7.md │ │ ├── pC_crowdstrikefilewrite8.md │ │ ├── pC_crowdstrikefilewrite9.md │ │ ├── pC_crowdstrikehostinfo.md │ │ ├── pC_crowdstrikelogon.md │ │ ├── pC_crowdstrikelogon2.md │ │ ├── pC_crowdstrikemodifybinary.md │ │ ├── pC_crowdstrikenetworkconnection.md │ │ ├── pC_crowdstrikeprocesscreated.md │ │ ├── pC_crowdstrikeprocesscreated1.md │ │ ├── pC_crowdstrikeprocesscreated2.md │ │ ├── pC_crowdstrikeprocessnetwork.md │ │ ├── pC_crowdstrikesecurityalert.md │ │ ├── pC_crowdstrikesecurityalert2.md │ │ ├── pC_crowdstrikesecurityalert4.md │ │ ├── pC_crowdstrikesecurityalert5.md │ │ ├── pC_crowdstrikesecurityalert6.md │ │ ├── pC_crowdstrikesecurityalert7.md │ │ ├── pC_crowdstrikeservicecreated.md │ │ ├── pC_crowdstrikeservicecreated1.md │ │ ├── pC_crowdstrikeusbalert.md │ │ ├── pC_crowdstrikeusbconnect.md │ │ ├── pC_crowdstrikeusbdisconnect.md │ │ ├── pC_crowdstrikeusbinsert.md │ │ ├── pC_crowdstrikeuseridentity.md │ │ ├── pC_crowdstrikewintaskcreated.md │ │ ├── pC_falcondnsrequest.md │ │ ├── pC_leefcrowdstrikealert.md │ │ ├── pC_leefcrowdstrikeapplogin.md │ │ ├── pC_leefcrowdstrikedetectionsummaryevent.md │ │ ├── pC_leefcrowdstrikednsrequests.md │ │ ├── pC_leefcrowdstrikedocumentsaccessed.md │ │ ├── pC_leefcrowdstrikeexecutableswritten.md │ │ ├── pC_leefcrowdstrikenetworkaccesses.md │ │ ├── pC_qcrowdstrikeprocessalert1.md │ │ ├── pC_scrowdstrikeappdllalert.md │ │ ├── pC_scrowdstrikeapplogin.md │ │ ├── pC_scrowdstrikeapplogin1.md │ │ ├── pC_scrowdstrikeapplogin10.md │ │ ├── pC_scrowdstrikeapplogin2.md │ │ ├── pC_scrowdstrikeapplogin3.md │ │ ├── pC_scrowdstrikeapplogin4.md │ │ ├── pC_scrowdstrikeapplogin5.md │ │ ├── pC_scrowdstrikeapplogin6.md │ │ ├── pC_scrowdstrikeapplogin7.md │ │ ├── pC_scrowdstrikeapplogin8.md │ │ ├── pC_scrowdstrikeapplogin9.md │ │ ├── pC_scrowdstrikeappransomware.md │ │ ├── pC_scrowdstrikefailedlogon.md │ │ ├── pC_scrowdstrikeprocessalert.md │ │ └── pC_scrowdstrikesecurityalert.md │ │ ├── RM │ │ ├── r_m_crowdstrike_falcon_Abnormal_Authentication_&_Access.md │ │ ├── r_m_crowdstrike_falcon_Account_Manipulation.md │ │ ├── r_m_crowdstrike_falcon_Audit_Tampering.md │ │ ├── r_m_crowdstrike_falcon_Compromised_Credentials.md │ │ ├── r_m_crowdstrike_falcon_Cryptomining.md │ │ ├── r_m_crowdstrike_falcon_Data_Access.md │ │ ├── r_m_crowdstrike_falcon_Data_Exfiltration.md │ │ ├── r_m_crowdstrike_falcon_Data_Leak.md │ │ ├── r_m_crowdstrike_falcon_Destruction_of_Data.md │ │ ├── r_m_crowdstrike_falcon_Evasion.md │ │ ├── r_m_crowdstrike_falcon_Lateral_Movement.md │ │ ├── r_m_crowdstrike_falcon_Malware.md │ │ ├── r_m_crowdstrike_falcon_Phishing.md │ │ ├── r_m_crowdstrike_falcon_Privilege_Abuse.md │ │ ├── r_m_crowdstrike_falcon_Privilege_Escalation.md │ │ ├── r_m_crowdstrike_falcon_Privileged_Activity.md │ │ └── r_m_crowdstrike_falcon_Ransomware.md │ │ └── ds_crowdstrike_falcon.md ├── CyberArk │ ├── CyberArk_Vault │ │ ├── 2_ds_cyberark_cyberark_vault.md │ │ ├── Ps │ │ │ ├── pC_cefcyberarkaccountswitch.md │ │ │ ├── pC_cefcyberarkaccountswitch1.md │ │ │ ├── pC_cefcyberarkappactivity.md │ │ │ ├── pC_cefcyberarkapplogin.md │ │ │ ├── pC_cefcyberarkfailedapplogin.md │ │ │ ├── pC_cefcyberarkpasswordchange.md │ │ │ ├── pC_cefcyberarkpasswordchange1.md │ │ │ ├── pC_cefcyberarksecurityalert.md │ │ │ ├── pC_cyberarkaccountswitch.md │ │ │ ├── pC_cyberarkaccountswitch1.md │ │ │ ├── pC_cyberarkapplogin.md │ │ │ ├── pC_cyberarkpasswordchange.md │ │ │ ├── pC_leefcyberarkappactivity.md │ │ │ ├── pC_scyberarkaccountswitch.md │ │ │ ├── pC_scyberarkaccountswitch2.md │ │ │ ├── pC_scyberarkaccountswitch3.md │ │ │ ├── pC_scyberarkactivity.md │ │ │ ├── pC_scyberarkactivity1.md │ │ │ ├── pC_scyberarkactivity4.md │ │ │ ├── pC_scyberarkactivity5.md │ │ │ ├── pC_scyberarkactivity6.md │ │ │ ├── pC_scyberarkactivity7.md │ │ │ ├── pC_scyberarkappactivity.md │ │ │ ├── pC_scyberarkappactivity1.md │ │ │ ├── pC_scyberarkappactivity2.md │ │ │ ├── pC_scyberarkappactivity3.md │ │ │ ├── pC_scyberarkappactivity4.md │ │ │ ├── pC_scyberarkappactivity5.md │ │ │ ├── pC_scyberarkappactivity6.md │ │ │ ├── pC_scyberarkappactivity7.md │ │ │ ├── pC_scyberarkappactivity8.md │ │ │ ├── pC_scyberarkappactivity9.md │ │ │ ├── pC_scyberarkapplogin.md │ │ │ ├── pC_scyberarkfailedlogon.md │ │ │ ├── pC_scyberarkfailedlogon1.md │ │ │ ├── pC_scyberarkfiledelete.md │ │ │ ├── pC_scyberarkfileread1.md │ │ │ ├── pC_scyberarkfileread2.md │ │ │ ├── pC_scyberarkfilewrite1.md │ │ │ ├── pC_scyberarkfilewrite2.md │ │ │ ├── pC_scyberarkpasswordchange.md │ │ │ ├── pC_scyberarkpasswordchangefailed.md │ │ │ ├── pC_scyberarkpasswordreset.md │ │ │ ├── pC_scyberarkremotelogon1.md │ │ │ ├── pC_scyberarkremotelogon2.md │ │ │ ├── pC_scyberarksecurityalert1.md │ │ │ └── pC_scyberarksecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_cyberark_cyberark_vault_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cyberark_cyberark_vault_Account_Manipulation.md │ │ │ ├── r_m_cyberark_cyberark_vault_Brute_Force_Attack.md │ │ │ ├── r_m_cyberark_cyberark_vault_Compromised_Credentials.md │ │ │ ├── r_m_cyberark_cyberark_vault_Data_Access.md │ │ │ ├── r_m_cyberark_cyberark_vault_Data_Exfiltration.md │ │ │ ├── r_m_cyberark_cyberark_vault_Data_Leak.md │ │ │ ├── r_m_cyberark_cyberark_vault_Destruction_of_Data.md │ │ │ ├── r_m_cyberark_cyberark_vault_Lateral_Movement.md │ │ │ ├── r_m_cyberark_cyberark_vault_Malware.md │ │ │ ├── r_m_cyberark_cyberark_vault_Privilege_Abuse.md │ │ │ ├── r_m_cyberark_cyberark_vault_Privilege_Escalation.md │ │ │ ├── r_m_cyberark_cyberark_vault_Privileged_Activity.md │ │ │ └── r_m_cyberark_cyberark_vault_Ransomware.md │ │ └── ds_cyberark_cyberark_vault.md │ ├── Endpoint_Privilege_Management │ │ ├── Ps │ │ │ ├── pC_cyberarkprivilegedaccess.md │ │ │ ├── pC_cyberarkprocessalert.md │ │ │ └── pC_jsoncyberarkprivilegedobjectaccess.md │ │ ├── RM │ │ │ ├── r_m_cyberark_endpoint_privilege_management_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cyberark_endpoint_privilege_management_Compromised_Credentials.md │ │ │ ├── r_m_cyberark_endpoint_privilege_management_Malware.md │ │ │ ├── r_m_cyberark_endpoint_privilege_management_Privilege_Abuse.md │ │ │ └── r_m_cyberark_endpoint_privilege_management_Privileged_Activity.md │ │ └── ds_cyberark_endpoint_privilege_management.md │ ├── Privileged_Session_Manager │ │ ├── Ps │ │ │ ├── pC_scyberarktpmaccountswitch.md │ │ │ ├── pC_scyberarktpmactivity.md │ │ │ └── pC_scyberarktpmlogin.md │ │ ├── RM │ │ │ ├── r_m_cyberark_privileged_session_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Account_Manipulation.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Compromised_Credentials.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Data_Access.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Data_Leak.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Lateral_Movement.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Malware.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Privilege_Abuse.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Privilege_Escalation.md │ │ │ ├── r_m_cyberark_privileged_session_manager_Privileged_Activity.md │ │ │ └── r_m_cyberark_privileged_session_manager_Ransomware.md │ │ └── ds_cyberark_privileged_session_manager.md │ └── Privileged_Threat_Analytics │ │ ├── Ps │ │ ├── pC_cefcyberarksecurityalert1.md │ │ └── pC_scyberarksecurityalert.md │ │ ├── RM │ │ ├── r_m_cyberark_privileged_threat_analytics_Compromised_Credentials.md │ │ ├── r_m_cyberark_privileged_threat_analytics_Lateral_Movement.md │ │ ├── r_m_cyberark_privileged_threat_analytics_Malware.md │ │ └── r_m_cyberark_privileged_threat_analytics_Privileged_Activity.md │ │ └── ds_cyberark_privileged_threat_analytics.md ├── Cybereason │ └── Cybereason │ │ ├── Ps │ │ ├── pC_cefcybereasonsecurityalert.md │ │ └── pC_jsoncybereasonsecurityalert.md │ │ ├── RM │ │ ├── r_m_cybereason_cybereason_Compromised_Credentials.md │ │ ├── r_m_cybereason_cybereason_Lateral_Movement.md │ │ ├── r_m_cybereason_cybereason_Malware.md │ │ └── r_m_cybereason_cybereason_Privileged_Activity.md │ │ └── ds_cybereason_cybereason.md ├── Damballa │ └── Failsafe │ │ ├── Ps │ │ ├── pC_damballacefalert.md │ │ ├── pC_damballaleefalert.md │ │ ├── pC_nforwardedcefdamballaalert.md │ │ ├── pC_rnicdamballaalert.md │ │ └── pC_sdamballaalert.md │ │ ├── RM │ │ ├── r_m_damballa_failsafe_Compromised_Credentials.md │ │ ├── r_m_damballa_failsafe_Lateral_Movement.md │ │ ├── r_m_damballa_failsafe_Malware.md │ │ └── r_m_damballa_failsafe_Privileged_Activity.md │ │ └── ds_damballa_failsafe.md ├── Darktrace │ ├── Darktrace │ │ ├── Ps │ │ │ ├── pC_darktraceapplogin.md │ │ │ └── pC_darktracefailedapplogin.md │ │ ├── RM │ │ │ ├── r_m_darktrace_darktrace_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_darktrace_darktrace_Compromised_Credentials.md │ │ │ ├── r_m_darktrace_darktrace_Data_Access.md │ │ │ ├── r_m_darktrace_darktrace_Lateral_Movement.md │ │ │ ├── r_m_darktrace_darktrace_Malware.md │ │ │ ├── r_m_darktrace_darktrace_Privilege_Abuse.md │ │ │ ├── r_m_darktrace_darktrace_Privileged_Activity.md │ │ │ └── r_m_darktrace_darktrace_Ransomware.md │ │ └── ds_darktrace_darktrace.md │ └── Darktrace_Enterprise_Immune_System │ │ ├── Ps │ │ ├── pC_cefdarktrace.md │ │ └── pC_darktracealert1.md │ │ ├── RM │ │ ├── r_m_darktrace_darktrace_enterprise_immune_system_Compromised_Credentials.md │ │ ├── r_m_darktrace_darktrace_enterprise_immune_system_Lateral_Movement.md │ │ ├── r_m_darktrace_darktrace_enterprise_immune_system_Malware.md │ │ └── r_m_darktrace_darktrace_enterprise_immune_system_Privileged_Activity.md │ │ └── ds_darktrace_darktrace_enterprise_immune_system.md ├── Datawatch_Systems │ └── DataWatch │ │ ├── Ps │ │ └── pC_qphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_datawatch_systems_datawatch_Abnormal_Authentication_&_Access.md │ │ ├── r_m_datawatch_systems_datawatch_Physical_Security.md │ │ └── r_m_datawatch_systems_datawatch_Privileged_Activity.md │ │ └── ds_datawatch_systems_datawatch.md ├── Delinea │ ├── Centrify_Audit_and_Monitoring_Service │ │ ├── Ps │ │ │ └── pC_centrifyfileaccess.md │ │ ├── RM │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Compromised_Credentials.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Data_Access.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Data_Exfiltration.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Data_Leak.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Destruction_of_Data.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Malware.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Privilege_Abuse.md │ │ │ ├── r_m_delinea_centrify_audit_and_monitoring_service_Privileged_Activity.md │ │ │ └── r_m_delinea_centrify_audit_and_monitoring_service_Ransomware.md │ │ └── ds_delinea_centrify_audit_and_monitoring_service.md │ ├── Centrify_Authentication_Service │ │ ├── 2_ds_delinea_centrify_authentication_service.md │ │ ├── Ps │ │ │ ├── pC_centrifyaccountpasswordchangefailed1.md │ │ │ ├── pC_centrifyauthdenied.md │ │ │ ├── pC_centrifyauthenticationfailed1.md │ │ │ ├── pC_centrifyauthenticationfailed2.md │ │ │ ├── pC_centrifyauthenticationsuccess1.md │ │ │ ├── pC_centrifyauthsuccess.md │ │ │ ├── pC_centrifyfailedlogon.md │ │ │ ├── pC_centrifyfailedlogon1.md │ │ │ ├── pC_centrifyfailedlogon2.md │ │ │ ├── pC_centrifylocallogon.md │ │ │ ├── pC_centrifyremotelogon1.md │ │ │ ├── pC_centrifyremotelogon2.md │ │ │ ├── pC_centrifysshlogin.md │ │ │ └── pC_centrifysshloginfailed.md │ │ ├── RM │ │ │ ├── r_m_delinea_centrify_authentication_service_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Account_Manipulation.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Brute_Force_Attack.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Compromised_Credentials.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Lateral_Movement.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Malware.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Privilege_Abuse.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Privilege_Escalation.md │ │ │ ├── r_m_delinea_centrify_authentication_service_Privileged_Activity.md │ │ │ └── r_m_delinea_centrify_authentication_service_Ransomware.md │ │ └── ds_delinea_centrify_authentication_service.md │ ├── Centrify_Infrastructure_Services │ │ ├── Ps │ │ │ ├── pC_centrifyprocess.md │ │ │ └── pC_unixprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Account_Manipulation.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Audit_Tampering.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Compromised_Credentials.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Cryptomining.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Data_Access.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Data_Exfiltration.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Evasion.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Lateral_Movement.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Malware.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Phishing.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Privilege_Abuse.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Privilege_Escalation.md │ │ │ ├── r_m_delinea_centrify_infrastructure_services_Privileged_Activity.md │ │ │ └── r_m_delinea_centrify_infrastructure_services_Ransomware.md │ │ └── ds_delinea_centrify_infrastructure_services.md │ ├── Centrify_Zero_Trust_Privilege_Services │ │ ├── Ps │ │ │ ├── pC_centrifyaccountswitch.md │ │ │ └── pC_centrifyappactivity.md │ │ ├── RM │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Account_Manipulation.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Compromised_Credentials.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Data_Access.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Data_Leak.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Lateral_Movement.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Malware.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Privilege_Abuse.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Privilege_Escalation.md │ │ │ ├── r_m_delinea_centrify_zero_trust_privilege_services_Privileged_Activity.md │ │ │ └── r_m_delinea_centrify_zero_trust_privilege_services_Ransomware.md │ │ └── ds_delinea_centrify_zero_trust_privilege_services.md │ └── Secret_Server │ │ ├── Ps │ │ ├── pC_thycoticaccountswitch.md │ │ ├── pC_thycoticappactivity.md │ │ ├── pC_thycoticapplogin.md │ │ └── pC_thycoticfailedapplogin.md │ │ ├── RM │ │ ├── r_m_delinea_secret_server_Abnormal_Authentication_&_Access.md │ │ ├── r_m_delinea_secret_server_Account_Manipulation.md │ │ ├── r_m_delinea_secret_server_Compromised_Credentials.md │ │ ├── r_m_delinea_secret_server_Data_Access.md │ │ ├── r_m_delinea_secret_server_Data_Leak.md │ │ ├── r_m_delinea_secret_server_Lateral_Movement.md │ │ ├── r_m_delinea_secret_server_Malware.md │ │ ├── r_m_delinea_secret_server_Privilege_Abuse.md │ │ ├── r_m_delinea_secret_server_Privilege_Escalation.md │ │ ├── r_m_delinea_secret_server_Privileged_Activity.md │ │ └── r_m_delinea_secret_server_Ransomware.md │ │ └── ds_delinea_secret_server.md ├── Dell │ ├── EMC_Isilon │ │ ├── 2_ds_dell_emc_isilon.md │ │ ├── Ps │ │ │ ├── pC_dellfileoperations1.md │ │ │ ├── pC_dellfileoperations2.md │ │ │ ├── pC_dellfileoperations3.md │ │ │ ├── pC_dellfileoperations4.md │ │ │ ├── pC_dellfileremoteaccess.md │ │ │ ├── pC_isilonfiledelete.md │ │ │ ├── pC_isilonfilepermissionchange.md │ │ │ ├── pC_isilonfileread.md │ │ │ ├── pC_isilonfilewrite.md │ │ │ └── pC_jsondellfileoperations.md │ │ ├── RM │ │ │ ├── r_m_dell_emc_isilon_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_dell_emc_isilon_Compromised_Credentials.md │ │ │ ├── r_m_dell_emc_isilon_Data_Access.md │ │ │ ├── r_m_dell_emc_isilon_Data_Exfiltration.md │ │ │ ├── r_m_dell_emc_isilon_Data_Leak.md │ │ │ ├── r_m_dell_emc_isilon_Destruction_of_Data.md │ │ │ ├── r_m_dell_emc_isilon_Lateral_Movement.md │ │ │ ├── r_m_dell_emc_isilon_Malware.md │ │ │ ├── r_m_dell_emc_isilon_Privilege_Abuse.md │ │ │ ├── r_m_dell_emc_isilon_Privilege_Escalation.md │ │ │ ├── r_m_dell_emc_isilon_Privileged_Activity.md │ │ │ └── r_m_dell_emc_isilon_Ransomware.md │ │ └── ds_dell_emc_isilon.md │ ├── One_Identity_Manager │ │ ├── Ps │ │ │ ├── pC_cefscbpamaccountpasswordchange.md │ │ │ ├── pC_cefscbpamaccountswitch.md │ │ │ └── pC_cefscbpamappactivity.md │ │ ├── RM │ │ │ ├── r_m_dell_one_identity_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_dell_one_identity_manager_Account_Manipulation.md │ │ │ ├── r_m_dell_one_identity_manager_Compromised_Credentials.md │ │ │ ├── r_m_dell_one_identity_manager_Data_Access.md │ │ │ ├── r_m_dell_one_identity_manager_Data_Leak.md │ │ │ ├── r_m_dell_one_identity_manager_Lateral_Movement.md │ │ │ ├── r_m_dell_one_identity_manager_Malware.md │ │ │ ├── r_m_dell_one_identity_manager_Privilege_Abuse.md │ │ │ ├── r_m_dell_one_identity_manager_Privilege_Escalation.md │ │ │ ├── r_m_dell_one_identity_manager_Privileged_Activity.md │ │ │ └── r_m_dell_one_identity_manager_Ransomware.md │ │ └── ds_dell_one_identity_manager.md │ ├── RSA_Authentication_Manager │ │ ├── 2_ds_dell_rsa_authentication_manager.md │ │ ├── Ps │ │ │ ├── pC_authmgrauthenticationfailed.md │ │ │ ├── pC_authmgrauthenticationfailed1.md │ │ │ ├── pC_authmgrauthenticationfailed2.md │ │ │ ├── pC_authmgrauthenticationsuccessful.md │ │ │ ├── pC_authmgrauthenticationsuccessful1.md │ │ │ ├── pC_authmgrauthenticationsuccessful2.md │ │ │ ├── pC_rsaapplogin.md │ │ │ ├── pC_rsaauthsuccessful1.md │ │ │ ├── pC_rsaauthsuccessful2.md │ │ │ ├── pC_rsaauthsuccessful3.md │ │ │ ├── pC_rsafailedapplogin.md │ │ │ ├── pC_syslograuthmgrauthsuccessful.md │ │ │ ├── pC_syslogrsaauthfailed.md │ │ │ ├── pC_syslogrsaauthsuccessful.md │ │ │ ├── pC_urauthmgraccountlockout.md │ │ │ ├── pC_urauthmgrauthfailed.md │ │ │ ├── pC_urauthmgrauthfailedaddition.md │ │ │ └── pC_urauthmgrauthsuccessful.md │ │ ├── RM │ │ │ ├── r_m_dell_rsa_authentication_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Brute_Force_Attack.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Compromised_Credentials.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Data_Access.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Lateral_Movement.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Malware.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Privilege_Abuse.md │ │ │ ├── r_m_dell_rsa_authentication_manager_Privileged_Activity.md │ │ │ └── r_m_dell_rsa_authentication_manager_Ransomware.md │ │ └── ds_dell_rsa_authentication_manager.md │ └── SonicWALL_Aventail │ │ ├── Ps │ │ ├── pC_aventailvpnend.md │ │ ├── pC_aventailvpnstart.md │ │ ├── pC_aventailvpnstart1.md │ │ ├── pC_nforwardedcefaventailvpnend.md │ │ └── pC_nforwardedcefaventailvpnstart.md │ │ ├── RM │ │ ├── r_m_dell_sonicwall_aventail_Abnormal_Authentication_&_Access.md │ │ ├── r_m_dell_sonicwall_aventail_Account_Manipulation.md │ │ ├── r_m_dell_sonicwall_aventail_Brute_Force_Attack.md │ │ ├── r_m_dell_sonicwall_aventail_Compromised_Credentials.md │ │ ├── r_m_dell_sonicwall_aventail_Data_Access.md │ │ ├── r_m_dell_sonicwall_aventail_Data_Exfiltration.md │ │ ├── r_m_dell_sonicwall_aventail_Data_Leak.md │ │ ├── r_m_dell_sonicwall_aventail_Lateral_Movement.md │ │ ├── r_m_dell_sonicwall_aventail_Malware.md │ │ ├── r_m_dell_sonicwall_aventail_Phishing.md │ │ ├── r_m_dell_sonicwall_aventail_Physical_Security.md │ │ ├── r_m_dell_sonicwall_aventail_Privilege_Abuse.md │ │ ├── r_m_dell_sonicwall_aventail_Privilege_Escalation.md │ │ └── r_m_dell_sonicwall_aventail_Ransomware.md │ │ └── ds_dell_sonicwall_aventail.md ├── Digital_Arts │ └── Digital_Arts_i-FILTER_for_Business │ │ ├── Ps │ │ ├── pC_digitalwebactivity.md │ │ └── pC_ifilterwebactivity.md │ │ ├── RM │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Abnormal_Authentication_&_Access.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Compromised_Credentials.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Cryptomining.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Data_Exfiltration.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Data_Leak.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Lateral_Movement.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Malware.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Phishing.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Privilege_Abuse.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Privileged_Activity.md │ │ ├── r_m_digital_arts_digital_arts_i-filter_for_business_Ransomware.md │ │ └── r_m_digital_arts_digital_arts_i-filter_for_business_Workforce_Protection.md │ │ └── ds_digital_arts_digital_arts_i-filter_for_business.md ├── Digital_Guardian │ ├── Digital_Guardian_Endpoint_Protection │ │ ├── 2_ds_digital_guardian_digital_guardian_endpoint_protection.md │ │ ├── Ps │ │ │ ├── pC_cefdigitalguardianfileoperation.md │ │ │ ├── pC_cefdigitalguardianlocallogon.md │ │ │ ├── pC_cefdigitalguardianprint.md │ │ │ ├── pC_digitalguardianappdataexe.md │ │ │ ├── pC_digitalguardianattachmail.md │ │ │ ├── pC_digitalguardianfilecopy.md │ │ │ ├── pC_digitalguardianfilemove.md │ │ │ ├── pC_digitalguardianfileoperations.md │ │ │ ├── pC_digitalguardianfilerecycle.md │ │ │ ├── pC_digitalguardianfilesaveas.md │ │ │ ├── pC_digitalguardianprint.md │ │ │ ├── pC_digitalguardianprocesscreated.md │ │ │ ├── pC_leefdigitalguardiandlpemailalertout1.md │ │ │ ├── pC_leefdigitalguardianfiledelete.md │ │ │ ├── pC_leefdigitalguardianfiledelete1.md │ │ │ ├── pC_leefdigitalguardianfiledownload.md │ │ │ ├── pC_leefdigitalguardianfiledownload1.md │ │ │ ├── pC_leefdigitalguardianfileread1.md │ │ │ ├── pC_leefdigitalguardianfileread2.md │ │ │ ├── pC_leefdigitalguardianfileread3.md │ │ │ ├── pC_leefdigitalguardianfileupload.md │ │ │ ├── pC_leefdigitalguardianfileupload1.md │ │ │ ├── pC_leefdigitalguardianfilewrite1.md │ │ │ ├── pC_leefdigitalguardianfilewrite10.md │ │ │ ├── pC_leefdigitalguardianfilewrite2.md │ │ │ ├── pC_leefdigitalguardianfilewrite3.md │ │ │ ├── pC_leefdigitalguardianfilewrite4.md │ │ │ ├── pC_leefdigitalguardianfilewrite5.md │ │ │ ├── pC_leefdigitalguardianfilewrite6.md │ │ │ ├── pC_leefdigitalguardianfilewrite7.md │ │ │ ├── pC_leefdigitalguardianfilewrite8.md │ │ │ ├── pC_leefdigitalguardianfilewrite9.md │ │ │ ├── pC_leefdigitalguardianlocallogon.md │ │ │ ├── pC_leefdigitalguardianlocallogon1.md │ │ │ ├── pC_leefdigitalguardianprintactivity.md │ │ │ ├── pC_leefdigitalguardianprintactivity1.md │ │ │ ├── pC_leefdigitalguardianprocesscreated.md │ │ │ ├── pC_leefdigitalguardianusbinsert.md │ │ │ ├── pC_sdigitalguardianapplogin1.md │ │ │ ├── pC_sdigitalguardianapplogin2.md │ │ │ ├── pC_sdigitalguardianapplogin3.md │ │ │ ├── pC_sdigitalguardianfiledownload.md │ │ │ ├── pC_sdigitalguardianfileread.md │ │ │ ├── pC_sdigitalguardianfileupload.md │ │ │ ├── pC_sdigitalguardianfilewrite1.md │ │ │ ├── pC_sdigitalguardianfilewrite2.md │ │ │ ├── pC_sdigitalguardianfilewrite3.md │ │ │ ├── pC_sdigitalguardianfilewrite4.md │ │ │ ├── pC_sdigitalguardianfilewrite5.md │ │ │ ├── pC_sdigitalguardianlocallogon1.md │ │ │ ├── pC_sdigitalguardianlocallogon2.md │ │ │ ├── pC_sdigitalguardianlocallogon3.md │ │ │ ├── pC_sdigitalguardiannetworkconnection.md │ │ │ ├── pC_sdigitalguardianprintactivity1.md │ │ │ ├── pC_sdigitalguardianprintactivity2.md │ │ │ ├── pC_sdigitalguardianprintactivity3.md │ │ │ ├── pC_sdigitalguardianprintactivity4.md │ │ │ ├── pC_sdigitalguardianusbactivity.md │ │ │ ├── pC_sdigitalguardianusbinsert2.md │ │ │ ├── pC_sdigitalguardianusbinsert3.md │ │ │ └── pC_sdigitalguardianusbwrite.md │ │ ├── RM │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Account_Manipulation.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Audit_Tampering.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Compromised_Credentials.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Cryptomining.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Data_Access.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Data_Exfiltration.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Data_Leak.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Destruction_of_Data.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Evasion.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Lateral_Movement.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Malware.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Phishing.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Privilege_Abuse.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Privilege_Escalation.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Privileged_Activity.md │ │ │ ├── r_m_digital_guardian_digital_guardian_endpoint_protection_Ransomware.md │ │ │ └── r_m_digital_guardian_digital_guardian_endpoint_protection_Workforce_Protection.md │ │ └── ds_digital_guardian_digital_guardian_endpoint_protection.md │ └── Digital_Guardian_Network_DLP │ │ ├── 2_ds_digital_guardian_digital_guardian_network_dlp.md │ │ ├── Ps │ │ ├── pC_cefdigitalguardiansendmail.md │ │ ├── pC_digitalguardiansendmail.md │ │ ├── pC_digitalguardiansendmail1.md │ │ ├── pC_leefdigitalguardiandlpemailalertout.md │ │ ├── pC_scodegreendlpalert.md │ │ ├── pC_scodegreendlpemailout.md │ │ ├── pC_sdigitalguardiandlpalert1.md │ │ ├── pC_sdigitalguardiandlpalert2.md │ │ ├── pC_sdigitalguardiandlpemailout1.md │ │ ├── pC_sdigitalguardiandlpemailout2.md │ │ ├── pC_sdigitalguardiandlpemailout3.md │ │ └── pC_sdigitalguardiandlpemailout4.md │ │ ├── RM │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Data_Exfiltration.md │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Data_Leak.md │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Malware.md │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Phishing.md │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Privilege_Abuse.md │ │ ├── r_m_digital_guardian_digital_guardian_network_dlp_Privileged_Activity.md │ │ └── r_m_digital_guardian_digital_guardian_network_dlp_Workforce_Protection.md │ │ └── ds_digital_guardian_digital_guardian_network_dlp.md ├── Dropbox │ └── Dropbox │ │ ├── 2_ds_dropbox_dropbox.md │ │ ├── Ps │ │ ├── pC_cefdropboxappactivity1.md │ │ ├── pC_cefdropboxappactivity10.md │ │ ├── pC_cefdropboxappactivity2.md │ │ ├── pC_cefdropboxappactivity3.md │ │ ├── pC_cefdropboxappactivity4.md │ │ ├── pC_cefdropboxappactivity5.md │ │ ├── pC_cefdropboxappactivity6.md │ │ ├── pC_cefdropboxappactivity7.md │ │ ├── pC_cefdropboxappactivity8.md │ │ ├── pC_cefdropboxappactivity9.md │ │ ├── pC_cefdropboxloginactivity.md │ │ ├── pC_sdropboxappactivity1.md │ │ ├── pC_sdropboxappactivity2.md │ │ ├── pC_sdropboxdevicesactivity.md │ │ └── pC_sdropboxloginsactivity.md │ │ ├── RM │ │ ├── r_m_dropbox_dropbox_Abnormal_Authentication_&_Access.md │ │ ├── r_m_dropbox_dropbox_Account_Manipulation.md │ │ ├── r_m_dropbox_dropbox_Brute_Force_Attack.md │ │ ├── r_m_dropbox_dropbox_Compromised_Credentials.md │ │ ├── r_m_dropbox_dropbox_Data_Access.md │ │ ├── r_m_dropbox_dropbox_Data_Exfiltration.md │ │ ├── r_m_dropbox_dropbox_Data_Leak.md │ │ ├── r_m_dropbox_dropbox_Destruction_of_Data.md │ │ ├── r_m_dropbox_dropbox_Lateral_Movement.md │ │ ├── r_m_dropbox_dropbox_Malware.md │ │ ├── r_m_dropbox_dropbox_Phishing.md │ │ ├── r_m_dropbox_dropbox_Privilege_Abuse.md │ │ ├── r_m_dropbox_dropbox_Privilege_Escalation.md │ │ ├── r_m_dropbox_dropbox_Privileged_Activity.md │ │ └── r_m_dropbox_dropbox_Ransomware.md │ │ └── ds_dropbox_dropbox.md ├── Dtex_Systems │ └── DTEX_InTERCEPT │ │ ├── 2_ds_dtex_systems_dtex_intercept.md │ │ ├── Ps │ │ ├── pC_cefdtexdircreated.md │ │ ├── pC_cefdtexdirdelete.md │ │ ├── pC_cefdtexdirmoved.md │ │ ├── pC_cefdtexdirrenamed.md │ │ ├── pC_cefdtexfilecopied.md │ │ ├── pC_cefdtexfilecreated.md │ │ ├── pC_cefdtexfiledelete.md │ │ ├── pC_cefdtexfilemodified.md │ │ ├── pC_cefdtexfilemoved.md │ │ ├── pC_cefdtexfileread.md │ │ ├── pC_cefdtexfilerenamed.md │ │ ├── pC_cefdtexlocallogon.md │ │ ├── pC_cefdtexprintactivity.md │ │ ├── pC_cefdtexprocesscreated.md │ │ ├── pC_cefdtexremotelogon.md │ │ ├── pC_cefdtexwebactivity.md │ │ ├── pC_cefdtexworkstationlocked.md │ │ ├── pC_cefdtexworkstationunlocked.md │ │ └── pC_sdtex.md │ │ ├── RM │ │ ├── r_m_dtex_systems_dtex_intercept_Abnormal_Authentication_&_Access.md │ │ ├── r_m_dtex_systems_dtex_intercept_Account_Manipulation.md │ │ ├── r_m_dtex_systems_dtex_intercept_Audit_Tampering.md │ │ ├── r_m_dtex_systems_dtex_intercept_Compromised_Credentials.md │ │ ├── r_m_dtex_systems_dtex_intercept_Cryptomining.md │ │ ├── r_m_dtex_systems_dtex_intercept_Data_Access.md │ │ ├── r_m_dtex_systems_dtex_intercept_Data_Exfiltration.md │ │ ├── r_m_dtex_systems_dtex_intercept_Data_Leak.md │ │ ├── r_m_dtex_systems_dtex_intercept_Destruction_of_Data.md │ │ ├── r_m_dtex_systems_dtex_intercept_Evasion.md │ │ ├── r_m_dtex_systems_dtex_intercept_Lateral_Movement.md │ │ ├── r_m_dtex_systems_dtex_intercept_Malware.md │ │ ├── r_m_dtex_systems_dtex_intercept_Phishing.md │ │ ├── r_m_dtex_systems_dtex_intercept_Privilege_Abuse.md │ │ ├── r_m_dtex_systems_dtex_intercept_Privilege_Escalation.md │ │ ├── r_m_dtex_systems_dtex_intercept_Privileged_Activity.md │ │ ├── r_m_dtex_systems_dtex_intercept_Ransomware.md │ │ └── r_m_dtex_systems_dtex_intercept_Workforce_Protection.md │ │ └── ds_dtex_systems_dtex_intercept.md ├── EMP │ └── EMP │ │ ├── Ps │ │ └── pC_empappactivity.md │ │ ├── RM │ │ ├── r_m_emp_emp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_emp_emp_Account_Manipulation.md │ │ ├── r_m_emp_emp_Compromised_Credentials.md │ │ ├── r_m_emp_emp_Data_Access.md │ │ ├── r_m_emp_emp_Data_Leak.md │ │ ├── r_m_emp_emp_Lateral_Movement.md │ │ ├── r_m_emp_emp_Malware.md │ │ ├── r_m_emp_emp_Privilege_Abuse.md │ │ ├── r_m_emp_emp_Privilege_Escalation.md │ │ ├── r_m_emp_emp_Privileged_Activity.md │ │ └── r_m_emp_emp_Ransomware.md │ │ └── ds_emp_emp.md ├── ESET │ └── ESET_Endpoint_Security │ │ ├── 2_ds_eset_eset_endpoint_security.md │ │ ├── Ps │ │ ├── pC_esetalert.md │ │ ├── pC_esetdomainuserfailedlogin.md │ │ ├── pC_esetdomainuserlogin.md │ │ ├── pC_leefesetapploginsuccess.md │ │ ├── pC_leefesetfailedlogon.md │ │ ├── pC_leefesetnetworkalert.md │ │ ├── pC_leefesetsecurityalert.md │ │ ├── pC_leefesetwebactivitydenied.md │ │ └── pC_leefesetwebactivitydenied1.md │ │ ├── RM │ │ ├── r_m_eset_eset_endpoint_security_Abnormal_Authentication_&_Access.md │ │ ├── r_m_eset_eset_endpoint_security_Brute_Force_Attack.md │ │ ├── r_m_eset_eset_endpoint_security_Compromised_Credentials.md │ │ ├── r_m_eset_eset_endpoint_security_Cryptomining.md │ │ ├── r_m_eset_eset_endpoint_security_Data_Access.md │ │ ├── r_m_eset_eset_endpoint_security_Data_Exfiltration.md │ │ ├── r_m_eset_eset_endpoint_security_Data_Leak.md │ │ ├── r_m_eset_eset_endpoint_security_Lateral_Movement.md │ │ ├── r_m_eset_eset_endpoint_security_Malware.md │ │ ├── r_m_eset_eset_endpoint_security_Phishing.md │ │ ├── r_m_eset_eset_endpoint_security_Privilege_Abuse.md │ │ ├── r_m_eset_eset_endpoint_security_Privilege_Escalation.md │ │ ├── r_m_eset_eset_endpoint_security_Privileged_Activity.md │ │ └── r_m_eset_eset_endpoint_security_Ransomware.md │ │ └── ds_eset_eset_endpoint_security.md ├── ESector │ └── ESector_DEFESA │ │ ├── Ps │ │ ├── pC_esectorfiledelete.md │ │ ├── pC_esectorfileread.md │ │ ├── pC_esectorfilewrite.md │ │ ├── pC_esectorfilewrite1.md │ │ └── pC_esectorfilewrite2.md │ │ ├── RM │ │ ├── r_m_esector_esector_defesa_Compromised_Credentials.md │ │ ├── r_m_esector_esector_defesa_Data_Access.md │ │ ├── r_m_esector_esector_defesa_Data_Exfiltration.md │ │ ├── r_m_esector_esector_defesa_Data_Leak.md │ │ ├── r_m_esector_esector_defesa_Destruction_of_Data.md │ │ ├── r_m_esector_esector_defesa_Malware.md │ │ ├── r_m_esector_esector_defesa_Privilege_Abuse.md │ │ ├── r_m_esector_esector_defesa_Privileged_Activity.md │ │ └── r_m_esector_esector_defesa_Ransomware.md │ │ └── ds_esector_esector_defesa.md ├── EdgeWave │ └── EdgeWave_iPrism │ │ ├── Ps │ │ └── pC_edgewavewebactivity.md │ │ ├── RM │ │ ├── r_m_edgewave_edgewave_iprism_Abnormal_Authentication_&_Access.md │ │ ├── r_m_edgewave_edgewave_iprism_Compromised_Credentials.md │ │ ├── r_m_edgewave_edgewave_iprism_Cryptomining.md │ │ ├── r_m_edgewave_edgewave_iprism_Data_Exfiltration.md │ │ ├── r_m_edgewave_edgewave_iprism_Data_Leak.md │ │ ├── r_m_edgewave_edgewave_iprism_Lateral_Movement.md │ │ ├── r_m_edgewave_edgewave_iprism_Malware.md │ │ ├── r_m_edgewave_edgewave_iprism_Phishing.md │ │ ├── r_m_edgewave_edgewave_iprism_Privilege_Abuse.md │ │ ├── r_m_edgewave_edgewave_iprism_Privileged_Activity.md │ │ ├── r_m_edgewave_edgewave_iprism_Ransomware.md │ │ └── r_m_edgewave_edgewave_iprism_Workforce_Protection.md │ │ └── ds_edgewave_edgewave_iprism.md ├── Egnyte │ └── Egnyte │ │ ├── 2_ds_egnyte_egnyte.md │ │ ├── Ps │ │ ├── pC_cefegnyteappactivity.md │ │ ├── pC_cefegnyteappactivity1.md │ │ ├── pC_cefegnyteappactivity10.md │ │ ├── pC_cefegnyteappactivity11.md │ │ ├── pC_cefegnyteappactivity12.md │ │ ├── pC_cefegnyteappactivity13.md │ │ ├── pC_cefegnyteappactivity2.md │ │ ├── pC_cefegnyteappactivity3.md │ │ ├── pC_cefegnyteappactivity4.md │ │ ├── pC_cefegnyteappactivity5.md │ │ ├── pC_cefegnyteappactivity6.md │ │ ├── pC_cefegnyteappactivity7.md │ │ ├── pC_cefegnyteappactivity8.md │ │ ├── pC_cefegnyteappactivity9.md │ │ ├── pC_cefegnytefileoperations.md │ │ ├── pC_egnyteapplogin.md │ │ ├── pC_egnytefailedapplogin.md │ │ └── pC_egnytefileoperations.md │ │ ├── RM │ │ ├── r_m_egnyte_egnyte_Abnormal_Authentication_&_Access.md │ │ ├── r_m_egnyte_egnyte_Account_Manipulation.md │ │ ├── r_m_egnyte_egnyte_Compromised_Credentials.md │ │ ├── r_m_egnyte_egnyte_Data_Access.md │ │ ├── r_m_egnyte_egnyte_Data_Exfiltration.md │ │ ├── r_m_egnyte_egnyte_Data_Leak.md │ │ ├── r_m_egnyte_egnyte_Destruction_of_Data.md │ │ ├── r_m_egnyte_egnyte_Lateral_Movement.md │ │ ├── r_m_egnyte_egnyte_Malware.md │ │ ├── r_m_egnyte_egnyte_Privilege_Abuse.md │ │ ├── r_m_egnyte_egnyte_Privilege_Escalation.md │ │ ├── r_m_egnyte_egnyte_Privileged_Activity.md │ │ └── r_m_egnyte_egnyte_Ransomware.md │ │ └── ds_egnyte_egnyte.md ├── EnSilo │ └── EnSilo │ │ ├── Ps │ │ └── pC_ensilosecurityalert.md │ │ ├── RM │ │ ├── r_m_ensilo_ensilo_Compromised_Credentials.md │ │ ├── r_m_ensilo_ensilo_Lateral_Movement.md │ │ ├── r_m_ensilo_ensilo_Malware.md │ │ └── r_m_ensilo_ensilo_Privileged_Activity.md │ │ └── ds_ensilo_ensilo.md ├── EndPoint │ └── EndPoint │ │ ├── Ps │ │ └── pC_sendpointdlpalert.md │ │ ├── RM │ │ ├── r_m_endpoint_endpoint_Data_Exfiltration.md │ │ ├── r_m_endpoint_endpoint_Data_Leak.md │ │ └── r_m_endpoint_endpoint_Malware.md │ │ └── ds_endpoint_endpoint.md ├── Endgame │ └── Endgame_EDR │ │ ├── Ps │ │ └── pC_endgameedrsecurityalert.md │ │ ├── RM │ │ ├── r_m_endgame_endgame_edr_Compromised_Credentials.md │ │ ├── r_m_endgame_endgame_edr_Lateral_Movement.md │ │ ├── r_m_endgame_endgame_edr_Malware.md │ │ └── r_m_endgame_endgame_edr_Privileged_Activity.md │ │ └── ds_endgame_endgame_edr.md ├── Entrust │ └── IdentityGuard │ │ ├── Ps │ │ ├── pC_entrustidentityguardaccountlockout.md │ │ ├── pC_entrustidentityguardauthfailed2.md │ │ ├── pC_entrustidentityguardauthfailed3.md │ │ └── pC_entrustidentityguardauthsuccessful.md │ │ ├── RM │ │ ├── r_m_entrust_identityguard_Abnormal_Authentication_&_Access.md │ │ ├── r_m_entrust_identityguard_Brute_Force_Attack.md │ │ ├── r_m_entrust_identityguard_Compromised_Credentials.md │ │ ├── r_m_entrust_identityguard_Lateral_Movement.md │ │ ├── r_m_entrust_identityguard_Malware.md │ │ └── r_m_entrust_identityguard_Ransomware.md │ │ └── ds_entrust_identityguard.md ├── Epic │ └── Epic_SIEM │ │ ├── 2_ds_epic_epic_siem.md │ │ ├── Ps │ │ ├── pC_cefepicappactivity1.md │ │ ├── pC_cefepicappactivity10.md │ │ ├── pC_cefepicappactivity11.md │ │ ├── pC_cefepicappactivity12.md │ │ ├── pC_cefepicappactivity2.md │ │ ├── pC_cefepicappactivity3.md │ │ ├── pC_cefepicappactivity4.md │ │ ├── pC_cefepicappactivity5.md │ │ ├── pC_cefepicappactivity6.md │ │ ├── pC_cefepicappactivity7.md │ │ ├── pC_cefepicappactivity8.md │ │ ├── pC_cefepicappactivity9.md │ │ ├── pC_cefepicapplogin.md │ │ ├── pC_cefepicauthsuccessful.md │ │ ├── pC_cefepicfailedapplogin.md │ │ └── pC_leefepicappactivity.md │ │ ├── RM │ │ ├── r_m_epic_epic_siem_Abnormal_Authentication_&_Access.md │ │ ├── r_m_epic_epic_siem_Account_Manipulation.md │ │ ├── r_m_epic_epic_siem_Compromised_Credentials.md │ │ ├── r_m_epic_epic_siem_Data_Access.md │ │ ├── r_m_epic_epic_siem_Data_Leak.md │ │ ├── r_m_epic_epic_siem_Lateral_Movement.md │ │ ├── r_m_epic_epic_siem_Malware.md │ │ ├── r_m_epic_epic_siem_Privilege_Abuse.md │ │ ├── r_m_epic_epic_siem_Privilege_Escalation.md │ │ ├── r_m_epic_epic_siem_Privileged_Activity.md │ │ └── r_m_epic_epic_siem_Ransomware.md │ │ └── ds_epic_epic_siem.md ├── Exabeam │ ├── Exabeam_Advanced_Analytics │ │ ├── 2_ds_exabeam_exabeam_advanced_analytics.md │ │ ├── Ps │ │ │ ├── pC_exaappactivity1.md │ │ │ ├── pC_exaappactivity2.md │ │ │ ├── pC_exaappactivity3.md │ │ │ ├── pC_exaappactivity4.md │ │ │ ├── pC_exaappactivity5.md │ │ │ ├── pC_exaappactivity6.md │ │ │ ├── pC_exaappactivity7.md │ │ │ ├── pC_exaapplogin.md │ │ │ ├── pC_exaapploginaa.md │ │ │ ├── pC_exafailedapplogin.md │ │ │ └── pC_exalogsourceadded.md │ │ ├── RM │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Account_Manipulation.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Compromised_Credentials.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Data_Access.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Data_Leak.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Lateral_Movement.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Malware.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Privilege_Abuse.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Privilege_Escalation.md │ │ │ ├── r_m_exabeam_exabeam_advanced_analytics_Privileged_Activity.md │ │ │ └── r_m_exabeam_exabeam_advanced_analytics_Ransomware.md │ │ └── ds_exabeam_exabeam_advanced_analytics.md │ └── Exabeam_DL │ │ ├── Ps │ │ ├── pC_exacorrulealerts.md │ │ └── pC_exadlsearchactivity.md │ │ ├── RM │ │ ├── r_m_exabeam_exabeam_dl_Abnormal_Authentication_&_Access.md │ │ ├── r_m_exabeam_exabeam_dl_Account_Manipulation.md │ │ ├── r_m_exabeam_exabeam_dl_Compromised_Credentials.md │ │ ├── r_m_exabeam_exabeam_dl_Data_Access.md │ │ ├── r_m_exabeam_exabeam_dl_Data_Leak.md │ │ ├── r_m_exabeam_exabeam_dl_Lateral_Movement.md │ │ ├── r_m_exabeam_exabeam_dl_Malware.md │ │ ├── r_m_exabeam_exabeam_dl_Privilege_Abuse.md │ │ ├── r_m_exabeam_exabeam_dl_Privilege_Escalation.md │ │ ├── r_m_exabeam_exabeam_dl_Privileged_Activity.md │ │ └── r_m_exabeam_exabeam_dl_Ransomware.md │ │ └── ds_exabeam_exabeam_dl.md ├── Extrahop │ └── Reveal(x) │ │ ├── Ps │ │ ├── pC_cefextrahopnetworksec.md │ │ ├── pC_extrahopdnsquery.md │ │ ├── pC_extrahopnetworkperf.md │ │ └── pC_extrahopnetworksec.md │ │ ├── RM │ │ ├── r_m_extrahop_reveal(x)_Compromised_Credentials.md │ │ ├── r_m_extrahop_reveal(x)_Lateral_Movement.md │ │ ├── r_m_extrahop_reveal(x)_Malware.md │ │ └── r_m_extrahop_reveal(x)_Privileged_Activity.md │ │ └── ds_extrahop_reveal(x).md ├── Extreme_Networks │ └── Zebra_wireless_LAN_management │ │ ├── Ps │ │ └── pC_zebrawlmsshfailed.md │ │ ├── RM │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Abnormal_Authentication_&_Access.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Brute_Force_Attack.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Compromised_Credentials.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Lateral_Movement.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Malware.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Privilege_Abuse.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Privilege_Escalation.md │ │ ├── r_m_extreme_networks_zebra_wireless_lan_management_Privileged_Activity.md │ │ └── r_m_extreme_networks_zebra_wireless_lan_management_Ransomware.md │ │ └── ds_extreme_networks_zebra_wireless_lan_management.md ├── F-Secure │ └── F-Secure_Client_Security │ │ ├── Ps │ │ └── pC_ceffsecuresecurityalert.md │ │ ├── RM │ │ ├── r_m_f-secure_f-secure_client_security_Compromised_Credentials.md │ │ ├── r_m_f-secure_f-secure_client_security_Lateral_Movement.md │ │ ├── r_m_f-secure_f-secure_client_security_Malware.md │ │ └── r_m_f-secure_f-secure_client_security_Privileged_Activity.md │ │ └── ds_f-secure_f-secure_client_security.md ├── F5 │ ├── BIG-IP_DNS │ │ ├── Ps │ │ │ ├── pC_sf5dnsresponse.md │ │ │ ├── pC_syslogf5dnsquery.md │ │ │ ├── pC_syslogf5dnsquery1.md │ │ │ └── pC_syslogf5dnsresponse.md │ │ ├── RM │ │ │ └── r_m_f5_big-ip_dns_Malware.md │ │ └── ds_f5_big-ip_dns.md │ ├── F5_Advanced_Web_Application_Firewall_(WAF) │ │ ├── 2_ds_f5_f5_advanced_web_application_firewall_(waf).md │ │ ├── Ps │ │ │ ├── pC_f5accountswitch.md │ │ │ ├── pC_f5dlpemailout.md │ │ │ ├── pC_f5networkalert1.md │ │ │ ├── pC_f5networkalert3.md │ │ │ ├── pC_f5networkconnection2.md │ │ │ ├── pC_f5networkconnection3.md │ │ │ ├── pC_f5networkconnection4.md │ │ │ ├── pC_f5networkconnection5.md │ │ │ ├── pC_f5networkconnection6.md │ │ │ ├── pC_f5processcreated.md │ │ │ └── pC_f5sshloginsuccessful1.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Account_Manipulation.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Audit_Tampering.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Compromised_Credentials.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Cryptomining.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Data_Access.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Data_Exfiltration.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Data_Leak.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Evasion.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Lateral_Movement.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Malware.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Phishing.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Privilege_Abuse.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Privilege_Escalation.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Privileged_Activity.md │ │ │ ├── r_m_f5_f5_advanced_web_application_firewall_(waf)_Ransomware.md │ │ │ └── r_m_f5_f5_advanced_web_application_firewall_(waf)_Workforce_Protection.md │ │ └── ds_f5_f5_advanced_web_application_firewall_(waf).md │ ├── F5_BIG-IP │ │ ├── 2_ds_f5_f5_big-ip.md │ │ ├── Ps │ │ │ ├── pC_ceff5vpnstart1.md │ │ │ ├── pC_f5bigipauthenticationsuccessful.md │ │ │ ├── pC_f5networkconnection1.md │ │ │ ├── pC_f5sshfailedlogon.md │ │ │ ├── pC_f5sshloginsuccessful.md │ │ │ ├── pC_f5vpnadditionalinfo.md │ │ │ ├── pC_f5vpnassignip.md │ │ │ ├── pC_f5vpnauthfailed.md │ │ │ ├── pC_f5vpnauthfailed1.md │ │ │ ├── pC_f5vpncertuser.md │ │ │ ├── pC_f5vpnloginfailed.md │ │ │ ├── pC_f5vpnos.md │ │ │ ├── pC_f5vpnpasswordchangefailed.md │ │ │ ├── pC_f5vpnpolicy.md │ │ │ ├── pC_f5vpnsessionend1.md │ │ │ ├── pC_f5vpnsessionstart.md │ │ │ ├── pC_f5vpnsessionstart1.md │ │ │ ├── pC_f5vpnsrchost.md │ │ │ └── pC_f5vpnuser.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_big-ip_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_f5_f5_big-ip_Account_Manipulation.md │ │ │ ├── r_m_f5_f5_big-ip_Brute_Force_Attack.md │ │ │ ├── r_m_f5_f5_big-ip_Compromised_Credentials.md │ │ │ ├── r_m_f5_f5_big-ip_Data_Access.md │ │ │ ├── r_m_f5_f5_big-ip_Data_Exfiltration.md │ │ │ ├── r_m_f5_f5_big-ip_Data_Leak.md │ │ │ ├── r_m_f5_f5_big-ip_Lateral_Movement.md │ │ │ ├── r_m_f5_f5_big-ip_Malware.md │ │ │ ├── r_m_f5_f5_big-ip_Phishing.md │ │ │ ├── r_m_f5_f5_big-ip_Physical_Security.md │ │ │ ├── r_m_f5_f5_big-ip_Privilege_Abuse.md │ │ │ ├── r_m_f5_f5_big-ip_Privilege_Escalation.md │ │ │ ├── r_m_f5_f5_big-ip_Privileged_Activity.md │ │ │ └── r_m_f5_f5_big-ip_Ransomware.md │ │ └── ds_f5_f5_big-ip.md │ ├── F5_BIG-IP_Access_Policy_Manager_(APM) │ │ ├── 2_ds_f5_f5_big-ip_access_policy_manager_(apm).md │ │ ├── Ps │ │ │ ├── pC_ceff5vpnend.md │ │ │ ├── pC_ceff5vpnstart.md │ │ │ ├── pC_ceff5vpnuser.md │ │ │ ├── pC_f5vpnstartcustom.md │ │ │ ├── pC_f5vpnuseragent.md │ │ │ ├── pC_f5vpnusername.md │ │ │ ├── pC_jsonf5authattempt.md │ │ │ └── pC_sf5vpnp2.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Account_Manipulation.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Brute_Force_Attack.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Compromised_Credentials.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Data_Access.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Data_Exfiltration.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Data_Leak.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Lateral_Movement.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Malware.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Phishing.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Physical_Security.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Privilege_Abuse.md │ │ │ ├── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Privilege_Escalation.md │ │ │ └── r_m_f5_f5_big-ip_access_policy_manager_(apm)_Ransomware.md │ │ └── ds_f5_f5_big-ip_access_policy_manager_(apm).md │ ├── F5_BIG-IP_Advanced_Firewall_Module_(AFM) │ │ ├── Ps │ │ │ ├── pC_f5afmalert.md │ │ │ └── pC_f5networkconnection.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_big-ip_advanced_firewall_module_(afm)_Compromised_Credentials.md │ │ │ ├── r_m_f5_f5_big-ip_advanced_firewall_module_(afm)_Lateral_Movement.md │ │ │ ├── r_m_f5_f5_big-ip_advanced_firewall_module_(afm)_Malware.md │ │ │ └── r_m_f5_f5_big-ip_advanced_firewall_module_(afm)_Privileged_Activity.md │ │ └── ds_f5_f5_big-ip_advanced_firewall_module_(afm).md │ ├── F5_BIG-IP_Application_Security_Manager_(ASM) │ │ ├── Ps │ │ │ ├── pC_ceff5asmalert.md │ │ │ ├── pC_f5asmalert.md │ │ │ ├── pC_f5asmalert1.md │ │ │ ├── pC_f5asmalert3.md │ │ │ └── pC_f5asmwebactivity.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Compromised_Credentials.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Cryptomining.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Data_Exfiltration.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Data_Leak.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Lateral_Movement.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Malware.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Phishing.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Privilege_Abuse.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Privileged_Activity.md │ │ │ ├── r_m_f5_f5_big-ip_application_security_manager_(asm)_Ransomware.md │ │ │ └── r_m_f5_f5_big-ip_application_security_manager_(asm)_Workforce_Protection.md │ │ └── ds_f5_f5_big-ip_application_security_manager_(asm).md │ ├── F5_IP_Intelligence │ │ ├── Ps │ │ │ └── pC_f5networkalert4.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_ip_intelligence_Compromised_Credentials.md │ │ │ └── r_m_f5_f5_ip_intelligence_Malware.md │ │ └── ds_f5_f5_ip_intelligence.md │ ├── F5_Silverline │ │ ├── Ps │ │ │ ├── pC_f5silverlinenetworkalert1.md │ │ │ └── pC_f5silverlinewaf.md │ │ ├── RM │ │ │ ├── r_m_f5_f5_silverline_Compromised_Credentials.md │ │ │ └── r_m_f5_f5_silverline_Malware.md │ │ └── ds_f5_f5_silverline.md │ └── WebSafe │ │ ├── Ps │ │ └── pC_f5webactivity.md │ │ ├── RM │ │ ├── r_m_f5_websafe_Abnormal_Authentication_&_Access.md │ │ ├── r_m_f5_websafe_Compromised_Credentials.md │ │ ├── r_m_f5_websafe_Cryptomining.md │ │ ├── r_m_f5_websafe_Data_Exfiltration.md │ │ ├── r_m_f5_websafe_Data_Leak.md │ │ ├── r_m_f5_websafe_Lateral_Movement.md │ │ ├── r_m_f5_websafe_Malware.md │ │ ├── r_m_f5_websafe_Phishing.md │ │ ├── r_m_f5_websafe_Privilege_Abuse.md │ │ ├── r_m_f5_websafe_Privileged_Activity.md │ │ ├── r_m_f5_websafe_Ransomware.md │ │ └── r_m_f5_websafe_Workforce_Protection.md │ │ └── ds_f5_websafe.md ├── FTP │ └── FTP │ │ ├── 2_ds_ftp_ftp.md │ │ ├── Ps │ │ ├── pC_commonftpapplogin.md │ │ ├── pC_commonftpfailedapplogin.md │ │ ├── pC_commonftpfiledelete.md │ │ ├── pC_commonftpfiledownload.md │ │ ├── pC_commonftpfileupload.md │ │ ├── pC_scommonftpappactivity.md │ │ ├── pC_scommonftpappactivity1.md │ │ ├── pC_scommonftpappactivity2.md │ │ ├── pC_scommonftpappactivity3.md │ │ ├── pC_scommonftpappactivity4.md │ │ ├── pC_scommonftpappactivity5.md │ │ ├── pC_scommonftpappactivity6.md │ │ ├── pC_scommonftpappactivity7.md │ │ ├── pC_scommonftpappactivity8.md │ │ ├── pC_scommonftpdelete.md │ │ ├── pC_scommonftpdelete1.md │ │ ├── pC_scommonftpdownload.md │ │ ├── pC_scommonftpdownload1.md │ │ ├── pC_scommonftpfailedlogin.md │ │ ├── pC_scommonftpfailedlogin1.md │ │ ├── pC_scommonftplogin.md │ │ ├── pC_scommonftplogin1.md │ │ ├── pC_scommonftpupload.md │ │ └── pC_scommonftpupload1.md │ │ ├── RM │ │ ├── r_m_ftp_ftp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ftp_ftp_Account_Manipulation.md │ │ ├── r_m_ftp_ftp_Compromised_Credentials.md │ │ ├── r_m_ftp_ftp_Data_Access.md │ │ ├── r_m_ftp_ftp_Data_Exfiltration.md │ │ ├── r_m_ftp_ftp_Data_Leak.md │ │ ├── r_m_ftp_ftp_Destruction_of_Data.md │ │ ├── r_m_ftp_ftp_Lateral_Movement.md │ │ ├── r_m_ftp_ftp_Malware.md │ │ ├── r_m_ftp_ftp_Privilege_Abuse.md │ │ ├── r_m_ftp_ftp_Privilege_Escalation.md │ │ ├── r_m_ftp_ftp_Privileged_Activity.md │ │ └── r_m_ftp_ftp_Ransomware.md │ │ └── ds_ftp_ftp.md ├── Fast_Enterprises │ └── Fast_Enterprises_GenTax │ │ ├── Ps │ │ └── pC_gentaxapplogin.md │ │ ├── RM │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Abnormal_Authentication_&_Access.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Compromised_Credentials.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Data_Access.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Lateral_Movement.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Malware.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Privilege_Abuse.md │ │ ├── r_m_fast_enterprises_fast_enterprises_gentax_Privileged_Activity.md │ │ └── r_m_fast_enterprises_fast_enterprises_gentax_Ransomware.md │ │ └── ds_fast_enterprises_fast_enterprises_gentax.md ├── Fidelis │ ├── Fidelis_Network │ │ ├── Ps │ │ │ ├── pC_ceffidelisalert.md │ │ │ └── pC_sfidelisalert.md │ │ ├── RM │ │ │ ├── r_m_fidelis_fidelis_network_Compromised_Credentials.md │ │ │ ├── r_m_fidelis_fidelis_network_Lateral_Movement.md │ │ │ ├── r_m_fidelis_fidelis_network_Malware.md │ │ │ └── r_m_fidelis_fidelis_network_Privileged_Activity.md │ │ └── ds_fidelis_fidelis_network.md │ └── Fidelis_XPS │ │ ├── Ps │ │ ├── pC_fidelisemailalert.md │ │ ├── pC_fidelisleefalert.md │ │ └── pC_nforwardedceffidelisalert.md │ │ ├── RM │ │ ├── r_m_fidelis_fidelis_xps_Compromised_Credentials.md │ │ ├── r_m_fidelis_fidelis_xps_Data_Leak.md │ │ ├── r_m_fidelis_fidelis_xps_Lateral_Movement.md │ │ ├── r_m_fidelis_fidelis_xps_Malware.md │ │ ├── r_m_fidelis_fidelis_xps_Phishing.md │ │ ├── r_m_fidelis_fidelis_xps_Privilege_Abuse.md │ │ ├── r_m_fidelis_fidelis_xps_Privileged_Activity.md │ │ └── r_m_fidelis_fidelis_xps_Workforce_Protection.md │ │ └── ds_fidelis_fidelis_xps.md ├── FileAuditor │ └── FileAuditor │ │ ├── Ps │ │ ├── pC_fileauditorfiledelete.md │ │ ├── pC_fileauditorfileread.md │ │ ├── pC_fileauditorfilewrite1.md │ │ ├── pC_fileauditorfilewrite2.md │ │ ├── pC_fileauditorfilewrite3.md │ │ └── pC_fileauditorfilewrite4.md │ │ ├── RM │ │ ├── r_m_fileauditor_fileauditor_Compromised_Credentials.md │ │ ├── r_m_fileauditor_fileauditor_Data_Access.md │ │ ├── r_m_fileauditor_fileauditor_Data_Exfiltration.md │ │ ├── r_m_fileauditor_fileauditor_Data_Leak.md │ │ ├── r_m_fileauditor_fileauditor_Destruction_of_Data.md │ │ ├── r_m_fileauditor_fileauditor_Malware.md │ │ ├── r_m_fileauditor_fileauditor_Privilege_Abuse.md │ │ ├── r_m_fileauditor_fileauditor_Privileged_Activity.md │ │ └── r_m_fileauditor_fileauditor_Ransomware.md │ │ └── ds_fileauditor_fileauditor.md ├── FireEye │ ├── FireEye_Email_Gateway │ │ ├── Ps │ │ │ └── pC_fireeyejsonalertemail.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_email_gateway_Compromised_Credentials.md │ │ │ ├── r_m_fireeye_fireeye_email_gateway_Lateral_Movement.md │ │ │ ├── r_m_fireeye_fireeye_email_gateway_Malware.md │ │ │ └── r_m_fireeye_fireeye_email_gateway_Privileged_Activity.md │ │ └── ds_fireeye_fireeye_email_gateway.md │ ├── FireEye_Email_Security_(EX) │ │ ├── Ps │ │ │ └── pC_ceffireeyeexsecurityalert.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_email_security_(ex)_Compromised_Credentials.md │ │ │ ├── r_m_fireeye_fireeye_email_security_(ex)_Lateral_Movement.md │ │ │ ├── r_m_fireeye_fireeye_email_security_(ex)_Malware.md │ │ │ └── r_m_fireeye_fireeye_email_security_(ex)_Privileged_Activity.md │ │ └── ds_fireeye_fireeye_email_security_(ex).md │ ├── FireEye_Email_Threat_Prevention_(ETP) │ │ ├── Ps │ │ │ ├── pC_fireeyedlpemail.md │ │ │ └── pC_fireeyedlpemailalert.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_email_threat_prevention_(etp)_Malware.md │ │ │ ├── r_m_fireeye_fireeye_email_threat_prevention_(etp)_Privilege_Abuse.md │ │ │ └── r_m_fireeye_fireeye_email_threat_prevention_(etp)_Privileged_Activity.md │ │ └── ds_fireeye_fireeye_email_threat_prevention_(etp).md │ ├── FireEye_Endpoint_Security_(CM) │ │ ├── Ps │ │ │ └── pC_fireeyecmnxalert.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(cm)_Compromised_Credentials.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(cm)_Lateral_Movement.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(cm)_Malware.md │ │ │ └── r_m_fireeye_fireeye_endpoint_security_(cm)_Privileged_Activity.md │ │ └── ds_fireeye_fireeye_endpoint_security_(cm).md │ ├── FireEye_Endpoint_Security_(HX) │ │ ├── 2_ds_fireeye_fireeye_endpoint_security_(hx).md │ │ ├── Ps │ │ │ ├── pC_ceffireeyehxsecurityalert.md │ │ │ ├── pC_fireeyehxalert.md │ │ │ ├── pC_sfireeyehxalert.md │ │ │ ├── pC_sfireeyehxalert1.md │ │ │ ├── pC_sfireeyehxalert2.md │ │ │ ├── pC_sfireeyehxalert3.md │ │ │ ├── pC_sfireeyehxalert4.md │ │ │ ├── pC_sfireeyehxalert5.md │ │ │ ├── pC_sfireeyehxalert6.md │ │ │ ├── pC_sfireeyehxalerthx.md │ │ │ └── pC_sfireeyehxalerts1.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Compromised_Credentials.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Data_Access.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Data_Exfiltration.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Data_Leak.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Lateral_Movement.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Malware.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Privilege_Abuse.md │ │ │ ├── r_m_fireeye_fireeye_endpoint_security_(hx)_Privileged_Activity.md │ │ │ └── r_m_fireeye_fireeye_endpoint_security_(hx)_Ransomware.md │ │ └── ds_fireeye_fireeye_endpoint_security_(hx).md │ ├── FireEye_Helix │ │ ├── Ps │ │ │ └── pC_jsonfireeyealertnetwork.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_helix_Compromised_Credentials.md │ │ │ └── r_m_fireeye_fireeye_helix_Malware.md │ │ └── ds_fireeye_fireeye_helix.md │ ├── FireEye_Network_Security_(Helix) │ │ ├── Ps │ │ │ └── pC_jsonfireeyealertendpoint.md │ │ ├── RM │ │ │ ├── r_m_fireeye_fireeye_network_security_(helix)_Compromised_Credentials.md │ │ │ ├── r_m_fireeye_fireeye_network_security_(helix)_Lateral_Movement.md │ │ │ ├── r_m_fireeye_fireeye_network_security_(helix)_Malware.md │ │ │ └── r_m_fireeye_fireeye_network_security_(helix)_Privileged_Activity.md │ │ └── ds_fireeye_fireeye_network_security_(helix).md │ └── FireEye_Network_Security_(NX) │ │ ├── 2_ds_fireeye_fireeye_network_security_(nx).md │ │ ├── Ps │ │ ├── pC_ceffireeyeemailalert.md │ │ ├── pC_fireeyecefalert.md │ │ ├── pC_fireeyecefalertnoconnector.md │ │ ├── pC_fireeyecefemailalert.md │ │ ├── pC_fireeyempsjsongenericalert.md │ │ ├── pC_fireeyempsjsongenericalert1.md │ │ ├── pC_fireeyempsjsonunformattedalert.md │ │ ├── pC_fireeyempsxmlextendedconsolidatedalert.md │ │ ├── pC_fireeyempsxmlextendedheadalert.md │ │ ├── pC_fireeyempsxmlnormalalert.md │ │ ├── pC_fireeyewebactivity.md │ │ ├── pC_leeffireeyealert.md │ │ ├── pC_nforwardedceffireeyealert.md │ │ ├── pC_qfireeyemps.md │ │ └── pC_sfireeyempsalert.md │ │ ├── RM │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Abnormal_Authentication_&_Access.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Compromised_Credentials.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Cryptomining.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Data_Exfiltration.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Data_Leak.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Lateral_Movement.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Malware.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Phishing.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Privilege_Abuse.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Privileged_Activity.md │ │ ├── r_m_fireeye_fireeye_network_security_(nx)_Ransomware.md │ │ └── r_m_fireeye_fireeye_network_security_(nx)_Workforce_Protection.md │ │ └── ds_fireeye_fireeye_network_security_(nx).md ├── Forcepoint │ ├── Forcepoint_CASB │ │ ├── Ps │ │ │ ├── pC_sskyfenceactivity.md │ │ │ ├── pC_sskyfencealert.md │ │ │ └── pC_sskyfencelogin.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_forcepoint_casb_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Account_Manipulation.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Compromised_Credentials.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Data_Access.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Data_Leak.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Lateral_Movement.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Malware.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Privilege_Abuse.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Privilege_Escalation.md │ │ │ ├── r_m_forcepoint_forcepoint_casb_Privileged_Activity.md │ │ │ └── r_m_forcepoint_forcepoint_casb_Ransomware.md │ │ └── ds_forcepoint_forcepoint_casb.md │ ├── Forcepoint_DLP │ │ ├── 2_ds_forcepoint_forcepoint_dlp.md │ │ ├── Ps │ │ │ ├── pC_cefforcepointdlpalert.md │ │ │ ├── pC_cefforcepointdlpalert1.md │ │ │ ├── pC_cefforcepointdlpalert2.md │ │ │ ├── pC_cefforcepointdlpalert3.md │ │ │ ├── pC_cefforcepointdlpemailalert.md │ │ │ ├── pC_cefforcepointdlpemailalert2.md │ │ │ ├── pC_cefforcepointdlpemailalertout.md │ │ │ ├── pC_cefforcepointemailsubject.md │ │ │ ├── pC_sdlpemailout.md │ │ │ └── pC_websenseusbactivity.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Data_Exfiltration.md │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Data_Leak.md │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Malware.md │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Phishing.md │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Privilege_Abuse.md │ │ │ ├── r_m_forcepoint_forcepoint_dlp_Privileged_Activity.md │ │ │ └── r_m_forcepoint_forcepoint_dlp_Workforce_Protection.md │ │ └── ds_forcepoint_forcepoint_dlp.md │ ├── Forcepoint_Email_Security │ │ ├── Ps │ │ │ └── pC_cefforcepointdlpemailalert1.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_forcepoint_email_security_Data_Leak.md │ │ │ ├── r_m_forcepoint_forcepoint_email_security_Malware.md │ │ │ ├── r_m_forcepoint_forcepoint_email_security_Phishing.md │ │ │ ├── r_m_forcepoint_forcepoint_email_security_Privilege_Abuse.md │ │ │ ├── r_m_forcepoint_forcepoint_email_security_Privileged_Activity.md │ │ │ └── r_m_forcepoint_forcepoint_email_security_Workforce_Protection.md │ │ └── ds_forcepoint_forcepoint_email_security.md │ ├── Forcepoint_Insider_Threat │ │ ├── Ps │ │ │ └── pC_cefforcepointitdlpalert.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_forcepoint_insider_threat_Data_Exfiltration.md │ │ │ ├── r_m_forcepoint_forcepoint_insider_threat_Data_Leak.md │ │ │ └── r_m_forcepoint_forcepoint_insider_threat_Malware.md │ │ └── ds_forcepoint_forcepoint_insider_threat.md │ ├── Forcepoint_NGFW │ │ ├── Ps │ │ │ ├── pC_forcepointnetworkconnection7.md │ │ │ ├── pC_forcepointnetworkconnectionfailed.md │ │ │ ├── pC_forcepointnetworkconnectionfailed1.md │ │ │ ├── pC_forcepointnetworkconnectionfailed2.md │ │ │ ├── pC_forcepointnetworkconnectionfailed3.md │ │ │ ├── pC_forcepointnetworkconnectionfailed5.md │ │ │ ├── pC_forcepointnetworkconnectionsuccessful.md │ │ │ └── pC_forcepointnetworkconnectionsuccessful1.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_forcepoint_ngfw_Lateral_Movement.md │ │ │ └── r_m_forcepoint_forcepoint_ngfw_Malware.md │ │ └── ds_forcepoint_forcepoint_ngfw.md │ ├── Websense_ESG │ │ ├── Ps │ │ │ └── pC_websensedlpemailalertin.md │ │ ├── RM │ │ │ ├── r_m_forcepoint_websense_esg_Malware.md │ │ │ ├── r_m_forcepoint_websense_esg_Privilege_Abuse.md │ │ │ └── r_m_forcepoint_websense_esg_Privileged_Activity.md │ │ └── ds_forcepoint_websense_esg.md │ └── Websense_Secure_Gateway │ │ ├── 2_ds_forcepoint_websense_secure_gateway.md │ │ ├── Ps │ │ ├── pC_cefforcepointproxy.md │ │ ├── pC_cefwebsenseproxy.md │ │ ├── pC_forcepointproxy.md │ │ ├── pC_forcepointproxy1.md │ │ ├── pC_forcepointproxy2.md │ │ ├── pC_forcepointwebactivity.md │ │ ├── pC_forcepointwebactivity2.md │ │ ├── pC_websenseproxy.md │ │ ├── pC_websenseproxy1.md │ │ ├── pC_websenseproxy2.md │ │ └── pC_websenseproxy3.md │ │ ├── RM │ │ ├── r_m_forcepoint_websense_secure_gateway_Abnormal_Authentication_&_Access.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Compromised_Credentials.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Cryptomining.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Data_Exfiltration.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Data_Leak.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Lateral_Movement.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Malware.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Phishing.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Privilege_Abuse.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Privileged_Activity.md │ │ ├── r_m_forcepoint_websense_secure_gateway_Ransomware.md │ │ └── r_m_forcepoint_websense_secure_gateway_Workforce_Protection.md │ │ └── ds_forcepoint_websense_secure_gateway.md ├── Forescout │ ├── EyeInspect │ │ ├── Ps │ │ │ └── pC_jsoneyeinspectfailedlogon.md │ │ ├── RM │ │ │ ├── r_m_forescout_eyeinspect_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_forescout_eyeinspect_Brute_Force_Attack.md │ │ │ ├── r_m_forescout_eyeinspect_Compromised_Credentials.md │ │ │ ├── r_m_forescout_eyeinspect_Lateral_Movement.md │ │ │ ├── r_m_forescout_eyeinspect_Malware.md │ │ │ ├── r_m_forescout_eyeinspect_Privilege_Abuse.md │ │ │ ├── r_m_forescout_eyeinspect_Privilege_Escalation.md │ │ │ ├── r_m_forescout_eyeinspect_Privileged_Activity.md │ │ │ └── r_m_forescout_eyeinspect_Ransomware.md │ │ └── ds_forescout_eyeinspect.md │ └── Forescout_CounterACT │ │ ├── 2_ds_forescout_forescout_counteract.md │ │ ├── Ps │ │ ├── pC_counteractconfigchange.md │ │ ├── pC_counteractnaclogonsuccessful.md │ │ ├── pC_counteractnetworkalert.md │ │ ├── pC_counteractnetworkalert1.md │ │ ├── pC_counteractnetworkalert2.md │ │ ├── pC_counteractnetworkalert3.md │ │ ├── pC_counteractnetworkalert4.md │ │ ├── pC_counteractnetworkalert5.md │ │ ├── pC_counteractnetworkalert6.md │ │ ├── pC_counteractnetworkconnection.md │ │ └── pC_counteractnetworkconnection1.md │ │ ├── RM │ │ ├── r_m_forescout_forescout_counteract_Abnormal_Authentication_&_Access.md │ │ ├── r_m_forescout_forescout_counteract_Compromised_Credentials.md │ │ ├── r_m_forescout_forescout_counteract_Lateral_Movement.md │ │ └── r_m_forescout_forescout_counteract_Malware.md │ │ └── ds_forescout_forescout_counteract.md ├── Fortinet │ ├── FortiAuthenticator │ │ ├── Ps │ │ │ └── pC_fortiauthenticatorauthsuccessful.md │ │ ├── RM │ │ │ ├── r_m_fortinet_fortiauthenticator_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_fortinet_fortiauthenticator_Compromised_Credentials.md │ │ │ ├── r_m_fortinet_fortiauthenticator_Lateral_Movement.md │ │ │ ├── r_m_fortinet_fortiauthenticator_Malware.md │ │ │ └── r_m_fortinet_fortiauthenticator_Ransomware.md │ │ └── ds_fortinet_fortiauthenticator.md │ ├── FortiGate │ │ ├── Ps │ │ │ ├── pC_ceffortinetwebactivity2.md │ │ │ ├── pC_fortinetnetworkconnection1.md │ │ │ ├── pC_fortinetnetworkconnection2.md │ │ │ ├── pC_fortinetnetworkconnection3.md │ │ │ └── pC_fortinetvpnconnection.md │ │ ├── RM │ │ │ ├── r_m_fortinet_fortigate_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_fortinet_fortigate_Compromised_Credentials.md │ │ │ ├── r_m_fortinet_fortigate_Cryptomining.md │ │ │ ├── r_m_fortinet_fortigate_Data_Exfiltration.md │ │ │ ├── r_m_fortinet_fortigate_Data_Leak.md │ │ │ ├── r_m_fortinet_fortigate_Lateral_Movement.md │ │ │ ├── r_m_fortinet_fortigate_Malware.md │ │ │ ├── r_m_fortinet_fortigate_Phishing.md │ │ │ ├── r_m_fortinet_fortigate_Privilege_Abuse.md │ │ │ ├── r_m_fortinet_fortigate_Privileged_Activity.md │ │ │ ├── r_m_fortinet_fortigate_Ransomware.md │ │ │ └── r_m_fortinet_fortigate_Workforce_Protection.md │ │ └── ds_fortinet_fortigate.md │ ├── Fortinet_Enterprise_Firewall │ │ ├── 2_ds_fortinet_fortinet_enterprise_firewall.md │ │ ├── Ps │ │ │ ├── pC_ceffortinetappactivity.md │ │ │ ├── pC_ceffortinetnetworkconnection.md │ │ │ ├── pC_fortinetnetflow.md │ │ │ ├── pC_fortinetnetworkconnection.md │ │ │ ├── pC_fortiosnetworkconnection1.md │ │ │ ├── pC_fortiosnetworkconnectionfailed.md │ │ │ ├── pC_fortiosnetworkconnectionsuccessful.md │ │ │ └── pC_sfortinetdhcp.md │ │ ├── RM │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Account_Manipulation.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Compromised_Credentials.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Data_Access.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Data_Exfiltration.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Data_Leak.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Lateral_Movement.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Malware.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Privilege_Abuse.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Privilege_Escalation.md │ │ │ ├── r_m_fortinet_fortinet_enterprise_firewall_Privileged_Activity.md │ │ │ └── r_m_fortinet_fortinet_enterprise_firewall_Ransomware.md │ │ └── ds_fortinet_fortinet_enterprise_firewall.md │ ├── Fortinet_FortiWeb │ │ ├── Ps │ │ │ ├── pC_fortinetwebactivity1.md │ │ │ └── pC_fortinetwebactivity3.md │ │ ├── RM │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Compromised_Credentials.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Cryptomining.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Data_Exfiltration.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Data_Leak.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Lateral_Movement.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Malware.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Phishing.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Privilege_Abuse.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Privileged_Activity.md │ │ │ ├── r_m_fortinet_fortinet_fortiweb_Ransomware.md │ │ │ └── r_m_fortinet_fortinet_fortiweb_Workforce_Protection.md │ │ └── ds_fortinet_fortinet_fortiweb.md │ ├── Fortinet_UTM │ │ ├── 2_ds_fortinet_fortinet_utm.md │ │ ├── Ps │ │ │ ├── pC_ceffortinetauthfailed.md │ │ │ ├── pC_ceffortinetauthsuccessful.md │ │ │ ├── pC_ceffortinetwebactivity.md │ │ │ ├── pC_ceffortinetwebactivity1.md │ │ │ ├── pC_fortinetappactivity.md │ │ │ ├── pC_fortinetdlpalert.md │ │ │ ├── pC_fortinetdlpalertemail.md │ │ │ ├── pC_fortinetdlpalertemail1.md │ │ │ ├── pC_fortinetnetworkalert.md │ │ │ ├── pC_fortinetnetworkalert1.md │ │ │ ├── pC_fortinetsecurityalert.md │ │ │ ├── pC_fortinetsecurityalert2.md │ │ │ ├── pC_fortinetutmappactivity.md │ │ │ ├── pC_fortinetwebactivity.md │ │ │ └── pC_fortinetwebactivity2.md │ │ ├── RM │ │ │ ├── r_m_fortinet_fortinet_utm_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_fortinet_fortinet_utm_Account_Manipulation.md │ │ │ ├── r_m_fortinet_fortinet_utm_Compromised_Credentials.md │ │ │ ├── r_m_fortinet_fortinet_utm_Cryptomining.md │ │ │ ├── r_m_fortinet_fortinet_utm_Data_Access.md │ │ │ ├── r_m_fortinet_fortinet_utm_Data_Exfiltration.md │ │ │ ├── r_m_fortinet_fortinet_utm_Data_Leak.md │ │ │ ├── r_m_fortinet_fortinet_utm_Lateral_Movement.md │ │ │ ├── r_m_fortinet_fortinet_utm_Malware.md │ │ │ ├── r_m_fortinet_fortinet_utm_Phishing.md │ │ │ ├── r_m_fortinet_fortinet_utm_Privilege_Abuse.md │ │ │ ├── r_m_fortinet_fortinet_utm_Privilege_Escalation.md │ │ │ ├── r_m_fortinet_fortinet_utm_Privileged_Activity.md │ │ │ ├── r_m_fortinet_fortinet_utm_Ransomware.md │ │ │ └── r_m_fortinet_fortinet_utm_Workforce_Protection.md │ │ └── ds_fortinet_fortinet_utm.md │ └── Fortinet_VPN │ │ ├── 2_ds_fortinet_fortinet_vpn.md │ │ ├── Ps │ │ ├── pC_fortinet0102043039.md │ │ ├── pC_fortinetauthsuccessful.md │ │ ├── pC_fortinetipsecvpnend.md │ │ ├── pC_fortinetipsecvpnstart.md │ │ ├── pC_fortinetsslfailedvpnlogin.md │ │ ├── pC_fortinetsslvpnend3.md │ │ ├── pC_fortinetsslvpnstart.md │ │ └── pC_fortinetsslvpnstart1.md │ │ ├── RM │ │ ├── r_m_fortinet_fortinet_vpn_Abnormal_Authentication_&_Access.md │ │ ├── r_m_fortinet_fortinet_vpn_Account_Manipulation.md │ │ ├── r_m_fortinet_fortinet_vpn_Brute_Force_Attack.md │ │ ├── r_m_fortinet_fortinet_vpn_Compromised_Credentials.md │ │ ├── r_m_fortinet_fortinet_vpn_Data_Access.md │ │ ├── r_m_fortinet_fortinet_vpn_Data_Exfiltration.md │ │ ├── r_m_fortinet_fortinet_vpn_Data_Leak.md │ │ ├── r_m_fortinet_fortinet_vpn_Lateral_Movement.md │ │ ├── r_m_fortinet_fortinet_vpn_Malware.md │ │ ├── r_m_fortinet_fortinet_vpn_Phishing.md │ │ ├── r_m_fortinet_fortinet_vpn_Physical_Security.md │ │ ├── r_m_fortinet_fortinet_vpn_Privilege_Abuse.md │ │ ├── r_m_fortinet_fortinet_vpn_Privilege_Escalation.md │ │ └── r_m_fortinet_fortinet_vpn_Ransomware.md │ │ └── ds_fortinet_fortinet_vpn.md ├── GTB │ └── GTBInspector │ │ ├── Ps │ │ └── pC_cefgtbdlpalert.md │ │ ├── RM │ │ ├── r_m_gtb_gtbinspector_Data_Exfiltration.md │ │ ├── r_m_gtb_gtbinspector_Data_Leak.md │ │ └── r_m_gtb_gtbinspector_Malware.md │ │ └── ds_gtb_gtbinspector.md ├── Galaxy │ └── Galaxy │ │ ├── Ps │ │ └── pC_galaxyphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_galaxy_galaxy_Abnormal_Authentication_&_Access.md │ │ ├── r_m_galaxy_galaxy_Physical_Security.md │ │ └── r_m_galaxy_galaxy_Privileged_Activity.md │ │ └── ds_galaxy_galaxy.md ├── Gallagher │ └── Access_Control │ │ ├── Ps │ │ ├── pC_gallagherfailedphysicalaccess.md │ │ ├── pC_gallagherphysicalaccess.md │ │ └── pC_gallagherphysicalaccess1.md │ │ ├── RM │ │ ├── r_m_gallagher_access_control_Abnormal_Authentication_&_Access.md │ │ ├── r_m_gallagher_access_control_Physical_Security.md │ │ └── r_m_gallagher_access_control_Privileged_Activity.md │ │ └── ds_gallagher_access_control.md ├── Gamma │ └── Gamma │ │ ├── Ps │ │ └── pC_gammasecurityalert.md │ │ ├── RM │ │ ├── r_m_gamma_gamma_Compromised_Credentials.md │ │ ├── r_m_gamma_gamma_Lateral_Movement.md │ │ ├── r_m_gamma_gamma_Malware.md │ │ └── r_m_gamma_gamma_Privileged_Activity.md │ │ └── ds_gamma_gamma.md ├── Gemalto │ └── Gemalto_MFA │ │ ├── Ps │ │ ├── pC_qgemaltoauthfailed.md │ │ └── pC_qgemaltoauthsuccess.md │ │ ├── RM │ │ ├── r_m_gemalto_gemalto_mfa_Abnormal_Authentication_&_Access.md │ │ ├── r_m_gemalto_gemalto_mfa_Compromised_Credentials.md │ │ ├── r_m_gemalto_gemalto_mfa_Lateral_Movement.md │ │ ├── r_m_gemalto_gemalto_mfa_Malware.md │ │ └── r_m_gemalto_gemalto_mfa_Ransomware.md │ │ └── ds_gemalto_gemalto_mfa.md ├── Generic_Badge_Access │ └── Generic_Badge_Access │ │ ├── Ps │ │ ├── pC_physicalbadgeaccess.md │ │ ├── pC_physicalbadgeaccess1.md │ │ └── pC_sphysicalbadgeaccess8.md │ │ ├── RM │ │ ├── r_m_generic_badge_access_generic_badge_access_Abnormal_Authentication_&_Access.md │ │ ├── r_m_generic_badge_access_generic_badge_access_Physical_Security.md │ │ └── r_m_generic_badge_access_generic_badge_access_Privileged_Activity.md │ │ └── ds_generic_badge_access_generic_badge_access.md ├── GitHub │ └── GitHub │ │ ├── 2_ds_github_github.md │ │ ├── Ps │ │ ├── pC_cefgithubappactivity.md │ │ ├── pC_githubappactivity1.md │ │ ├── pC_githubappactivity10.md │ │ ├── pC_githubappactivity11.md │ │ ├── pC_githubappactivity12.md │ │ ├── pC_githubappactivity13.md │ │ ├── pC_githubappactivity14.md │ │ ├── pC_githubappactivity15.md │ │ ├── pC_githubappactivity16.md │ │ ├── pC_githubappactivity17.md │ │ ├── pC_githubappactivity18.md │ │ ├── pC_githubappactivity19.md │ │ ├── pC_githubappactivity2.md │ │ ├── pC_githubappactivity20.md │ │ ├── pC_githubappactivity21.md │ │ ├── pC_githubappactivity22.md │ │ ├── pC_githubappactivity23.md │ │ ├── pC_githubappactivity24.md │ │ ├── pC_githubappactivity25.md │ │ ├── pC_githubappactivity26.md │ │ ├── pC_githubappactivity27.md │ │ ├── pC_githubappactivity28.md │ │ ├── pC_githubappactivity29.md │ │ ├── pC_githubappactivity3.md │ │ ├── pC_githubappactivity30.md │ │ ├── pC_githubappactivity31.md │ │ ├── pC_githubappactivity32.md │ │ ├── pC_githubappactivity33.md │ │ ├── pC_githubappactivity34.md │ │ ├── pC_githubappactivity35.md │ │ ├── pC_githubappactivity36.md │ │ ├── pC_githubappactivity37.md │ │ ├── pC_githubappactivity38.md │ │ ├── pC_githubappactivity39.md │ │ ├── pC_githubappactivity4.md │ │ ├── pC_githubappactivity5.md │ │ ├── pC_githubappactivity6.md │ │ ├── pC_githubappactivity7.md │ │ ├── pC_githubappactivity8.md │ │ ├── pC_githubappactivity9.md │ │ ├── pC_githubauditfailedlogin.md │ │ ├── pC_githubaudithookactivity.md │ │ ├── pC_githubauditorgactivity.md │ │ ├── pC_githubauditrepoactivity.md │ │ ├── pC_githubauditteamactivity.md │ │ ├── pC_jsongithubappactivity.md │ │ ├── pC_sgithubactivity.md │ │ ├── pC_sgithubaudit.md │ │ └── pC_sgithubunicornactivity.md │ │ ├── RM │ │ ├── r_m_github_github_Abnormal_Authentication_&_Access.md │ │ ├── r_m_github_github_Account_Manipulation.md │ │ ├── r_m_github_github_Compromised_Credentials.md │ │ ├── r_m_github_github_Data_Access.md │ │ ├── r_m_github_github_Data_Leak.md │ │ ├── r_m_github_github_Lateral_Movement.md │ │ ├── r_m_github_github_Malware.md │ │ ├── r_m_github_github_Privilege_Abuse.md │ │ ├── r_m_github_github_Privilege_Escalation.md │ │ ├── r_m_github_github_Privileged_Activity.md │ │ └── r_m_github_github_Ransomware.md │ │ └── ds_github_github.md ├── GoAnywhere │ └── GoAnywhere_MFT │ │ ├── 2_ds_goanywhere_goanywhere_mft.md │ │ ├── Ps │ │ ├── pC_goanywherefailedlogon.md │ │ ├── pC_goanywherefiledelete.md │ │ ├── pC_goanywherefiledelete1.md │ │ ├── pC_goanywherefiledownload.md │ │ ├── pC_goanywherefiledownload1.md │ │ ├── pC_goanywherefileupload.md │ │ ├── pC_goanywherefileupload1.md │ │ ├── pC_goanywhereremotelogon.md │ │ ├── pC_goanywhereremotelogon1.md │ │ ├── pC_goanywhereremotelogon2.md │ │ └── pC_goanywhereremotelogon3.md │ │ ├── RM │ │ ├── r_m_goanywhere_goanywhere_mft_Abnormal_Authentication_&_Access.md │ │ ├── r_m_goanywhere_goanywhere_mft_Brute_Force_Attack.md │ │ ├── r_m_goanywhere_goanywhere_mft_Compromised_Credentials.md │ │ ├── r_m_goanywhere_goanywhere_mft_Data_Access.md │ │ ├── r_m_goanywhere_goanywhere_mft_Destruction_of_Data.md │ │ ├── r_m_goanywhere_goanywhere_mft_Lateral_Movement.md │ │ ├── r_m_goanywhere_goanywhere_mft_Malware.md │ │ ├── r_m_goanywhere_goanywhere_mft_Privilege_Abuse.md │ │ ├── r_m_goanywhere_goanywhere_mft_Privilege_Escalation.md │ │ ├── r_m_goanywhere_goanywhere_mft_Privileged_Activity.md │ │ └── r_m_goanywhere_goanywhere_mft_Ransomware.md │ │ └── ds_goanywhere_goanywhere_mft.md ├── Google │ ├── Cloud_Platform │ │ ├── 2_ds_google_cloud_platform.md │ │ ├── Ps │ │ │ ├── pC_gcpaccountsetiampolicyjson.md │ │ │ ├── pC_gcpcreaterolejson.md │ │ │ ├── pC_gcpcreateserviceaccountjson.md │ │ │ ├── pC_gcpcreateserviceaccountkeyjson.md │ │ │ ├── pC_gcpdiskscreatesnapshotjson.md │ │ │ ├── pC_gcpdisksetiampolicyjson.md │ │ │ ├── pC_gcpdisksinsertjson.md │ │ │ ├── pC_gcpidsnetworkalert.md │ │ │ ├── pC_gcpimagesetiampolicyjson.md │ │ │ ├── pC_gcpimagesinsertjson.md │ │ │ ├── pC_gcpinstancesattachdiskjson.md │ │ │ ├── pC_gcpinstancesetiampolicyjson.md │ │ │ ├── pC_gcpinstancesinsertjson.md │ │ │ ├── pC_gcpinstancessetmachinetypejson.md │ │ │ ├── pC_gcpinstancessetmetadatajson.md │ │ │ ├── pC_gcpobjectsupdatejson.md │ │ │ ├── pC_gcpprojectsetiampolicyjson.md │ │ │ ├── pC_gcpprojectssetinstancemetadatajson.md │ │ │ ├── pC_gcpsnapshotsetiampolicyjson.md │ │ │ ├── pC_gcpstoragesetiampermissionsjson.md │ │ │ ├── pC_gcpupdaterolejson.md │ │ │ ├── pC_gcpvpcnetflowconnection.md │ │ │ ├── pC_googlecloudappactivity.md │ │ │ ├── pC_googlecloudcloudresourcemanageractivity.md │ │ │ ├── pC_googlecloudiamactivity.md │ │ │ ├── pC_googlecloudstorageactivity.md │ │ │ └── pC_googlecloudwebactivity.md │ │ ├── RM │ │ │ ├── r_m_google_cloud_platform_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_google_cloud_platform_Account_Manipulation.md │ │ │ ├── r_m_google_cloud_platform_Cloud_Data_Protection.md │ │ │ ├── r_m_google_cloud_platform_Compromised_Credentials.md │ │ │ ├── r_m_google_cloud_platform_Cryptomining.md │ │ │ ├── r_m_google_cloud_platform_Data_Access.md │ │ │ ├── r_m_google_cloud_platform_Data_Exfiltration.md │ │ │ ├── r_m_google_cloud_platform_Data_Leak.md │ │ │ ├── r_m_google_cloud_platform_Lateral_Movement.md │ │ │ ├── r_m_google_cloud_platform_Malware.md │ │ │ ├── r_m_google_cloud_platform_Phishing.md │ │ │ ├── r_m_google_cloud_platform_Privilege_Abuse.md │ │ │ ├── r_m_google_cloud_platform_Privilege_Escalation.md │ │ │ ├── r_m_google_cloud_platform_Privileged_Activity.md │ │ │ ├── r_m_google_cloud_platform_Ransomware.md │ │ │ └── r_m_google_cloud_platform_Workforce_Protection.md │ │ └── ds_google_cloud_platform.md │ └── Workspace │ │ ├── 2_ds_google_workspace.md │ │ ├── Ps │ │ ├── pC_cefgoogleappactivity1.md │ │ ├── pC_cefgoogleappactivity2.md │ │ ├── pC_cefgoogleappactivity3.md │ │ ├── pC_cefgoogleappactivity4.md │ │ ├── pC_cefgoogleappactivity5.md │ │ ├── pC_cefgoogleappactivity6.md │ │ ├── pC_cefgoogleappactivity7.md │ │ ├── pC_cefgoogleapplogin.md │ │ ├── pC_cefgoogleapplogin1.md │ │ ├── pC_cefgooglefileactivity.md │ │ ├── pC_cefgooglepasswordupdate.md │ │ ├── pC_cefskyformationgmailin.md │ │ ├── pC_cefskyformationgmailout.md │ │ ├── pC_cefskyformationgmailout1.md │ │ ├── pC_ugoogleapplogin.md │ │ ├── pC_ugoogleauthfailed.md │ │ ├── pC_ugoogleauthsuccessful.md │ │ ├── pC_ugooglecalendarappactivity.md │ │ ├── pC_ugoogledrivefileactivity.md │ │ └── pC_ugoogledrivefilepermissionchange.md │ │ ├── RM │ │ ├── r_m_google_workspace_Abnormal_Authentication_&_Access.md │ │ ├── r_m_google_workspace_Account_Manipulation.md │ │ ├── r_m_google_workspace_Compromised_Credentials.md │ │ ├── r_m_google_workspace_Data_Access.md │ │ ├── r_m_google_workspace_Data_Exfiltration.md │ │ ├── r_m_google_workspace_Data_Leak.md │ │ ├── r_m_google_workspace_Destruction_of_Data.md │ │ ├── r_m_google_workspace_Lateral_Movement.md │ │ ├── r_m_google_workspace_Malware.md │ │ ├── r_m_google_workspace_Phishing.md │ │ ├── r_m_google_workspace_Privilege_Abuse.md │ │ ├── r_m_google_workspace_Privilege_Escalation.md │ │ ├── r_m_google_workspace_Privileged_Activity.md │ │ ├── r_m_google_workspace_Ransomware.md │ │ └── r_m_google_workspace_Workforce_Protection.md │ │ └── ds_google_workspace.md ├── HP │ ├── Aruba_ClearPass_Access_Control_and_Policy_Management │ │ ├── 2_ds_hp_aruba_clearpass_access_control_and_policy_management.md │ │ ├── Ps │ │ │ ├── pC_cefarubanaclogon1.md │ │ │ ├── pC_cefarubanaclogon4.md │ │ │ ├── pC_larubafailednaclogon.md │ │ │ ├── pC_larubanaclogon.md │ │ │ ├── pC_leefarubaapplogin.md │ │ │ ├── pC_leefarubanaclogon.md │ │ │ ├── pC_qarubafailednaclogon.md │ │ │ ├── pC_qarubafailednaclogon1.md │ │ │ ├── pC_qarubanaclogon1.md │ │ │ ├── pC_qarubanaclogon2.md │ │ │ ├── pC_qarubanaclogon3.md │ │ │ ├── pC_qarubanaclogon4.md │ │ │ ├── pC_qarubanaclogon5.md │ │ │ ├── pC_qarubanaclogon6.md │ │ │ ├── pC_qarubanaclogon7.md │ │ │ └── pC_sarubaauthenticationfailed.md │ │ ├── RM │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Compromised_Credentials.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Data_Access.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Lateral_Movement.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Malware.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Privilege_Abuse.md │ │ │ ├── r_m_hp_aruba_clearpass_access_control_and_policy_management_Privileged_Activity.md │ │ │ └── r_m_hp_aruba_clearpass_access_control_and_policy_management_Ransomware.md │ │ └── ds_hp_aruba_clearpass_access_control_and_policy_management.md │ ├── Aruba_Mobility_Master │ │ ├── Ps │ │ │ ├── pC_arubalocallogon1.md │ │ │ ├── pC_arubanacfailed1.md │ │ │ ├── pC_arubanaclogon1.md │ │ │ ├── pC_arubanaclogon2.md │ │ │ └── pC_arubaremotelogon1.md │ │ ├── RM │ │ │ ├── r_m_hp_aruba_mobility_master_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hp_aruba_mobility_master_Compromised_Credentials.md │ │ │ ├── r_m_hp_aruba_mobility_master_Lateral_Movement.md │ │ │ ├── r_m_hp_aruba_mobility_master_Malware.md │ │ │ ├── r_m_hp_aruba_mobility_master_Privilege_Abuse.md │ │ │ ├── r_m_hp_aruba_mobility_master_Privilege_Escalation.md │ │ │ ├── r_m_hp_aruba_mobility_master_Privileged_Activity.md │ │ │ └── r_m_hp_aruba_mobility_master_Ransomware.md │ │ └── ds_hp_aruba_mobility_master.md │ ├── Aruba_Wireless_controller │ │ ├── 2_ds_hp_aruba_wireless_controller.md │ │ ├── Ps │ │ │ ├── pC_arubacontrollerfailednaclogon.md │ │ │ ├── pC_arubanaclogon.md │ │ │ ├── pC_cefarubamobile.md │ │ │ ├── pC_cefarubanacfailedlogon.md │ │ │ ├── pC_cefarubanaclogon.md │ │ │ ├── pC_cefarubanaclogon2.md │ │ │ ├── pC_cefarubanaclogon3.md │ │ │ ├── pC_cefradiusauthentication.md │ │ │ ├── pC_cefradiusauthenticationfailed.md │ │ │ ├── pC_ceftacacsauthentication.md │ │ │ ├── pC_ceftacacsauthenticationfailed.md │ │ │ ├── pC_hparubaauthenticationsuccessful.md │ │ │ ├── pC_hparubaauthenticationsuccessful1.md │ │ │ └── pC_sarubanaclogon.md │ │ ├── RM │ │ │ ├── r_m_hp_aruba_wireless_controller_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hp_aruba_wireless_controller_Compromised_Credentials.md │ │ │ ├── r_m_hp_aruba_wireless_controller_Lateral_Movement.md │ │ │ ├── r_m_hp_aruba_wireless_controller_Malware.md │ │ │ └── r_m_hp_aruba_wireless_controller_Ransomware.md │ │ └── ds_hp_aruba_wireless_controller.md │ ├── HP_Comware │ │ ├── Ps │ │ │ └── pC_hpndclprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_hp_hp_comware_Account_Manipulation.md │ │ │ ├── r_m_hp_hp_comware_Audit_Tampering.md │ │ │ ├── r_m_hp_hp_comware_Compromised_Credentials.md │ │ │ ├── r_m_hp_hp_comware_Cryptomining.md │ │ │ ├── r_m_hp_hp_comware_Data_Access.md │ │ │ ├── r_m_hp_hp_comware_Data_Exfiltration.md │ │ │ ├── r_m_hp_hp_comware_Evasion.md │ │ │ ├── r_m_hp_hp_comware_Lateral_Movement.md │ │ │ ├── r_m_hp_hp_comware_Malware.md │ │ │ ├── r_m_hp_hp_comware_Phishing.md │ │ │ ├── r_m_hp_hp_comware_Privilege_Abuse.md │ │ │ ├── r_m_hp_hp_comware_Privilege_Escalation.md │ │ │ ├── r_m_hp_hp_comware_Privileged_Activity.md │ │ │ └── r_m_hp_hp_comware_Ransomware.md │ │ └── ds_hp_hp_comware.md │ ├── HP_LaserJet_Printer │ │ ├── Ps │ │ │ └── pC_gmprintactivity.md │ │ ├── RM │ │ │ ├── r_m_hp_hp_laserjet_printer_Abnormal_Authentication_&_Access.md │ │ │ └── r_m_hp_hp_laserjet_printer_Data_Leak.md │ │ └── ds_hp_hp_laserjet_printer.md │ ├── HP_SafeCom │ │ ├── Ps │ │ │ ├── pC_hpprintactivity.md │ │ │ └── pC_safecomprintactivity.md │ │ ├── RM │ │ │ ├── r_m_hp_hp_safecom_Abnormal_Authentication_&_Access.md │ │ │ └── r_m_hp_hp_safecom_Data_Leak.md │ │ └── ds_hp_hp_safecom.md │ ├── HP_Virtual_Connect_Enterprise_Manager │ │ ├── Ps │ │ │ └── pC_hpvirtualconnectlogin.md │ │ ├── RM │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Compromised_Credentials.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Data_Access.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Lateral_Movement.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Malware.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Privilege_Abuse.md │ │ │ ├── r_m_hp_hp_virtual_connect_enterprise_manager_Privileged_Activity.md │ │ │ └── r_m_hp_hp_virtual_connect_enterprise_manager_Ransomware.md │ │ └── ds_hp_hp_virtual_connect_enterprise_manager.md │ ├── HP_iLO │ │ ├── Ps │ │ │ ├── pC_hpiloapplogin1.md │ │ │ └── pC_hpiloapplogin2.md │ │ ├── RM │ │ │ ├── r_m_hp_hp_ilo_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hp_hp_ilo_Compromised_Credentials.md │ │ │ ├── r_m_hp_hp_ilo_Data_Access.md │ │ │ ├── r_m_hp_hp_ilo_Lateral_Movement.md │ │ │ ├── r_m_hp_hp_ilo_Malware.md │ │ │ ├── r_m_hp_hp_ilo_Privilege_Abuse.md │ │ │ ├── r_m_hp_hp_ilo_Privileged_Activity.md │ │ │ └── r_m_hp_hp_ilo_Ransomware.md │ │ └── ds_hp_hp_ilo.md │ └── Print_Server │ │ ├── Ps │ │ ├── pC_cefhpprintactivity.md │ │ └── pC_shpprintactivity.md │ │ ├── RM │ │ ├── r_m_hp_print_server_Abnormal_Authentication_&_Access.md │ │ └── r_m_hp_print_server_Data_Leak.md │ │ └── ds_hp_print_server.md ├── HashiCorp │ ├── HashiCorp_Vault │ │ ├── Ps │ │ │ ├── pC_hashicorpapplogin1.md │ │ │ ├── pC_hashicorpapplogin2.md │ │ │ └── pC_hashicorppasswordreset.md │ │ ├── RM │ │ │ ├── r_m_hashicorp_hashicorp_vault_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Account_Manipulation.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Compromised_Credentials.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Data_Access.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Lateral_Movement.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Malware.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Privilege_Abuse.md │ │ │ ├── r_m_hashicorp_hashicorp_vault_Privileged_Activity.md │ │ │ └── r_m_hashicorp_hashicorp_vault_Ransomware.md │ │ └── ds_hashicorp_hashicorp_vault.md │ └── Terraform │ │ ├── Ps │ │ └── pC_tfcswebactivity.md │ │ ├── RM │ │ ├── r_m_hashicorp_terraform_Abnormal_Authentication_&_Access.md │ │ ├── r_m_hashicorp_terraform_Compromised_Credentials.md │ │ ├── r_m_hashicorp_terraform_Cryptomining.md │ │ ├── r_m_hashicorp_terraform_Data_Exfiltration.md │ │ ├── r_m_hashicorp_terraform_Data_Leak.md │ │ ├── r_m_hashicorp_terraform_Lateral_Movement.md │ │ ├── r_m_hashicorp_terraform_Malware.md │ │ ├── r_m_hashicorp_terraform_Phishing.md │ │ ├── r_m_hashicorp_terraform_Privilege_Abuse.md │ │ ├── r_m_hashicorp_terraform_Privileged_Activity.md │ │ ├── r_m_hashicorp_terraform_Ransomware.md │ │ └── r_m_hashicorp_terraform_Workforce_Protection.md │ │ └── ds_hashicorp_terraform.md ├── HelpSystems │ └── Powertech_Identity_Access_Manager_(BoKs) │ │ ├── 2_ds_helpsystems_powertech_identity_access_manager_(boks).md │ │ ├── Ps │ │ ├── pC_foxtfiledownload.md │ │ ├── pC_foxtfileremove.md │ │ ├── pC_foxtfileupload.md │ │ ├── pC_foxtlocallogon.md │ │ ├── pC_foxtsshlogin.md │ │ ├── pC_foxtsshruncmdprocesscreated.md │ │ ├── pC_foxtsuexecprocesscreated.md │ │ └── pC_foxtunixsu.md │ │ ├── RM │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Abnormal_Authentication_&_Access.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Account_Manipulation.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Audit_Tampering.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Compromised_Credentials.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Cryptomining.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Data_Access.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Data_Exfiltration.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Data_Leak.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Destruction_of_Data.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Evasion.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Lateral_Movement.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Malware.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Phishing.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Privilege_Abuse.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Privilege_Escalation.md │ │ ├── r_m_helpsystems_powertech_identity_access_manager_(boks)_Privileged_Activity.md │ │ └── r_m_helpsystems_powertech_identity_access_manager_(boks)_Ransomware.md │ │ └── ds_helpsystems_powertech_identity_access_manager_(boks).md ├── Honeywell │ ├── Honeywell_Pro-Watch │ │ ├── 2_ds_honeywell_honeywell_pro-watch.md │ │ ├── Ps │ │ │ ├── pC_cefprowatchbadgeaccess.md │ │ │ ├── pC_honeywellphysicalbadgeaccess.md │ │ │ ├── pC_prowatchbadgeaccess.md │ │ │ ├── pC_prowatchbadgeaccess1.md │ │ │ ├── pC_prowatchbadgeaccess3.md │ │ │ ├── pC_qprowatchbadgeaccess.md │ │ │ ├── pC_shoneywellphysicalbadgeaccess.md │ │ │ ├── pC_sprowatchbadgeaccess.md │ │ │ ├── pC_sprowatchbadgeaccess2.md │ │ │ └── pC_sprowatchbadgeaccess3.md │ │ ├── RM │ │ │ ├── r_m_honeywell_honeywell_pro-watch_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_honeywell_honeywell_pro-watch_Physical_Security.md │ │ │ └── r_m_honeywell_honeywell_pro-watch_Privileged_Activity.md │ │ └── ds_honeywell_honeywell_pro-watch.md │ ├── Honeywell_WIN-PAK │ │ ├── Ps │ │ │ └── pC_qwinpakbadgeaccess.md │ │ ├── RM │ │ │ ├── r_m_honeywell_honeywell_win-pak_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_honeywell_honeywell_win-pak_Physical_Security.md │ │ │ └── r_m_honeywell_honeywell_win-pak_Privileged_Activity.md │ │ └── ds_honeywell_honeywell_win-pak.md │ └── honeywell_siama │ │ ├── Ps │ │ └── pC_cefhoneywellphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_honeywell_honeywell_siama_Abnormal_Authentication_&_Access.md │ │ ├── r_m_honeywell_honeywell_siama_Physical_Security.md │ │ └── r_m_honeywell_honeywell_siama_Privileged_Activity.md │ │ └── ds_honeywell_honeywell_siama.md ├── Hornet │ └── Hornet_Email │ │ ├── 2_ds_hornet_hornet_email.md │ │ ├── Ps │ │ ├── pC_hornetdlpemail.md │ │ ├── pC_hornetdlpemailalert.md │ │ └── pC_hornetemailsecurityalert.md │ │ ├── RM │ │ ├── r_m_hornet_hornet_email_Compromised_Credentials.md │ │ ├── r_m_hornet_hornet_email_Data_Leak.md │ │ ├── r_m_hornet_hornet_email_Lateral_Movement.md │ │ ├── r_m_hornet_hornet_email_Malware.md │ │ ├── r_m_hornet_hornet_email_Phishing.md │ │ ├── r_m_hornet_hornet_email_Privilege_Abuse.md │ │ ├── r_m_hornet_hornet_email_Privileged_Activity.md │ │ └── r_m_hornet_hornet_email_Workforce_Protection.md │ │ └── ds_hornet_hornet_email.md ├── Huawei │ ├── Enterprise_Network_Firewall │ │ ├── Ps │ │ │ └── pC_huaweifirewall.md │ │ ├── RM │ │ │ ├── r_m_huawei_enterprise_network_firewall_Lateral_Movement.md │ │ │ └── r_m_huawei_enterprise_network_firewall_Malware.md │ │ └── ds_huawei_enterprise_network_firewall.md │ └── Unified_Security_Gateway │ │ ├── Ps │ │ ├── pC_huaweiauthsuccess.md │ │ ├── pC_huaweiids.md │ │ ├── pC_huaweinetworkalert.md │ │ ├── pC_huaweiprocesscreated.md │ │ ├── pC_huaweivpnlogin.md │ │ └── pC_huaweivpnlogin1.md │ │ ├── RM │ │ ├── r_m_huawei_unified_security_gateway_Abnormal_Authentication_&_Access.md │ │ ├── r_m_huawei_unified_security_gateway_Account_Manipulation.md │ │ ├── r_m_huawei_unified_security_gateway_Audit_Tampering.md │ │ ├── r_m_huawei_unified_security_gateway_Compromised_Credentials.md │ │ ├── r_m_huawei_unified_security_gateway_Cryptomining.md │ │ ├── r_m_huawei_unified_security_gateway_Data_Access.md │ │ ├── r_m_huawei_unified_security_gateway_Data_Exfiltration.md │ │ ├── r_m_huawei_unified_security_gateway_Evasion.md │ │ ├── r_m_huawei_unified_security_gateway_Lateral_Movement.md │ │ ├── r_m_huawei_unified_security_gateway_Malware.md │ │ ├── r_m_huawei_unified_security_gateway_Phishing.md │ │ ├── r_m_huawei_unified_security_gateway_Physical_Security.md │ │ ├── r_m_huawei_unified_security_gateway_Privilege_Abuse.md │ │ ├── r_m_huawei_unified_security_gateway_Privilege_Escalation.md │ │ ├── r_m_huawei_unified_security_gateway_Privileged_Activity.md │ │ └── r_m_huawei_unified_security_gateway_Ransomware.md │ │ └── ds_huawei_unified_security_gateway.md ├── IBM │ ├── Guardium │ │ ├── Ps │ │ │ └── pC_sguardiumdbaccess.md │ │ ├── RM │ │ │ └── r_m_ibm_guardium_Enrichment.md │ │ └── ds_ibm_guardium.md │ ├── IBM │ │ ├── Ps │ │ │ └── pC_ibmauthsuccessful.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_Malware.md │ │ │ └── r_m_ibm_ibm_Ransomware.md │ │ └── ds_ibm_ibm.md │ ├── IBM_DB2 │ │ ├── Ps │ │ │ ├── pC_cefdb2authfailed.md │ │ │ ├── pC_cefdb2fileread.md │ │ │ ├── pC_cefdb2remotelogon.md │ │ │ ├── pC_cefdb2securityalert.md │ │ │ └── pC_cefdb2securityalert2.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_db2_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_db2_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_db2_Data_Access.md │ │ │ ├── r_m_ibm_ibm_db2_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_db2_Malware.md │ │ │ ├── r_m_ibm_ibm_db2_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_db2_Privilege_Escalation.md │ │ │ ├── r_m_ibm_ibm_db2_Privileged_Activity.md │ │ │ └── r_m_ibm_ibm_db2_Ransomware.md │ │ └── ds_ibm_ibm_db2.md │ ├── IBM_Endpoint_Manager │ │ ├── Ps │ │ │ └── pC_strusteereppalert.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_endpoint_manager_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_endpoint_manager_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_endpoint_manager_Malware.md │ │ │ └── r_m_ibm_ibm_endpoint_manager_Privileged_Activity.md │ │ └── ds_ibm_ibm_endpoint_manager.md │ ├── IBM_Lotus_Notes │ │ ├── Ps │ │ │ ├── pC_ibmlotusdatabaseupdate.md │ │ │ └── pC_ibmlotusnetworkconnection.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_lotus_notes_Lateral_Movement.md │ │ │ └── r_m_ibm_ibm_lotus_notes_Malware.md │ │ └── ds_ibm_ibm_lotus_notes.md │ ├── IBM_Mainframe │ │ ├── Ps │ │ │ ├── pC_ibmmainframeaccountdisabled.md │ │ │ ├── pC_ibmmainframeapplogin.md │ │ │ ├── pC_ibmmainframefailedapplogin2.md │ │ │ ├── pC_ibmmainframefailedapplogin3.md │ │ │ └── pC_ibmmainframefailedapplogin4.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_mainframe_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_mainframe_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_mainframe_Data_Access.md │ │ │ ├── r_m_ibm_ibm_mainframe_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_mainframe_Malware.md │ │ │ ├── r_m_ibm_ibm_mainframe_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_mainframe_Privileged_Activity.md │ │ │ └── r_m_ibm_ibm_mainframe_Ransomware.md │ │ └── ds_ibm_ibm_mainframe.md │ ├── IBM_Racf │ │ ├── Ps │ │ │ ├── pC_cefibmracfappactivity.md │ │ │ ├── pC_racfdbaccess.md │ │ │ ├── pC_racfdbaccess1.md │ │ │ ├── pC_racfdbaccess2.md │ │ │ ├── pC_racfdbaccess3.md │ │ │ ├── pC_racfdbaccess4.md │ │ │ └── pC_racfdbfailedlogin.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_racf_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_racf_Account_Manipulation.md │ │ │ ├── r_m_ibm_ibm_racf_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_racf_Data_Access.md │ │ │ ├── r_m_ibm_ibm_racf_Data_Leak.md │ │ │ ├── r_m_ibm_ibm_racf_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_racf_Malware.md │ │ │ ├── r_m_ibm_ibm_racf_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_racf_Privilege_Escalation.md │ │ │ ├── r_m_ibm_ibm_racf_Privileged_Activity.md │ │ │ └── r_m_ibm_ibm_racf_Ransomware.md │ │ └── ds_ibm_ibm_racf.md │ ├── IBM_Sametime │ │ ├── Ps │ │ │ ├── pC_ibmapplogin.md │ │ │ └── pC_ibmfailedapplogin.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_sametime_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_sametime_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_sametime_Data_Access.md │ │ │ ├── r_m_ibm_ibm_sametime_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_sametime_Malware.md │ │ │ ├── r_m_ibm_ibm_sametime_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_sametime_Privileged_Activity.md │ │ │ └── r_m_ibm_ibm_sametime_Ransomware.md │ │ └── ds_ibm_ibm_sametime.md │ ├── IBM_Security_Access_Manager │ │ ├── Ps │ │ │ └── pC_ibmwebactivity.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_security_access_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Cryptomining.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Data_Exfiltration.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Data_Leak.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Malware.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Phishing.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Privileged_Activity.md │ │ │ ├── r_m_ibm_ibm_security_access_manager_Ransomware.md │ │ │ └── r_m_ibm_ibm_security_access_manager_Workforce_Protection.md │ │ └── ds_ibm_ibm_security_access_manager.md │ ├── IBM_Sense │ │ ├── Ps │ │ │ ├── pC_cefibmsense.md │ │ │ └── pC_leefibmsensealert.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_sense_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_sense_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_sense_Malware.md │ │ │ └── r_m_ibm_ibm_sense_Privileged_Activity.md │ │ └── ds_ibm_ibm_sense.md │ ├── IBM_Sterling_B2B_Integrator │ │ ├── Ps │ │ │ ├── pC_sterlingappactivity.md │ │ │ ├── pC_sterlingfailedlogon1.md │ │ │ ├── pC_sterlingfailedlogon2.md │ │ │ ├── pC_sterlingmemberadded.md │ │ │ ├── pC_sterlingmemberremoved.md │ │ │ └── pC_sterlingremotelogon.md │ │ ├── RM │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Account_Manipulation.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Brute_Force_Attack.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Compromised_Credentials.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Data_Access.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Data_Leak.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Lateral_Movement.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Malware.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Privilege_Abuse.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Privilege_Escalation.md │ │ │ ├── r_m_ibm_ibm_sterling_b2b_integrator_Privileged_Activity.md │ │ │ └── r_m_ibm_ibm_sterling_b2b_integrator_Ransomware.md │ │ └── ds_ibm_ibm_sterling_b2b_integrator.md │ ├── Infosphere_Guardium │ │ ├── Ps │ │ │ ├── pC_cefguardiumdatabasealert.md │ │ │ ├── pC_cefguardiumdbalert.md │ │ │ ├── pC_cefguardiumdbalert1.md │ │ │ ├── pC_cefguardiumdbquery.md │ │ │ ├── pC_cefsyslogguardiumdbalert.md │ │ │ ├── pC_cefsyslogguardiumdbalert1.md │ │ │ ├── pC_cefsyslogguardiumdbquery.md │ │ │ ├── pC_guardiumdbquery.md │ │ │ ├── pC_leefguardiumdbfailedlogin.md │ │ │ ├── pC_leefguardiumdbquery.md │ │ │ ├── pC_leefguardiumdbquery1.md │ │ │ ├── pC_sdbfailedlogin.md │ │ │ ├── pC_sdblogin.md │ │ │ ├── pC_sguardiumdbalert.md │ │ │ └── pC_sguardiumdbalert1.md │ │ ├── RM │ │ │ ├── r_m_ibm_infosphere_guardium_Compromised_Credentials.md │ │ │ ├── r_m_ibm_infosphere_guardium_Data_Access.md │ │ │ ├── r_m_ibm_infosphere_guardium_Data_Exfiltration.md │ │ │ └── r_m_ibm_infosphere_guardium_Malware.md │ │ └── ds_ibm_infosphere_guardium.md │ ├── Lotus_Mobile_Connect │ │ ├── Ps │ │ │ ├── pC_cefibmauthfailed.md │ │ │ ├── pC_cefibmauthsuccessful.md │ │ │ └── pC_lmcvpnlogin.md │ │ ├── RM │ │ │ ├── r_m_ibm_lotus_mobile_connect_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ibm_lotus_mobile_connect_Compromised_Credentials.md │ │ │ ├── r_m_ibm_lotus_mobile_connect_Lateral_Movement.md │ │ │ ├── r_m_ibm_lotus_mobile_connect_Malware.md │ │ │ ├── r_m_ibm_lotus_mobile_connect_Physical_Security.md │ │ │ ├── r_m_ibm_lotus_mobile_connect_Privilege_Abuse.md │ │ │ └── r_m_ibm_lotus_mobile_connect_Ransomware.md │ │ └── ds_ibm_lotus_mobile_connect.md │ ├── Proventia_Network_IPS │ │ ├── Ps │ │ │ └── pC_qibmnetworkalert.md │ │ ├── RM │ │ │ ├── r_m_ibm_proventia_network_ips_Compromised_Credentials.md │ │ │ └── r_m_ibm_proventia_network_ips_Malware.md │ │ └── ds_ibm_proventia_network_ips.md │ └── QRadar_Network_Security │ │ ├── Ps │ │ └── pC_qxgsnetworkalert.md │ │ ├── RM │ │ ├── r_m_ibm_qradar_network_security_Compromised_Credentials.md │ │ └── r_m_ibm_qradar_network_security_Malware.md │ │ └── ds_ibm_qradar_network_security.md ├── ICDB │ └── ICDB │ │ ├── Ps │ │ └── pC_ceficdbappactivity.md │ │ ├── RM │ │ ├── r_m_icdb_icdb_Abnormal_Authentication_&_Access.md │ │ ├── r_m_icdb_icdb_Account_Manipulation.md │ │ ├── r_m_icdb_icdb_Compromised_Credentials.md │ │ ├── r_m_icdb_icdb_Data_Access.md │ │ ├── r_m_icdb_icdb_Data_Leak.md │ │ ├── r_m_icdb_icdb_Lateral_Movement.md │ │ ├── r_m_icdb_icdb_Malware.md │ │ ├── r_m_icdb_icdb_Privilege_Abuse.md │ │ ├── r_m_icdb_icdb_Privilege_Escalation.md │ │ ├── r_m_icdb_icdb_Privileged_Activity.md │ │ └── r_m_icdb_icdb_Ransomware.md │ │ └── ds_icdb_icdb.md ├── ICPAM │ └── ICPAM │ │ ├── Ps │ │ └── pC_sicpambadgeaccess.md │ │ ├── RM │ │ ├── r_m_icpam_icpam_Abnormal_Authentication_&_Access.md │ │ ├── r_m_icpam_icpam_Physical_Security.md │ │ └── r_m_icpam_icpam_Privileged_Activity.md │ │ └── ds_icpam_icpam.md ├── IMSS │ └── IMSS │ │ ├── Ps │ │ ├── pC_imssdlpalert.md │ │ ├── pC_imssdlpalert1.md │ │ ├── pC_imsssecurityalert.md │ │ ├── pC_imsssecurityalert1.md │ │ ├── pC_imsssecurityalert2.md │ │ └── pC_imsssecurityalert3.md │ │ ├── RM │ │ ├── r_m_imss_imss_Compromised_Credentials.md │ │ ├── r_m_imss_imss_Data_Exfiltration.md │ │ ├── r_m_imss_imss_Data_Leak.md │ │ ├── r_m_imss_imss_Lateral_Movement.md │ │ ├── r_m_imss_imss_Malware.md │ │ └── r_m_imss_imss_Privileged_Activity.md │ │ └── ds_imss_imss.md ├── IMSVA │ └── IMSVA │ │ ├── Ps │ │ ├── pC_imsvadlpemailin.md │ │ ├── pC_imsvadlpemailinfailed.md │ │ └── pC_imsvadlpemailout.md │ │ ├── RM │ │ ├── r_m_imsva_imsva_Data_Leak.md │ │ ├── r_m_imsva_imsva_Malware.md │ │ ├── r_m_imsva_imsva_Phishing.md │ │ ├── r_m_imsva_imsva_Privilege_Abuse.md │ │ ├── r_m_imsva_imsva_Privileged_Activity.md │ │ └── r_m_imsva_imsva_Workforce_Protection.md │ │ └── ds_imsva_imsva.md ├── IPTables │ └── IPTables │ │ ├── Ps │ │ ├── pC_iptablesnetworkconnectionfailed.md │ │ └── pC_iptablesnetworkconnectionsuccessful.md │ │ ├── RM │ │ ├── r_m_iptables_iptables_Lateral_Movement.md │ │ └── r_m_iptables_iptables_Malware.md │ │ └── ds_iptables_iptables.md ├── IXIA │ └── IXIA_ThreatArmor │ │ ├── Ps │ │ └── pC_cefixianetworkconnection.md │ │ ├── RM │ │ ├── r_m_ixia_ixia_threatarmor_Lateral_Movement.md │ │ └── r_m_ixia_ixia_threatarmor_Malware.md │ │ └── ds_ixia_ixia_threatarmor.md ├── Illumio │ └── Illumio │ │ ├── Ps │ │ ├── pC_illumionetworkconnection.md │ │ └── pC_illumionetworkconnection1.md │ │ ├── RM │ │ ├── r_m_illumio_illumio_Lateral_Movement.md │ │ └── r_m_illumio_illumio_Malware.md │ │ └── ds_illumio_illumio.md ├── Imperva │ ├── Attack_Analytics │ │ ├── Ps │ │ │ └── pC_impervaattackanalyticsnetworkalert.md │ │ ├── RM │ │ │ ├── r_m_imperva_attack_analytics_Compromised_Credentials.md │ │ │ └── r_m_imperva_attack_analytics_Malware.md │ │ └── ds_imperva_attack_analytics.md │ ├── CounterBreach │ │ ├── Ps │ │ │ └── pC_cefcounterbreachdbalert.md │ │ ├── RM │ │ │ ├── r_m_imperva_counterbreach_Compromised_Credentials.md │ │ │ ├── r_m_imperva_counterbreach_Data_Access.md │ │ │ ├── r_m_imperva_counterbreach_Data_Exfiltration.md │ │ │ └── r_m_imperva_counterbreach_Malware.md │ │ └── ds_imperva_counterbreach.md │ ├── Imperva_File_Activity_Monitoring_(FAM) │ │ ├── Ps │ │ │ └── pC_cefsecurespherefileoperations.md │ │ ├── RM │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Compromised_Credentials.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Data_Access.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Data_Exfiltration.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Data_Leak.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Destruction_of_Data.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Malware.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Privilege_Abuse.md │ │ │ ├── r_m_imperva_imperva_file_activity_monitoring_(fam)_Privileged_Activity.md │ │ │ └── r_m_imperva_imperva_file_activity_monitoring_(fam)_Ransomware.md │ │ └── ds_imperva_imperva_file_activity_monitoring_(fam).md │ ├── Imperva_SecureSphere │ │ ├── 2_ds_imperva_imperva_securesphere.md │ │ ├── Ps │ │ │ ├── pC_cefsecuresphereapplogin.md │ │ │ ├── pC_cefsecuresphereapploginfailed.md │ │ │ ├── pC_cefsecurespheredatabaseoperations.md │ │ │ ├── pC_cefsecurespheredbalert.md │ │ │ ├── pC_cefsecurespheredbalert1.md │ │ │ ├── pC_cefsecurespheredbfailedlogin.md │ │ │ ├── pC_cefsecurespheredblogin.md │ │ │ ├── pC_cefsecurespheredbquery.md │ │ │ ├── pC_cefsecurespheredbquery1.md │ │ │ ├── pC_cefsecurespheredbquery2.md │ │ │ ├── pC_cefsyslogsecurespheredbalert.md │ │ │ ├── pC_cefsyslogsecurespheredblogin.md │ │ │ ├── pC_cefsyslogsecurespheredbquery.md │ │ │ ├── pC_leefsecurespheredbalert.md │ │ │ ├── pC_leefsecurespheredbalert1.md │ │ │ ├── pC_qleefsecurespheredblogin.md │ │ │ ├── pC_qleefsecurespheredbquery.md │ │ │ ├── pC_securespherealert.md │ │ │ ├── pC_securespherealert1.md │ │ │ ├── pC_securespheredbalert.md │ │ │ ├── pC_securespheredbalert2.md │ │ │ ├── pC_securespheredbcuseqsv.md │ │ │ ├── pC_securespheredbfailedlogin.md │ │ │ ├── pC_securespheredbfailedlogin1.md │ │ │ ├── pC_securespheredbfailedlogin2.md │ │ │ ├── pC_securespheredbfailedlogin3.md │ │ │ ├── pC_securespheredbjson.md │ │ │ ├── pC_securespheredblogin.md │ │ │ ├── pC_securespheredblogin2.md │ │ │ ├── pC_securespheredbquery.md │ │ │ ├── pC_securespheredbquery2.md │ │ │ ├── pC_ssecurespheredbalert.md │ │ │ ├── pC_ssecurespheredblogin.md │ │ │ ├── pC_ssecurespheredblogin1.md │ │ │ └── pC_ssecurespheredbquery.md │ │ ├── RM │ │ │ ├── r_m_imperva_imperva_securesphere_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_imperva_imperva_securesphere_Compromised_Credentials.md │ │ │ ├── r_m_imperva_imperva_securesphere_Data_Access.md │ │ │ ├── r_m_imperva_imperva_securesphere_Data_Exfiltration.md │ │ │ ├── r_m_imperva_imperva_securesphere_Lateral_Movement.md │ │ │ ├── r_m_imperva_imperva_securesphere_Malware.md │ │ │ ├── r_m_imperva_imperva_securesphere_Privilege_Abuse.md │ │ │ ├── r_m_imperva_imperva_securesphere_Privileged_Activity.md │ │ │ └── r_m_imperva_imperva_securesphere_Ransomware.md │ │ └── ds_imperva_imperva_securesphere.md │ └── Incapsula │ │ ├── Ps │ │ ├── pC_cefincapsulawebactivity.md │ │ ├── pC_cefincapsulawebactivity2.md │ │ └── pC_leefincapsulawebactivity.md │ │ ├── RM │ │ ├── r_m_imperva_incapsula_Abnormal_Authentication_&_Access.md │ │ ├── r_m_imperva_incapsula_Compromised_Credentials.md │ │ ├── r_m_imperva_incapsula_Cryptomining.md │ │ ├── r_m_imperva_incapsula_Data_Exfiltration.md │ │ ├── r_m_imperva_incapsula_Data_Leak.md │ │ ├── r_m_imperva_incapsula_Lateral_Movement.md │ │ ├── r_m_imperva_incapsula_Malware.md │ │ ├── r_m_imperva_incapsula_Phishing.md │ │ ├── r_m_imperva_incapsula_Privilege_Abuse.md │ │ ├── r_m_imperva_incapsula_Privileged_Activity.md │ │ ├── r_m_imperva_incapsula_Ransomware.md │ │ └── r_m_imperva_incapsula_Workforce_Protection.md │ │ └── ds_imperva_incapsula.md ├── Imprivata │ └── Imprivata │ │ ├── 2_ds_imprivata_imprivata.md │ │ ├── Ps │ │ ├── pC_imprivataappactivity1.md │ │ ├── pC_imprivataappactivity2.md │ │ ├── pC_imprivataappactivity3.md │ │ ├── pC_imprivataappactivity4.md │ │ ├── pC_imprivataappactivity5.md │ │ ├── pC_imprivataapplogin.md │ │ └── pC_imprivatafailedapplogin.md │ │ ├── RM │ │ ├── r_m_imprivata_imprivata_Abnormal_Authentication_&_Access.md │ │ ├── r_m_imprivata_imprivata_Account_Manipulation.md │ │ ├── r_m_imprivata_imprivata_Compromised_Credentials.md │ │ ├── r_m_imprivata_imprivata_Data_Access.md │ │ ├── r_m_imprivata_imprivata_Data_Leak.md │ │ ├── r_m_imprivata_imprivata_Lateral_Movement.md │ │ ├── r_m_imprivata_imprivata_Malware.md │ │ ├── r_m_imprivata_imprivata_Privilege_Abuse.md │ │ ├── r_m_imprivata_imprivata_Privilege_Escalation.md │ │ ├── r_m_imprivata_imprivata_Privileged_Activity.md │ │ └── r_m_imprivata_imprivata_Ransomware.md │ │ └── ds_imprivata_imprivata.md ├── InfoWatch │ └── InfoWatch │ │ ├── 2_ds_infowatch_infowatch.md │ │ ├── Ps │ │ ├── pC_cefinfowatchapplogin.md │ │ ├── pC_cefinfowatchemailalert.md │ │ ├── pC_cefinfowatchprintactivity.md │ │ ├── pC_cefinfowatchusbwrite.md │ │ ├── pC_cefinfowatchwebactivity.md │ │ └── pC_cefinfowatchwebactivity1.md │ │ ├── RM │ │ ├── r_m_infowatch_infowatch_Abnormal_Authentication_&_Access.md │ │ ├── r_m_infowatch_infowatch_Compromised_Credentials.md │ │ ├── r_m_infowatch_infowatch_Cryptomining.md │ │ ├── r_m_infowatch_infowatch_Data_Access.md │ │ ├── r_m_infowatch_infowatch_Data_Exfiltration.md │ │ ├── r_m_infowatch_infowatch_Data_Leak.md │ │ ├── r_m_infowatch_infowatch_Lateral_Movement.md │ │ ├── r_m_infowatch_infowatch_Malware.md │ │ ├── r_m_infowatch_infowatch_Phishing.md │ │ ├── r_m_infowatch_infowatch_Privilege_Abuse.md │ │ ├── r_m_infowatch_infowatch_Privileged_Activity.md │ │ ├── r_m_infowatch_infowatch_Ransomware.md │ │ └── r_m_infowatch_infowatch_Workforce_Protection.md │ │ └── ds_infowatch_infowatch.md ├── Infoblox │ ├── BloxOne │ │ ├── 2_ds_infoblox_bloxone.md │ │ ├── Ps │ │ │ ├── pC_cefinfobloxnetworkalert.md │ │ │ ├── pC_cefinfobloxnetworkconnection.md │ │ │ ├── pC_cefmcafeednsquery.md │ │ │ ├── pC_infobloxdnsquery1.md │ │ │ ├── pC_infobloxdnsresponse.md │ │ │ ├── pC_infobloxremotelogon.md │ │ │ ├── pC_nameddnsquery.md │ │ │ ├── pC_nforwardedcefinfobloxdhcp.md │ │ │ ├── pC_sinfobloxdhcp1.md │ │ │ ├── pC_sinfobloxdhcp2.md │ │ │ ├── pC_sinfobloxdhcp3.md │ │ │ ├── pC_sinfobloxdhcp4.md │ │ │ ├── pC_sinfobloxonedhcpfilewrite.md │ │ │ └── pC_sinfobloxonedhcpvpnconnection.md │ │ ├── RM │ │ │ ├── r_m_infoblox_bloxone_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_infoblox_bloxone_Compromised_Credentials.md │ │ │ ├── r_m_infoblox_bloxone_Data_Access.md │ │ │ ├── r_m_infoblox_bloxone_Data_Exfiltration.md │ │ │ ├── r_m_infoblox_bloxone_Data_Leak.md │ │ │ ├── r_m_infoblox_bloxone_Lateral_Movement.md │ │ │ ├── r_m_infoblox_bloxone_Malware.md │ │ │ ├── r_m_infoblox_bloxone_Privilege_Abuse.md │ │ │ ├── r_m_infoblox_bloxone_Privilege_Escalation.md │ │ │ ├── r_m_infoblox_bloxone_Privileged_Activity.md │ │ │ └── r_m_infoblox_bloxone_Ransomware.md │ │ └── ds_infoblox_bloxone.md │ └── NIOS │ │ ├── Ps │ │ └── pC_infobloxniosdnsquery.md │ │ ├── RM │ │ └── r_m_infoblox_nios_Malware.md │ │ └── ds_infoblox_nios.md ├── Inky │ └── Inky_Anti-Phishing │ │ ├── Ps │ │ └── pC_sysloginkyphishingsecurityalert.md │ │ ├── RM │ │ ├── r_m_inky_inky_anti-phishing_Compromised_Credentials.md │ │ ├── r_m_inky_inky_anti-phishing_Lateral_Movement.md │ │ ├── r_m_inky_inky_anti-phishing_Malware.md │ │ └── r_m_inky_inky_anti-phishing_Privileged_Activity.md │ │ └── ds_inky_inky_anti-phishing.md ├── Ipswitch │ ├── IPswitch_MoveIt │ │ ├── Ps │ │ │ ├── pC_cefmoveitactivity.md │ │ │ ├── pC_cefmoveitappfailedlogin.md │ │ │ └── pC_cefmoveitapplogin.md │ │ ├── RM │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Account_Manipulation.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Compromised_Credentials.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Data_Access.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Data_Exfiltration.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Data_Leak.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Lateral_Movement.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Malware.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Privilege_Abuse.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Privilege_Escalation.md │ │ │ ├── r_m_ipswitch_ipswitch_moveit_Privileged_Activity.md │ │ │ └── r_m_ipswitch_ipswitch_moveit_Ransomware.md │ │ └── ds_ipswitch_ipswitch_moveit.md │ └── MoveIt_DMZ │ │ ├── 2_ds_ipswitch_moveit_dmz.md │ │ ├── Ps │ │ ├── pC_moveitaccountpasswordchange.md │ │ ├── pC_moveitauthenticationfailed.md │ │ ├── pC_moveitauthenticationfailed1.md │ │ ├── pC_moveitauthenticationsuccessful1.md │ │ ├── pC_moveitfailedlogon.md │ │ ├── pC_moveitfailedlogon1.md │ │ ├── pC_moveitfiledelete.md │ │ ├── pC_moveitfiledelete1.md │ │ ├── pC_moveitfiledelete2.md │ │ ├── pC_moveitfiledownload.md │ │ ├── pC_moveitfiledownload1.md │ │ ├── pC_moveitfileupload.md │ │ ├── pC_moveitfileupload1.md │ │ ├── pC_moveitfileupload2.md │ │ ├── pC_moveitfileupload3.md │ │ ├── pC_moveitfilewrite1.md │ │ ├── pC_moveitfilewrite2.md │ │ ├── pC_moveitmemberadded1.md │ │ ├── pC_moveitmemberadded2.md │ │ └── pC_moveitsshloginfailed.md │ │ ├── RM │ │ ├── r_m_ipswitch_moveit_dmz_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ipswitch_moveit_dmz_Account_Manipulation.md │ │ ├── r_m_ipswitch_moveit_dmz_Brute_Force_Attack.md │ │ ├── r_m_ipswitch_moveit_dmz_Compromised_Credentials.md │ │ ├── r_m_ipswitch_moveit_dmz_Data_Access.md │ │ ├── r_m_ipswitch_moveit_dmz_Data_Exfiltration.md │ │ ├── r_m_ipswitch_moveit_dmz_Data_Leak.md │ │ ├── r_m_ipswitch_moveit_dmz_Destruction_of_Data.md │ │ ├── r_m_ipswitch_moveit_dmz_Lateral_Movement.md │ │ ├── r_m_ipswitch_moveit_dmz_Malware.md │ │ ├── r_m_ipswitch_moveit_dmz_Privilege_Abuse.md │ │ ├── r_m_ipswitch_moveit_dmz_Privilege_Escalation.md │ │ ├── r_m_ipswitch_moveit_dmz_Privileged_Activity.md │ │ └── r_m_ipswitch_moveit_dmz_Ransomware.md │ │ └── ds_ipswitch_moveit_dmz.md ├── IronNet │ └── IronDefense │ │ ├── Ps │ │ └── pC_jsonirondefensenetworkalert.md │ │ ├── RM │ │ ├── r_m_ironnet_irondefense_Compromised_Credentials.md │ │ └── r_m_ironnet_irondefense_Malware.md │ │ └── ds_ironnet_irondefense.md ├── JH │ └── JH │ │ ├── Ps │ │ └── pC_jhfiledownload.md │ │ ├── RM │ │ ├── r_m_jh_jh_Privilege_Abuse.md │ │ └── r_m_jh_jh_Privileged_Activity.md │ │ └── ds_jh_jh.md ├── Johnson_Controls │ └── Johnson_Controls_P2000 │ │ ├── Ps │ │ └── pC_p2000physicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_johnson_controls_johnson_controls_p2000_Abnormal_Authentication_&_Access.md │ │ ├── r_m_johnson_controls_johnson_controls_p2000_Physical_Security.md │ │ └── r_m_johnson_controls_johnson_controls_p2000_Privileged_Activity.md │ │ └── ds_johnson_controls_johnson_controls_p2000.md ├── Juniper_Networks │ ├── Juniper_Networks │ │ ├── Ps │ │ │ ├── pC_junipercommitevents.md │ │ │ ├── pC_juniperprocesscreated1.md │ │ │ └── pC_juniperprocesscreated2.md │ │ ├── RM │ │ │ ├── r_m_juniper_networks_juniper_networks_Account_Manipulation.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Audit_Tampering.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Compromised_Credentials.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Cryptomining.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Data_Access.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Data_Exfiltration.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Evasion.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Lateral_Movement.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Malware.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Phishing.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Privilege_Abuse.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Privilege_Escalation.md │ │ │ ├── r_m_juniper_networks_juniper_networks_Privileged_Activity.md │ │ │ └── r_m_juniper_networks_juniper_networks_Ransomware.md │ │ └── ds_juniper_networks_juniper_networks.md │ ├── Juniper_Networks_ATP │ │ ├── Ps │ │ │ └── pC_cyphortalert.md │ │ ├── RM │ │ │ ├── r_m_juniper_networks_juniper_networks_atp_Compromised_Credentials.md │ │ │ ├── r_m_juniper_networks_juniper_networks_atp_Lateral_Movement.md │ │ │ ├── r_m_juniper_networks_juniper_networks_atp_Malware.md │ │ │ └── r_m_juniper_networks_juniper_networks_atp_Privileged_Activity.md │ │ └── ds_juniper_networks_juniper_networks_atp.md │ ├── Juniper_Networks_Pulse_Secure │ │ ├── 2_ds_juniper_networks_juniper_networks_pulse_secure.md │ │ ├── Ps │ │ │ ├── pC_ccpulsesecureaccesscontrol.md │ │ │ ├── pC_ccpulsesecureaccountdeleted.md │ │ │ ├── pC_ccpulsesecureauthenticationfailed.md │ │ │ ├── pC_ccpulsesecureauthenticationfailed1.md │ │ │ ├── pC_ccpulsesecureauthenticationsuccessful.md │ │ │ ├── pC_ccpulsesecureauthenticationsuccessful1.md │ │ │ ├── pC_ccpulsesecurecertificatefailed.md │ │ │ ├── pC_ccpulsesecurecertificatepassed.md │ │ │ ├── pC_ccpulsesecurefailedvpnlogin.md │ │ │ ├── pC_ccpulsesecurefailedvpnlogin1.md │ │ │ ├── pC_ccpulsesecurekeyexchange.md │ │ │ ├── pC_ccpulsesecurepasswordrestrictionfailed.md │ │ │ ├── pC_ccpulsesecurepasswordrestrictionpassed.md │ │ │ ├── pC_ccpulsesecuresslnegotiationfailed.md │ │ │ ├── pC_ccpulsesecurevpnclose.md │ │ │ ├── pC_ccpulsesecurevpnend.md │ │ │ ├── pC_ccpulsesecurevpnend1.md │ │ │ ├── pC_ccpulsesecurevpnresume.md │ │ │ ├── pC_ccpulsesecurevpnstart.md │ │ │ ├── pC_ccpulsesecurevpnstart1.md │ │ │ ├── pC_ccpulsesecurevpntimeout.md │ │ │ ├── pC_cefjuniperpulseactivity.md │ │ │ ├── pC_pulsesecureaccountdeleted.md │ │ │ ├── pC_pulsesecurevpnlogin.md │ │ │ ├── pC_sjuniperpulseactivity.md │ │ │ ├── pC_spulsesecureaccountdeleted.md │ │ │ └── pC_spulsesecurevpnlogin.md │ │ ├── RM │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Account_Manipulation.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Brute_Force_Attack.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Compromised_Credentials.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Data_Access.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Data_Exfiltration.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Data_Leak.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Lateral_Movement.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Malware.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Phishing.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Physical_Security.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Privilege_Abuse.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Privilege_Escalation.md │ │ │ ├── r_m_juniper_networks_juniper_networks_pulse_secure_Privileged_Activity.md │ │ │ └── r_m_juniper_networks_juniper_networks_pulse_secure_Ransomware.md │ │ └── ds_juniper_networks_juniper_networks_pulse_secure.md │ ├── Juniper_OWA │ │ ├── Ps │ │ │ └── pC_juniperowa.md │ │ ├── RM │ │ │ ├── r_m_juniper_networks_juniper_owa_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Compromised_Credentials.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Data_Access.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Lateral_Movement.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Malware.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Privilege_Abuse.md │ │ │ ├── r_m_juniper_networks_juniper_owa_Privileged_Activity.md │ │ │ └── r_m_juniper_networks_juniper_owa_Ransomware.md │ │ └── ds_juniper_networks_juniper_owa.md │ ├── Juniper_SRX │ │ ├── 2_ds_juniper_networks_juniper_srx.md │ │ ├── Ps │ │ │ ├── pC_cefjuniperaccesscontrol1.md │ │ │ ├── pC_cefjuniperaccesscontrol2.md │ │ │ ├── pC_cefjuniperaccesscontrol3.md │ │ │ ├── pC_cefjuniperfailedvpnlogin1.md │ │ │ ├── pC_cefjuniperfailedvpnlogin2.md │ │ │ ├── pC_cefjunipernetworkconnectionclose.md │ │ │ ├── pC_cefjunipervpnstart1.md │ │ │ ├── pC_cefjunipervpnstart2.md │ │ │ ├── pC_cefnetscreennetworkconnectiondeny.md │ │ │ ├── pC_cefnetscreennetworkconnectionpermit.md │ │ │ ├── pC_djuniperproxy.md │ │ │ ├── pC_juniperfirewallnetworkconnectionclose1.md │ │ │ ├── pC_juniperfirewallnetworkconnectioncreate.md │ │ │ ├── pC_juniperfirewallnetworkconnectioncreate2.md │ │ │ ├── pC_juniperfirewallnetworkconnectiondeny.md │ │ │ ├── pC_juniperfirewallnetworkconnectiondeny2.md │ │ │ ├── pC_juniperfirewallnetworkconnectionfailed.md │ │ │ ├── pC_juniperfirewallnetworkconnectionsuccessful.md │ │ │ ├── pC_junipernetworkalert1.md │ │ │ ├── pC_junipernetworkalert2.md │ │ │ ├── pC_junipersecurityalert.md │ │ │ └── pC_junuiloginevent.md │ │ ├── RM │ │ │ ├── r_m_juniper_networks_juniper_srx_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Compromised_Credentials.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Cryptomining.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Data_Exfiltration.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Data_Leak.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Lateral_Movement.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Malware.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Phishing.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Physical_Security.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Privilege_Abuse.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Privileged_Activity.md │ │ │ ├── r_m_juniper_networks_juniper_srx_Ransomware.md │ │ │ └── r_m_juniper_networks_juniper_srx_Workforce_Protection.md │ │ └── ds_juniper_networks_juniper_srx.md │ └── Juniper_VPN │ │ ├── 2_ds_juniper_networks_juniper_vpn.md │ │ ├── Ps │ │ ├── pC_cefjuniperaccesscontrol.md │ │ ├── pC_cefjuniperaccountdeleted.md │ │ ├── pC_cefjuniperfailedvpnlogin.md │ │ ├── pC_cefjuniperproxy.md │ │ ├── pC_cefjunipervpnauthfailed.md │ │ ├── pC_cefjunipervpnclose.md │ │ ├── pC_cefjunipervpnclose1.md │ │ ├── pC_cefjunipervpnend.md │ │ ├── pC_cefjunipervpnend1.md │ │ ├── pC_cefjunipervpnlogin.md │ │ ├── pC_cefjunipervpnlogout.md │ │ ├── pC_cefjunipervpnrelogin.md │ │ ├── pC_cefjunipervpnresume.md │ │ ├── pC_cefjunipervpnstart.md │ │ ├── pC_cefjunipervpntimeout.md │ │ ├── pC_cefjunipervpntimeout1.md │ │ ├── pC_juniperaccesscontrol.md │ │ ├── pC_junipernwcvpnend.md │ │ ├── pC_junipernwcvpnstart.md │ │ ├── pC_junipervpnclose.md │ │ ├── pC_juniperwebactivity1.md │ │ ├── pC_juniperwebactivity2.md │ │ ├── pC_juniperwebactivity3.md │ │ ├── pC_nforwardedcefjunipervpnend.md │ │ ├── pC_nforwardedcefjunipervpnend2.md │ │ ├── pC_nforwardedcefjunipervpnstart.md │ │ ├── pC_nforwardedcefjunipervpnstart2.md │ │ ├── pC_nforwardedcefjunipervpntimeout.md │ │ ├── pC_nforwardedjuniperfailedvpnlogin.md │ │ ├── pC_nforwardedjunipervpnclose.md │ │ ├── pC_nforwardedjunipervpnlogin.md │ │ ├── pC_nforwardedjunipervpnlogin2.md │ │ ├── pC_nforwardedjunipervpnlogin3.md │ │ ├── pC_nforwardedjunipervpnlogout.md │ │ ├── pC_nforwardedjunipervpnopen.md │ │ ├── pC_nforwardedjunipervpnrealm.md │ │ ├── pC_nforwardedjunipervpnrealm1.md │ │ ├── pC_rawjuniperfailedvpnlogin.md │ │ ├── pC_rawjunipernwcvpnauthfailed.md │ │ ├── pC_rawjunipernwcvpnauthsuccess.md │ │ ├── pC_rawjunipernwcvpnauthsuccess1.md │ │ ├── pC_rawjunipernwcvpnconnected.md │ │ ├── pC_rawjunipernwcvpnend.md │ │ ├── pC_rawjunipernwcvpnhostfailed.md │ │ ├── pC_rawjunipernwcvpnresume.md │ │ ├── pC_rawjunipernwcvpnstart.md │ │ ├── pC_rawjunipernwcvpnterminated.md │ │ ├── pC_rawvpnend.md │ │ ├── pC_rawvpnstart.md │ │ ├── pC_rawvpnstart1.md │ │ ├── pC_rawvpntimeout.md │ │ ├── pC_sjunipernwcvpnresume.md │ │ ├── pC_sjunipervpnend.md │ │ ├── pC_sjunipervpnrealm.md │ │ ├── pC_sjunipervpnstart.md │ │ ├── pC_sjunipervpntimeout.md │ │ ├── pC_syslogjunipervpnconnect.md │ │ ├── pC_syslogjunipervpnloginfailed.md │ │ ├── pC_syslogjunipervpnrealm.md │ │ ├── pC_syslogjunipervpnrealm1.md │ │ ├── pC_syslogjunipervpnrelogin.md │ │ └── pC_syslogpulsesecurevpnconnect.md │ │ ├── RM │ │ ├── r_m_juniper_networks_juniper_vpn_Abnormal_Authentication_&_Access.md │ │ ├── r_m_juniper_networks_juniper_vpn_Account_Manipulation.md │ │ ├── r_m_juniper_networks_juniper_vpn_Brute_Force_Attack.md │ │ ├── r_m_juniper_networks_juniper_vpn_Compromised_Credentials.md │ │ ├── r_m_juniper_networks_juniper_vpn_Cryptomining.md │ │ ├── r_m_juniper_networks_juniper_vpn_Data_Access.md │ │ ├── r_m_juniper_networks_juniper_vpn_Data_Exfiltration.md │ │ ├── r_m_juniper_networks_juniper_vpn_Data_Leak.md │ │ ├── r_m_juniper_networks_juniper_vpn_Lateral_Movement.md │ │ ├── r_m_juniper_networks_juniper_vpn_Malware.md │ │ ├── r_m_juniper_networks_juniper_vpn_Phishing.md │ │ ├── r_m_juniper_networks_juniper_vpn_Physical_Security.md │ │ ├── r_m_juniper_networks_juniper_vpn_Privilege_Abuse.md │ │ ├── r_m_juniper_networks_juniper_vpn_Privilege_Escalation.md │ │ ├── r_m_juniper_networks_juniper_vpn_Privileged_Activity.md │ │ ├── r_m_juniper_networks_juniper_vpn_Ransomware.md │ │ └── r_m_juniper_networks_juniper_vpn_Workforce_Protection.md │ │ └── ds_juniper_networks_juniper_vpn.md ├── KABA_EXOS │ └── KABA_EXOS │ │ ├── Ps │ │ └── pC_cefkababadgeaccess.md │ │ ├── RM │ │ ├── r_m_kaba_exos_kaba_exos_Abnormal_Authentication_&_Access.md │ │ ├── r_m_kaba_exos_kaba_exos_Physical_Security.md │ │ └── r_m_kaba_exos_kaba_exos_Privileged_Activity.md │ │ └── ds_kaba_exos_kaba_exos.md ├── Kaspersky │ ├── Kaspersky_AV │ │ ├── Ps │ │ │ ├── pC_cefkasperskydlpemail.md │ │ │ ├── pC_cefkasperskyfilealert.md │ │ │ └── pC_cefkasperskysecurityalert.md │ │ ├── RM │ │ │ ├── r_m_kaspersky_kaspersky_av_Compromised_Credentials.md │ │ │ ├── r_m_kaspersky_kaspersky_av_Data_Exfiltration.md │ │ │ ├── r_m_kaspersky_kaspersky_av_Lateral_Movement.md │ │ │ ├── r_m_kaspersky_kaspersky_av_Malware.md │ │ │ ├── r_m_kaspersky_kaspersky_av_Privilege_Abuse.md │ │ │ └── r_m_kaspersky_kaspersky_av_Privileged_Activity.md │ │ └── ds_kaspersky_kaspersky_av.md │ └── Kaspersky_Endpoint_Security_for_Business │ │ ├── 2_ds_kaspersky_kaspersky_endpoint_security_for_business.md │ │ ├── Ps │ │ ├── pC_cefkasperskysecurityalert1.md │ │ ├── pC_kasperskyesalert.md │ │ ├── pC_kasperskyesalert1.md │ │ ├── pC_kasperskyesalert2.md │ │ ├── pC_kasperskynetworkalert.md │ │ ├── pC_kasperskyusbactivity1.md │ │ ├── pC_kasperskyusbactivity2.md │ │ ├── pC_skasperskyendpointsecurity.md │ │ ├── pC_skasperskyesalert.md │ │ └── pC_skasperskyesalert1.md │ │ ├── RM │ │ ├── r_m_kaspersky_kaspersky_endpoint_security_for_business_Compromised_Credentials.md │ │ ├── r_m_kaspersky_kaspersky_endpoint_security_for_business_Data_Exfiltration.md │ │ ├── r_m_kaspersky_kaspersky_endpoint_security_for_business_Data_Leak.md │ │ ├── r_m_kaspersky_kaspersky_endpoint_security_for_business_Lateral_Movement.md │ │ ├── r_m_kaspersky_kaspersky_endpoint_security_for_business_Malware.md │ │ └── r_m_kaspersky_kaspersky_endpoint_security_for_business_Privileged_Activity.md │ │ └── ds_kaspersky_kaspersky_endpoint_security_for_business.md ├── Kemp │ ├── Kemp_LoadMaster │ │ ├── Ps │ │ │ ├── pC_syslogl7appactivityget.md │ │ │ ├── pC_syslogl7appactivitypost.md │ │ │ ├── pC_syslogl7remotelogon.md │ │ │ ├── pC_syslogl7securityalert.md │ │ │ └── pC_syslogssomgrappactivity.md │ │ ├── RM │ │ │ ├── r_m_kemp_kemp_loadmaster_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Account_Manipulation.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Compromised_Credentials.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Data_Access.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Data_Leak.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Lateral_Movement.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Malware.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Privilege_Abuse.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Privilege_Escalation.md │ │ │ ├── r_m_kemp_kemp_loadmaster_Privileged_Activity.md │ │ │ └── r_m_kemp_kemp_loadmaster_Ransomware.md │ │ └── ds_kemp_kemp_loadmaster.md │ └── Load_Balancer │ │ ├── Ps │ │ ├── pC_kemplbfailedlogin.md │ │ └── pC_kemplbremotelogin.md │ │ ├── RM │ │ ├── r_m_kemp_load_balancer_Abnormal_Authentication_&_Access.md │ │ ├── r_m_kemp_load_balancer_Compromised_Credentials.md │ │ ├── r_m_kemp_load_balancer_Lateral_Movement.md │ │ ├── r_m_kemp_load_balancer_Malware.md │ │ ├── r_m_kemp_load_balancer_Privilege_Abuse.md │ │ ├── r_m_kemp_load_balancer_Privilege_Escalation.md │ │ ├── r_m_kemp_load_balancer_Privileged_Activity.md │ │ └── r_m_kemp_load_balancer_Ransomware.md │ │ └── ds_kemp_load_balancer.md ├── LEAP │ └── LEAP │ │ ├── Ps │ │ ├── pC_cefleapappactivity3.md │ │ ├── pC_leapaccess.md │ │ ├── pC_leapappactivity.md │ │ ├── pC_leapappactivity1.md │ │ ├── pC_leapappactivity2.md │ │ ├── pC_leapappactivity3.md │ │ └── pC_leapaudit.md │ │ ├── RM │ │ ├── r_m_leap_leap_Abnormal_Authentication_&_Access.md │ │ ├── r_m_leap_leap_Account_Manipulation.md │ │ ├── r_m_leap_leap_Compromised_Credentials.md │ │ ├── r_m_leap_leap_Data_Access.md │ │ ├── r_m_leap_leap_Data_Leak.md │ │ ├── r_m_leap_leap_Lateral_Movement.md │ │ ├── r_m_leap_leap_Malware.md │ │ ├── r_m_leap_leap_Privilege_Abuse.md │ │ ├── r_m_leap_leap_Privilege_Escalation.md │ │ ├── r_m_leap_leap_Privileged_Activity.md │ │ └── r_m_leap_leap_Ransomware.md │ │ └── ds_leap_leap.md ├── LOGBinder │ └── SharePoint │ │ ├── Ps │ │ └── pC_ceflogbinderfileoperation.md │ │ ├── RM │ │ ├── r_m_logbinder_sharepoint_Abnormal_Authentication_&_Access.md │ │ ├── r_m_logbinder_sharepoint_Account_Manipulation.md │ │ ├── r_m_logbinder_sharepoint_Compromised_Credentials.md │ │ ├── r_m_logbinder_sharepoint_Data_Access.md │ │ ├── r_m_logbinder_sharepoint_Data_Exfiltration.md │ │ ├── r_m_logbinder_sharepoint_Data_Leak.md │ │ ├── r_m_logbinder_sharepoint_Lateral_Movement.md │ │ ├── r_m_logbinder_sharepoint_Malware.md │ │ ├── r_m_logbinder_sharepoint_Privilege_Abuse.md │ │ ├── r_m_logbinder_sharepoint_Privilege_Escalation.md │ │ ├── r_m_logbinder_sharepoint_Privileged_Activity.md │ │ └── r_m_logbinder_sharepoint_Ransomware.md │ │ └── ds_logbinder_sharepoint.md ├── LanScope │ └── LanScope_Cat │ │ ├── 2_ds_lanscope_lanscope_cat.md │ │ ├── Ps │ │ ├── pC_slanscopeappactivity1.md │ │ ├── pC_slanscopeassetalert.md │ │ ├── pC_slanscopecatlogon.md │ │ ├── pC_slanscopecatprintactivity.md │ │ ├── pC_slanscopecatusbactivity.md │ │ ├── pC_slanscopecatwebactivity.md │ │ ├── pC_slanscopefileoperations.md │ │ ├── pC_slanscopeprintactivity.md │ │ ├── pC_slanscopeprocesscreated.md │ │ ├── pC_slanscopeprocesscreatedfailed.md │ │ └── pC_slanscopewebactivity.md │ │ ├── RM │ │ ├── r_m_lanscope_lanscope_cat_Abnormal_Authentication_&_Access.md │ │ ├── r_m_lanscope_lanscope_cat_Account_Manipulation.md │ │ ├── r_m_lanscope_lanscope_cat_Audit_Tampering.md │ │ ├── r_m_lanscope_lanscope_cat_Compromised_Credentials.md │ │ ├── r_m_lanscope_lanscope_cat_Cryptomining.md │ │ ├── r_m_lanscope_lanscope_cat_Data_Access.md │ │ ├── r_m_lanscope_lanscope_cat_Data_Exfiltration.md │ │ ├── r_m_lanscope_lanscope_cat_Data_Leak.md │ │ ├── r_m_lanscope_lanscope_cat_Destruction_of_Data.md │ │ ├── r_m_lanscope_lanscope_cat_Evasion.md │ │ ├── r_m_lanscope_lanscope_cat_Lateral_Movement.md │ │ ├── r_m_lanscope_lanscope_cat_Malware.md │ │ ├── r_m_lanscope_lanscope_cat_Phishing.md │ │ ├── r_m_lanscope_lanscope_cat_Privilege_Abuse.md │ │ ├── r_m_lanscope_lanscope_cat_Privilege_Escalation.md │ │ ├── r_m_lanscope_lanscope_cat_Privileged_Activity.md │ │ ├── r_m_lanscope_lanscope_cat_Ransomware.md │ │ └── r_m_lanscope_lanscope_cat_Workforce_Protection.md │ │ └── ds_lanscope_lanscope_cat.md ├── LastPass │ └── LastPass │ │ ├── 2_ds_lastpass_lastpass.md │ │ ├── Ps │ │ ├── pC_lastpassaccountcreation.md │ │ ├── pC_lastpassaccountpasswordchange.md │ │ ├── pC_lastpassappactivity.md │ │ ├── pC_lastpassappactivity1.md │ │ ├── pC_lastpassapplogin.md │ │ ├── pC_lastpassapplogin1.md │ │ ├── pC_lastpassapplogin2.md │ │ ├── pC_lastpassapploginfailed.md │ │ └── pC_lastpassapploginfailed1.md │ │ ├── RM │ │ ├── r_m_lastpass_lastpass_Abnormal_Authentication_&_Access.md │ │ ├── r_m_lastpass_lastpass_Account_Manipulation.md │ │ ├── r_m_lastpass_lastpass_Compromised_Credentials.md │ │ ├── r_m_lastpass_lastpass_Data_Access.md │ │ ├── r_m_lastpass_lastpass_Data_Leak.md │ │ ├── r_m_lastpass_lastpass_Lateral_Movement.md │ │ ├── r_m_lastpass_lastpass_Malware.md │ │ ├── r_m_lastpass_lastpass_Privilege_Abuse.md │ │ ├── r_m_lastpass_lastpass_Privilege_Escalation.md │ │ ├── r_m_lastpass_lastpass_Privileged_Activity.md │ │ └── r_m_lastpass_lastpass_Ransomware.md │ │ └── ds_lastpass_lastpass.md ├── Lenel │ ├── Lenel_OnGuard │ │ ├── Ps │ │ │ └── pC_qlenelbadgeaccess1.md │ │ ├── RM │ │ │ ├── r_m_lenel_lenel_onguard_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_lenel_lenel_onguard_Physical_Security.md │ │ │ └── r_m_lenel_lenel_onguard_Privileged_Activity.md │ │ └── ds_lenel_lenel_onguard.md │ └── OnGuard │ │ ├── 2_ds_lenel_onguard.md │ │ ├── Ps │ │ ├── pC_jsonlenelbadgeaccess.md │ │ ├── pC_lenelbadgeaccess.md │ │ ├── pC_lenelbadgeaccess2.md │ │ ├── pC_lenelbadgeaccess3.md │ │ ├── pC_llenelbadgeaccess.md │ │ ├── pC_llenelbadgeaccess1.md │ │ ├── pC_qlenelbadgeaccess.md │ │ ├── pC_songuardphysicalbadgeaccess.md │ │ ├── pC_songuardphysicalbadgeaccess2.md │ │ ├── pC_sphysicalbadgeaccess3.md │ │ └── pC_syslogphysicalbadgeaccess1.md │ │ ├── RM │ │ ├── r_m_lenel_onguard_Abnormal_Authentication_&_Access.md │ │ ├── r_m_lenel_onguard_Physical_Security.md │ │ └── r_m_lenel_onguard_Privileged_Activity.md │ │ └── ds_lenel_onguard.md ├── Lexmark │ └── Lexmark │ │ ├── Ps │ │ └── pC_lexmarkprintactivity.md │ │ ├── RM │ │ ├── r_m_lexmark_lexmark_Abnormal_Authentication_&_Access.md │ │ └── r_m_lexmark_lexmark_Data_Leak.md │ │ └── ds_lexmark_lexmark.md ├── Linux │ ├── Linux_CentOs │ │ ├── Ps │ │ │ └── pC_centosnetworkconnectionfailed.md │ │ ├── RM │ │ │ ├── r_m_linux_linux_centos_Lateral_Movement.md │ │ │ └── r_m_linux_linux_centos_Malware.md │ │ └── ds_linux_linux_centos.md │ ├── Linux_DHCP │ │ ├── Ps │ │ │ └── pC_linuxdhcprequest.md │ │ ├── RM │ │ │ └── r_m_linux_linux_dhcp_Enrichment.md │ │ └── ds_linux_linux_dhcp.md │ └── SSH │ │ ├── Ps │ │ └── pC_sshremotelogon.md │ │ ├── RM │ │ ├── r_m_linux_ssh_Abnormal_Authentication_&_Access.md │ │ ├── r_m_linux_ssh_Brute_Force_Attack.md │ │ ├── r_m_linux_ssh_Compromised_Credentials.md │ │ ├── r_m_linux_ssh_Lateral_Movement.md │ │ ├── r_m_linux_ssh_Malware.md │ │ ├── r_m_linux_ssh_Privilege_Abuse.md │ │ ├── r_m_linux_ssh_Privilege_Escalation.md │ │ ├── r_m_linux_ssh_Privileged_Activity.md │ │ └── r_m_linux_ssh_Ransomware.md │ │ └── ds_linux_ssh.md ├── LiquidFiles │ └── LiquidFiles │ │ ├── Ps │ │ ├── pC_liquidfilesapplogin.md │ │ ├── pC_liquidfilesfailedapplogin.md │ │ ├── pC_liquidfilesfiledownload.md │ │ └── pC_liquidfilesfileupload.md │ │ ├── RM │ │ ├── r_m_liquidfiles_liquidfiles_Abnormal_Authentication_&_Access.md │ │ ├── r_m_liquidfiles_liquidfiles_Compromised_Credentials.md │ │ ├── r_m_liquidfiles_liquidfiles_Data_Access.md │ │ ├── r_m_liquidfiles_liquidfiles_Lateral_Movement.md │ │ ├── r_m_liquidfiles_liquidfiles_Malware.md │ │ ├── r_m_liquidfiles_liquidfiles_Privilege_Abuse.md │ │ ├── r_m_liquidfiles_liquidfiles_Privileged_Activity.md │ │ └── r_m_liquidfiles_liquidfiles_Ransomware.md │ │ └── ds_liquidfiles_liquidfiles.md ├── LogMeIn │ └── RemotelyAnywhere │ │ ├── Ps │ │ └── pC_remotelyanywhereremotelogin.md │ │ ├── RM │ │ ├── r_m_logmein_remotelyanywhere_Abnormal_Authentication_&_Access.md │ │ ├── r_m_logmein_remotelyanywhere_Compromised_Credentials.md │ │ ├── r_m_logmein_remotelyanywhere_Lateral_Movement.md │ │ ├── r_m_logmein_remotelyanywhere_Malware.md │ │ ├── r_m_logmein_remotelyanywhere_Privilege_Abuse.md │ │ ├── r_m_logmein_remotelyanywhere_Privilege_Escalation.md │ │ ├── r_m_logmein_remotelyanywhere_Privileged_Activity.md │ │ └── r_m_logmein_remotelyanywhere_Ransomware.md │ │ └── ds_logmein_remotelyanywhere.md ├── LogRhythm │ └── LogRhythm │ │ ├── Ps │ │ └── pC_ceflogrhythmprocesscreated.md │ │ ├── RM │ │ ├── r_m_logrhythm_logrhythm_Account_Manipulation.md │ │ ├── r_m_logrhythm_logrhythm_Audit_Tampering.md │ │ ├── r_m_logrhythm_logrhythm_Compromised_Credentials.md │ │ ├── r_m_logrhythm_logrhythm_Cryptomining.md │ │ ├── r_m_logrhythm_logrhythm_Data_Access.md │ │ ├── r_m_logrhythm_logrhythm_Data_Exfiltration.md │ │ ├── r_m_logrhythm_logrhythm_Evasion.md │ │ ├── r_m_logrhythm_logrhythm_Lateral_Movement.md │ │ ├── r_m_logrhythm_logrhythm_Malware.md │ │ ├── r_m_logrhythm_logrhythm_Phishing.md │ │ ├── r_m_logrhythm_logrhythm_Privilege_Abuse.md │ │ ├── r_m_logrhythm_logrhythm_Privilege_Escalation.md │ │ ├── r_m_logrhythm_logrhythm_Privileged_Activity.md │ │ └── r_m_logrhythm_logrhythm_Ransomware.md │ │ └── ds_logrhythm_logrhythm.md ├── Lumension │ └── Lumension │ │ ├── Ps │ │ ├── pC_lumensionfailedusbactivity1.md │ │ ├── pC_lumensionfailedusbactivity2.md │ │ ├── pC_lumensionfailedusbactivity3.md │ │ ├── pC_lumensionfailedusbactivity4.md │ │ ├── pC_lumensionusbactivity.md │ │ ├── pC_lumensionusbactivity1.md │ │ ├── pC_lumensionusbinsert1.md │ │ ├── pC_lumensionusbinsert2.md │ │ ├── pC_lumensionusbread.md │ │ ├── pC_lumensionusbwrite.md │ │ └── pC_slumensionusb.md │ │ ├── RM │ │ ├── r_m_lumension_lumension_Data_Leak.md │ │ └── r_m_lumension_lumension_Malware.md │ │ └── ds_lumension_lumension.md ├── Lyrix │ └── Lyrix │ │ ├── Ps │ │ ├── pC_ceflyrixbadgeaccess.md │ │ └── pC_ceflyrixbadgeaccess1.md │ │ ├── RM │ │ ├── r_m_lyrix_lyrix_Abnormal_Authentication_&_Access.md │ │ ├── r_m_lyrix_lyrix_Physical_Security.md │ │ └── r_m_lyrix_lyrix_Privileged_Activity.md │ │ └── ds_lyrix_lyrix.md ├── MSDHCP │ └── MSDHCP │ │ ├── Ps │ │ └── pC_msdhcp.md │ │ ├── RM │ │ └── r_m_msdhcp_msdhcp_Enrichment.md │ │ └── ds_msdhcp_msdhcp.md ├── Malwarebytes │ ├── Malwarebytes_Endpoint_Protection │ │ ├── 2_ds_malwarebytes_malwarebytes_endpoint_protection.md │ │ ├── Ps │ │ │ ├── pC_cefmalwarebytesnetworkalertids.md │ │ │ ├── pC_cefmalwarebytessecurityalert.md │ │ │ ├── pC_cefmalwarebytessecurityalert1.md │ │ │ ├── pC_cefmalwarebytessecurityalertexploit.md │ │ │ ├── pC_cefmbmcsecurityalertdetection.md │ │ │ ├── pC_cefmbmcsecurityalertdetection1.md │ │ │ ├── pC_cefmbmcsecurityalertipblock.md │ │ │ ├── pC_jsonmalwarebyteswebactivitydenied.md │ │ │ └── pC_syslogmalwarebytessecurityalert.md │ │ ├── RM │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Compromised_Credentials.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Cryptomining.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Data_Exfiltration.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Data_Leak.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Lateral_Movement.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Malware.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Phishing.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Privilege_Abuse.md │ │ │ ├── r_m_malwarebytes_malwarebytes_endpoint_protection_Privileged_Activity.md │ │ │ └── r_m_malwarebytes_malwarebytes_endpoint_protection_Ransomware.md │ │ └── ds_malwarebytes_malwarebytes_endpoint_protection.md │ └── Malwarebytes_Incident_Response │ │ ├── Ps │ │ └── pC_cefmalwarebytessecurityalert2.md │ │ ├── RM │ │ ├── r_m_malwarebytes_malwarebytes_incident_response_Compromised_Credentials.md │ │ ├── r_m_malwarebytes_malwarebytes_incident_response_Lateral_Movement.md │ │ ├── r_m_malwarebytes_malwarebytes_incident_response_Malware.md │ │ └── r_m_malwarebytes_malwarebytes_incident_response_Privileged_Activity.md │ │ └── ds_malwarebytes_malwarebytes_incident_response.md ├── ManageEngine │ ├── ADSSP │ │ ├── Ps │ │ │ ├── pC_adsspeventappactivity.md │ │ │ ├── pC_adsspeventappactivity1.md │ │ │ ├── pC_adsspeventappactivity2.md │ │ │ └── pC_adsspeventapplogin.md │ │ ├── RM │ │ │ ├── r_m_manageengine_adssp_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_manageengine_adssp_Account_Manipulation.md │ │ │ ├── r_m_manageengine_adssp_Compromised_Credentials.md │ │ │ ├── r_m_manageengine_adssp_Data_Access.md │ │ │ ├── r_m_manageengine_adssp_Data_Leak.md │ │ │ ├── r_m_manageengine_adssp_Lateral_Movement.md │ │ │ ├── r_m_manageengine_adssp_Malware.md │ │ │ ├── r_m_manageengine_adssp_Privilege_Abuse.md │ │ │ ├── r_m_manageengine_adssp_Privilege_Escalation.md │ │ │ ├── r_m_manageengine_adssp_Privileged_Activity.md │ │ │ └── r_m_manageengine_adssp_Ransomware.md │ │ └── ds_manageengine_adssp.md │ ├── PAM360 │ │ ├── Ps │ │ │ ├── pC_pam360apploginad.md │ │ │ ├── pC_pam360remotesessionended.md │ │ │ └── pC_pam360remotesessionstarted.md │ │ ├── RM │ │ │ ├── r_m_manageengine_pam360_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_manageengine_pam360_Account_Manipulation.md │ │ │ ├── r_m_manageengine_pam360_Compromised_Credentials.md │ │ │ ├── r_m_manageengine_pam360_Data_Access.md │ │ │ ├── r_m_manageengine_pam360_Data_Leak.md │ │ │ ├── r_m_manageengine_pam360_Lateral_Movement.md │ │ │ ├── r_m_manageengine_pam360_Malware.md │ │ │ ├── r_m_manageengine_pam360_Privilege_Abuse.md │ │ │ ├── r_m_manageengine_pam360_Privilege_Escalation.md │ │ │ ├── r_m_manageengine_pam360_Privileged_Activity.md │ │ │ └── r_m_manageengine_pam360_Ransomware.md │ │ └── ds_manageengine_pam360.md │ └── Password_Manager_Pro │ │ ├── Ps │ │ ├── pC_pmpaccountswitch.md │ │ ├── pC_pmpapplogin.md │ │ └── pC_pmppasswordchange.md │ │ ├── RM │ │ ├── r_m_manageengine_password_manager_pro_Abnormal_Authentication_&_Access.md │ │ ├── r_m_manageengine_password_manager_pro_Account_Manipulation.md │ │ ├── r_m_manageengine_password_manager_pro_Compromised_Credentials.md │ │ ├── r_m_manageengine_password_manager_pro_Data_Access.md │ │ ├── r_m_manageengine_password_manager_pro_Lateral_Movement.md │ │ ├── r_m_manageengine_password_manager_pro_Malware.md │ │ ├── r_m_manageengine_password_manager_pro_Privilege_Abuse.md │ │ ├── r_m_manageengine_password_manager_pro_Privilege_Escalation.md │ │ ├── r_m_manageengine_password_manager_pro_Privileged_Activity.md │ │ └── r_m_manageengine_password_manager_pro_Ransomware.md │ │ └── ds_manageengine_password_manager_pro.md ├── MariaDB │ └── MariaDB │ │ ├── Ps │ │ ├── pC_mariadbalter.md │ │ ├── pC_mariadbconnect.md │ │ ├── pC_mariadbconnect1.md │ │ ├── pC_mariadbcreate.md │ │ ├── pC_mariadbdrop.md │ │ ├── pC_mariadbfailedconnect.md │ │ ├── pC_mariadbquery.md │ │ ├── pC_mariadbread.md │ │ ├── pC_mariadbread1.md │ │ ├── pC_mariadbwrite.md │ │ └── pC_mariadbwrite1.md │ │ ├── RM │ │ ├── r_m_mariadb_mariadb_Compromised_Credentials.md │ │ └── r_m_mariadb_mariadb_Data_Access.md │ │ └── ds_mariadb_mariadb.md ├── MasterSAM │ └── MasterSAM_PAM │ │ ├── Ps │ │ ├── pC_mastersampamauthfailed2.md │ │ ├── pC_mastersampamauthfailed3.md │ │ ├── pC_mastersampamauthsuccessful1.md │ │ ├── pC_mastersampamauthsuccessful3.md │ │ ├── pC_mastersampampasswordchange.md │ │ └── pC_mastersampamremotelogon.md │ │ ├── RM │ │ ├── r_m_mastersam_mastersam_pam_Abnormal_Authentication_&_Access.md │ │ ├── r_m_mastersam_mastersam_pam_Account_Manipulation.md │ │ ├── r_m_mastersam_mastersam_pam_Compromised_Credentials.md │ │ ├── r_m_mastersam_mastersam_pam_Lateral_Movement.md │ │ ├── r_m_mastersam_mastersam_pam_Malware.md │ │ ├── r_m_mastersam_mastersam_pam_Privilege_Abuse.md │ │ ├── r_m_mastersam_mastersam_pam_Privilege_Escalation.md │ │ ├── r_m_mastersam_mastersam_pam_Privileged_Activity.md │ │ └── r_m_mastersam_mastersam_pam_Ransomware.md │ │ └── ds_mastersam_mastersam_pam.md ├── McAfee │ ├── MDAM │ │ ├── Ps │ │ │ ├── pC_cefmdamdbalert.md │ │ │ ├── pC_cefmdamdbalert1.md │ │ │ └── pC_smdamdbquery.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mdam_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mdam_Data_Access.md │ │ │ ├── r_m_mcafee_mdam_Data_Exfiltration.md │ │ │ └── r_m_mcafee_mdam_Malware.md │ │ └── ds_mcafee_mdam.md │ ├── McAfee_Advanced_Threat_Defense │ │ ├── Ps │ │ │ ├── pC_mcafeehbssdlpalert.md │ │ │ └── pC_mcafeehbssdlpalert2.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_advanced_threat_defense_Data_Exfiltration.md │ │ │ ├── r_m_mcafee_mcafee_advanced_threat_defense_Data_Leak.md │ │ │ └── r_m_mcafee_mcafee_advanced_threat_defense_Malware.md │ │ └── ds_mcafee_mcafee_advanced_threat_defense.md │ ├── McAfee_DLP │ │ ├── 2_ds_mcafee_mcafee_dlp.md │ │ ├── Ps │ │ │ ├── pC_cefmcafeeclouddlpalert.md │ │ │ ├── pC_cefmcafeedlpalert.md │ │ │ ├── pC_cefmcafeedlpalert1.md │ │ │ ├── pC_cefmcafeedlpalert2.md │ │ │ ├── pC_cefmcafeedlpalert3.md │ │ │ ├── pC_cefmcafeedlpalertinfo.md │ │ │ ├── pC_cefmcafeedlpemailout.md │ │ │ ├── pC_cefmcafeedlpprevent.md │ │ │ ├── pC_cefmcafeeepodlpalert.md │ │ │ ├── pC_cefmcafeeprintactivity.md │ │ │ ├── pC_cefmcafeeprintactivity1.md │ │ │ ├── pC_cefmcafeeusb.md │ │ │ ├── pC_iguarddlpalert.md │ │ │ ├── pC_mcafeedlpmemdev.md │ │ │ ├── pC_mcafeedlppnp.md │ │ │ ├── pC_mcafeedlppnp2.md │ │ │ ├── pC_mcafeedlpprint.md │ │ │ ├── pC_mcafeedlpprint2.md │ │ │ ├── pC_mcafeedlpremstor.md │ │ │ ├── pC_mcafeedlpremstor2.md │ │ │ ├── pC_mcafeedlpupload.md │ │ │ ├── pC_nforwardedcefmcafeeepodlp.md │ │ │ ├── pC_qmcafeeepodlpalert.md │ │ │ ├── pC_smcafeedlpalert.md │ │ │ ├── pC_smcafeedlpalert1.md │ │ │ ├── pC_smcafeedlpalert2.md │ │ │ ├── pC_smcafeedlpalert3.md │ │ │ ├── pC_smcafeeepodlpalert.md │ │ │ ├── pC_smcafeeprintactivity.md │ │ │ ├── pC_smcafeeprintactivity1.md │ │ │ ├── pC_smcafeeprintactivity2.md │ │ │ ├── pC_smcafeevseepodlpalert.md │ │ │ ├── pC_syslogmcafeedlpemailalert.md │ │ │ └── pC_syslogmcafeeepodlpalert.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_dlp_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Data_Exfiltration.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Data_Leak.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Malware.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Phishing.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Privilege_Abuse.md │ │ │ ├── r_m_mcafee_mcafee_dlp_Privileged_Activity.md │ │ │ └── r_m_mcafee_mcafee_dlp_Workforce_Protection.md │ │ └── ds_mcafee_mcafee_dlp.md │ ├── McAfee_Email_Protection │ │ ├── 2_ds_mcafee_mcafee_email_protection.md │ │ ├── Ps │ │ │ ├── pC_cefmcafeedlpemail.md │ │ │ ├── pC_cefmcafeedlpemailalert.md │ │ │ ├── pC_cefmcafeedlpemailalert2.md │ │ │ ├── pC_cefmcafeedlpemailalertfailed.md │ │ │ ├── pC_mcafeedlpemailalert.md │ │ │ ├── pC_mcafeedlpemailalert1.md │ │ │ └── pC_smcafeeemaildlpalertout.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_email_protection_Data_Leak.md │ │ │ ├── r_m_mcafee_mcafee_email_protection_Malware.md │ │ │ ├── r_m_mcafee_mcafee_email_protection_Phishing.md │ │ │ ├── r_m_mcafee_mcafee_email_protection_Privilege_Abuse.md │ │ │ ├── r_m_mcafee_mcafee_email_protection_Privileged_Activity.md │ │ │ └── r_m_mcafee_mcafee_email_protection_Workforce_Protection.md │ │ └── ds_mcafee_mcafee_email_protection.md │ ├── McAfee_Endpoint_Security │ │ ├── 2_ds_mcafee_mcafee_endpoint_security.md │ │ ├── Ps │ │ │ ├── pC_cefmcafeeepoalert1.md │ │ │ ├── pC_cefmcafeeepoalert2.md │ │ │ ├── pC_cefmcafeeepoalert3.md │ │ │ ├── pC_cefmcafeeepoalert4.md │ │ │ ├── pC_cefmcafeeepoalert5.md │ │ │ ├── pC_cefmcafeeepoalert6.md │ │ │ ├── pC_cefmcafeeprocessalert.md │ │ │ ├── pC_cefmcafeesecurityalert.md │ │ │ ├── pC_cefmcafeesecurityalert1.md │ │ │ ├── pC_cefmcafeeusbactivity.md │ │ │ ├── pC_cefmcafeeusbactivity1.md │ │ │ ├── pC_cefmcafeeusbinsert.md │ │ │ ├── pC_cefmcafeevsealert.md │ │ │ ├── pC_jsonmcafeeepoalert.md │ │ │ ├── pC_jsonmcafeeepoalert1.md │ │ │ ├── pC_jsonmcafeeepoalert2.md │ │ │ ├── pC_mcafeedlpalert.md │ │ │ ├── pC_mcafeeeppalert.md │ │ │ ├── pC_mcafeefilewritedenied.md │ │ │ ├── pC_mcafeeprocesscreatedfailed.md │ │ │ ├── pC_mcafeeremotelogon.md │ │ │ ├── pC_mcafeesecurityalert1.md │ │ │ ├── pC_mcafeesecurityalert2.md │ │ │ ├── pC_mcafeesecurityalert3.md │ │ │ ├── pC_mcafeesecurityalert4.md │ │ │ ├── pC_mcafeeusbactivity.md │ │ │ ├── pC_mcafeeusbactivity1.md │ │ │ ├── pC_mcafeeusbinsert.md │ │ │ ├── pC_mcafeeusbinsert1.md │ │ │ ├── pC_mcafeeusbwrite.md │ │ │ ├── pC_mcafeevseepoalert.md │ │ │ ├── pC_nforwardedcefmcafeeepo.md │ │ │ ├── pC_nforwardedcefmcafeeepousb.md │ │ │ ├── pC_qmcafeeepoalert.md │ │ │ ├── pC_smcafeecleanedalert.md │ │ │ ├── pC_smcafeecleanfailedalert.md │ │ │ ├── pC_smcafeedeletedalert.md │ │ │ ├── pC_smcafeeepoalert.md │ │ │ ├── pC_smcafeeepoalert2.md │ │ │ ├── pC_smcafeeepoalert3.md │ │ │ ├── pC_smcafeeepoalert4.md │ │ │ ├── pC_smcafeeepodlpalert2.md │ │ │ ├── pC_smcafeeprocessalert.md │ │ │ ├── pC_smcafeesecurityalert.md │ │ │ ├── pC_smcafeesecurityalert1.md │ │ │ ├── pC_smcafeesecurityalert2.md │ │ │ ├── pC_smcafeeusbactivity.md │ │ │ ├── pC_smcafeeusbactivitybluetooth.md │ │ │ ├── pC_smcafeeusbactivitydiskdrives.md │ │ │ ├── pC_smcafeeusbactivitydvd.md │ │ │ ├── pC_smcafeeusbactivitydvd1.md │ │ │ ├── pC_smcafeeusbactivitydvd2.md │ │ │ ├── pC_smcafeeusbactivityimaging.md │ │ │ ├── pC_smcafeeusbactivityportable.md │ │ │ ├── pC_smcafeeusbfilewrite.md │ │ │ ├── pC_smcafeeusbinsertcddrive.md │ │ │ ├── pC_smcafeeusbinsertdd.md │ │ │ ├── pC_smcafeeusbinsertpd.md │ │ │ ├── pC_smcafeeusbinsertusbd.md │ │ │ ├── pC_syslogmcafeeepoalert.md │ │ │ ├── pC_syslogmcafeeusbactivity.md │ │ │ └── pC_umcafeeepoalert.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Data_Access.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Data_Exfiltration.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Data_Leak.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Lateral_Movement.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Malware.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Privilege_Abuse.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Privilege_Escalation.md │ │ │ ├── r_m_mcafee_mcafee_endpoint_security_Privileged_Activity.md │ │ │ └── r_m_mcafee_mcafee_endpoint_security_Ransomware.md │ │ └── ds_mcafee_mcafee_endpoint_security.md │ ├── McAfee_Enterprise_Security_Manager │ │ ├── Ps │ │ │ └── pC_ncefmcafeealert.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_enterprise_security_manager_Compromised_Credentials.md │ │ │ └── r_m_mcafee_mcafee_enterprise_security_manager_Malware.md │ │ └── ds_mcafee_mcafee_enterprise_security_manager.md │ ├── McAfee_IDPS │ │ ├── Ps │ │ │ └── pC_mcafeeidpsnetworkalert.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_idps_Compromised_Credentials.md │ │ │ └── r_m_mcafee_mcafee_idps_Malware.md │ │ └── ds_mcafee_mcafee_idps.md │ ├── McAfee_NSM │ │ ├── Ps │ │ │ ├── pC_mcafeensmapplogin.md │ │ │ ├── pC_mcafeensmapploginfailed.md │ │ │ └── pC_syslogmcafeenetworkalert.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_nsm_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Data_Access.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Lateral_Movement.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Malware.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Privilege_Abuse.md │ │ │ ├── r_m_mcafee_mcafee_nsm_Privileged_Activity.md │ │ │ └── r_m_mcafee_mcafee_nsm_Ransomware.md │ │ └── ds_mcafee_mcafee_nsm.md │ ├── McAfee_Network_Security_Platform_(IPS) │ │ ├── Ps │ │ │ ├── pC_cefmcafeenetworkalert.md │ │ │ ├── pC_mcafeeipsnetworkalert.md │ │ │ ├── pC_mcafeenetworkalert.md │ │ │ └── pC_mcafeenetworkalert1.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_network_security_platform_(ips)_Compromised_Credentials.md │ │ │ └── r_m_mcafee_mcafee_network_security_platform_(ips)_Malware.md │ │ └── ds_mcafee_mcafee_network_security_platform_(ips).md │ ├── McAfee_Solidifier │ │ ├── Ps │ │ │ └── pC_cefmcafeeepoalertsolidifier.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_solidifier_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mcafee_solidifier_Lateral_Movement.md │ │ │ ├── r_m_mcafee_mcafee_solidifier_Malware.md │ │ │ └── r_m_mcafee_mcafee_solidifier_Privileged_Activity.md │ │ └── ds_mcafee_mcafee_solidifier.md │ ├── McAfee_Web_Gateway │ │ ├── 2_ds_mcafee_mcafee_web_gateway.md │ │ ├── Ps │ │ │ ├── pC_cefmwgproxy.md │ │ │ ├── pC_jsonmwgwebactivity.md │ │ │ ├── pC_leefmwgproxy.md │ │ │ ├── pC_mwgproxy1.md │ │ │ ├── pC_mwgproxy2.md │ │ │ ├── pC_mwgproxy3.md │ │ │ ├── pC_nmwgproxy.md │ │ │ ├── pC_smwgproxy.md │ │ │ ├── pC_smwgproxy1.md │ │ │ ├── pC_smwgproxy3.md │ │ │ ├── pC_smwgproxy3denied.md │ │ │ └── pC_smwgwebactivity.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Cryptomining.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Data_Exfiltration.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Data_Leak.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Lateral_Movement.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Malware.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Phishing.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Privilege_Abuse.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Privileged_Activity.md │ │ │ ├── r_m_mcafee_mcafee_web_gateway_Ransomware.md │ │ │ └── r_m_mcafee_mcafee_web_gateway_Workforce_Protection.md │ │ └── ds_mcafee_mcafee_web_gateway.md │ ├── Mcafee_EPO │ │ ├── Ps │ │ │ ├── pC_mcafeesecurityalert1027.md │ │ │ └── pC_mcafeesecurityalert5.md │ │ ├── RM │ │ │ ├── r_m_mcafee_mcafee_epo_Compromised_Credentials.md │ │ │ ├── r_m_mcafee_mcafee_epo_Lateral_Movement.md │ │ │ ├── r_m_mcafee_mcafee_epo_Malware.md │ │ │ └── r_m_mcafee_mcafee_epo_Privileged_Activity.md │ │ └── ds_mcafee_mcafee_epo.md │ └── Skyhigh_Networks_CASB │ │ ├── 2_ds_mcafee_skyhigh_networks_casb.md │ │ ├── Ps │ │ ├── pC_cefmcafeemvisionskyhighdlpalert1.md │ │ ├── pC_cefmcafeeskyhighappactivity.md │ │ ├── pC_cefmcafeeskyhighappactivity1.md │ │ ├── pC_cefmcafeeskyhighappactivity10.md │ │ ├── pC_cefmcafeeskyhighappactivity11.md │ │ ├── pC_cefmcafeeskyhighappactivity12.md │ │ ├── pC_cefmcafeeskyhighappactivity2.md │ │ ├── pC_cefmcafeeskyhighappactivity3.md │ │ ├── pC_cefmcafeeskyhighappactivity4.md │ │ ├── pC_cefmcafeeskyhighappactivity5.md │ │ ├── pC_cefmcafeeskyhighappactivity6.md │ │ ├── pC_cefmcafeeskyhighappactivity7.md │ │ ├── pC_cefmcafeeskyhighappactivity8.md │ │ ├── pC_cefmcafeeskyhighappactivity9.md │ │ ├── pC_cefmcafeeskyhighapplogin.md │ │ ├── pC_cefmcafeeskyhighdlpalert.md │ │ ├── pC_cefmcafeeskyhighdlpalert1.md │ │ ├── pC_cefmcafeeskyhighfailedapplogin.md │ │ ├── pC_cefmcafeeskyhighfiledownloaded.md │ │ ├── pC_cefmcafeeskyhighsecurityalert.md │ │ ├── pC_mcafeeappactivity.md │ │ ├── pC_mcafeeskyhighdlpalert.md │ │ ├── pC_mcafeeskyhighdlpalert1.md │ │ ├── pC_skyhighdlpalert.md │ │ ├── pC_skyhighdlpalert1.md │ │ └── pC_skyhighdlpalert2.md │ │ ├── RM │ │ ├── r_m_mcafee_skyhigh_networks_casb_Abnormal_Authentication_&_Access.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Account_Manipulation.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Compromised_Credentials.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Data_Access.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Data_Exfiltration.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Data_Leak.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Lateral_Movement.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Malware.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Privilege_Abuse.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Privilege_Escalation.md │ │ ├── r_m_mcafee_skyhigh_networks_casb_Privileged_Activity.md │ │ └── r_m_mcafee_skyhigh_networks_casb_Ransomware.md │ │ └── ds_mcafee_skyhigh_networks_casb.md ├── Medigate │ └── Medigate │ │ ├── Ps │ │ ├── pC_medigatealertiot.md │ │ └── pC_medigatesecurityalert.md │ │ ├── RM │ │ ├── r_m_medigate_medigate_Compromised_Credentials.md │ │ ├── r_m_medigate_medigate_Lateral_Movement.md │ │ ├── r_m_medigate_medigate_Malware.md │ │ └── r_m_medigate_medigate_Privileged_Activity.md │ │ └── ds_medigate_medigate.md ├── Microsoft │ ├── 365_Defender │ │ ├── 2_ds_microsoft_365_defender.md │ │ ├── Ps │ │ │ ├── pC_jsondefenderalertevidence.md │ │ │ ├── pC_jsondefenderemailattachmentinfo.md │ │ │ ├── pC_jsondefenderemailevents.md │ │ │ └── pC_jsonmicrosofto365alert26.md │ │ ├── RM │ │ │ ├── r_m_microsoft_365_defender_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_365_defender_Data_Leak.md │ │ │ ├── r_m_microsoft_365_defender_Lateral_Movement.md │ │ │ ├── r_m_microsoft_365_defender_Malware.md │ │ │ ├── r_m_microsoft_365_defender_Phishing.md │ │ │ ├── r_m_microsoft_365_defender_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_365_defender_Privileged_Activity.md │ │ │ └── r_m_microsoft_365_defender_Workforce_Protection.md │ │ └── ds_microsoft_365_defender.md │ ├── Advanced_Threat_Analytics_(ATA) │ │ ├── 2_ds_microsoft_advanced_threat_analytics_(ata).md │ │ ├── Ps │ │ │ ├── pC_cefataaccountalert.md │ │ │ ├── pC_cefatabehavioralert.md │ │ │ ├── pC_cefatabruteforcealert.md │ │ │ ├── pC_cefatadatabasealert.md │ │ │ ├── pC_cefatadirectoryalert.md │ │ │ ├── pC_cefatadnsalert.md │ │ │ ├── pC_cefataencryptionalert.md │ │ │ ├── pC_cefataexecutionalert.md │ │ │ ├── pC_cefataforgedpacalert.md │ │ │ ├── pC_cefatagoldenticketalert.md │ │ │ ├── pC_cefatagroupmembershipalert.md │ │ │ ├── pC_cefatahashalert.md │ │ │ ├── pC_cefatahoneytokenalert.md │ │ │ ├── pC_cefataldapbruteforcealert.md │ │ │ ├── pC_cefataobjectalert.md │ │ │ ├── pC_cefataprotocolalert.md │ │ │ ├── pC_cefataretrievedataalert.md │ │ │ ├── pC_cefatasamralert.md │ │ │ ├── pC_cefatasessionalert.md │ │ │ └── pC_cefataticketalert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_advanced_threat_analytics_(ata)_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_advanced_threat_analytics_(ata)_Lateral_Movement.md │ │ │ ├── r_m_microsoft_advanced_threat_analytics_(ata)_Malware.md │ │ │ └── r_m_microsoft_advanced_threat_analytics_(ata)_Privileged_Activity.md │ │ └── ds_microsoft_advanced_threat_analytics_(ata).md │ ├── Advanced_Threat_Protection │ │ ├── 2_ds_microsoft_advanced_threat_protection.md │ │ ├── Ps │ │ │ ├── pC_cefatpalert1.md │ │ │ ├── pC_cefatpalert11.md │ │ │ ├── pC_cefatpalert12.md │ │ │ ├── pC_cefatpalert13.md │ │ │ ├── pC_cefatpalert14.md │ │ │ ├── pC_cefatpalert15.md │ │ │ ├── pC_cefatpalert16.md │ │ │ ├── pC_cefatpalert17.md │ │ │ ├── pC_cefatpalert18.md │ │ │ ├── pC_cefatpalert19.md │ │ │ ├── pC_cefatpalert2.md │ │ │ ├── pC_cefatpalert20.md │ │ │ ├── pC_cefatpalert21.md │ │ │ ├── pC_cefatpalert22.md │ │ │ ├── pC_cefatpalert23.md │ │ │ ├── pC_cefatpalert24.md │ │ │ ├── pC_cefatpalert25.md │ │ │ ├── pC_cefatpalert26.md │ │ │ ├── pC_cefatpalert27.md │ │ │ ├── pC_cefatpalert28.md │ │ │ ├── pC_cefatpalert29.md │ │ │ ├── pC_cefatpalert3.md │ │ │ ├── pC_cefatpalert30.md │ │ │ ├── pC_cefatpalert31.md │ │ │ ├── pC_cefatpalert32.md │ │ │ ├── pC_cefatpalert33.md │ │ │ ├── pC_cefatpalert34.md │ │ │ ├── pC_cefatpalert4.md │ │ │ ├── pC_cefatpalert5.md │ │ │ ├── pC_cefatpalert6.md │ │ │ ├── pC_cefatpalert7.md │ │ │ ├── pC_cefatpalert8.md │ │ │ └── pC_cefatpalert9.md │ │ ├── RM │ │ │ ├── r_m_microsoft_advanced_threat_protection_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_advanced_threat_protection_Lateral_Movement.md │ │ │ ├── r_m_microsoft_advanced_threat_protection_Malware.md │ │ │ └── r_m_microsoft_advanced_threat_protection_Privileged_Activity.md │ │ └── ds_microsoft_advanced_threat_protection.md │ ├── AppLocker │ │ ├── Ps │ │ │ └── pC_microsoftapplockersecurityalert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_applocker_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_applocker_Lateral_Movement.md │ │ │ ├── r_m_microsoft_applocker_Malware.md │ │ │ └── r_m_microsoft_applocker_Privileged_Activity.md │ │ └── ds_microsoft_applocker.md │ ├── Azure │ │ ├── 2_ds_microsoft_azure.md │ │ ├── Ps │ │ │ ├── pC_azureadmemberremoved1.md │ │ │ ├── pC_azureappactivity1.md │ │ │ ├── pC_azureappactivity2.md │ │ │ ├── pC_azureappactivity3.md │ │ │ ├── pC_azureappactivity4.md │ │ │ ├── pC_azureappactivity5.md │ │ │ ├── pC_azureappactivity6.md │ │ │ ├── pC_azureappactivity7.md │ │ │ ├── pC_azureappactivity8.md │ │ │ ├── pC_azureapplogin.md │ │ │ ├── pC_azureeventhubapplicationgatewayaccesslog.md │ │ │ ├── pC_azureeventhubapplicationgatewayfirewalllog.md │ │ │ ├── pC_azureeventhubappserviceauditlogs.md │ │ │ ├── pC_azureeventhubbeatappactivity.md │ │ │ ├── pC_azureeventhubbeatappactivity1.md │ │ │ ├── pC_azureeventhubbeatappactivity2.md │ │ │ ├── pC_azureeventhubbeatappactivity3.md │ │ │ ├── pC_azureeventhubbeatappactivity4.md │ │ │ ├── pC_azureeventhubbeatappactivity5.md │ │ │ ├── pC_azureeventhubbeatappactivity6.md │ │ │ ├── pC_azureeventhubbeatappactivity7.md │ │ │ ├── pC_azureeventhubbeatappactivity8.md │ │ │ ├── pC_azureeventhubbeatappactivity9.md │ │ │ ├── pC_azureeventhubfileevents.md │ │ │ ├── pC_azureeventhubfileread.md │ │ │ ├── pC_azureeventhubimageload.md │ │ │ ├── pC_azureeventhubkeyvaultauth.md │ │ │ ├── pC_azureeventhubmemberadded.md │ │ │ ├── pC_azureeventhubmemberremoved.md │ │ │ ├── pC_azureeventhubnetworkconnection.md │ │ │ ├── pC_azureeventhubnetworksecuritygroupevent.md │ │ │ ├── pC_azureeventhubnetworksecuritygrouprulecounter.md │ │ │ ├── pC_azureeventhubprocessevents.md │ │ │ ├── pC_azureeventhubprocessevents1.md │ │ │ ├── pC_azureeventhubremotelogon.md │ │ │ ├── pC_azureeventhubsqlsecurityevent.md │ │ │ ├── pC_azureeventhubusbactivity.md │ │ │ ├── pC_azureeventhubusbinsert.md │ │ │ ├── pC_azurefileread.md │ │ │ ├── pC_azurefileread1.md │ │ │ ├── pC_azurefileread2.md │ │ │ ├── pC_azurefileread3.md │ │ │ ├── pC_azurefilewrite.md │ │ │ ├── pC_azurenetworkconnectionsuccess.md │ │ │ ├── pC_azureprocesscreated1.md │ │ │ ├── pC_cefazureappactivity1.md │ │ │ ├── pC_cefazureappactivity2.md │ │ │ ├── pC_cefazureappactivity3.md │ │ │ ├── pC_cefazureappactivity4.md │ │ │ ├── pC_cefazureappactivity5.md │ │ │ ├── pC_cefazureapplogin.md │ │ │ ├── pC_cefazureeventhubsecurity.md │ │ │ ├── pC_cefazurefailedapplogin.md │ │ │ ├── pC_cefmicrosoftappactivity13.md │ │ │ ├── pC_cefmicrosoftappactivity38.md │ │ │ ├── pC_cefmicrosoftappactivity43.md │ │ │ ├── pC_cefmicrosoftappactivity44.md │ │ │ ├── pC_cefmicrosoftapplogin.md │ │ │ ├── pC_cefmicrosoftdatabasequery.md │ │ │ ├── pC_cefmicrosoftdnsquery.md │ │ │ ├── pC_cefmicrosoftfailedapplogin.md │ │ │ ├── pC_cefmicrosoftpasswordchange.md │ │ │ ├── pC_cefmicrosoftremotelogon.md │ │ │ ├── pC_jsonazurestorageaccess.md │ │ │ ├── pC_microsoftazurenetworkconnectionsuccessful.md │ │ │ ├── pC_microsoftnetworkalert.md │ │ │ ├── pC_msazureeventhubsappactivity.md │ │ │ ├── pC_msazureeventhubslogin.md │ │ │ ├── pC_msazuresigninapplogin.md │ │ │ ├── pC_sazureapimanagement.md │ │ │ ├── pC_sazureapplogin.md │ │ │ ├── pC_sazureauthentication.md │ │ │ ├── pC_sazureauthorizationactivity.md │ │ │ ├── pC_sazureauthorizationactivity2.md │ │ │ ├── pC_sazureauthorizationactivity3.md │ │ │ ├── pC_sazurecontainerservice.md │ │ │ ├── pC_sazurecoredirectory.md │ │ │ ├── pC_sazuremanagedidentity.md │ │ │ ├── pC_sazurepimactivity.md │ │ │ ├── pC_sazurestorageaccess.md │ │ │ ├── pC_sazurestorageactivity.md │ │ │ ├── pC_sazurestorageactivity2.md │ │ │ └── pC_sazurestorageactivity3.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_azure_Account_Manipulation.md │ │ │ ├── r_m_microsoft_azure_Audit_Tampering.md │ │ │ ├── r_m_microsoft_azure_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_Cryptomining.md │ │ │ ├── r_m_microsoft_azure_Data_Access.md │ │ │ ├── r_m_microsoft_azure_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_azure_Data_Leak.md │ │ │ ├── r_m_microsoft_azure_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_azure_Evasion.md │ │ │ ├── r_m_microsoft_azure_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_Malware.md │ │ │ ├── r_m_microsoft_azure_Phishing.md │ │ │ ├── r_m_microsoft_azure_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_azure_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_azure_Privileged_Activity.md │ │ │ └── r_m_microsoft_azure_Ransomware.md │ │ └── ds_microsoft_azure.md │ ├── Azure_AD_Identity_Protection │ │ ├── Ps │ │ │ ├── pC_azureadsecurityalert2.md │ │ │ ├── pC_jsonazureadsecurityalert.md │ │ │ ├── pC_jsonazureadsecurityalert1.md │ │ │ ├── pC_jsonmicrosofto365alert10.md │ │ │ ├── pC_jsonmicrosofto365alert2.md │ │ │ └── pC_jsonmicrosofto365alert20.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_ad_identity_protection_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_ad_identity_protection_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_ad_identity_protection_Malware.md │ │ │ └── r_m_microsoft_azure_ad_identity_protection_Privileged_Activity.md │ │ └── ds_microsoft_azure_ad_identity_protection.md │ ├── Azure_Active_Directory │ │ ├── 2_ds_microsoft_azure_active_directory.md │ │ ├── Ps │ │ │ ├── pC_azureadaccountdisabled.md │ │ │ ├── pC_azureadaccountpasswordchange.md │ │ │ ├── pC_azureadaccountpasswordchange1.md │ │ │ ├── pC_azureadaccountpasswordchange2.md │ │ │ ├── pC_azureadaccountpasswordchange3.md │ │ │ ├── pC_azureadaccountunlocked.md │ │ │ ├── pC_azureadapplogin.md │ │ │ ├── pC_azureadmemberadded.md │ │ │ ├── pC_azureadmemberadded1.md │ │ │ ├── pC_azureadmemberremoved.md │ │ │ ├── pC_cefazureadapplogin.md │ │ │ ├── pC_cefazureauthfailed.md │ │ │ ├── pC_cefazurepasswordchange.md │ │ │ ├── pC_cefazureusersignin.md │ │ │ ├── pC_cefo365applogin1.md │ │ │ ├── pC_sazureadappactivity2.md │ │ │ ├── pC_sazureadapplogin.md │ │ │ ├── pC_sazureadapplogin2.md │ │ │ ├── pC_sazureadpasswordchange2.md │ │ │ ├── pC_xml10014.md │ │ │ ├── pC_xml10015.md │ │ │ ├── pC_xml100161.md │ │ │ ├── pC_xml10024.md │ │ │ ├── pC_xml10025.md │ │ │ ├── pC_xml30002.md │ │ │ ├── pC_xml30004.md │ │ │ ├── pC_xml30009.md │ │ │ ├── pC_xml30010.md │ │ │ ├── pC_xml30026.md │ │ │ ├── pC_xml30028.md │ │ │ └── pC_xml30029.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_active_directory_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_azure_active_directory_Account_Manipulation.md │ │ │ ├── r_m_microsoft_azure_active_directory_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_active_directory_Data_Access.md │ │ │ ├── r_m_microsoft_azure_active_directory_Data_Leak.md │ │ │ ├── r_m_microsoft_azure_active_directory_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_active_directory_Malware.md │ │ │ ├── r_m_microsoft_azure_active_directory_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_azure_active_directory_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_azure_active_directory_Privileged_Activity.md │ │ │ └── r_m_microsoft_azure_active_directory_Ransomware.md │ │ └── ds_microsoft_azure_active_directory.md │ ├── Azure_Advanced_Threat_Protection │ │ ├── 2_ds_microsoft_azure_advanced_threat_protection.md │ │ ├── Ps │ │ │ ├── pC_azureatpsecurityalert.md │ │ │ ├── pC_azureatpsecurityalert1.md │ │ │ ├── pC_azureatpsecurityalert2.md │ │ │ ├── pC_azureatpsecurityalert3.md │ │ │ ├── pC_azureatpsecurityalert4.md │ │ │ ├── pC_azureatpsecurityalert5.md │ │ │ ├── pC_azureatpsecurityalert6.md │ │ │ └── pC_azureatpsecurityalert7.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_advanced_threat_protection_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_advanced_threat_protection_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_advanced_threat_protection_Malware.md │ │ │ └── r_m_microsoft_azure_advanced_threat_protection_Privileged_Activity.md │ │ └── ds_microsoft_azure_advanced_threat_protection.md │ ├── Azure_MFA │ │ ├── 2_ds_microsoft_azure_mfa.md │ │ ├── Ps │ │ │ ├── pC_azuremfaadminactivity.md │ │ │ ├── pC_azuremfaauthfailed.md │ │ │ ├── pC_azuremfaauthfailed2.md │ │ │ ├── pC_azuremfaauthsuccessful.md │ │ │ ├── pC_sazuramfaauthfailed.md │ │ │ ├── pC_sazuramfaauthsuccessful.md │ │ │ ├── pC_sazurapriauthfailed.md │ │ │ └── pC_sazurapriauthsuccessful.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_mfa_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_azure_mfa_Account_Manipulation.md │ │ │ ├── r_m_microsoft_azure_mfa_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_mfa_Data_Access.md │ │ │ ├── r_m_microsoft_azure_mfa_Data_Leak.md │ │ │ ├── r_m_microsoft_azure_mfa_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_mfa_Malware.md │ │ │ ├── r_m_microsoft_azure_mfa_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_azure_mfa_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_azure_mfa_Privileged_Activity.md │ │ │ └── r_m_microsoft_azure_mfa_Ransomware.md │ │ └── ds_microsoft_azure_mfa.md │ ├── Azure_Security_Center │ │ ├── 2_ds_microsoft_azure_security_center.md │ │ ├── Ps │ │ │ ├── pC_azuresecurityalert2.md │ │ │ ├── pC_azuresecuritycenternetworkalert.md │ │ │ ├── pC_azuresecuritycenterprocessalert.md │ │ │ ├── pC_azuresecuritycentersecurityalert.md │ │ │ ├── pC_azuresecuritycentersecurityalert1.md │ │ │ ├── pC_azuresecuritycentersecurityalert2.md │ │ │ ├── pC_azuresecuritycentersecurityalert3.md │ │ │ ├── pC_azuresecuritycentersecurityalert4.md │ │ │ ├── pC_azuresecuritycentersecurityalert5.md │ │ │ ├── pC_cefazuresecurityalert.md │ │ │ ├── pC_cefmicrosoftdlpalert.md │ │ │ ├── pC_cefmicrosoftprocessalert.md │ │ │ ├── pC_cefmicrosoftprocessalert1.md │ │ │ ├── pC_cefmicrosoftsecurityalert.md │ │ │ ├── pC_cefmicrosoftsecurityalert1.md │ │ │ └── pC_cefsecuritygraphalert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_security_center_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_security_center_Data_Access.md │ │ │ ├── r_m_microsoft_azure_security_center_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_azure_security_center_Data_Leak.md │ │ │ ├── r_m_microsoft_azure_security_center_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_security_center_Malware.md │ │ │ └── r_m_microsoft_azure_security_center_Privileged_Activity.md │ │ └── ds_microsoft_azure_security_center.md │ ├── Azure_Sentinel │ │ ├── Ps │ │ │ └── pC_azuresecurityalert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_azure_sentinel_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_azure_sentinel_Lateral_Movement.md │ │ │ ├── r_m_microsoft_azure_sentinel_Malware.md │ │ │ └── r_m_microsoft_azure_sentinel_Privileged_Activity.md │ │ └── ds_microsoft_azure_sentinel.md │ ├── Cloud_App_Security_(MCAS) │ │ ├── 2_ds_microsoft_cloud_app_security_(mcas).md │ │ ├── Ps │ │ │ ├── pC_casappactivity.md │ │ │ ├── pC_casloginfailed.md │ │ │ ├── pC_casloginsuccess.md │ │ │ ├── pC_cefazureonedriveaccountpasswordchange.md │ │ │ ├── pC_cefazureonedriveaccountpasswordreset.md │ │ │ ├── pC_cefazureonedriveappactivity1.md │ │ │ ├── pC_cefazureonedriveappactivity10.md │ │ │ ├── pC_cefazureonedriveappactivity11.md │ │ │ ├── pC_cefazureonedriveappactivity12.md │ │ │ ├── pC_cefazureonedriveappactivity13.md │ │ │ ├── pC_cefazureonedriveappactivity14.md │ │ │ ├── pC_cefazureonedriveappactivity15.md │ │ │ ├── pC_cefazureonedriveappactivity16.md │ │ │ ├── pC_cefazureonedriveappactivity17.md │ │ │ ├── pC_cefazureonedriveappactivity18.md │ │ │ ├── pC_cefazureonedriveappactivity19.md │ │ │ ├── pC_cefazureonedriveappactivity2.md │ │ │ ├── pC_cefazureonedriveappactivity20.md │ │ │ ├── pC_cefazureonedriveappactivity21.md │ │ │ ├── pC_cefazureonedriveappactivity22.md │ │ │ ├── pC_cefazureonedriveappactivity23.md │ │ │ ├── pC_cefazureonedriveappactivity24.md │ │ │ ├── pC_cefazureonedriveappactivity25.md │ │ │ ├── pC_cefazureonedriveappactivity26.md │ │ │ ├── pC_cefazureonedriveappactivity27.md │ │ │ ├── pC_cefazureonedriveappactivity28.md │ │ │ ├── pC_cefazureonedriveappactivity29.md │ │ │ ├── pC_cefazureonedriveappactivity3.md │ │ │ ├── pC_cefazureonedriveappactivity30.md │ │ │ ├── pC_cefazureonedriveappactivity31.md │ │ │ ├── pC_cefazureonedriveappactivity32.md │ │ │ ├── pC_cefazureonedriveappactivity33.md │ │ │ ├── pC_cefazureonedriveappactivity34.md │ │ │ ├── pC_cefazureonedriveappactivity35.md │ │ │ ├── pC_cefazureonedriveappactivity36.md │ │ │ ├── pC_cefazureonedriveappactivity4.md │ │ │ ├── pC_cefazureonedriveappactivity5.md │ │ │ ├── pC_cefazureonedriveappactivity6.md │ │ │ ├── pC_cefazureonedriveappactivity7.md │ │ │ ├── pC_cefazureonedriveappactivity8.md │ │ │ ├── pC_cefazureonedriveappactivity9.md │ │ │ ├── pC_cefazureonedrivefileactivity1.md │ │ │ ├── pC_cefazureonedrivefileactivity10.md │ │ │ ├── pC_cefazureonedrivefileactivity11.md │ │ │ ├── pC_cefazureonedrivefileactivity12.md │ │ │ ├── pC_cefazureonedrivefileactivity13.md │ │ │ ├── pC_cefazureonedrivefileactivity14.md │ │ │ ├── pC_cefazureonedrivefileactivity15.md │ │ │ ├── pC_cefazureonedrivefileactivity2.md │ │ │ ├── pC_cefazureonedrivefileactivity3.md │ │ │ ├── pC_cefazureonedrivefileactivity4.md │ │ │ ├── pC_cefazureonedrivefileactivity5.md │ │ │ ├── pC_cefazureonedrivefileactivity6.md │ │ │ ├── pC_cefazureonedrivefileactivity7.md │ │ │ ├── pC_cefazureonedrivefileactivity8.md │ │ │ ├── pC_cefazureonedrivefileactivity9.md │ │ │ ├── pC_cefazureonedrivefileupload.md │ │ │ ├── pC_cefazureonedrivefilewrite.md │ │ │ ├── pC_cefazuresiemapplogon.md │ │ │ ├── pC_cefcassecurityalert.md │ │ │ ├── pC_jsonmicrosoftmcasanomaly.md │ │ │ ├── pC_jsonmicrosoftmcasanubis.md │ │ │ ├── pC_jsonmicrosoftmcascabinet.md │ │ │ ├── pC_jsonmicrosofto365alert12.md │ │ │ ├── pC_jsonmicrosofto365alert13.md │ │ │ ├── pC_jsonmicrosofto365alert14.md │ │ │ ├── pC_jsonmicrosofto365alert15.md │ │ │ ├── pC_jsonmicrosofto365alert16.md │ │ │ ├── pC_jsonmicrosofto365alert17.md │ │ │ ├── pC_mcassecurityalert1.md │ │ │ ├── pC_mcassecurityalert2.md │ │ │ ├── pC_mcassecurityalert3.md │ │ │ ├── pC_mcassecurityalert4.md │ │ │ ├── pC_mcassecurityalert5.md │ │ │ ├── pC_microsoftcloudappdlpalert.md │ │ │ ├── pC_microsoftcloudappsecurityalert.md │ │ │ ├── pC_microsoftcloudappsecurityalert1.md │ │ │ ├── pC_microsoftcloudappsecurityalert2.md │ │ │ └── pC_qo365siemsecurityalert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Account_Manipulation.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Data_Access.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Data_Leak.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Lateral_Movement.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Malware.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_cloud_app_security_(mcas)_Privileged_Activity.md │ │ │ └── r_m_microsoft_cloud_app_security_(mcas)_Ransomware.md │ │ └── ds_microsoft_cloud_app_security_(mcas).md │ ├── Defender_ATP │ │ ├── 2_ds_microsoft_defender_atp.md │ │ ├── Ps │ │ │ ├── pC_cefdefenderatpalert.md │ │ │ ├── pC_cefdefenderatpbatchlogon.md │ │ │ ├── pC_cefdefenderatpfile.md │ │ │ ├── pC_cefdefenderatplocallogon.md │ │ │ ├── pC_cefdefenderatpmalwaredetected.md │ │ │ ├── pC_cefdefenderatpmemberadded.md │ │ │ ├── pC_cefdefenderatpmemberremoved.md │ │ │ ├── pC_cefdefenderatpnetworkcon.md │ │ │ ├── pC_cefdefenderatpprocess.md │ │ │ ├── pC_cefdefenderatpprocess1.md │ │ │ ├── pC_cefdefenderatpprocessinvokewebrequest.md │ │ │ ├── pC_cefdefenderatpremoteaccess.md │ │ │ ├── pC_cefdefenderatpremotelogon.md │ │ │ ├── pC_cefdefenderatpservicelogon.md │ │ │ ├── pC_cefdefendergraphsecurityalert.md │ │ │ ├── pC_defenderatpfileevents.md │ │ │ ├── pC_defenderatplogon.md │ │ │ ├── pC_defenderatpnetwork.md │ │ │ ├── pC_defenderatpprocess.md │ │ │ ├── pC_defenderatpprocess2.md │ │ │ ├── pC_defenderatpsecurityalert.md │ │ │ ├── pC_defenderatpsecurityalert1.md │ │ │ ├── pC_defenderatpsecurityalert11.md │ │ │ ├── pC_defenderatpsecurityalert12.md │ │ │ ├── pC_defenderatpsecurityalert13.md │ │ │ ├── pC_defenderatpsecurityalert14.md │ │ │ ├── pC_defenderatpsecurityalert15.md │ │ │ ├── pC_defenderatpsecurityalert16.md │ │ │ ├── pC_defenderatpsecurityalert2.md │ │ │ ├── pC_defenderatpsecurityalert3.md │ │ │ ├── pC_defenderatpsecurityalert4.md │ │ │ ├── pC_defenderatpsecurityalert5.md │ │ │ ├── pC_defenderatpsecurityalert6.md │ │ │ ├── pC_defenderatpsecurityalert7.md │ │ │ ├── pC_defenderatpsecurityalert8.md │ │ │ ├── pC_defenderatpsecurityalert9.md │ │ │ ├── pC_jsondefenderatpalert.md │ │ │ ├── pC_jsonmicrosofto365alert11.md │ │ │ ├── pC_jsonmicrosofto365alert18.md │ │ │ ├── pC_jsonmicrosofto365alert19.md │ │ │ ├── pC_jsonmicrosofto365alert3.md │ │ │ ├── pC_jsonmicrosofto365alert4.md │ │ │ ├── pC_jsonmicrosofto365alert5.md │ │ │ ├── pC_jsonmicrosofto365alert6.md │ │ │ ├── pC_jsonmicrosofto365alert7.md │ │ │ ├── pC_jsonmicrosofto365alert8.md │ │ │ └── pC_jsonmicrosofto365alert9.md │ │ ├── RM │ │ │ ├── r_m_microsoft_defender_atp_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_defender_atp_Account_Manipulation.md │ │ │ ├── r_m_microsoft_defender_atp_Audit_Tampering.md │ │ │ ├── r_m_microsoft_defender_atp_Brute_Force_Attack.md │ │ │ ├── r_m_microsoft_defender_atp_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_defender_atp_Cryptomining.md │ │ │ ├── r_m_microsoft_defender_atp_Data_Access.md │ │ │ ├── r_m_microsoft_defender_atp_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_defender_atp_Data_Leak.md │ │ │ ├── r_m_microsoft_defender_atp_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_defender_atp_Evasion.md │ │ │ ├── r_m_microsoft_defender_atp_Lateral_Movement.md │ │ │ ├── r_m_microsoft_defender_atp_Malware.md │ │ │ ├── r_m_microsoft_defender_atp_Phishing.md │ │ │ ├── r_m_microsoft_defender_atp_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_defender_atp_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_defender_atp_Privileged_Activity.md │ │ │ └── r_m_microsoft_defender_atp_Ransomware.md │ │ └── ds_microsoft_defender_atp.md │ ├── Defender_Antivirus │ │ ├── Ps │ │ │ ├── pC_rawdefenderav1116.md │ │ │ ├── pC_xml1009.md │ │ │ ├── pC_xml1116.md │ │ │ └── pC_xml1117.md │ │ ├── RM │ │ │ ├── r_m_microsoft_defender_antivirus_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_defender_antivirus_Lateral_Movement.md │ │ │ ├── r_m_microsoft_defender_antivirus_Malware.md │ │ │ └── r_m_microsoft_defender_antivirus_Privileged_Activity.md │ │ └── ds_microsoft_defender_antivirus.md │ ├── DirectAccess │ │ ├── Ps │ │ │ ├── pC_windowsvpnlogin4979.md │ │ │ ├── pC_windowsvpnlogin4981.md │ │ │ └── pC_windowsvpnloginfailed4654.md │ │ ├── RM │ │ │ ├── r_m_microsoft_directaccess_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_directaccess_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_directaccess_Lateral_Movement.md │ │ │ ├── r_m_microsoft_directaccess_Malware.md │ │ │ ├── r_m_microsoft_directaccess_Physical_Security.md │ │ │ ├── r_m_microsoft_directaccess_Privilege_Abuse.md │ │ │ └── r_m_microsoft_directaccess_Ransomware.md │ │ └── ds_microsoft_directaccess.md │ ├── Exchange │ │ ├── 2_ds_microsoft_exchange.md │ │ ├── Ps │ │ │ ├── pC_cefdlpemailin.md │ │ │ ├── pC_cefdlpemailout.md │ │ │ ├── pC_cefexchangeappactivity.md │ │ │ ├── pC_cefexchangeappactivity1.md │ │ │ ├── pC_cefexchangeappactivity2.md │ │ │ ├── pC_cefexchangeappactivity3.md │ │ │ ├── pC_cefexchangeappactivity4.md │ │ │ ├── pC_cefexchangeappactivity5.md │ │ │ ├── pC_cefexchangeappactivity6.md │ │ │ ├── pC_cefexchangeappactivity7.md │ │ │ ├── pC_exchangeapplogin.md │ │ │ ├── pC_exchangeapplogin1.md │ │ │ ├── pC_exchangedlpalert.md │ │ │ ├── pC_exchangedlpalert1.md │ │ │ ├── pC_exchangedlpemailalert1.md │ │ │ ├── pC_exchangedlpemailalert2.md │ │ │ ├── pC_exchangedlpemailalert3.md │ │ │ ├── pC_exchangedlpemailalertresolved.md │ │ │ ├── pC_exchangedlpemailin.md │ │ │ ├── pC_exchangedlpemailin1.md │ │ │ ├── pC_exchangedlpemailin2.md │ │ │ ├── pC_exchangedlpemailinfailed.md │ │ │ ├── pC_exchangedlpemailinsd.md │ │ │ ├── pC_exchangedlpemailinternal.md │ │ │ ├── pC_exchangedlpemailout.md │ │ │ ├── pC_exchangedlpemailout1.md │ │ │ ├── pC_exchangedlpemailoutfailed.md │ │ │ ├── pC_exchangedlpemailoutsd.md │ │ │ ├── pC_exchangefailedapplogin.md │ │ │ ├── pC_jsonexchangedlpemailin.md │ │ │ ├── pC_jsonexchangedlpemailout.md │ │ │ ├── pC_jsonexchangeemail.md │ │ │ ├── pC_outlookexchangeappactivity1.md │ │ │ ├── pC_outlookexchangeappactivity10.md │ │ │ ├── pC_outlookexchangeappactivity2.md │ │ │ ├── pC_outlookexchangeappactivity3.md │ │ │ ├── pC_outlookexchangeappactivity4.md │ │ │ ├── pC_outlookexchangeappactivity5.md │ │ │ ├── pC_outlookexchangeappactivity6.md │ │ │ ├── pC_outlookexchangeappactivity7.md │ │ │ ├── pC_outlookexchangeappactivity8.md │ │ │ ├── pC_outlookexchangeappactivity9.md │ │ │ ├── pC_qexchangedlpemailin.md │ │ │ ├── pC_qexchangedlpemailin1.md │ │ │ ├── pC_qexchangedlpemailin2.md │ │ │ ├── pC_qexchangedlpemailin3.md │ │ │ ├── pC_qexchangedlpemailin4.md │ │ │ ├── pC_qexchangedlpemailin5.md │ │ │ ├── pC_qexchangedlpemailout.md │ │ │ ├── pC_qexchangedlpemailout1.md │ │ │ ├── pC_qexchangedlpemailout2.md │ │ │ ├── pC_qexchangedlpemailout3.md │ │ │ ├── pC_qexchangedlpemailout4.md │ │ │ ├── pC_qexchangedlpemailout5.md │ │ │ ├── pC_qfailedapplogin.md │ │ │ ├── pC_sexchangeappactivity.md │ │ │ └── pC_sowaactivity.md │ │ ├── RM │ │ │ ├── r_m_microsoft_exchange_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_exchange_Account_Manipulation.md │ │ │ ├── r_m_microsoft_exchange_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_exchange_Data_Access.md │ │ │ ├── r_m_microsoft_exchange_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_exchange_Data_Leak.md │ │ │ ├── r_m_microsoft_exchange_Lateral_Movement.md │ │ │ ├── r_m_microsoft_exchange_Malware.md │ │ │ ├── r_m_microsoft_exchange_Phishing.md │ │ │ ├── r_m_microsoft_exchange_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_exchange_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_exchange_Privileged_Activity.md │ │ │ ├── r_m_microsoft_exchange_Ransomware.md │ │ │ └── r_m_microsoft_exchange_Workforce_Protection.md │ │ └── ds_microsoft_exchange.md │ ├── IIS │ │ ├── Ps │ │ │ ├── pC_cefiiswebactivity.md │ │ │ ├── pC_cefiiswebactivity1.md │ │ │ └── pC_xmliis6200webactivity.md │ │ ├── RM │ │ │ ├── r_m_microsoft_iis_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_iis_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_iis_Cryptomining.md │ │ │ ├── r_m_microsoft_iis_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_iis_Data_Leak.md │ │ │ ├── r_m_microsoft_iis_Lateral_Movement.md │ │ │ ├── r_m_microsoft_iis_Malware.md │ │ │ ├── r_m_microsoft_iis_Phishing.md │ │ │ ├── r_m_microsoft_iis_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_iis_Privileged_Activity.md │ │ │ ├── r_m_microsoft_iis_Ransomware.md │ │ │ └── r_m_microsoft_iis_Workforce_Protection.md │ │ └── ds_microsoft_iis.md │ ├── Microsoft_Azure │ │ ├── Ps │ │ │ ├── pC_azureblobactivity1.md │ │ │ ├── pC_azureblobactivity2.md │ │ │ ├── pC_azureblobegressjson.md │ │ │ ├── pC_azurediskswrite.md │ │ │ ├── pC_azureimageswrite.md │ │ │ ├── pC_azurekeyvaultactivity.md │ │ │ ├── pC_azurememorymetircsjson.md │ │ │ ├── pC_azureprocessormetircsjson.md │ │ │ ├── pC_azureroleassignmentswrite.md │ │ │ ├── pC_azureroledefinitonwrite.md │ │ │ ├── pC_azuresnapshotswrite.md │ │ │ ├── pC_azuresshpublickeyswrite.md │ │ │ └── pC_azurevirtualmachineswrite.md │ │ ├── RM │ │ │ ├── r_m_microsoft_microsoft_azure_Cloud_Data_Protection.md │ │ │ ├── r_m_microsoft_microsoft_azure_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_microsoft_azure_Cryptomining.md │ │ │ ├── r_m_microsoft_microsoft_azure_Malware.md │ │ │ └── r_m_microsoft_microsoft_azure_Privilege_Escalation.md │ │ └── ds_microsoft_microsoft_azure.md │ ├── Network_Policy_Server │ │ ├── 2_ds_microsoft_network_policy_server.md │ │ ├── Ps │ │ │ ├── pC_cefmsnnaclogon.md │ │ │ ├── pC_json6273.md │ │ │ ├── pC_microsoftnpcfailedlogon1.md │ │ │ ├── pC_microsoftnpcnaclogon1.md │ │ │ ├── pC_microsoftnps6272.md │ │ │ ├── pC_microsoftnps6273.md │ │ │ ├── pC_microsoftnps6274.md │ │ │ ├── pC_microsoftnps6278.md │ │ │ ├── pC_microsoftnpsnaclogon.md │ │ │ ├── pC_msnetworknaclogon.md │ │ │ ├── pC_msnetworknaclogon2.md │ │ │ ├── pC_msnetworknaclogon3.md │ │ │ ├── pC_msnetworknaclogon4.md │ │ │ ├── pC_msnetworknaclogon5.md │ │ │ └── pC_sradiuswirelessnaclogon.md │ │ ├── RM │ │ │ ├── r_m_microsoft_network_policy_server_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_network_policy_server_Compromised_Credentials.md │ │ │ └── r_m_microsoft_network_policy_server_Lateral_Movement.md │ │ └── ds_microsoft_network_policy_server.md │ ├── Office_365 │ │ ├── 2_ds_microsoft_office_365.md │ │ ├── Ps │ │ │ ├── pC_azureprocesscreated.md │ │ │ ├── pC_cefmicrosoftappactivity1.md │ │ │ ├── pC_cefmicrosoftappactivity10.md │ │ │ ├── pC_cefmicrosoftappactivity11.md │ │ │ ├── pC_cefmicrosoftappactivity12.md │ │ │ ├── pC_cefmicrosoftappactivity17.md │ │ │ ├── pC_cefmicrosoftappactivity18.md │ │ │ ├── pC_cefmicrosoftappactivity19.md │ │ │ ├── pC_cefmicrosoftappactivity2.md │ │ │ ├── pC_cefmicrosoftappactivity20.md │ │ │ ├── pC_cefmicrosoftappactivity21.md │ │ │ ├── pC_cefmicrosoftappactivity22.md │ │ │ ├── pC_cefmicrosoftappactivity23.md │ │ │ ├── pC_cefmicrosoftappactivity24.md │ │ │ ├── pC_cefmicrosoftappactivity25.md │ │ │ ├── pC_cefmicrosoftappactivity26.md │ │ │ ├── pC_cefmicrosoftappactivity27.md │ │ │ ├── pC_cefmicrosoftappactivity28.md │ │ │ ├── pC_cefmicrosoftappactivity29.md │ │ │ ├── pC_cefmicrosoftappactivity3.md │ │ │ ├── pC_cefmicrosoftappactivity30.md │ │ │ ├── pC_cefmicrosoftappactivity31.md │ │ │ ├── pC_cefmicrosoftappactivity32.md │ │ │ ├── pC_cefmicrosoftappactivity33.md │ │ │ ├── pC_cefmicrosoftappactivity34.md │ │ │ ├── pC_cefmicrosoftappactivity35.md │ │ │ ├── pC_cefmicrosoftappactivity36.md │ │ │ ├── pC_cefmicrosoftappactivity37.md │ │ │ ├── pC_cefmicrosoftappactivity39.md │ │ │ ├── pC_cefmicrosoftappactivity4.md │ │ │ ├── pC_cefmicrosoftappactivity40.md │ │ │ ├── pC_cefmicrosoftappactivity41.md │ │ │ ├── pC_cefmicrosoftappactivity42.md │ │ │ ├── pC_cefmicrosoftappactivity5.md │ │ │ ├── pC_cefmicrosoftappactivity51.md │ │ │ ├── pC_cefmicrosoftappactivity52.md │ │ │ ├── pC_cefmicrosoftappactivity53.md │ │ │ ├── pC_cefmicrosoftappactivity54.md │ │ │ ├── pC_cefmicrosoftappactivity55.md │ │ │ ├── pC_cefmicrosoftappactivity7.md │ │ │ ├── pC_cefmicrosoftappactivity8.md │ │ │ ├── pC_cefmicrosoftappactivity9.md │ │ │ ├── pC_cefmicrosoftappactivityinboxrule.md │ │ │ ├── pC_cefmicrosoftgraphactivity.md │ │ │ ├── pC_cefmicrosoftgraphactivity1.md │ │ │ ├── pC_cefmicrosoftgraphactivity3.md │ │ │ ├── pC_cefmicrosoftgraphactivity4.md │ │ │ ├── pC_cefmicrosoftgraphactivity6.md │ │ │ ├── pC_cefo365appactivity1.md │ │ │ ├── pC_cefo365appactivity10.md │ │ │ ├── pC_cefo365appactivity11.md │ │ │ ├── pC_cefo365appactivity12.md │ │ │ ├── pC_cefo365appactivity13.md │ │ │ ├── pC_cefo365appactivity14.md │ │ │ ├── pC_cefo365appactivity15.md │ │ │ ├── pC_cefo365appactivity16.md │ │ │ ├── pC_cefo365appactivity17.md │ │ │ ├── pC_cefo365appactivity18.md │ │ │ ├── pC_cefo365appactivity19.md │ │ │ ├── pC_cefo365appactivity2.md │ │ │ ├── pC_cefo365appactivity20.md │ │ │ ├── pC_cefo365appactivity21.md │ │ │ ├── pC_cefo365appactivity22.md │ │ │ ├── pC_cefo365appactivity23.md │ │ │ ├── pC_cefo365appactivity3.md │ │ │ ├── pC_cefo365appactivity4.md │ │ │ ├── pC_cefo365appactivity5.md │ │ │ ├── pC_cefo365appactivity6.md │ │ │ ├── pC_cefo365appactivity7.md │ │ │ ├── pC_cefo365appactivity8.md │ │ │ ├── pC_cefo365appactivity9.md │ │ │ ├── pC_cefo365applogin.md │ │ │ ├── pC_cefo365applogin2.md │ │ │ ├── pC_cefo365apploginfailed.md │ │ │ ├── pC_cefo365dlpalert.md │ │ │ ├── pC_cefo365dlpemail.md │ │ │ ├── pC_cefo365dlpemailin.md │ │ │ ├── pC_cefo365dlpemailout.md │ │ │ ├── pC_cefo365dlpemailout1.md │ │ │ ├── pC_cefo365filedelete1.md │ │ │ ├── pC_cefo365filedelete2.md │ │ │ ├── pC_cefo365fileread1.md │ │ │ ├── pC_cefo365fileread2.md │ │ │ ├── pC_cefo365fileread3.md │ │ │ ├── pC_cefo365fileread4.md │ │ │ ├── pC_cefo365fileread5.md │ │ │ ├── pC_cefo365fileread6.md │ │ │ ├── pC_cefo365fileread7.md │ │ │ ├── pC_cefo365fileread8.md │ │ │ ├── pC_cefo365filewrite1.md │ │ │ ├── pC_cefo365filewrite10.md │ │ │ ├── pC_cefo365filewrite11.md │ │ │ ├── pC_cefo365filewrite2.md │ │ │ ├── pC_cefo365filewrite3.md │ │ │ ├── pC_cefo365filewrite4.md │ │ │ ├── pC_cefo365filewrite5.md │ │ │ ├── pC_cefo365filewrite6.md │ │ │ ├── pC_cefo365filewrite7.md │ │ │ ├── pC_cefo365filewrite8.md │ │ │ ├── pC_cefo365filewrite9.md │ │ │ ├── pC_cefo365passwordchange.md │ │ │ ├── pC_cefo365securityalert.md │ │ │ ├── pC_cefsyslogsharepointactivity.md │ │ │ ├── pC_jsonemailsaaso365alert.md │ │ │ ├── pC_jsonmicrosoftappactivity1.md │ │ │ ├── pC_jsonmicrosoftappactivity10.md │ │ │ ├── pC_jsonmicrosoftappactivity11.md │ │ │ ├── pC_jsonmicrosoftappactivity12.md │ │ │ ├── pC_jsonmicrosoftappactivity17.md │ │ │ ├── pC_jsonmicrosoftappactivity19.md │ │ │ ├── pC_jsonmicrosoftappactivity2.md │ │ │ ├── pC_jsonmicrosoftappactivity31.md │ │ │ ├── pC_jsonmicrosoftappactivity32.md │ │ │ ├── pC_jsonmicrosoftappactivity5.md │ │ │ ├── pC_jsonmicrosoftappactivity6.md │ │ │ ├── pC_jsonmicrosoftappactivity8.md │ │ │ ├── pC_jsonmicrosoftappactivity9.md │ │ │ ├── pC_jsono365activity3.md │ │ │ ├── pC_jsono365applogin.md │ │ │ ├── pC_jsono365dlpemail.md │ │ │ ├── pC_jsono365failedapplogin.md │ │ │ ├── pC_jsono365filewrite7.md │ │ │ ├── pC_logrhythm0365accountpasswordchange.md │ │ │ ├── pC_logrhythm0365applogin.md │ │ │ ├── pC_logrhythm0365failedapplogin.md │ │ │ ├── pC_logrhythmo365fileactivity.md │ │ │ ├── pC_logrhythmo365filedelete.md │ │ │ ├── pC_logrhythmo365filedelete2.md │ │ │ ├── pC_logrhythmo365filedelete3.md │ │ │ ├── pC_logrhythmo365fileread.md │ │ │ ├── pC_logrhythmo365fileread2.md │ │ │ ├── pC_logrhythmo365fileread3.md │ │ │ ├── pC_logrhythmo365fileread4.md │ │ │ ├── pC_logrhythmo365fileread5.md │ │ │ ├── pC_logrhythmo365fileread6.md │ │ │ ├── pC_logrhythmo365fileread7.md │ │ │ ├── pC_logrhythmo365fileupload.md │ │ │ ├── pC_logrhythmo365filewrite.md │ │ │ ├── pC_logrhythmo365filewrite2.md │ │ │ ├── pC_logrhythmo365filewrite3.md │ │ │ ├── pC_logrhythmo365filewrite4.md │ │ │ ├── pC_logrhythmo365filewrite5.md │ │ │ ├── pC_logrhythmo365filewrite6.md │ │ │ ├── pC_logrhythmo365filewrite7.md │ │ │ ├── pC_logrhythmo365filewrite8.md │ │ │ ├── pC_microsoftappactivity1.md │ │ │ ├── pC_microsoftappactivity10.md │ │ │ ├── pC_microsoftappactivity11.md │ │ │ ├── pC_microsoftappactivity12.md │ │ │ ├── pC_microsoftappactivity2.md │ │ │ ├── pC_microsoftappactivity4.md │ │ │ ├── pC_microsoftappactivity5.md │ │ │ ├── pC_microsoftappactivity6.md │ │ │ ├── pC_microsoftappactivity7.md │ │ │ ├── pC_microsoftappactivity8.md │ │ │ ├── pC_microsoftappactivity9.md │ │ │ ├── pC_o365activity.md │ │ │ ├── pC_o365activity1.md │ │ │ ├── pC_o365activity3.md │ │ │ ├── pC_o365applogin.md │ │ │ ├── pC_o365applogin1.md │ │ │ ├── pC_o365dlpalert.md │ │ │ ├── pC_o365dlpalert1.md │ │ │ ├── pC_o365dlpemailout1.md │ │ │ ├── pC_o365dlpemailout2.md │ │ │ ├── pC_o365dlppolicyalert.md │ │ │ ├── pC_o365dlpruleundoactivity.md │ │ │ ├── pC_o365emailalert.md │ │ │ ├── pC_o365emailalertin.md │ │ │ ├── pC_o365emailalertout.md │ │ │ ├── pC_o365failedapplogin.md │ │ │ ├── pC_o365inboxactivity.md │ │ │ ├── pC_o365inboxrules.md │ │ │ ├── pC_o365inboxrules2.md │ │ │ ├── pC_o365inboxrulesall.md │ │ │ ├── pC_o365inboxrulesall2.md │ │ │ ├── pC_o365inboxrulesforwardto.md │ │ │ ├── pC_o365inboxrulesforwardto1.md │ │ │ ├── pC_o365inboxrulesforwardto2.md │ │ │ ├── pC_o365inboxrulesmovetofolder.md │ │ │ ├── pC_o365malurlclick.md │ │ │ ├── pC_o365malwarealert.md │ │ │ ├── pC_o365miplabelactivity.md │ │ │ ├── pC_o365onedriveappactivity.md │ │ │ ├── pC_o365phishingalert.md │ │ │ ├── pC_o365powerbiactivity.md │ │ │ ├── pC_o365securityalert.md │ │ │ ├── pC_o365securityalert1.md │ │ │ ├── pC_o365securityalert2.md │ │ │ ├── pC_o365securityalert3.md │ │ │ ├── pC_o365sharepointactivity.md │ │ │ ├── pC_o365sharepointappactivity.md │ │ │ ├── pC_o365signinalert.md │ │ │ ├── pC_o365teamsactivity1.md │ │ │ ├── pC_o365teamsapplogin.md │ │ │ ├── pC_o365urlclickalert.md │ │ │ ├── pC_o365usbwrite.md │ │ │ ├── pC_qo365dlpemail.md │ │ │ ├── pC_qo365sharepointactivity.md │ │ │ ├── pC_so365dlpemail.md │ │ │ ├── pC_so365email.md │ │ │ └── pC_xmlemailsaaso365alert.md │ │ ├── RM │ │ │ ├── r_m_microsoft_office_365_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_office_365_Account_Manipulation.md │ │ │ ├── r_m_microsoft_office_365_Audit_Tampering.md │ │ │ ├── r_m_microsoft_office_365_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_office_365_Cryptomining.md │ │ │ ├── r_m_microsoft_office_365_Data_Access.md │ │ │ ├── r_m_microsoft_office_365_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_office_365_Data_Leak.md │ │ │ ├── r_m_microsoft_office_365_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_office_365_Evasion.md │ │ │ ├── r_m_microsoft_office_365_Lateral_Movement.md │ │ │ ├── r_m_microsoft_office_365_Malware.md │ │ │ ├── r_m_microsoft_office_365_Phishing.md │ │ │ ├── r_m_microsoft_office_365_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_office_365_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_office_365_Privileged_Activity.md │ │ │ ├── r_m_microsoft_office_365_Ransomware.md │ │ │ └── r_m_microsoft_office_365_Workforce_Protection.md │ │ └── ds_microsoft_office_365.md │ ├── OneDrive │ │ ├── 2_ds_microsoft_onedrive.md │ │ ├── Ps │ │ │ ├── pC_cefonedriveappactivity.md │ │ │ ├── pC_cefonedriveappactivity1.md │ │ │ ├── pC_cefonedriveappactivity2.md │ │ │ ├── pC_cefonedriveappactivity3.md │ │ │ ├── pC_cefonedriveappactivity4.md │ │ │ ├── pC_cefonedriveappactivity5.md │ │ │ ├── pC_cefonedriveappactivity7.md │ │ │ └── pC_cefonedrivefileactivity.md │ │ ├── RM │ │ │ ├── r_m_microsoft_onedrive_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_onedrive_Account_Manipulation.md │ │ │ ├── r_m_microsoft_onedrive_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_onedrive_Data_Access.md │ │ │ ├── r_m_microsoft_onedrive_Data_Leak.md │ │ │ ├── r_m_microsoft_onedrive_Lateral_Movement.md │ │ │ ├── r_m_microsoft_onedrive_Malware.md │ │ │ ├── r_m_microsoft_onedrive_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_onedrive_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_onedrive_Privileged_Activity.md │ │ │ └── r_m_microsoft_onedrive_Ransomware.md │ │ └── ds_microsoft_onedrive.md │ ├── Routing_and_Remote_Access_Service │ │ ├── Ps │ │ │ ├── pC_microsoftrraauthsuccessful.md │ │ │ ├── pC_microsoftrravpnlogin.md │ │ │ └── pC_microsoftrravpnlogout.md │ │ ├── RM │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Account_Manipulation.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Brute_Force_Attack.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Data_Access.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Data_Leak.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Lateral_Movement.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Malware.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Phishing.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Physical_Security.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_routing_and_remote_access_service_Privilege_Escalation.md │ │ │ └── r_m_microsoft_routing_and_remote_access_service_Ransomware.md │ │ └── ds_microsoft_routing_and_remote_access_service.md │ ├── SQL_Server │ │ ├── 2_ds_microsoft_sql_server.md │ │ ├── Ps │ │ │ ├── pC_cefmicrosoftdatabasedelete.md │ │ │ ├── pC_cefmicrosoftdatabasefailedlogin.md │ │ │ ├── pC_cefmicrosoftdatabasefailedlogin1.md │ │ │ ├── pC_cefmicrosoftdatabaselogin.md │ │ │ ├── pC_cefmssqldatabaseaccess.md │ │ │ ├── pC_cefmssqldatabaselogin.md │ │ │ ├── pC_cefsyslogmicrosoftdbimpersonate.md │ │ │ ├── pC_cefsyslogmicrosoftdblogin.md │ │ │ ├── pC_exalmssqlserverfailedlogin.md │ │ │ ├── pC_exalmssqlserverfailedlogin1.md │ │ │ ├── pC_leefmssqldatabasefailedlogin.md │ │ │ ├── pC_leefmssqldatabaselogin1.md │ │ │ ├── pC_leefmssqldatabaselogin2.md │ │ │ ├── pC_mssqldatabaselogin.md │ │ │ ├── pC_mssqldatabaselogin1.md │ │ │ ├── pC_mssqldatabasequery2.md │ │ │ ├── pC_mssqldatabasequery3.md │ │ │ ├── pC_sdatabaselogin18453.md │ │ │ ├── pC_sdatabaselogin18454.md │ │ │ ├── pC_sfailedapplogin.md │ │ │ ├── pC_smicrosoftdatabaselogin.md │ │ │ ├── pC_smssqldatabaselogin.md │ │ │ ├── pC_smssqldatabaselogin1.md │ │ │ ├── pC_smssqldatabaseloginfailed.md │ │ │ ├── pC_smssqldatabaseloginfailedxml.md │ │ │ ├── pC_smssqldatabaseloginxml.md │ │ │ ├── pC_smssqldatabasequeryal.md │ │ │ ├── pC_smssqldatabasequeryal1.md │ │ │ ├── pC_smssqldatabasequeryalxml.md │ │ │ ├── pC_smssqldatabasequerycr.md │ │ │ ├── pC_smssqldatabasequerydl.md │ │ │ ├── pC_smssqldatabasequerydl1.md │ │ │ ├── pC_smssqldatabasequerydlxml.md │ │ │ ├── pC_smssqldatabasequerydr.md │ │ │ ├── pC_smssqldatabasequerysl.md │ │ │ ├── pC_smssqldatabasequerysl1.md │ │ │ ├── pC_smssqldatabasequeryslxml.md │ │ │ ├── pC_smssqldatabasequeryvw.md │ │ │ ├── pC_xmlmssqldatabaselogin.md │ │ │ └── pC_xmlmssqldatabaselogin1.md │ │ ├── RM │ │ │ ├── r_m_microsoft_sql_server_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_sql_server_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_sql_server_Data_Access.md │ │ │ ├── r_m_microsoft_sql_server_Lateral_Movement.md │ │ │ ├── r_m_microsoft_sql_server_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_sql_server_Privileged_Activity.md │ │ │ └── r_m_microsoft_sql_server_Ransomware.md │ │ └── ds_microsoft_sql_server.md │ ├── Sysmon │ │ ├── 2_ds_microsoft_sysmon.md │ │ ├── Ps │ │ │ ├── pC_cefsysmonfilewrite1.md │ │ │ ├── pC_cefsysmonfilewrite2.md │ │ │ ├── pC_cefsysmonprocesscreated.md │ │ │ ├── pC_cefsysmonprocessnetwork.md │ │ │ ├── pC_jsonsysmonfilecreate.md │ │ │ ├── pC_jsonsysmonfilecreate1.md │ │ │ ├── pC_jsonsysmonprocesscreated.md │ │ │ ├── pC_jsonsysmonprocesscreated1.md │ │ │ ├── pC_jsonsysmonprocessnetwork.md │ │ │ ├── pC_lsysmonfilecreate.md │ │ │ ├── pC_lsysmonprocesscreated.md │ │ │ ├── pC_rawsysmonprocessnetwork.md │ │ │ ├── pC_sysmonfilecreate.md │ │ │ ├── pC_sysmonfiledelete.md │ │ │ ├── pC_sysmonimageloaded.md │ │ │ ├── pC_sysmonprocesscreated.md │ │ │ ├── pC_sysmonprocesscreated1.md │ │ │ ├── pC_sysmonprocesscreated2.md │ │ │ ├── pC_sysmonprocessnetwork.md │ │ │ ├── pC_sysmonregistryset.md │ │ │ ├── pC_sysmonregistryset1.md │ │ │ ├── pC_sysmonregistryset2.md │ │ │ ├── pC_xmlsysmonalert.md │ │ │ ├── pC_xmlsysmondnsquery.md │ │ │ ├── pC_xmlsysmonfilewrite.md │ │ │ ├── pC_xmlsysmonprocesscreated.md │ │ │ ├── pC_xmlsysmonprocesscreated1.md │ │ │ └── pC_xmlsysmonprocesscreated2.md │ │ ├── RM │ │ │ ├── r_m_microsoft_sysmon_Account_Manipulation.md │ │ │ ├── r_m_microsoft_sysmon_Audit_Tampering.md │ │ │ ├── r_m_microsoft_sysmon_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_sysmon_Cryptomining.md │ │ │ ├── r_m_microsoft_sysmon_Data_Access.md │ │ │ ├── r_m_microsoft_sysmon_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_sysmon_Data_Leak.md │ │ │ ├── r_m_microsoft_sysmon_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_sysmon_Evasion.md │ │ │ ├── r_m_microsoft_sysmon_Lateral_Movement.md │ │ │ ├── r_m_microsoft_sysmon_Malware.md │ │ │ ├── r_m_microsoft_sysmon_Phishing.md │ │ │ ├── r_m_microsoft_sysmon_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_sysmon_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_sysmon_Privileged_Activity.md │ │ │ └── r_m_microsoft_sysmon_Ransomware.md │ │ └── ds_microsoft_sysmon.md │ ├── Web_Application_Proxy-TLS_Gateway │ │ ├── Ps │ │ │ ├── pC_smicrosoftisaproxy1.md │ │ │ ├── pC_smicrosoftisaproxy2.md │ │ │ └── pC_smicrosoftisaproxy3.md │ │ ├── RM │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Cryptomining.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Data_Leak.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Lateral_Movement.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Malware.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Phishing.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Privileged_Activity.md │ │ │ ├── r_m_microsoft_web_application_proxy-tls_gateway_Ransomware.md │ │ │ └── r_m_microsoft_web_application_proxy-tls_gateway_Workforce_Protection.md │ │ └── ds_microsoft_web_application_proxy-tls_gateway.md │ ├── Web_Application_Proxy │ │ ├── Ps │ │ │ ├── pC_microsoftremotedesktop.md │ │ │ └── pC_tmgproxy.md │ │ ├── RM │ │ │ ├── r_m_microsoft_web_application_proxy_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_web_application_proxy_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_web_application_proxy_Cryptomining.md │ │ │ ├── r_m_microsoft_web_application_proxy_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_web_application_proxy_Data_Leak.md │ │ │ ├── r_m_microsoft_web_application_proxy_Lateral_Movement.md │ │ │ ├── r_m_microsoft_web_application_proxy_Malware.md │ │ │ ├── r_m_microsoft_web_application_proxy_Phishing.md │ │ │ ├── r_m_microsoft_web_application_proxy_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_web_application_proxy_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_web_application_proxy_Privileged_Activity.md │ │ │ ├── r_m_microsoft_web_application_proxy_Ransomware.md │ │ │ └── r_m_microsoft_web_application_proxy_Workforce_Protection.md │ │ └── ds_microsoft_web_application_proxy.md │ ├── Windows │ │ ├── 2_ds_microsoft_windows.md │ │ ├── Ps │ │ │ ├── pC_adaudit4624.md │ │ │ ├── pC_adaudit4625.md │ │ │ ├── pC_adaudit4662.md │ │ │ ├── pC_adaudit4663.md │ │ │ ├── pC_adaudit46631.md │ │ │ ├── pC_adaudit4688.md │ │ │ ├── pC_adaudit4720.md │ │ │ ├── pC_adaudit4722.md │ │ │ ├── pC_adaudit4723.md │ │ │ ├── pC_adaudit4724.md │ │ │ ├── pC_adaudit4725.md │ │ │ ├── pC_adaudit4726.md │ │ │ ├── pC_adaudit4728.md │ │ │ ├── pC_adaudit4729.md │ │ │ ├── pC_adaudit4738.md │ │ │ ├── pC_adaudit4740.md │ │ │ ├── pC_adaudit4742.md │ │ │ ├── pC_adaudit4743.md │ │ │ ├── pC_adaudit4767.md │ │ │ ├── pC_adaudit4768.md │ │ │ ├── pC_adaudit4769.md │ │ │ ├── pC_adaudit4771.md │ │ │ ├── pC_adaudit4778.md │ │ │ ├── pC_adaudit4779.md │ │ │ ├── pC_adaudit4800.md │ │ │ ├── pC_adaudit4801.md │ │ │ ├── pC_adaudit5136.md │ │ │ ├── pC_adaudit5137.md │ │ │ ├── pC_adaudit5139.md │ │ │ ├── pC_adaudit5140.md │ │ │ ├── pC_adaudit5141.md │ │ │ ├── pC_adauditalert.md │ │ │ ├── pC_adauditjson4624.md │ │ │ ├── pC_adauditjson4663.md │ │ │ ├── pC_adauditjson46631.md │ │ │ ├── pC_adauditjson4768.md │ │ │ ├── pC_adauditjson4771.md │ │ │ ├── pC_adauditjson5140.md │ │ │ ├── pC_adfs299authsuccessful.md │ │ │ ├── pC_adfs500authsuccessful.md │ │ │ ├── pC_adfs501authsuccessful.md │ │ │ ├── pC_adfsauthfailed.md │ │ │ ├── pC_adjson4720.md │ │ │ ├── pC_adjson4722.md │ │ │ ├── pC_adjson4724.md │ │ │ ├── pC_adjson4740.md │ │ │ ├── pC_adjson4767.md │ │ │ ├── pC_adjson5140.md │ │ │ ├── pC_adjsonmemberadded2008.md │ │ │ ├── pC_adjsonmemberremoved2008.md │ │ │ ├── pC_azureappauthevents.md │ │ │ ├── pC_azureapplogon.md │ │ │ ├── pC_azureapplogon2.md │ │ │ ├── pC_azureapplogon3.md │ │ │ ├── pC_cef1102.md │ │ │ ├── pC_cef4624.md │ │ │ ├── pC_cef4625.md │ │ │ ├── pC_cef4648.md │ │ │ ├── pC_cef4663.md │ │ │ ├── pC_cef4672.md │ │ │ ├── pC_cef4673.md │ │ │ ├── pC_cef4674.md │ │ │ ├── pC_cef4688.md │ │ │ ├── pC_cef4720.md │ │ │ ├── pC_cef4722.md │ │ │ ├── pC_cef4723.md │ │ │ ├── pC_cef4724.md │ │ │ ├── pC_cef4725.md │ │ │ ├── pC_cef4740.md │ │ │ ├── pC_cef4768.md │ │ │ ├── pC_cef4769.md │ │ │ ├── pC_cef4770.md │ │ │ ├── pC_cef4771.md │ │ │ ├── pC_cef4776.md │ │ │ ├── pC_cef4800.md │ │ │ ├── pC_cef4801.md │ │ │ ├── pC_cef5136.md │ │ │ ├── pC_cef5140.md │ │ │ ├── pC_cef5142.md │ │ │ ├── pC_cef51421.md │ │ │ ├── pC_cef5143.md │ │ │ ├── pC_cef5144.md │ │ │ ├── pC_cef5145.md │ │ │ ├── pC_cef528.md │ │ │ ├── pC_cef540.md │ │ │ ├── pC_cef576.md │ │ │ ├── pC_cef624.md │ │ │ ├── pC_cef672.md │ │ │ ├── pC_cef673.md │ │ │ ├── pC_cefadfsaudit299.md │ │ │ ├── pC_cefadfsaudit411.md │ │ │ ├── pC_cefadfsaudit413.md │ │ │ ├── pC_cefadfsaudit500.md │ │ │ ├── pC_cefadfsaudit501.md │ │ │ ├── pC_cefadfsaudit516.md │ │ │ ├── pC_cefazureauthentication.md │ │ │ ├── pC_cefazureprocesscreated.md │ │ │ ├── pC_cefmemberadded2003.md │ │ │ ├── pC_cefmemberadded2008.md │ │ │ ├── pC_cefmemberremoved2008.md │ │ │ ├── pC_cefpowershell300.md │ │ │ ├── pC_cefpowershell4102.md │ │ │ ├── pC_cefpowershell4104.md │ │ │ ├── pC_cefpowershell600.md │ │ │ ├── pC_cefsnare4624.md │ │ │ ├── pC_cefsnare4648.md │ │ │ ├── pC_cefsnare4663.md │ │ │ ├── pC_cefsnare4673.md │ │ │ ├── pC_cefsnare4688.md │ │ │ ├── pC_cefsnare4719.md │ │ │ ├── pC_cefsnare4769.md │ │ │ ├── pC_cefsnare5136.md │ │ │ ├── pC_cefsnare5140.md │ │ │ ├── pC_cefsnare552.md │ │ │ ├── pC_cefsnare567.md │ │ │ ├── pC_cefsnare576.md │ │ │ ├── pC_cefsnare577.md │ │ │ ├── pC_cefsnare578.md │ │ │ ├── pC_cefsnare680.md │ │ │ ├── pC_cefsnareprocesscreated.md │ │ │ ├── pC_cefwindows4104.md │ │ │ ├── pC_cefwindows4624.md │ │ │ ├── pC_cefwindows4625.md │ │ │ ├── pC_cefwindows4673.md │ │ │ ├── pC_cefwindows4674.md │ │ │ ├── pC_cefwindows4742.md │ │ │ ├── pC_cefwindows4768.md │ │ │ ├── pC_cefwindows4769.md │ │ │ ├── pC_cefwindows4771.md │ │ │ ├── pC_cefwindows4776.md │ │ │ ├── pC_cefwindows6416.md │ │ │ ├── pC_cefwindowsaccount4720.md │ │ │ ├── pC_cefwindowsdnsquery.md │ │ │ ├── pC_cefwindowsdnsquery1.md │ │ │ ├── pC_cefwindowsdnsresponse.md │ │ │ ├── pC_cefwindowsdnsresponse1.md │ │ │ ├── pC_cefwindowsdsaccess5137.md │ │ │ ├── pC_cefwindowsmemberadded2003.md │ │ │ ├── pC_cefwindowsmemberremoved2003.md │ │ │ ├── pC_cefwindowsshareaccess.md │ │ │ ├── pC_cefwindowsshareaccess1.md │ │ │ ├── pC_cefwindowsshareaccess2.md │ │ │ ├── pC_emcsyslog4624.md │ │ │ ├── pC_emcsyslog4625.md │ │ │ ├── pC_emcsyslog4648.md │ │ │ ├── pC_emcsyslog4672.md │ │ │ ├── pC_emcsyslog4673.md │ │ │ ├── pC_emcsyslog4674.md │ │ │ ├── pC_emcsyslog4688.md │ │ │ ├── pC_emcsyslog4723.md │ │ │ ├── pC_emcsyslog4740.md │ │ │ ├── pC_emcsyslog4768.md │ │ │ ├── pC_emcsyslog4769.md │ │ │ ├── pC_emcsyslog4776.md │ │ │ ├── pC_emcsyslogmemberadded2008.md │ │ │ ├── pC_evntslog528.md │ │ │ ├── pC_evntslog672.md │ │ │ ├── pC_evntslog673.md │ │ │ ├── pC_evntslog675.md │ │ │ ├── pC_evntslog680.md │ │ │ ├── pC_evntslogmemberadded2003.md │ │ │ ├── pC_exalms4625.md │ │ │ ├── pC_exalms4662.md │ │ │ ├── pC_exalms4663.md │ │ │ ├── pC_exalms4674.md │ │ │ ├── pC_exalms4719.md │ │ │ ├── pC_exalms4742.md │ │ │ ├── pC_exalms4776.md │ │ │ ├── pC_exalms540.md │ │ │ ├── pC_exalms552.md │ │ │ ├── pC_exalms567.md │ │ │ ├── pC_exalms576.md │ │ │ ├── pC_exalms680.md │ │ │ ├── pC_extrahop4768.md │ │ │ ├── pC_extrahop4769.md │ │ │ ├── pC_extrahop4770.md │ │ │ ├── pC_extrahop4771.md │ │ │ ├── pC_greenbay4776.md │ │ │ ├── pC_greenbayprivilegedaccess.md │ │ │ ├── pC_jp4662.md │ │ │ ├── pC_jp5158.md │ │ │ ├── pC_jpmemberadded1.md │ │ │ ├── pC_jpmemberadded2.md │ │ │ ├── pC_jpmemberadded3.md │ │ │ ├── pC_jpprocessnetwork.md │ │ │ ├── pC_jpshareaccess5140.md │ │ │ ├── pC_jpshareaccess5145.md │ │ │ ├── pC_json4104.md │ │ │ ├── pC_json4622.md │ │ │ ├── pC_json46221.md │ │ │ ├── pC_json4624.md │ │ │ ├── pC_json46241.md │ │ │ ├── pC_json46242.md │ │ │ ├── pC_json4625.md │ │ │ ├── pC_json46251.md │ │ │ ├── pC_json46252.md │ │ │ ├── pC_json4648.md │ │ │ ├── pC_json46481.md │ │ │ ├── pC_json46482.md │ │ │ ├── pC_json4662.md │ │ │ ├── pC_json46621.md │ │ │ ├── pC_json4672.md │ │ │ ├── pC_json46721.md │ │ │ ├── pC_json46722.md │ │ │ ├── pC_json4673.md │ │ │ ├── pC_json46731.md │ │ │ ├── pC_json46732.md │ │ │ ├── pC_json4674.md │ │ │ ├── pC_json4698.md │ │ │ ├── pC_json4719.md │ │ │ ├── pC_json4720.md │ │ │ ├── pC_json47201.md │ │ │ ├── pC_json4722.md │ │ │ ├── pC_json4723.md │ │ │ ├── pC_json47231.md │ │ │ ├── pC_json47232.md │ │ │ ├── pC_json4724.md │ │ │ ├── pC_json47241.md │ │ │ ├── pC_json47242.md │ │ │ ├── pC_json4725.md │ │ │ ├── pC_json4726.md │ │ │ ├── pC_json4728.md │ │ │ ├── pC_json4729.md │ │ │ ├── pC_json4738.md │ │ │ ├── pC_json47381.md │ │ │ ├── pC_json47382.md │ │ │ ├── pC_json4740.md │ │ │ ├── pC_json47401.md │ │ │ ├── pC_json4767.md │ │ │ ├── pC_json4768.md │ │ │ ├── pC_json47681.md │ │ │ ├── pC_json47682.md │ │ │ ├── pC_json47683.md │ │ │ ├── pC_json4769.md │ │ │ ├── pC_json47691.md │ │ │ ├── pC_json47692.md │ │ │ ├── pC_json4770.md │ │ │ ├── pC_json4771.md │ │ │ ├── pC_json4776.md │ │ │ ├── pC_json47761.md │ │ │ ├── pC_json47762.md │ │ │ ├── pC_json4778.md │ │ │ ├── pC_json4779.md │ │ │ ├── pC_json4800.md │ │ │ ├── pC_json48001.md │ │ │ ├── pC_json5136.md │ │ │ ├── pC_json51361.md │ │ │ ├── pC_json5140.md │ │ │ ├── pC_json51401.md │ │ │ ├── pC_json51402.md │ │ │ ├── pC_json5145.md │ │ │ ├── pC_json51451.md │ │ │ ├── pC_json51452.md │ │ │ ├── pC_json5156.md │ │ │ ├── pC_json51561.md │ │ │ ├── pC_json5158.md │ │ │ ├── pC_json5478.md │ │ │ ├── pC_json6272.md │ │ │ ├── pC_json62721.md │ │ │ ├── pC_json6416.md │ │ │ ├── pC_jsonmemberadded2008.md │ │ │ ├── pC_jsonmemberremoved.md │ │ │ ├── pC_jsonprocesscreated.md │ │ │ ├── pC_jsonprocesscreated1.md │ │ │ ├── pC_jsonprocesscreated2.md │ │ │ ├── pC_jsonwindowsauth.md │ │ │ ├── pC_jsonwindowsdnsquery.md │ │ │ ├── pC_jsonwindowsdnsresponse.md │ │ │ ├── pC_jsonwindowseventsnetlogon.md │ │ │ ├── pC_jsonwindowsvpnlogin.md │ │ │ ├── pC_jsonxml4673.md │ │ │ ├── pC_jsonxml4768.md │ │ │ ├── pC_jsonxml4769.md │ │ │ ├── pC_jsonxml4770.md │ │ │ ├── pC_jsonxml4771.md │ │ │ ├── pC_jsonxml5140.md │ │ │ ├── pC_jsonxml5141.md │ │ │ ├── pC_jsonxml5156.md │ │ │ ├── pC_jsonxml5157.md │ │ │ ├── pC_jsonxml5158.md │ │ │ ├── pC_l4672.md │ │ │ ├── pC_l4673.md │ │ │ ├── pC_l4674.md │ │ │ ├── pC_l4688v2.md │ │ │ ├── pC_l4720.md │ │ │ ├── pC_l4722.md │ │ │ ├── pC_l4723.md │ │ │ ├── pC_l4724.md │ │ │ ├── pC_l4725.md │ │ │ ├── pC_l4740.md │ │ │ ├── pC_l4767.md │ │ │ ├── pC_lmemberadded2008.md │ │ │ ├── pC_logstash4624.md │ │ │ ├── pC_logstash4768.md │ │ │ ├── pC_logstash4769.md │ │ │ ├── pC_mcafeesiem4624.md │ │ │ ├── pC_mcafeesiem4625.md │ │ │ ├── pC_mcafeesiem4648.md │ │ │ ├── pC_mcafeesiem4672.md │ │ │ ├── pC_mcafeesiem4720.md │ │ │ ├── pC_mcafeesiem4722.md │ │ │ ├── pC_mcafeesiem4723.md │ │ │ ├── pC_mcafeesiem4724.md │ │ │ ├── pC_mcafeesiem4725.md │ │ │ ├── pC_mcafeesiem4726.md │ │ │ ├── pC_mcafeesiem4740.md │ │ │ ├── pC_mcafeesiem4768.md │ │ │ ├── pC_mcafeesiem4769.md │ │ │ ├── pC_mcafeesiem4770.md │ │ │ ├── pC_mcafeesiem4771.md │ │ │ ├── pC_mcafeesiem4776.md │ │ │ ├── pC_mcafeesiem4778.md │ │ │ ├── pC_mcafeesiem4779.md │ │ │ ├── pC_mcafeesiem5136.md │ │ │ ├── pC_mcafeesiem5137.md │ │ │ ├── pC_mcafeesiem5141.md │ │ │ ├── pC_mcafeesiemprocesscreated.md │ │ │ ├── pC_metricbeat5156.md │ │ │ ├── pC_microsoftdnsrenewjp.md │ │ │ ├── pC_microsoftdnsrenewjp1.md │ │ │ ├── pC_microsoftdnsrenewjp2.md │ │ │ ├── pC_microsoftdnsrenewjp5.md │ │ │ ├── pC_microsoftdnsupdatesuccessful.md │ │ │ ├── pC_nforwardedcef4624.md │ │ │ ├── pC_nforwardedcef4625.md │ │ │ ├── pC_nforwardedcef4648.md │ │ │ ├── pC_nforwardedcef4662.md │ │ │ ├── pC_nforwardedcef4663.md │ │ │ ├── pC_nforwardedcef4672.md │ │ │ ├── pC_nforwardedcef4673.md │ │ │ ├── pC_nforwardedcef4688.md │ │ │ ├── pC_nforwardedcef4722.md │ │ │ ├── pC_nforwardedcef4724.md │ │ │ ├── pC_nforwardedcef4725.md │ │ │ ├── pC_nforwardedcef4740.md │ │ │ ├── pC_nforwardedcef4768.md │ │ │ ├── pC_nforwardedcef4769.md │ │ │ ├── pC_nforwardedcef4770.md │ │ │ ├── pC_nforwardedcef4771.md │ │ │ ├── pC_nforwardedcef4776.md │ │ │ ├── pC_nforwardedcef5136.md │ │ │ ├── pC_nforwardedcef528.md │ │ │ ├── pC_nforwardedcef540.md │ │ │ ├── pC_nforwardedcef552.md │ │ │ ├── pC_nforwardedcef680.md │ │ │ ├── pC_nforwardedcefdnsupdate.md │ │ │ ├── pC_nforwardedceffailedlogon2003.md │ │ │ ├── pC_nforwardedcefmemberadded2008.md │ │ │ ├── pC_nforwardedcefmemberremoved2008.md │ │ │ ├── pC_nic4688.md │ │ │ ├── pC_nic4770.md │ │ │ ├── pC_nic5136.md │ │ │ ├── pC_nic5137.md │ │ │ ├── pC_nic5141.md │ │ │ ├── pC_nic528.md │ │ │ ├── pC_nic627.md │ │ │ ├── pC_nicmemberremoved2003.md │ │ │ ├── pC_nicmemberremoved2008.md │ │ │ ├── pC_nxlogjson4726.md │ │ │ ├── pC_powershell4104.md │ │ │ ├── pC_powershell800.md │ │ │ ├── pC_powershell800syslog.md │ │ │ ├── pC_powershell800syslog1.md │ │ │ ├── pC_powershellprocesscreated.md │ │ │ ├── pC_powershellprocesscreated1.md │ │ │ ├── pC_powershellprocesscreated2.md │ │ │ ├── pC_q1102.md │ │ │ ├── pC_q4662.md │ │ │ ├── pC_q4697.md │ │ │ ├── pC_q4698.md │ │ │ ├── pC_q4800.md │ │ │ ├── pC_q4801.md │ │ │ ├── pC_q5156.md │ │ │ ├── pC_q5158.md │ │ │ ├── pC_q6272.md │ │ │ ├── pC_q6273.md │ │ │ ├── pC_q628.md │ │ │ ├── pC_q672.md │ │ │ ├── pC_q673.md │ │ │ ├── pC_q675.md │ │ │ ├── pC_q680.md │ │ │ ├── pC_qadfsauthfailed.md │ │ │ ├── pC_qadfsauthfailed1.md │ │ │ ├── pC_qadfsauthfailed2.md │ │ │ ├── pC_qadfsauthsuccessful.md │ │ │ ├── pC_qadfsauthsuccessful1.md │ │ │ ├── pC_qmemberadded2008.md │ │ │ ├── pC_qmemberremoved2003.md │ │ │ ├── pC_qmemberremoved2008.md │ │ │ ├── pC_qmicrosoft4648.md │ │ │ ├── pC_qmicrosoft4719.md │ │ │ ├── pC_qmicrosoft4740.md │ │ │ ├── pC_qmicrosoftdhcp.md │ │ │ ├── pC_qmicrosoftdhcprenew.md │ │ │ ├── pC_qmicrosoftdhcpupdate.md │ │ │ ├── pC_raw10016.md │ │ │ ├── pC_raw104.md │ │ │ ├── pC_raw1102.md │ │ │ ├── pC_raw1149.md │ │ │ ├── pC_raw11491.md │ │ │ ├── pC_raw148.md │ │ │ ├── pC_raw216.md │ │ │ ├── pC_raw325.md │ │ │ ├── pC_raw326.md │ │ │ ├── pC_raw327.md │ │ │ ├── pC_raw4104.md │ │ │ ├── pC_raw4622.md │ │ │ ├── pC_raw4624.md │ │ │ ├── pC_raw46241.md │ │ │ ├── pC_raw462410.md │ │ │ ├── pC_raw46242.md │ │ │ ├── pC_raw46243.md │ │ │ ├── pC_raw46244.md │ │ │ ├── pC_raw46245.md │ │ │ ├── pC_raw46246.md │ │ │ ├── pC_raw46247.md │ │ │ ├── pC_raw46248.md │ │ │ ├── pC_raw46249.md │ │ │ ├── pC_raw4625.md │ │ │ ├── pC_raw46251.md │ │ │ ├── pC_raw4648.md │ │ │ ├── pC_raw46481.md │ │ │ ├── pC_raw46482.md │ │ │ ├── pC_raw46483.md │ │ │ ├── pC_raw46484.md │ │ │ ├── pC_raw46485.md │ │ │ ├── pC_raw4649.md │ │ │ ├── pC_raw46571.md │ │ │ ├── pC_raw4662.md │ │ │ ├── pC_raw46621.md │ │ │ ├── pC_raw46622.md │ │ │ ├── pC_raw46623.md │ │ │ ├── pC_raw4663.md │ │ │ ├── pC_raw46631.md │ │ │ ├── pC_raw466310.md │ │ │ ├── pC_raw466311.md │ │ │ ├── pC_raw46632.md │ │ │ ├── pC_raw46633.md │ │ │ ├── pC_raw46634.md │ │ │ ├── pC_raw46635.md │ │ │ ├── pC_raw46636.md │ │ │ ├── pC_raw46637.md │ │ │ ├── pC_raw46638.md │ │ │ ├── pC_raw46639.md │ │ │ ├── pC_raw4672.md │ │ │ ├── pC_raw46721.md │ │ │ ├── pC_raw46722.md │ │ │ ├── pC_raw46723.md │ │ │ ├── pC_raw4673.md │ │ │ ├── pC_raw46731.md │ │ │ ├── pC_raw46732.md │ │ │ ├── pC_raw4674.md │ │ │ ├── pC_raw46741.md │ │ │ ├── pC_raw46742.md │ │ │ ├── pC_raw46743.md │ │ │ ├── pC_raw46744.md │ │ │ ├── pC_raw46745.md │ │ │ ├── pC_raw4700.md │ │ │ ├── pC_raw4719.md │ │ │ ├── pC_raw4723.md │ │ │ ├── pC_raw4724.md │ │ │ ├── pC_raw4738.md │ │ │ ├── pC_raw4742.md │ │ │ ├── pC_raw4743.md │ │ │ ├── pC_raw47431.md │ │ │ ├── pC_raw47432.md │ │ │ ├── pC_raw4767.md │ │ │ ├── pC_raw4768.md │ │ │ ├── pC_raw47681.md │ │ │ ├── pC_raw47682.md │ │ │ ├── pC_raw47683.md │ │ │ ├── pC_raw47684.md │ │ │ ├── pC_raw47685.md │ │ │ ├── pC_raw4769.md │ │ │ ├── pC_raw47691.md │ │ │ ├── pC_raw47692.md │ │ │ ├── pC_raw47693.md │ │ │ ├── pC_raw47694.md │ │ │ ├── pC_raw47695.md │ │ │ ├── pC_raw47696.md │ │ │ ├── pC_raw47697.md │ │ │ ├── pC_raw4770.md │ │ │ ├── pC_raw47701.md │ │ │ ├── pC_raw4771.md │ │ │ ├── pC_raw47712.md │ │ │ ├── pC_raw4776.md │ │ │ ├── pC_raw47761.md │ │ │ ├── pC_raw47762.md │ │ │ ├── pC_raw47763.md │ │ │ ├── pC_raw47764.md │ │ │ ├── pC_raw47765.md │ │ │ ├── pC_raw4778.md │ │ │ ├── pC_raw47781.md │ │ │ ├── pC_raw4779.md │ │ │ ├── pC_raw4800.md │ │ │ ├── pC_raw4801.md │ │ │ ├── pC_raw4928.md │ │ │ ├── pC_raw4929.md │ │ │ ├── pC_raw5136.md │ │ │ ├── pC_raw5137.md │ │ │ ├── pC_raw5138.md │ │ │ ├── pC_raw5139.md │ │ │ ├── pC_raw5140.md │ │ │ ├── pC_raw51401.md │ │ │ ├── pC_raw51402.md │ │ │ ├── pC_raw5141.md │ │ │ ├── pC_raw5142.md │ │ │ ├── pC_raw5143.md │ │ │ ├── pC_raw51431.md │ │ │ ├── pC_raw5144.md │ │ │ ├── pC_raw5145.md │ │ │ ├── pC_raw51451.md │ │ │ ├── pC_raw514510.md │ │ │ ├── pC_raw514511.md │ │ │ ├── pC_raw51452.md │ │ │ ├── pC_raw51453.md │ │ │ ├── pC_raw51454.md │ │ │ ├── pC_raw51455.md │ │ │ ├── pC_raw51456.md │ │ │ ├── pC_raw51457.md │ │ │ ├── pC_raw51458.md │ │ │ ├── pC_raw51459.md │ │ │ ├── pC_raw5156.md │ │ │ ├── pC_raw5157.md │ │ │ ├── pC_raw51571.md │ │ │ ├── pC_raw528.md │ │ │ ├── pC_raw540.md │ │ │ ├── pC_raw5478.md │ │ │ ├── pC_raw552.md │ │ │ ├── pC_raw567.md │ │ │ ├── pC_raw5805.md │ │ │ ├── pC_raw627.md │ │ │ ├── pC_raw628.md │ │ │ ├── pC_raw672.md │ │ │ ├── pC_raw673.md │ │ │ ├── pC_raw674.md │ │ │ ├── pC_raw675.md │ │ │ ├── pC_raw680.md │ │ │ ├── pC_raw7045.md │ │ │ ├── pC_rawfailedlogon2003.md │ │ │ ├── pC_rawmemberadded2003.md │ │ │ ├── pC_rawmemberadded2008.md │ │ │ ├── pC_rawmemberremoved2003.md │ │ │ ├── pC_rawmemberremoved2008.md │ │ │ ├── pC_rawmemberremoved20081.md │ │ │ ├── pC_rawmemberremoved20082.md │ │ │ ├── pC_rawmemberremoved20083.md │ │ │ ├── pC_rawpowershell600.md │ │ │ ├── pC_rawprocesscreated.md │ │ │ ├── pC_rawprocesscreated1.md │ │ │ ├── pC_rawwindowsaccount4720.md │ │ │ ├── pC_rawwindowsaccount4722.md │ │ │ ├── pC_rawwindowsaccount4725.md │ │ │ ├── pC_rawwindowsaccount4726.md │ │ │ ├── pC_rawwindowsaccount4740.md │ │ │ ├── pC_rawwindowsaccount624.md │ │ │ ├── pC_rawwindowsaccount629.md │ │ │ ├── pC_rawwindowsaccount630.md │ │ │ ├── pC_rawwindowsaccount644.md │ │ │ ├── pC_rnic4771.md │ │ │ ├── pC_rnic528.md │ │ │ ├── pC_rnic540.md │ │ │ ├── pC_rs4624.md │ │ │ ├── pC_rs4625.md │ │ │ ├── pC_rsyslog5136.md │ │ │ ├── pC_s1102.md │ │ │ ├── pC_s4624jp.md │ │ │ ├── pC_s4625jp.md │ │ │ ├── pC_s4648jp.md │ │ │ ├── pC_s4662.md │ │ │ ├── pC_s4663jp.md │ │ │ ├── pC_s4672jp.md │ │ │ ├── pC_s4674jp.md │ │ │ ├── pC_s4688jp.md │ │ │ ├── pC_s4697.md │ │ │ ├── pC_s4698.md │ │ │ ├── pC_s4719.md │ │ │ ├── pC_s47191.md │ │ │ ├── pC_s4720jp.md │ │ │ ├── pC_s4722jp.md │ │ │ ├── pC_s4723jp.md │ │ │ ├── pC_s4724jp.md │ │ │ ├── pC_s4725jp.md │ │ │ ├── pC_s4726jp.md │ │ │ ├── pC_s47401.md │ │ │ ├── pC_s47402.md │ │ │ ├── pC_s4740jp.md │ │ │ ├── pC_s4768jp.md │ │ │ ├── pC_s4769jp.md │ │ │ ├── pC_s4770jp.md │ │ │ ├── pC_s4771jp.md │ │ │ ├── pC_s4776jp.md │ │ │ ├── pC_s4800.md │ │ │ ├── pC_s4801.md │ │ │ ├── pC_s48011.md │ │ │ ├── pC_s5137.md │ │ │ ├── pC_s5141.md │ │ │ ├── pC_s51411.md │ │ │ ├── pC_s516.md │ │ │ ├── pC_s517.md │ │ │ ├── pC_s560.md │ │ │ ├── pC_s560jp.md │ │ │ ├── pC_s576.md │ │ │ ├── pC_s592.md │ │ │ ├── pC_s612.md │ │ │ ├── pC_s627.md │ │ │ ├── pC_s672.md │ │ │ ├── pC_s673.md │ │ │ ├── pC_s675.md │ │ │ ├── pC_s680.md │ │ │ ├── pC_s7045.md │ │ │ ├── pC_sadfsauthfailed.md │ │ │ ├── pC_sjson4697.md │ │ │ ├── pC_sjson46971.md │ │ │ ├── pC_sk4json4662.md │ │ │ ├── pC_sk4json4697.md │ │ │ ├── pC_sk4json4720.md │ │ │ ├── pC_sk4json4722.md │ │ │ ├── pC_sk4json4724.md │ │ │ ├── pC_sk4json4725.md │ │ │ ├── pC_sk4json4767.md │ │ │ ├── pC_sk4json4779.md │ │ │ ├── pC_sk4json4800.md │ │ │ ├── pC_sk4json4801.md │ │ │ ├── pC_sk4json5137.md │ │ │ ├── pC_sk4json5141.md │ │ │ ├── pC_sk4jsonmemberadded2008.md │ │ │ ├── pC_sk4jsonmemberremoved2008.md │ │ │ ├── pC_smemberadded2003.md │ │ │ ├── pC_smemberadded2008.md │ │ │ ├── pC_smemberadded2008jp.md │ │ │ ├── pC_smemberremoved2003.md │ │ │ ├── pC_smemberremoved2008.md │ │ │ ├── pC_smicrosoftdhcp.md │ │ │ ├── pC_smicrosoftdnsrenew.md │ │ │ ├── pC_smicrosoftdnsupdate.md │ │ │ ├── pC_snare1102.md │ │ │ ├── pC_snare4719.md │ │ │ ├── pC_snare517.md │ │ │ ├── pC_snare576.md │ │ │ ├── pC_snare577.md │ │ │ ├── pC_snare578.md │ │ │ ├── pC_snare592.md │ │ │ ├── pC_snare612.md │ │ │ ├── pC_snarecefmemberadded2008.md │ │ │ ├── pC_spanishraw4625.md │ │ │ ├── pC_spanishraw4672.md │ │ │ ├── pC_spanishraw4688.md │ │ │ ├── pC_swindows4625.md │ │ │ ├── pC_swindows4648.md │ │ │ ├── pC_swindows4672.md │ │ │ ├── pC_swindows4673.md │ │ │ ├── pC_swindows4674.md │ │ │ ├── pC_swindows4688.md │ │ │ ├── pC_swindows4771.md │ │ │ ├── pC_swindows4776.md │ │ │ ├── pC_swindows5140.md │ │ │ ├── pC_swindows5157.md │ │ │ ├── pC_swindows51572.md │ │ │ ├── pC_swindowsevent1102.md │ │ │ ├── pC_swindowsevent4624.md │ │ │ ├── pC_swindowsevent4625.md │ │ │ ├── pC_swindowsevent4648.md │ │ │ ├── pC_swindowsevent4672.md │ │ │ ├── pC_swindowsevent4673.md │ │ │ ├── pC_swindowsevent4674.md │ │ │ ├── pC_swindowsevent4688.md │ │ │ ├── pC_swindowsevent4697.md │ │ │ ├── pC_swindowsevent4719.md │ │ │ ├── pC_swindowsevent4720.md │ │ │ ├── pC_swindowsevent4722.md │ │ │ ├── pC_swindowsevent4723.md │ │ │ ├── pC_swindowsevent4724.md │ │ │ ├── pC_swindowsevent4725.md │ │ │ ├── pC_swindowsevent4728.md │ │ │ ├── pC_swindowsevent4729.md │ │ │ ├── pC_swindowsevent4732.md │ │ │ ├── pC_swindowsevent4733.md │ │ │ ├── pC_swindowsevent4740.md │ │ │ ├── pC_swindowsevent4778.md │ │ │ ├── pC_swindowsevent4779.md │ │ │ ├── pC_swindowsevent4780.md │ │ │ ├── pC_swindowsevent4800.md │ │ │ ├── pC_swindowsevent4801.md │ │ │ ├── pC_swindowsevent5140.md │ │ │ ├── pC_swindowsevent528.md │ │ │ ├── pC_swindowsevent534.md │ │ │ ├── pC_swindowsevent540.md │ │ │ ├── pC_swindowsevent552.md │ │ │ ├── pC_swindowsevent576.md │ │ │ ├── pC_swindowsevent578.md │ │ │ ├── pC_swindowsevent601.md │ │ │ ├── pC_swindowsevent602.md │ │ │ ├── pC_swindowsevent626.md │ │ │ ├── pC_swindowsevent627.md │ │ │ ├── pC_swindowsevent629.md │ │ │ ├── pC_swindowsevent633.md │ │ │ ├── pC_swindowsevent636.md │ │ │ ├── pC_swindowsevent637.md │ │ │ ├── pC_swindowsevent644.md │ │ │ ├── pC_swindowsprocesscreated.md │ │ │ ├── pC_sxml1102.md │ │ │ ├── pC_sxml1200.md │ │ │ ├── pC_sxml12001.md │ │ │ ├── pC_sxml12011.md │ │ │ ├── pC_sxml1202.md │ │ │ ├── pC_sxml12021.md │ │ │ ├── pC_sxml1203.md │ │ │ ├── pC_sxml12031.md │ │ │ ├── pC_sxml4663.md │ │ │ ├── pC_sxml4697.md │ │ │ ├── pC_sxml4698.md │ │ │ ├── pC_sxml4720.md │ │ │ ├── pC_sxml4723.md │ │ │ ├── pC_sxml4724.md │ │ │ ├── pC_sxml4725.md │ │ │ ├── pC_sxml4726.md │ │ │ ├── pC_sxml4740.md │ │ │ ├── pC_sxml4770.md │ │ │ ├── pC_sxml4771.md │ │ │ ├── pC_sxml7045.md │ │ │ ├── pC_sxmlwindowsmember1.md │ │ │ ├── pC_sxmlwindowsmember10.md │ │ │ ├── pC_sxmlwindowsmember11.md │ │ │ ├── pC_sxmlwindowsmember13.md │ │ │ ├── pC_sxmlwindowsmember14.md │ │ │ ├── pC_sxmlwindowsmember15.md │ │ │ ├── pC_sxmlwindowsmember16.md │ │ │ ├── pC_sxmlwindowsmember2.md │ │ │ ├── pC_sxmlwindowsmember3.md │ │ │ ├── pC_sxmlwindowsmember4.md │ │ │ ├── pC_sxmlwindowsmember4756.md │ │ │ ├── pC_sxmlwindowsmember4757.md │ │ │ ├── pC_sxmlwindowsmember5.md │ │ │ ├── pC_sxmlwindowsmember6.md │ │ │ ├── pC_sxmlwindowsmember7.md │ │ │ ├── pC_sxmlwindowsmember8.md │ │ │ ├── pC_sxmlwindowsmember9.md │ │ │ ├── pC_syslog4625ch.md │ │ │ ├── pC_syslog4648.md │ │ │ ├── pC_syslog4768ch.md │ │ │ ├── pC_syslog4769ch.md │ │ │ ├── pC_syslog4776ch.md │ │ │ ├── pC_syslog4776multiline.md │ │ │ ├── pC_syslog5140ch.md │ │ │ ├── pC_syslog5145ch.md │ │ │ ├── pC_syslog5156ch.md │ │ │ ├── pC_syslog5158.md │ │ │ ├── pC_syslogjson4663.md │ │ │ ├── pC_syslogjson4720.md │ │ │ ├── pC_syslogjson4722.md │ │ │ ├── pC_syslogjson4723.md │ │ │ ├── pC_syslogjson4724.md │ │ │ ├── pC_syslogjson4725.md │ │ │ ├── pC_syslogjson4740.md │ │ │ ├── pC_syslogjson4767.md │ │ │ ├── pC_syslogjsonmemberadded2008.md │ │ │ ├── pC_syslogmicrosoftdhcp.md │ │ │ ├── pC_sysmonwindowsdnsquery.md │ │ │ ├── pC_u4663.md │ │ │ ├── pC_u4688.md │ │ │ ├── pC_u680.md │ │ │ ├── pC_umemberadded2008.md │ │ │ ├── pC_umemberremoved2008.md │ │ │ ├── pC_wazuh4624.md │ │ │ ├── pC_wazuh4625.md │ │ │ ├── pC_wazuh4673.md │ │ │ ├── pC_wazuh4738.md │ │ │ ├── pC_wazuh4767.md │ │ │ ├── pC_wazuh4776.md │ │ │ ├── pC_wazuh4779.md │ │ │ ├── pC_wazuhsqllogin.md │ │ │ ├── pC_windisabledevice.md │ │ │ ├── pC_windisabledevicerequest.md │ │ │ ├── pC_windows47681.md │ │ │ ├── pC_windowsdnsnetworkconnection.md │ │ │ ├── pC_windowsdnsquery.md │ │ │ ├── pC_windowsdnsquery1.md │ │ │ ├── pC_windowsdnsquery2.md │ │ │ ├── pC_windowsdnsquery3.md │ │ │ ├── pC_windowsdnsquery4.md │ │ │ ├── pC_windowsdnsquery5.md │ │ │ ├── pC_windowsdnsresponse.md │ │ │ ├── pC_windowsdnsresponse1.md │ │ │ ├── pC_windowsdnsresponse2.md │ │ │ ├── pC_windowsdnsresponse3.md │ │ │ ├── pC_windowsevents4624.md │ │ │ ├── pC_windowsevents4648.md │ │ │ ├── pC_windowsevents4672.md │ │ │ ├── pC_windowsevents4769.md │ │ │ ├── pC_windowsevents4776.md │ │ │ ├── pC_windowskinesisfirehose5156.md │ │ │ ├── pC_windowspowershell800.md │ │ │ ├── pC_windowsrdplogin.md │ │ │ ├── pC_windowsxml4674.md │ │ │ ├── pC_windowsxml4700.md │ │ │ ├── pC_windowsxml4720.md │ │ │ ├── pC_windowsxml4722.md │ │ │ ├── pC_windowsxml4742.md │ │ │ ├── pC_windowsxmlmemberadded2008.md │ │ │ ├── pC_windowsxmlpowershell800.md │ │ │ ├── pC_windowsxmlpowershellprocesscreated.md │ │ │ ├── pC_windowsxmlpowershellprocesscreated1.md │ │ │ ├── pC_windowsxmlpowershellprocesscreated2.md │ │ │ ├── pC_winenabledevice.md │ │ │ ├── pC_winenabledevicerequest.md │ │ │ ├── pC_winexternaldevicerecog.md │ │ │ ├── pC_winexternaldevicerecog1.md │ │ │ ├── pC_winpowershellcommand.md │ │ │ ├── pC_wls4624.md │ │ │ ├── pC_wls4625.md │ │ │ ├── pC_wls4663.md │ │ │ ├── pC_wls4688.md │ │ │ ├── pC_wls4720.md │ │ │ ├── pC_wls4723.md │ │ │ ├── pC_wls4724.md │ │ │ ├── pC_wls4725.md │ │ │ ├── pC_wls4726.md │ │ │ ├── pC_wls4740.md │ │ │ ├── pC_wls4768.md │ │ │ ├── pC_wls4769.md │ │ │ ├── pC_wls4771.md │ │ │ ├── pC_wls4776.md │ │ │ ├── pC_wls627.md │ │ │ ├── pC_wls644.md │ │ │ ├── pC_wls675.md │ │ │ ├── pC_wlsmemberadded2008notype.md │ │ │ ├── pC_wlswindowsprivilegedaccess.md │ │ │ ├── pC_xml104.md │ │ │ ├── pC_xml1102.md │ │ │ ├── pC_xml11021.md │ │ │ ├── pC_xml1149.md │ │ │ ├── pC_xml1310.md │ │ │ ├── pC_xml4622.md │ │ │ ├── pC_xml4624.md │ │ │ ├── pC_xml46241.md │ │ │ ├── pC_xml4625.md │ │ │ ├── pC_xml46251.md │ │ │ ├── pC_xml4648.md │ │ │ ├── pC_xml4649.md │ │ │ ├── pC_xml4657.md │ │ │ ├── pC_xml4662.md │ │ │ ├── pC_xml4662jp.md │ │ │ ├── pC_xml4663.md │ │ │ ├── pC_xml4672.md │ │ │ ├── pC_xml4673.md │ │ │ ├── pC_xml4674.md │ │ │ ├── pC_xml46741.md │ │ │ ├── pC_xml4688.md │ │ │ ├── pC_xml4719.md │ │ │ ├── pC_xml4738.md │ │ │ ├── pC_xml4739.md │ │ │ ├── pC_xml4742jp.md │ │ │ ├── pC_xml4767.md │ │ │ ├── pC_xml4768.md │ │ │ ├── pC_xml4769.md │ │ │ ├── pC_xml47691.md │ │ │ ├── pC_xml4776.md │ │ │ ├── pC_xml4778.md │ │ │ ├── pC_xml4779.md │ │ │ ├── pC_xml4800.md │ │ │ ├── pC_xml4801.md │ │ │ ├── pC_xml4825.md │ │ │ ├── pC_xml5136.md │ │ │ ├── pC_xml5137.md │ │ │ ├── pC_xml5138.md │ │ │ ├── pC_xml5139.md │ │ │ ├── pC_xml5140.md │ │ │ ├── pC_xml5141.md │ │ │ ├── pC_xml5143.md │ │ │ ├── pC_xml5144.md │ │ │ ├── pC_xml5145.md │ │ │ ├── pC_xml51451.md │ │ │ ├── pC_xml5156.md │ │ │ ├── pC_xml5157.md │ │ │ ├── pC_xml5158.md │ │ │ ├── pC_xml5478.md │ │ │ ├── pC_xml5861.md │ │ │ ├── pC_xml6272.md │ │ │ ├── pC_xmlmemberremoved2008.md │ │ │ ├── pC_xmlnpslogon.md │ │ │ └── pC_xmlpowershell4104.md │ │ ├── RM │ │ │ ├── r_m_microsoft_windows_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_microsoft_windows_Account_Manipulation.md │ │ │ ├── r_m_microsoft_windows_Audit_Tampering.md │ │ │ ├── r_m_microsoft_windows_Brute_Force_Attack.md │ │ │ ├── r_m_microsoft_windows_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_windows_Cryptomining.md │ │ │ ├── r_m_microsoft_windows_Data_Access.md │ │ │ ├── r_m_microsoft_windows_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_windows_Data_Leak.md │ │ │ ├── r_m_microsoft_windows_Destruction_of_Data.md │ │ │ ├── r_m_microsoft_windows_Evasion.md │ │ │ ├── r_m_microsoft_windows_Lateral_Movement.md │ │ │ ├── r_m_microsoft_windows_Malware.md │ │ │ ├── r_m_microsoft_windows_Phishing.md │ │ │ ├── r_m_microsoft_windows_Physical_Security.md │ │ │ ├── r_m_microsoft_windows_Privilege_Abuse.md │ │ │ ├── r_m_microsoft_windows_Privilege_Escalation.md │ │ │ ├── r_m_microsoft_windows_Privileged_Activity.md │ │ │ └── r_m_microsoft_windows_Ransomware.md │ │ └── ds_microsoft_windows.md │ ├── Windows_DNSServer │ │ ├── Ps │ │ │ ├── pC_jsonmicrosoftdnsquery.md │ │ │ └── pC_xmlmicrosoftdnsquery.md │ │ ├── RM │ │ │ └── r_m_microsoft_windows_dnsserver_Malware.md │ │ └── ds_microsoft_windows_dnsserver.md │ ├── Windows_Defender │ │ ├── 2_ds_microsoft_windows_defender.md │ │ ├── Ps │ │ │ ├── pC_cefwindowsdefender.md │ │ │ ├── pC_forefronteppcefalert.md │ │ │ ├── pC_jsonmicrosoftscepeppalert.md │ │ │ ├── pC_microsoftscepeppalert.md │ │ │ ├── pC_microsoftscepsecurityalert.md │ │ │ ├── pC_rawscepalert.md │ │ │ ├── pC_rawscepeppalert.md │ │ │ ├── pC_rawscepeppalertcsv.md │ │ │ ├── pC_so365dlpalert.md │ │ │ ├── pC_so365dlpalert1.md │ │ │ ├── pC_so365dlpalert2.md │ │ │ ├── pC_sscepeppalert.md │ │ │ └── pC_windefmaldetect.md │ │ ├── RM │ │ │ ├── r_m_microsoft_windows_defender_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_windows_defender_Data_Exfiltration.md │ │ │ ├── r_m_microsoft_windows_defender_Data_Leak.md │ │ │ ├── r_m_microsoft_windows_defender_Lateral_Movement.md │ │ │ ├── r_m_microsoft_windows_defender_Malware.md │ │ │ └── r_m_microsoft_windows_defender_Privileged_Activity.md │ │ └── ds_microsoft_windows_defender.md │ ├── Windows_Defender_Application_Control │ │ ├── Ps │ │ │ └── pC_wdacsecurityalert3089.md │ │ ├── RM │ │ │ ├── r_m_microsoft_windows_defender_application_control_Compromised_Credentials.md │ │ │ ├── r_m_microsoft_windows_defender_application_control_Lateral_Movement.md │ │ │ ├── r_m_microsoft_windows_defender_application_control_Malware.md │ │ │ └── r_m_microsoft_windows_defender_application_control_Privileged_Activity.md │ │ └── ds_microsoft_windows_defender_application_control.md │ └── Windows_PrintService │ │ ├── Ps │ │ ├── pC_cefmicrosoftprintactivity.md │ │ ├── pC_microsoftprintactivity.md │ │ ├── pC_microsoftprintactivity1.md │ │ ├── pC_microsoftprintactivity2.md │ │ ├── pC_qmicrosoftprintactivity.md │ │ ├── pC_smicrosoftprintactivity.md │ │ ├── pC_smicrosoftprintactivity1.md │ │ ├── pC_syslogmicrosoftprintactivity.md │ │ └── pC_syslogmicrosoftprintactivity1.md │ │ ├── RM │ │ ├── r_m_microsoft_windows_printservice_Abnormal_Authentication_&_Access.md │ │ └── r_m_microsoft_windows_printservice_Data_Leak.md │ │ └── ds_microsoft_windows_printservice.md ├── Mimecast │ ├── Email_Security │ │ ├── 2_ds_mimecast_email_security.md │ │ ├── Ps │ │ │ ├── pC_cefmimecastdlpemail.md │ │ │ ├── pC_cefmimecastemailalert.md │ │ │ ├── pC_cefmimecastemailalert1.md │ │ │ ├── pC_cefmimecastemailalert2.md │ │ │ ├── pC_cefmimecastemailalert3.md │ │ │ ├── pC_cefmimecastfailedapplogin.md │ │ │ ├── pC_cefmimecastmessageview.md │ │ │ ├── pC_cefmimecastsecurityalert.md │ │ │ ├── pC_cefskyformationmimecastlogin.md │ │ │ ├── pC_smimecastappactivity.md │ │ │ ├── pC_smimecastappactivity1.md │ │ │ ├── pC_smimecastapplogin.md │ │ │ ├── pC_smimecastdlpemail.md │ │ │ └── pC_smimecastdlpemail1.md │ │ ├── RM │ │ │ ├── r_m_mimecast_email_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_mimecast_email_security_Account_Manipulation.md │ │ │ ├── r_m_mimecast_email_security_Compromised_Credentials.md │ │ │ ├── r_m_mimecast_email_security_Data_Access.md │ │ │ ├── r_m_mimecast_email_security_Data_Leak.md │ │ │ ├── r_m_mimecast_email_security_Lateral_Movement.md │ │ │ ├── r_m_mimecast_email_security_Malware.md │ │ │ ├── r_m_mimecast_email_security_Phishing.md │ │ │ ├── r_m_mimecast_email_security_Privilege_Abuse.md │ │ │ ├── r_m_mimecast_email_security_Privilege_Escalation.md │ │ │ ├── r_m_mimecast_email_security_Privileged_Activity.md │ │ │ ├── r_m_mimecast_email_security_Ransomware.md │ │ │ └── r_m_mimecast_email_security_Workforce_Protection.md │ │ └── ds_mimecast_email_security.md │ └── Targeted_Threat_Protection_-_URL │ │ ├── Ps │ │ └── pC_cefmimecastwebactivity.md │ │ ├── RM │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Abnormal_Authentication_&_Access.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Compromised_Credentials.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Cryptomining.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Data_Exfiltration.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Data_Leak.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Lateral_Movement.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Malware.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Phishing.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Privilege_Abuse.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Privileged_Activity.md │ │ ├── r_m_mimecast_targeted_threat_protection_-_url_Ransomware.md │ │ └── r_m_mimecast_targeted_threat_protection_-_url_Workforce_Protection.md │ │ └── ds_mimecast_targeted_threat_protection_-_url.md ├── MobileIron │ └── MobileIron │ │ ├── Ps │ │ └── pC_mobileironsecurityalert.md │ │ ├── RM │ │ ├── r_m_mobileiron_mobileiron_Compromised_Credentials.md │ │ ├── r_m_mobileiron_mobileiron_Lateral_Movement.md │ │ ├── r_m_mobileiron_mobileiron_Malware.md │ │ └── r_m_mobileiron_mobileiron_Privileged_Activity.md │ │ └── ds_mobileiron_mobileiron.md ├── MongoDB │ └── MongoDB │ │ ├── Ps │ │ ├── pC_mongodbdatabaseupdate.md │ │ └── pC_mongodbdatabaseupdate1.md │ │ ├── RM │ │ └── r_m_mongodb_mongodb_Enrichment.md │ │ └── ds_mongodb_mongodb.md ├── Morphisec │ └── Morphisec_EPTP │ │ ├── Ps │ │ ├── pC_smorphisecsecurityalert.md │ │ └── pC_syslogmorphisecsecurityalert.md │ │ ├── RM │ │ ├── r_m_morphisec_morphisec_eptp_Compromised_Credentials.md │ │ ├── r_m_morphisec_morphisec_eptp_Lateral_Movement.md │ │ ├── r_m_morphisec_morphisec_eptp_Malware.md │ │ └── r_m_morphisec_morphisec_eptp_Privileged_Activity.md │ │ └── ds_morphisec_morphisec_eptp.md ├── Mvision │ └── Mvision │ │ ├── Ps │ │ ├── pC_smvisiondlpalert.md │ │ ├── pC_smvisiondlpalert1.md │ │ ├── pC_smvisiondlpalert2.md │ │ ├── pC_smvisiondlpalert3.md │ │ ├── pC_smvisiondlpalert4.md │ │ └── pC_smvisiondlpalert5.md │ │ ├── RM │ │ ├── r_m_mvision_mvision_Data_Exfiltration.md │ │ ├── r_m_mvision_mvision_Data_Leak.md │ │ └── r_m_mvision_mvision_Malware.md │ │ └── ds_mvision_mvision.md ├── Mysql │ └── Mysql │ │ ├── Ps │ │ ├── pC_mysqldbactivityjson.md │ │ ├── pC_syslogmysqldbquery.md │ │ └── pC_syslogmysqldbwrite.md │ │ ├── RM │ │ ├── r_m_mysql_mysql_Compromised_Credentials.md │ │ └── r_m_mysql_mysql_Data_Access.md │ │ └── ds_mysql_mysql.md ├── N3K │ └── N3K │ │ ├── Ps │ │ └── pC_sn3kdhcp.md │ │ ├── RM │ │ └── r_m_n3k_n3k_Enrichment.md │ │ └── ds_n3k_n3k.md ├── NCP │ └── NCP │ │ ├── Ps │ │ ├── pC_ncpauthfailed.md │ │ ├── pC_ncpvpnend.md │ │ └── pC_ncpvpnstart.md │ │ ├── RM │ │ ├── r_m_ncp_ncp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ncp_ncp_Account_Manipulation.md │ │ ├── r_m_ncp_ncp_Brute_Force_Attack.md │ │ ├── r_m_ncp_ncp_Compromised_Credentials.md │ │ ├── r_m_ncp_ncp_Data_Access.md │ │ ├── r_m_ncp_ncp_Data_Exfiltration.md │ │ ├── r_m_ncp_ncp_Data_Leak.md │ │ ├── r_m_ncp_ncp_Lateral_Movement.md │ │ ├── r_m_ncp_ncp_Malware.md │ │ ├── r_m_ncp_ncp_Phishing.md │ │ ├── r_m_ncp_ncp_Physical_Security.md │ │ ├── r_m_ncp_ncp_Privilege_Abuse.md │ │ ├── r_m_ncp_ncp_Privilege_Escalation.md │ │ └── r_m_ncp_ncp_Ransomware.md │ │ └── ds_ncp_ncp.md ├── NNT │ └── NNT_ChangeTracker │ │ ├── Ps │ │ └── pC_nntctapplogin.md │ │ ├── RM │ │ ├── r_m_nnt_nnt_changetracker_Abnormal_Authentication_&_Access.md │ │ ├── r_m_nnt_nnt_changetracker_Compromised_Credentials.md │ │ ├── r_m_nnt_nnt_changetracker_Data_Access.md │ │ ├── r_m_nnt_nnt_changetracker_Lateral_Movement.md │ │ ├── r_m_nnt_nnt_changetracker_Malware.md │ │ ├── r_m_nnt_nnt_changetracker_Privilege_Abuse.md │ │ ├── r_m_nnt_nnt_changetracker_Privileged_Activity.md │ │ └── r_m_nnt_nnt_changetracker_Ransomware.md │ │ └── ds_nnt_nnt_changetracker.md ├── Namespace_rDirectory │ └── Namespace_rDirectory │ │ ├── Ps │ │ ├── pC_rdirectoryaccountcreated.md │ │ ├── pC_rdirectoryaccountdeleted.md │ │ ├── pC_rdirectoryaccountdisable.md │ │ ├── pC_rdirectoryaccountenable.md │ │ ├── pC_rdirectorymemberadded.md │ │ ├── pC_rdirectoryobjectmodification.md │ │ └── pC_rdirectorypasswordchange.md │ │ ├── RM │ │ ├── r_m_namespace_rdirectory_namespace_rdirectory_Abnormal_Authentication_&_Access.md │ │ ├── r_m_namespace_rdirectory_namespace_rdirectory_Account_Manipulation.md │ │ ├── r_m_namespace_rdirectory_namespace_rdirectory_Compromised_Credentials.md │ │ ├── r_m_namespace_rdirectory_namespace_rdirectory_Privilege_Abuse.md │ │ └── r_m_namespace_rdirectory_namespace_rdirectory_Privileged_Activity.md │ │ └── ds_namespace_rdirectory_namespace_rdirectory.md ├── Nasuni │ └── Nasuni │ │ ├── 2_ds_nasuni_nasuni.md │ │ ├── Ps │ │ ├── pC_snasunifiledelete.md │ │ ├── pC_snasunifiledelete1.md │ │ ├── pC_snasunifilepermissionchange.md │ │ ├── pC_snasunifilepermissionchange1.md │ │ ├── pC_snasunifilepermissionchange2.md │ │ ├── pC_snasunifilewrite.md │ │ ├── pC_snasunifilewrite1.md │ │ └── pC_snasunifilewrite2.md │ │ ├── RM │ │ ├── r_m_nasuni_nasuni_Compromised_Credentials.md │ │ ├── r_m_nasuni_nasuni_Data_Access.md │ │ ├── r_m_nasuni_nasuni_Data_Exfiltration.md │ │ ├── r_m_nasuni_nasuni_Data_Leak.md │ │ ├── r_m_nasuni_nasuni_Destruction_of_Data.md │ │ ├── r_m_nasuni_nasuni_Malware.md │ │ ├── r_m_nasuni_nasuni_Privilege_Abuse.md │ │ ├── r_m_nasuni_nasuni_Privileged_Activity.md │ │ └── r_m_nasuni_nasuni_Ransomware.md │ │ └── ds_nasuni_nasuni.md ├── NetApp │ └── NetApp │ │ ├── 2_ds_netapp_netapp.md │ │ ├── Ps │ │ ├── pC_cefnetappfiledelete.md │ │ ├── pC_cefnetappfiledelete2.md │ │ ├── pC_cefnetappfileoperations1.md │ │ ├── pC_cefnetappfileread.md │ │ ├── pC_cefnetappfileread2.md │ │ ├── pC_cefnetappfileupdates.md │ │ ├── pC_sxml4656netapp.md │ │ └── pC_sxml4660netapp.md │ │ ├── RM │ │ ├── r_m_netapp_netapp_Compromised_Credentials.md │ │ ├── r_m_netapp_netapp_Data_Access.md │ │ ├── r_m_netapp_netapp_Data_Exfiltration.md │ │ ├── r_m_netapp_netapp_Data_Leak.md │ │ ├── r_m_netapp_netapp_Destruction_of_Data.md │ │ ├── r_m_netapp_netapp_Malware.md │ │ ├── r_m_netapp_netapp_Privilege_Abuse.md │ │ ├── r_m_netapp_netapp_Privileged_Activity.md │ │ └── r_m_netapp_netapp_Ransomware.md │ │ └── ds_netapp_netapp.md ├── NetDocs │ └── NetDocs │ │ ├── 2_ds_netdocs_netdocs.md │ │ ├── Ps │ │ ├── pC_netdocappactivity1.md │ │ ├── pC_netdocsappactivity.md │ │ └── pC_netdocsfileoperations.md │ │ ├── RM │ │ ├── r_m_netdocs_netdocs_Abnormal_Authentication_&_Access.md │ │ ├── r_m_netdocs_netdocs_Account_Manipulation.md │ │ ├── r_m_netdocs_netdocs_Compromised_Credentials.md │ │ ├── r_m_netdocs_netdocs_Data_Access.md │ │ ├── r_m_netdocs_netdocs_Data_Exfiltration.md │ │ ├── r_m_netdocs_netdocs_Data_Leak.md │ │ ├── r_m_netdocs_netdocs_Destruction_of_Data.md │ │ ├── r_m_netdocs_netdocs_Lateral_Movement.md │ │ ├── r_m_netdocs_netdocs_Malware.md │ │ ├── r_m_netdocs_netdocs_Privilege_Abuse.md │ │ ├── r_m_netdocs_netdocs_Privilege_Escalation.md │ │ ├── r_m_netdocs_netdocs_Privileged_Activity.md │ │ └── r_m_netdocs_netdocs_Ransomware.md │ │ └── ds_netdocs_netdocs.md ├── NetIQ │ └── NetIQ │ │ ├── Ps │ │ └── pC_netiqapplogin.md │ │ ├── RM │ │ ├── r_m_netiq_netiq_Abnormal_Authentication_&_Access.md │ │ ├── r_m_netiq_netiq_Compromised_Credentials.md │ │ ├── r_m_netiq_netiq_Data_Access.md │ │ ├── r_m_netiq_netiq_Lateral_Movement.md │ │ ├── r_m_netiq_netiq_Malware.md │ │ ├── r_m_netiq_netiq_Privilege_Abuse.md │ │ ├── r_m_netiq_netiq_Privileged_Activity.md │ │ └── r_m_netiq_netiq_Ransomware.md │ │ └── ds_netiq_netiq.md ├── NetMotion_Wireless │ └── NetMotion_Wireless │ │ ├── Ps │ │ ├── pC_netmotionvpnend.md │ │ ├── pC_netmotionvpnend1.md │ │ ├── pC_netmotionvpnfinish1.md │ │ ├── pC_netmotionvpnstart.md │ │ ├── pC_netmotionvpnstart1.md │ │ └── pC_netmotionvpnstop1.md │ │ ├── RM │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Abnormal_Authentication_&_Access.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Account_Manipulation.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Brute_Force_Attack.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Compromised_Credentials.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Data_Access.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Data_Exfiltration.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Data_Leak.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Lateral_Movement.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Malware.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Phishing.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Physical_Security.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Privilege_Abuse.md │ │ ├── r_m_netmotion_wireless_netmotion_wireless_Privilege_Escalation.md │ │ └── r_m_netmotion_wireless_netmotion_wireless_Ransomware.md │ │ └── ds_netmotion_wireless_netmotion_wireless.md ├── Netskope │ └── Security_Cloud │ │ ├── 2_ds_netskope_security_cloud.md │ │ ├── Ps │ │ ├── pC_cefnetskopealert.md │ │ ├── pC_cefnetskopealert1.md │ │ ├── pC_cefnetskopealert2.md │ │ ├── pC_cefnetskopealertanomaly.md │ │ ├── pC_cefnetskopealertcompromise.md │ │ ├── pC_cefnetskopealertmalsite.md │ │ ├── pC_cefnetskopealertpolicy.md │ │ ├── pC_cefnetskopealertpolicy1.md │ │ ├── pC_cefnetskopeappactivity1.md │ │ ├── pC_cefnetskopeappactivity10.md │ │ ├── pC_cefnetskopeappactivity11.md │ │ ├── pC_cefnetskopeappactivity12.md │ │ ├── pC_cefnetskopeappactivity13.md │ │ ├── pC_cefnetskopeappactivity14.md │ │ ├── pC_cefnetskopeappactivity15.md │ │ ├── pC_cefnetskopeappactivity16.md │ │ ├── pC_cefnetskopeappactivity17.md │ │ ├── pC_cefnetskopeappactivity18.md │ │ ├── pC_cefnetskopeappactivity19.md │ │ ├── pC_cefnetskopeappactivity2.md │ │ ├── pC_cefnetskopeappactivity22.md │ │ ├── pC_cefnetskopeappactivity23.md │ │ ├── pC_cefnetskopeappactivity24.md │ │ ├── pC_cefnetskopeappactivity25.md │ │ ├── pC_cefnetskopeappactivity26.md │ │ ├── pC_cefnetskopeappactivity27.md │ │ ├── pC_cefnetskopeappactivity28.md │ │ ├── pC_cefnetskopeappactivity29.md │ │ ├── pC_cefnetskopeappactivity3.md │ │ ├── pC_cefnetskopeappactivity31.md │ │ ├── pC_cefnetskopeappactivity33.md │ │ ├── pC_cefnetskopeappactivity34.md │ │ ├── pC_cefnetskopeappactivity35.md │ │ ├── pC_cefnetskopeappactivity36.md │ │ ├── pC_cefnetskopeappactivity37.md │ │ ├── pC_cefnetskopeappactivity38.md │ │ ├── pC_cefnetskopeappactivity4.md │ │ ├── pC_cefnetskopeappactivity40.md │ │ ├── pC_cefnetskopeappactivity41.md │ │ ├── pC_cefnetskopeappactivity42.md │ │ ├── pC_cefnetskopeappactivity43.md │ │ ├── pC_cefnetskopeappactivity44.md │ │ ├── pC_cefnetskopeappactivity45.md │ │ ├── pC_cefnetskopeappactivity46.md │ │ ├── pC_cefnetskopeappactivity47.md │ │ ├── pC_cefnetskopeappactivity48.md │ │ ├── pC_cefnetskopeappactivity49.md │ │ ├── pC_cefnetskopeappactivity5.md │ │ ├── pC_cefnetskopeappactivity50.md │ │ ├── pC_cefnetskopeappactivity51.md │ │ ├── pC_cefnetskopeappactivity6.md │ │ ├── pC_cefnetskopeappactivity7.md │ │ ├── pC_cefnetskopeappactivity8.md │ │ ├── pC_cefnetskopeappactivity9.md │ │ ├── pC_cefnetskopeapplogin1.md │ │ ├── pC_cefnetskopeapplogin2.md │ │ ├── pC_cefnetskopedlpalert.md │ │ ├── pC_cefnetskopedlpalert1.md │ │ ├── pC_cefnetskopedlpalert3.md │ │ ├── pC_cefnetskopedlpalert4.md │ │ ├── pC_cefnetskopedlpemailalert1.md │ │ ├── pC_cefnetskopefailedapplogin.md │ │ ├── pC_cefnetskopefileoperation6.md │ │ ├── pC_cefnetskopewebactivity.md │ │ ├── pC_cefnetskopewebactivity1.md │ │ ├── pC_cefnetskopewebpolicy.md │ │ ├── pC_cefnetskopewebpolicy1.md │ │ ├── pC_jsonnetskopeappactivity17.md │ │ ├── pC_jsonnetskopeappactivity18.md │ │ ├── pC_jsonnetskopeapplogin.md │ │ ├── pC_jsonnetskopefailedapplogin.md │ │ ├── pC_netscopedlpalertactivity.md │ │ ├── pC_netskopeactivity.md │ │ ├── pC_netskopealert.md │ │ ├── pC_netskopeappactivity.md │ │ ├── pC_netskopeappactivity1.md │ │ ├── pC_netskopeappactivity2.md │ │ ├── pC_netskopedlpalert.md │ │ ├── pC_netskopedlpalert2.md │ │ ├── pC_netskopelogin.md │ │ ├── pC_netskopelogin1.md │ │ ├── pC_netskopenetworkconnection.md │ │ ├── pC_netskopesecurityalert.md │ │ ├── pC_netskopesecurityalert1.md │ │ ├── pC_netskopewebactivity.md │ │ ├── pC_snetskopeactivity.md │ │ └── pC_snetskopelogin.md │ │ ├── RM │ │ ├── r_m_netskope_security_cloud_Abnormal_Authentication_&_Access.md │ │ ├── r_m_netskope_security_cloud_Account_Manipulation.md │ │ ├── r_m_netskope_security_cloud_Compromised_Credentials.md │ │ ├── r_m_netskope_security_cloud_Cryptomining.md │ │ ├── r_m_netskope_security_cloud_Data_Access.md │ │ ├── r_m_netskope_security_cloud_Data_Exfiltration.md │ │ ├── r_m_netskope_security_cloud_Data_Leak.md │ │ ├── r_m_netskope_security_cloud_Destruction_of_Data.md │ │ ├── r_m_netskope_security_cloud_Lateral_Movement.md │ │ ├── r_m_netskope_security_cloud_Malware.md │ │ ├── r_m_netskope_security_cloud_Phishing.md │ │ ├── r_m_netskope_security_cloud_Privilege_Abuse.md │ │ ├── r_m_netskope_security_cloud_Privilege_Escalation.md │ │ ├── r_m_netskope_security_cloud_Privileged_Activity.md │ │ ├── r_m_netskope_security_cloud_Ransomware.md │ │ └── r_m_netskope_security_cloud_Workforce_Protection.md │ │ └── ds_netskope_security_cloud.md ├── Netwrix │ └── Netwrix_Auditor │ │ ├── 2_ds_netwrix_netwrix_auditor.md │ │ ├── Ps │ │ ├── pC_netwrixadaccountdisabled.md │ │ ├── pC_netwrixadaccountlockout.md │ │ ├── pC_netwrixadaccountunlocked.md │ │ ├── pC_netwrixaddsaccess.md │ │ ├── pC_netwrixadmemberadded.md │ │ ├── pC_netwrixadmemberadded2.md │ │ ├── pC_netwrixadmemberremoved.md │ │ ├── pC_netwrixadpasswordreset.md │ │ ├── pC_netwrixappactivity1.md │ │ ├── pC_netwrixappactivity2.md │ │ ├── pC_netwrixappactivity3.md │ │ ├── pC_netwrixappactivity4.md │ │ ├── pC_netwrixappactivity5.md │ │ ├── pC_netwrixapplogin.md │ │ ├── pC_netwrixdbactivity.md │ │ ├── pC_netwrixfailedapplogin.md │ │ ├── pC_netwrixfileactivity.md │ │ └── pC_netwrixgrouppolicychange.md │ │ ├── RM │ │ ├── r_m_netwrix_netwrix_auditor_Abnormal_Authentication_&_Access.md │ │ ├── r_m_netwrix_netwrix_auditor_Account_Manipulation.md │ │ ├── r_m_netwrix_netwrix_auditor_Brute_Force_Attack.md │ │ ├── r_m_netwrix_netwrix_auditor_Compromised_Credentials.md │ │ ├── r_m_netwrix_netwrix_auditor_Data_Access.md │ │ ├── r_m_netwrix_netwrix_auditor_Data_Exfiltration.md │ │ ├── r_m_netwrix_netwrix_auditor_Data_Leak.md │ │ ├── r_m_netwrix_netwrix_auditor_Destruction_of_Data.md │ │ ├── r_m_netwrix_netwrix_auditor_Lateral_Movement.md │ │ ├── r_m_netwrix_netwrix_auditor_Malware.md │ │ ├── r_m_netwrix_netwrix_auditor_Privilege_Abuse.md │ │ ├── r_m_netwrix_netwrix_auditor_Privilege_Escalation.md │ │ ├── r_m_netwrix_netwrix_auditor_Privileged_Activity.md │ │ └── r_m_netwrix_netwrix_auditor_Ransomware.md │ │ └── ds_netwrix_netwrix_auditor.md ├── Nexthink │ └── Nexthink │ │ ├── Ps │ │ ├── pC_nexthinksecurityalert.md │ │ └── pC_nexthinksecurityalert1.md │ │ ├── RM │ │ ├── r_m_nexthink_nexthink_Compromised_Credentials.md │ │ ├── r_m_nexthink_nexthink_Lateral_Movement.md │ │ ├── r_m_nexthink_nexthink_Malware.md │ │ └── r_m_nexthink_nexthink_Privileged_Activity.md │ │ └── ds_nexthink_nexthink.md ├── Nokia_VitalQIP │ └── Nokia_VitalQIP │ │ ├── Ps │ │ ├── pC_cefqipdhcp.md │ │ ├── pC_nokiavitalqipcomputerlogon.md │ │ ├── pC_nokiavitalqipcomputerlogon1.md │ │ ├── pC_qqipdhcp.md │ │ └── pC_syslogqipdhcp.md │ │ ├── RM │ │ └── r_m_nokia_vitalqip_nokia_vitalqip_Enrichment.md │ │ └── ds_nokia_vitalqip_nokia_vitalqip.md ├── Nortel_Contivity │ └── Nortel_Contivity_VPN │ │ ├── Ps │ │ ├── pC_contivityvpnend.md │ │ └── pC_contivityvpnstart.md │ │ ├── RM │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Abnormal_Authentication_&_Access.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Account_Manipulation.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Brute_Force_Attack.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Compromised_Credentials.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Data_Access.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Data_Exfiltration.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Data_Leak.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Lateral_Movement.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Malware.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Phishing.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Physical_Security.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Privilege_Abuse.md │ │ ├── r_m_nortel_contivity_nortel_contivity_vpn_Privilege_Escalation.md │ │ └── r_m_nortel_contivity_nortel_contivity_vpn_Ransomware.md │ │ └── ds_nortel_contivity_nortel_contivity_vpn.md ├── Novell │ └── eDirectory │ │ ├── Ps │ │ ├── pC_cefedirectoryaccountdisabled.md │ │ ├── pC_cefedirectoryaccountenabled.md │ │ ├── pC_cefedirectoryaccountpasswordchange.md │ │ ├── pC_cefedirectoryaccountunlocked.md │ │ ├── pC_cefedirectoryauth1.md │ │ ├── pC_cefedirectoryauth2.md │ │ └── pC_cefedirectorysecurityalert.md │ │ ├── RM │ │ ├── r_m_novell_edirectory_Abnormal_Authentication_&_Access.md │ │ ├── r_m_novell_edirectory_Account_Manipulation.md │ │ ├── r_m_novell_edirectory_Compromised_Credentials.md │ │ ├── r_m_novell_edirectory_Lateral_Movement.md │ │ ├── r_m_novell_edirectory_Malware.md │ │ ├── r_m_novell_edirectory_Privilege_Abuse.md │ │ ├── r_m_novell_edirectory_Privileged_Activity.md │ │ └── r_m_novell_edirectory_Ransomware.md │ │ └── ds_novell_edirectory.md ├── Nozomi_Networks │ └── Guardian │ │ ├── Ps │ │ └── pC_cefnozomiguardiansecurityalert.md │ │ ├── RM │ │ ├── r_m_nozomi_networks_guardian_Compromised_Credentials.md │ │ ├── r_m_nozomi_networks_guardian_Lateral_Movement.md │ │ ├── r_m_nozomi_networks_guardian_Malware.md │ │ └── r_m_nozomi_networks_guardian_Privileged_Activity.md │ │ └── ds_nozomi_networks_guardian.md ├── Nutanix │ └── Nutanix_Files │ │ ├── Ps │ │ ├── pC_nutanixfiledelete.md │ │ ├── pC_nutanixfileread.md │ │ ├── pC_nutanixfilewrite.md │ │ ├── pC_nutanixfilewrite1.md │ │ ├── pC_nutanixfilewrite2.md │ │ └── pC_nutanixfilewrite3.md │ │ ├── RM │ │ ├── r_m_nutanix_nutanix_files_Compromised_Credentials.md │ │ ├── r_m_nutanix_nutanix_files_Data_Access.md │ │ ├── r_m_nutanix_nutanix_files_Data_Exfiltration.md │ │ ├── r_m_nutanix_nutanix_files_Data_Leak.md │ │ ├── r_m_nutanix_nutanix_files_Destruction_of_Data.md │ │ ├── r_m_nutanix_nutanix_files_Malware.md │ │ ├── r_m_nutanix_nutanix_files_Privilege_Abuse.md │ │ ├── r_m_nutanix_nutanix_files_Privileged_Activity.md │ │ └── r_m_nutanix_nutanix_files_Ransomware.md │ │ └── ds_nutanix_nutanix_files.md ├── OSSEC │ └── OSSEC │ │ ├── Ps │ │ ├── pC_ossecsecurityalert1.md │ │ ├── pC_ossecsecurityalert2.md │ │ └── pC_wazuhossecrootcheckalert.md │ │ ├── RM │ │ ├── r_m_ossec_ossec_Compromised_Credentials.md │ │ ├── r_m_ossec_ossec_Lateral_Movement.md │ │ ├── r_m_ossec_ossec_Malware.md │ │ └── r_m_ossec_ossec_Privileged_Activity.md │ │ └── ds_ossec_ossec.md ├── ObserveIT │ └── ObserveIT │ │ ├── 2_ds_observeit_observeit.md │ │ ├── Ps │ │ ├── pC_cefobserveitappactivity.md │ │ ├── pC_cefobserveitsecurityalert.md │ │ ├── pC_observeitalerts.md │ │ ├── pC_observeitauditlogins.md │ │ ├── pC_observeitdbaactivity.md │ │ ├── pC_observeitsessions.md │ │ └── pC_observeituseractivity.md │ │ ├── RM │ │ ├── r_m_observeit_observeit_Abnormal_Authentication_&_Access.md │ │ ├── r_m_observeit_observeit_Account_Manipulation.md │ │ ├── r_m_observeit_observeit_Audit_Tampering.md │ │ ├── r_m_observeit_observeit_Compromised_Credentials.md │ │ ├── r_m_observeit_observeit_Cryptomining.md │ │ ├── r_m_observeit_observeit_Data_Access.md │ │ ├── r_m_observeit_observeit_Data_Exfiltration.md │ │ ├── r_m_observeit_observeit_Data_Leak.md │ │ ├── r_m_observeit_observeit_Evasion.md │ │ ├── r_m_observeit_observeit_Lateral_Movement.md │ │ ├── r_m_observeit_observeit_Malware.md │ │ ├── r_m_observeit_observeit_Phishing.md │ │ ├── r_m_observeit_observeit_Privilege_Abuse.md │ │ ├── r_m_observeit_observeit_Privilege_Escalation.md │ │ ├── r_m_observeit_observeit_Privileged_Activity.md │ │ └── r_m_observeit_observeit_Ransomware.md │ │ └── ds_observeit_observeit.md ├── Okta │ └── Okta_Adaptive_MFA │ │ ├── 2_ds_okta_okta_adaptive_mfa.md │ │ ├── Ps │ │ ├── pC_cefoktaaccountpasswordreset.md │ │ ├── pC_cefoktaaccountunlocked.md │ │ ├── pC_cefoktaappactivity.md │ │ ├── pC_cefoktaapplogin.md │ │ ├── pC_cefoktaapplogin1.md │ │ ├── pC_cefoktalogsappactivity.md │ │ ├── pC_cefoktalogsappalert.md │ │ ├── pC_cefoktalogsauthentication.md │ │ ├── pC_cefoktamemberadded.md │ │ ├── pC_jsonoktaaccountlockout.md │ │ ├── pC_jsonoktaapplogin.md │ │ ├── pC_jsonoktaapplogin1.md │ │ ├── pC_jsonoktaauthenticationfailed3.md │ │ ├── pC_jsonoktaauthenticationfailed4.md │ │ ├── pC_jsonoktaauthenticationfailed5.md │ │ ├── pC_jsonoktaauthenticationsuccess.md │ │ ├── pC_jsonoktafailedapplogin1.md │ │ ├── pC_jsonoktafailedapplogin2.md │ │ ├── pC_jsonoktafailedapplogin4.md │ │ ├── pC_jsonoktafailedapplogin5.md │ │ ├── pC_jsonoktafailedapplogin6.md │ │ ├── pC_jsonoktamemberadded.md │ │ ├── pC_jsonoktasecurityalert.md │ │ ├── pC_oktaaccountcreation.md │ │ ├── pC_oktaaccountenabled.md │ │ ├── pC_oktaaccountpasswordchange.md │ │ ├── pC_oktaappactivity.md │ │ ├── pC_oktaappactivity1.md │ │ ├── pC_oktaappactivityad.md │ │ ├── pC_oktaapplogin.md │ │ ├── pC_oktaapplogin1.md │ │ ├── pC_oktafailedapplogin.md │ │ ├── pC_oktamemberremoved.md │ │ ├── pC_qoktaappactivity.md │ │ ├── pC_qoktaapplogin.md │ │ ├── pC_qoktaapplogin1.md │ │ ├── pC_qoktaapplogin2.md │ │ ├── pC_qoktaapplogin3.md │ │ ├── pC_qoktaapplogin4.md │ │ ├── pC_qoktaapplogin5.md │ │ ├── pC_qoktaapplogin6.md │ │ ├── pC_qoktafailedapplogin.md │ │ ├── pC_qoktafailedapplogin1.md │ │ ├── pC_qoktafailedapplogin2.md │ │ ├── pC_soktaappactivity.md │ │ ├── pC_soktaapplogin.md │ │ ├── pC_soktaapplogin1.md │ │ ├── pC_soktaapplogin2.md │ │ ├── pC_soktaapplogin3.md │ │ ├── pC_soktaapplogin4.md │ │ ├── pC_soktafailedapplogin.md │ │ ├── pC_soktafailedlogin4.md │ │ ├── pC_uoktaapplogin.md │ │ └── pC_uoktafailedapplogin.md │ │ ├── RM │ │ ├── r_m_okta_okta_adaptive_mfa_Abnormal_Authentication_&_Access.md │ │ ├── r_m_okta_okta_adaptive_mfa_Account_Manipulation.md │ │ ├── r_m_okta_okta_adaptive_mfa_Brute_Force_Attack.md │ │ ├── r_m_okta_okta_adaptive_mfa_Compromised_Credentials.md │ │ ├── r_m_okta_okta_adaptive_mfa_Data_Access.md │ │ ├── r_m_okta_okta_adaptive_mfa_Data_Leak.md │ │ ├── r_m_okta_okta_adaptive_mfa_Lateral_Movement.md │ │ ├── r_m_okta_okta_adaptive_mfa_Malware.md │ │ ├── r_m_okta_okta_adaptive_mfa_Privilege_Abuse.md │ │ ├── r_m_okta_okta_adaptive_mfa_Privilege_Escalation.md │ │ ├── r_m_okta_okta_adaptive_mfa_Privileged_Activity.md │ │ └── r_m_okta_okta_adaptive_mfa_Ransomware.md │ │ └── ds_okta_okta_adaptive_mfa.md ├── Onapsis │ └── Onapsis │ │ ├── Ps │ │ ├── pC_cefonapsisapplogin.md │ │ ├── pC_cefonapsisfailedapplogin.md │ │ ├── pC_cefonapsissecurityalert.md │ │ └── pC_onapsisdbop.md │ │ ├── RM │ │ ├── r_m_onapsis_onapsis_Abnormal_Authentication_&_Access.md │ │ ├── r_m_onapsis_onapsis_Compromised_Credentials.md │ │ ├── r_m_onapsis_onapsis_Data_Access.md │ │ ├── r_m_onapsis_onapsis_Lateral_Movement.md │ │ ├── r_m_onapsis_onapsis_Malware.md │ │ ├── r_m_onapsis_onapsis_Privilege_Abuse.md │ │ ├── r_m_onapsis_onapsis_Privileged_Activity.md │ │ └── r_m_onapsis_onapsis_Ransomware.md │ │ └── ds_onapsis_onapsis.md ├── OneLogin │ └── OneLogin │ │ ├── 2_ds_onelogin_onelogin.md │ │ ├── Ps │ │ ├── pC_cefoneloginappactivity.md │ │ ├── pC_oneloginappactivity.md │ │ └── pC_soneloginappactivity.md │ │ ├── RM │ │ ├── r_m_onelogin_onelogin_Abnormal_Authentication_&_Access.md │ │ ├── r_m_onelogin_onelogin_Account_Manipulation.md │ │ ├── r_m_onelogin_onelogin_Compromised_Credentials.md │ │ ├── r_m_onelogin_onelogin_Data_Access.md │ │ ├── r_m_onelogin_onelogin_Data_Leak.md │ │ ├── r_m_onelogin_onelogin_Lateral_Movement.md │ │ ├── r_m_onelogin_onelogin_Malware.md │ │ ├── r_m_onelogin_onelogin_Privilege_Abuse.md │ │ ├── r_m_onelogin_onelogin_Privilege_Escalation.md │ │ ├── r_m_onelogin_onelogin_Privileged_Activity.md │ │ └── r_m_onelogin_onelogin_Ransomware.md │ │ └── ds_onelogin_onelogin.md ├── OneSpan │ ├── Digipass │ │ ├── Ps │ │ │ ├── pC_digipassapplogin.md │ │ │ ├── pC_digipassnacfailedlogon.md │ │ │ ├── pC_digipassnaclogon.md │ │ │ └── pC_digipassnaclogon2.md │ │ ├── RM │ │ │ ├── r_m_onespan_digipass_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_onespan_digipass_Compromised_Credentials.md │ │ │ ├── r_m_onespan_digipass_Data_Access.md │ │ │ ├── r_m_onespan_digipass_Lateral_Movement.md │ │ │ ├── r_m_onespan_digipass_Malware.md │ │ │ ├── r_m_onespan_digipass_Privilege_Abuse.md │ │ │ ├── r_m_onespan_digipass_Privileged_Activity.md │ │ │ └── r_m_onespan_digipass_Ransomware.md │ │ └── ds_onespan_digipass.md │ └── OneSpan │ │ ├── Ps │ │ └── pC_onespanfailedlogon.md │ │ ├── RM │ │ ├── r_m_onespan_onespan_Abnormal_Authentication_&_Access.md │ │ ├── r_m_onespan_onespan_Brute_Force_Attack.md │ │ ├── r_m_onespan_onespan_Compromised_Credentials.md │ │ ├── r_m_onespan_onespan_Lateral_Movement.md │ │ ├── r_m_onespan_onespan_Malware.md │ │ ├── r_m_onespan_onespan_Privilege_Abuse.md │ │ ├── r_m_onespan_onespan_Privilege_Escalation.md │ │ ├── r_m_onespan_onespan_Privileged_Activity.md │ │ └── r_m_onespan_onespan_Ransomware.md │ │ └── ds_onespan_onespan.md ├── OneWelcome │ └── OneWelcome │ │ ├── 2_ds_onewelcome_onewelcome.md │ │ ├── Ps │ │ ├── pC_onewelcomeauthenticationfailed.md │ │ ├── pC_onewelcomeauthenticationfailed1.md │ │ ├── pC_onewelcomeauthenticationfailed2.md │ │ ├── pC_onewelcomeauthenticationfailed3.md │ │ ├── pC_onewelcomeauthenticationfailed4.md │ │ ├── pC_onewelcomeauthenticationfailed5.md │ │ ├── pC_onewelcomeauthenticationsuccessful.md │ │ ├── pC_onewelcomeauthenticationsuccessful1.md │ │ └── pC_onewelcomeauthenticationsuccessful2.md │ │ ├── RM │ │ ├── r_m_onewelcome_onewelcome_Abnormal_Authentication_&_Access.md │ │ ├── r_m_onewelcome_onewelcome_Compromised_Credentials.md │ │ ├── r_m_onewelcome_onewelcome_Lateral_Movement.md │ │ ├── r_m_onewelcome_onewelcome_Malware.md │ │ └── r_m_onewelcome_onewelcome_Ransomware.md │ │ └── ds_onewelcome_onewelcome.md ├── OpenDJ │ └── OpenDJ_LDAP │ │ ├── Ps │ │ └── pC_opendjauthuid.md │ │ ├── RM │ │ ├── r_m_opendj_opendj_ldap_Abnormal_Authentication_&_Access.md │ │ ├── r_m_opendj_opendj_ldap_Compromised_Credentials.md │ │ ├── r_m_opendj_opendj_ldap_Lateral_Movement.md │ │ ├── r_m_opendj_opendj_ldap_Malware.md │ │ └── r_m_opendj_opendj_ldap_Ransomware.md │ │ └── ds_opendj_opendj_ldap.md ├── Oracle │ ├── AVDF │ │ ├── Ps │ │ │ ├── pC_oracleavdfdatabaselogin.md │ │ │ └── pC_oracleavdfdatabasequery.md │ │ ├── RM │ │ │ ├── r_m_oracle_avdf_Compromised_Credentials.md │ │ │ └── r_m_oracle_avdf_Data_Access.md │ │ └── ds_oracle_avdf.md │ ├── Access_Manager │ │ ├── 2_ds_oracle_access_manager.md │ │ ├── Ps │ │ │ ├── pC_oracleaccessmanager.md │ │ │ ├── pC_qoamappactivity10.md │ │ │ ├── pC_qoamappactivity11.md │ │ │ ├── pC_qoamappactivity12.md │ │ │ ├── pC_qoamappactivity2.md │ │ │ ├── pC_qoamappactivity3.md │ │ │ ├── pC_qoamappactivity4.md │ │ │ ├── pC_qoamappactivity5.md │ │ │ ├── pC_qoamappactivity6.md │ │ │ ├── pC_qoamappactivity7.md │ │ │ ├── pC_qoamappactivity8.md │ │ │ ├── pC_qoamappactivity9.md │ │ │ ├── pC_qoamapplogin.md │ │ │ ├── pC_qoamauthsuccessful.md │ │ │ ├── pC_soamapplogin.md │ │ │ └── pC_soamapplogin1.md │ │ ├── RM │ │ │ ├── r_m_oracle_access_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_oracle_access_manager_Account_Manipulation.md │ │ │ ├── r_m_oracle_access_manager_Compromised_Credentials.md │ │ │ ├── r_m_oracle_access_manager_Data_Access.md │ │ │ ├── r_m_oracle_access_manager_Data_Leak.md │ │ │ ├── r_m_oracle_access_manager_Lateral_Movement.md │ │ │ ├── r_m_oracle_access_manager_Malware.md │ │ │ ├── r_m_oracle_access_manager_Privilege_Abuse.md │ │ │ ├── r_m_oracle_access_manager_Privilege_Escalation.md │ │ │ ├── r_m_oracle_access_manager_Privileged_Activity.md │ │ │ └── r_m_oracle_access_manager_Ransomware.md │ │ └── ds_oracle_access_manager.md │ ├── Oracle_Database │ │ ├── Ps │ │ │ ├── pC_ceforacledbdelete.md │ │ │ ├── pC_ceforacledbquery.md │ │ │ ├── pC_ceforacledbupdate.md │ │ │ ├── pC_cefsyslogoracledblogin.md │ │ │ ├── pC_cefsyslogoracledbquery.md │ │ │ ├── pC_oracledatabaseaccess1.md │ │ │ ├── pC_oracledatabasedelete.md │ │ │ ├── pC_oracledatabaselogin.md │ │ │ ├── pC_oracledatabasequery4.md │ │ │ ├── pC_oracledbaccess.md │ │ │ ├── pC_oracledbaccess1.md │ │ │ ├── pC_oracledbaccess2.md │ │ │ ├── pC_oracledbinsert.md │ │ │ ├── pC_oracledblogin.md │ │ │ ├── pC_oracledblogin1.md │ │ │ ├── pC_oracledblogin2.md │ │ │ ├── pC_oracledblogin3.md │ │ │ ├── pC_oracledbquery.md │ │ │ ├── pC_oracledbquery1.md │ │ │ ├── pC_oracledbquery2.md │ │ │ ├── pC_oracledbquery3.md │ │ │ ├── pC_oracledbquery4.md │ │ │ ├── pC_oracledbquery5.md │ │ │ ├── pC_oracledbupdate.md │ │ │ ├── pC_oracledbupdate1.md │ │ │ ├── pC_qoracledblogin.md │ │ │ ├── pC_qoracledbquery.md │ │ │ ├── pC_siebeldbquery.md │ │ │ ├── pC_soracledbactivity2.md │ │ │ ├── pC_soracledbexecute1.md │ │ │ ├── pC_soracledblogin.md │ │ │ ├── pC_soracledblogin1.md │ │ │ ├── pC_soracledblogin2.md │ │ │ ├── pC_soracledblogon.md │ │ │ ├── pC_soracledbquery.md │ │ │ └── pC_soracledbselect1.md │ │ ├── RM │ │ │ ├── r_m_oracle_oracle_database_Compromised_Credentials.md │ │ │ └── r_m_oracle_oracle_database_Data_Access.md │ │ └── ds_oracle_oracle_database.md │ ├── Public_Cloud │ │ ├── Ps │ │ │ └── pC_oraclepubliccloudnetflowconnection.md │ │ ├── RM │ │ │ ├── r_m_oracle_public_cloud_Compromised_Credentials.md │ │ │ ├── r_m_oracle_public_cloud_Data_Exfiltration.md │ │ │ ├── r_m_oracle_public_cloud_Lateral_Movement.md │ │ │ └── r_m_oracle_public_cloud_Malware.md │ │ └── ds_oracle_public_cloud.md │ └── Solaris │ │ ├── Ps │ │ └── pC_solarisauditprocess.md │ │ ├── RM │ │ ├── r_m_oracle_solaris_Account_Manipulation.md │ │ ├── r_m_oracle_solaris_Audit_Tampering.md │ │ ├── r_m_oracle_solaris_Compromised_Credentials.md │ │ ├── r_m_oracle_solaris_Cryptomining.md │ │ ├── r_m_oracle_solaris_Data_Access.md │ │ ├── r_m_oracle_solaris_Data_Exfiltration.md │ │ ├── r_m_oracle_solaris_Evasion.md │ │ ├── r_m_oracle_solaris_Lateral_Movement.md │ │ ├── r_m_oracle_solaris_Malware.md │ │ ├── r_m_oracle_solaris_Phishing.md │ │ ├── r_m_oracle_solaris_Privilege_Abuse.md │ │ ├── r_m_oracle_solaris_Privilege_Escalation.md │ │ ├── r_m_oracle_solaris_Privileged_Activity.md │ │ └── r_m_oracle_solaris_Ransomware.md │ │ └── ds_oracle_solaris.md ├── Ordr │ └── Ordr_SCE │ │ ├── Ps │ │ └── pC_ordrjsonalert.md │ │ ├── RM │ │ ├── r_m_ordr_ordr_sce_Compromised_Credentials.md │ │ └── r_m_ordr_ordr_sce_Malware.md │ │ └── ds_ordr_ordr_sce.md ├── Osirium │ └── Osirium │ │ ├── Ps │ │ └── pC_osiriumapplogin.md │ │ ├── RM │ │ ├── r_m_osirium_osirium_Abnormal_Authentication_&_Access.md │ │ ├── r_m_osirium_osirium_Compromised_Credentials.md │ │ ├── r_m_osirium_osirium_Data_Access.md │ │ ├── r_m_osirium_osirium_Lateral_Movement.md │ │ ├── r_m_osirium_osirium_Malware.md │ │ ├── r_m_osirium_osirium_Privilege_Abuse.md │ │ ├── r_m_osirium_osirium_Privileged_Activity.md │ │ └── r_m_osirium_osirium_Ransomware.md │ │ └── ds_osirium_osirium.md ├── Palo_Alto_Networks │ ├── Cortex_XDR │ │ ├── Ps │ │ │ ├── pC_cefcortexxdralert.md │ │ │ ├── pC_cefcortexxdralert1.md │ │ │ ├── pC_cortexxdrappactivity.md │ │ │ └── pC_paloaltocortexxdralert.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Account_Manipulation.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Data_Access.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Data_Leak.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Malware.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Privilege_Abuse.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Privilege_Escalation.md │ │ │ ├── r_m_palo_alto_networks_cortex_xdr_Privileged_Activity.md │ │ │ └── r_m_palo_alto_networks_cortex_xdr_Ransomware.md │ │ └── ds_palo_alto_networks_cortex_xdr.md │ ├── GlobalProtect │ │ ├── 2_ds_palo_alto_networks_globalprotect.md │ │ ├── Ps │ │ │ ├── pC_cefpaloaltofirewallglobalprotect.md │ │ │ ├── pC_cefpaloaltouseridlogin.md │ │ │ ├── pC_cefpanauthfailed.md │ │ │ ├── pC_cefpanauthsuccessful.md │ │ │ ├── pC_cefpanfailedlogon.md │ │ │ ├── pC_cefpangpvpnend.md │ │ │ ├── pC_cefpangpvpnlogin.md │ │ │ ├── pC_cefpangpvpnlogin1.md │ │ │ ├── pC_cefpangpvpnlogin2.md │ │ │ ├── pC_cefpangpvpnlogin3.md │ │ │ ├── pC_cefpangpvpnstart.md │ │ │ ├── pC_cefpangpvpnstart1.md │ │ │ ├── pC_cefpanremotelogon.md │ │ │ ├── pC_cefpanvpnend.md │ │ │ ├── pC_cefpanvpnloginfailed.md │ │ │ ├── pC_cefpanvpnloginfailed1.md │ │ │ ├── pC_cefpanvpnsetip.md │ │ │ ├── pC_cefpanvpnstart.md │ │ │ ├── pC_leefpaloaltoappactivity.md │ │ │ ├── pC_leefpaloaltoappactivity1.md │ │ │ ├── pC_leefpaloaltoappactivity2.md │ │ │ ├── pC_leefpaloaltovpnend.md │ │ │ ├── pC_leefpaloaltovpnlogin.md │ │ │ ├── pC_leefpaloaltovpnlogin1.md │ │ │ ├── pC_leefpaloaltovpnstart.md │ │ │ ├── pC_leefpanvpnlogout.md │ │ │ ├── pC_leefpanvpnstart.md │ │ │ ├── pC_paloaltoappactivity.md │ │ │ ├── pC_paloaltoappactivity1.md │ │ │ ├── pC_paloaltoappactivity2.md │ │ │ ├── pC_paloaltoappactivity3.md │ │ │ ├── pC_paloaltoappactivity4.md │ │ │ ├── pC_paloaltoappactivity5.md │ │ │ ├── pC_paloaltoappactivity6.md │ │ │ ├── pC_paloaltoappactivity7.md │ │ │ ├── pC_paloaltonetworksleefsetip.md │ │ │ ├── pC_paloaltonetworksleefvpnlogin.md │ │ │ ├── pC_paloaltonetworkssetip.md │ │ │ ├── pC_paloaltovpnend.md │ │ │ ├── pC_paloaltovpnend1.md │ │ │ ├── pC_paloaltovpnlogin.md │ │ │ ├── pC_paloaltovpnlogin1.md │ │ │ ├── pC_paloaltovpnlogin2.md │ │ │ ├── pC_paloaltovpnlogin3.md │ │ │ ├── pC_paloaltovpnlogin4.md │ │ │ ├── pC_paloaltovpnlogin5.md │ │ │ ├── pC_paloaltovpnlogin6.md │ │ │ ├── pC_paloaltovpnlogin7.md │ │ │ ├── pC_paloaltovpnlogin8.md │ │ │ ├── pC_paloaltovpnstart.md │ │ │ ├── pC_paloaltovpnstart1.md │ │ │ ├── pC_panauthenticationuseridlogin.md │ │ │ ├── pC_panauthfailed.md │ │ │ ├── pC_panauthfailed1.md │ │ │ ├── pC_panauthsuccessful.md │ │ │ ├── pC_panauthsuccessful2.md │ │ │ ├── pC_panazureauthsuccessful.md │ │ │ ├── pC_panfailedvpnlogin.md │ │ │ ├── pC_panvpnlogin1.md │ │ │ ├── pC_panvpnlogin2.md │ │ │ ├── pC_panvpnloginfailed.md │ │ │ ├── pC_panvpnlogout.md │ │ │ ├── pC_panvpnlogout1.md │ │ │ ├── pC_panvpnlogout2.md │ │ │ ├── pC_qpanvpnsetip.md │ │ │ ├── pC_qpanvpnstart.md │ │ │ ├── pC_rawpanfailedvpnlogin.md │ │ │ ├── pC_rawpanvpnappactivity.md │ │ │ ├── pC_rawpanvpnend.md │ │ │ ├── pC_rawpanvpnend2.md │ │ │ ├── pC_rawpanvpnlogin.md │ │ │ ├── pC_rawpanvpnlogin1.md │ │ │ ├── pC_rawpanvpnsetip.md │ │ │ ├── pC_rawpanvpnstart.md │ │ │ ├── pC_rawpanvpnstart2.md │ │ │ └── pC_spanvpnstart1.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_globalprotect_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Account_Manipulation.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Brute_Force_Attack.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Data_Access.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Data_Exfiltration.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Data_Leak.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Malware.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Phishing.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Physical_Security.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Privilege_Abuse.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Privilege_Escalation.md │ │ │ ├── r_m_palo_alto_networks_globalprotect_Privileged_Activity.md │ │ │ └── r_m_palo_alto_networks_globalprotect_Ransomware.md │ │ └── ds_palo_alto_networks_globalprotect.md │ ├── Magnifier │ │ ├── Ps │ │ │ └── pC_ceflightcyberalert.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_magnifier_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_magnifier_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_magnifier_Malware.md │ │ │ └── r_m_palo_alto_networks_magnifier_Privileged_Activity.md │ │ └── ds_palo_alto_networks_magnifier.md │ ├── NGFW │ │ ├── 2_ds_palo_alto_networks_ngfw.md │ │ ├── Ps │ │ │ ├── pC_cefpaloaltofirewall.md │ │ │ ├── pC_cefpaloaltonetworksfirewallallow.md │ │ │ ├── pC_cefpaloaltonetworksfirewallconnection.md │ │ │ ├── pC_cefpaloaltonetworksfirewallconnection1.md │ │ │ ├── pC_cefpaloaltonetworksfirewalldeny.md │ │ │ ├── pC_cefpaloaltonetworksfirewalldrop.md │ │ │ ├── pC_cefpaloaltonetworksfirewalldrop1.md │ │ │ ├── pC_cefpaloaltonetworksfirewallend.md │ │ │ ├── pC_cefpaloaltonetworksfirewallend1.md │ │ │ ├── pC_cefpaloaltonetworkssecurityalert.md │ │ │ ├── pC_cefpaloaltonetworkssecurityalert1.md │ │ │ ├── pC_cefpaloaltonetworkssetip.md │ │ │ ├── pC_cefpaloaltonetworksvulnerabilityalert.md │ │ │ ├── pC_cefpannetworkalert1.md │ │ │ ├── pC_cefpanproxy.md │ │ │ ├── pC_jsonpaloaltofirewalltrafficdrop.md │ │ │ ├── pC_jsonpaloaltongfwnetworkconnection.md │ │ │ ├── pC_jsonpanfilealert.md │ │ │ ├── pC_leefpaloaltofirewallalert.md │ │ │ ├── pC_leefpaloaltofirewallallow.md │ │ │ ├── pC_leefpaloaltofirewalldeny.md │ │ │ ├── pC_leefpaloaltofirewalldeny1.md │ │ │ ├── pC_leefpaloaltofirewalldrop.md │ │ │ ├── pC_leefpanauthenticationfailed.md │ │ │ ├── pC_leefpanauthenticationsuccessful.md │ │ │ ├── pC_leefpanauthenticationsuccessful1.md │ │ │ ├── pC_leefpanproxy.md │ │ │ ├── pC_leefpanremotelogon.md │ │ │ ├── pC_lpanfilealert.md │ │ │ ├── pC_lpanscanalert.md │ │ │ ├── pC_lpanvulnerabilityalert.md │ │ │ ├── pC_lpanvulnerabilityalert1.md │ │ │ ├── pC_paloaltofirewallalert1.md │ │ │ ├── pC_paloaltofirewallallow.md │ │ │ ├── pC_paloaltofirewallallow1.md │ │ │ ├── pC_paloaltofirewallallow2.md │ │ │ ├── pC_paloaltofirewallallow3.md │ │ │ ├── pC_paloaltofirewalldeny.md │ │ │ ├── pC_paloaltofirewalldeny1.md │ │ │ ├── pC_paloaltofirewalldrop.md │ │ │ ├── pC_paloaltofirewalldrop1.md │ │ │ ├── pC_paloaltofirewalltrafficdeny.md │ │ │ ├── pC_paloaltofirewalltrafficdrop.md │ │ │ ├── pC_paloaltofirewalltrafficdrop1.md │ │ │ ├── pC_paloaltonetworkconnection.md │ │ │ ├── pC_paloaltongfwnetworkconnection.md │ │ │ ├── pC_paloaltongfwsourcestopped.md │ │ │ ├── pC_paloaltowebactivity.md │ │ │ ├── pC_paloaltowebactivity1.md │ │ │ ├── pC_panconfigchange.md │ │ │ ├── pC_pandataalert.md │ │ │ ├── pC_panfilealert.md │ │ │ ├── pC_panfloodalert.md │ │ │ ├── pC_panfwpacketlogs.md │ │ │ ├── pC_panleefnetworkalert.md │ │ │ ├── pC_panpacketnetworkconnection.md │ │ │ ├── pC_panproxy.md │ │ │ ├── pC_panremotelogon.md │ │ │ ├── pC_panspywarealert.md │ │ │ ├── pC_panurlalert.md │ │ │ ├── pC_panvirusalert.md │ │ │ ├── pC_panvirusalert1.md │ │ │ ├── pC_panvulnerabilityalert.md │ │ │ ├── pC_panvulnerabilityalert2.md │ │ │ ├── pC_panwildfirealert1.md │ │ │ └── pC_spanngwfspywarealert.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_ngfw_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Cryptomining.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Data_Exfiltration.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Data_Leak.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Malware.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Phishing.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Physical_Security.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Privilege_Abuse.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Privilege_Escalation.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Privileged_Activity.md │ │ │ ├── r_m_palo_alto_networks_ngfw_Ransomware.md │ │ │ └── r_m_palo_alto_networks_ngfw_Workforce_Protection.md │ │ └── ds_palo_alto_networks_ngfw.md │ ├── Palo_Alto_Aperture │ │ ├── 2_ds_palo_alto_networks_palo_alto_aperture.md │ │ ├── Ps │ │ │ ├── pC_paloaltoappactivity1.md │ │ │ ├── pC_paloaltoappactivity2.md │ │ │ ├── pC_paloaltoapplogin1.md │ │ │ ├── pC_paloaltodlpalert.md │ │ │ ├── pC_paloaltodlpalert1.md │ │ │ ├── pC_paloaltofileoperations.md │ │ │ ├── pC_spanincidentalert.md │ │ │ ├── pC_spannetworksfileactivity.md │ │ │ ├── pC_spanpolicyviolationalert.md │ │ │ └── pC_spansecurityalert.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Account_Manipulation.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Data_Access.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Data_Exfiltration.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Data_Leak.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Destruction_of_Data.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Malware.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Privilege_Abuse.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Privilege_Escalation.md │ │ │ ├── r_m_palo_alto_networks_palo_alto_aperture_Privileged_Activity.md │ │ │ └── r_m_palo_alto_networks_palo_alto_aperture_Ransomware.md │ │ └── ds_palo_alto_networks_palo_alto_aperture.md │ ├── Prisma_Cloud │ │ ├── Ps │ │ │ ├── pC_jsonprismasecurityalert.md │ │ │ ├── pC_skyformationprismasecurityalert.md │ │ │ └── pC_skyformationprismasecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_prisma_cloud_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_prisma_cloud_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_prisma_cloud_Malware.md │ │ │ └── r_m_palo_alto_networks_prisma_cloud_Privileged_Activity.md │ │ └── ds_palo_alto_networks_prisma_cloud.md │ ├── Traps │ │ ├── Ps │ │ │ ├── pC_cefpantrapsalert.md │ │ │ ├── pC_pantrapsalert.md │ │ │ └── pC_spantrapsalert.md │ │ ├── RM │ │ │ ├── r_m_palo_alto_networks_traps_Compromised_Credentials.md │ │ │ ├── r_m_palo_alto_networks_traps_Lateral_Movement.md │ │ │ ├── r_m_palo_alto_networks_traps_Malware.md │ │ │ └── r_m_palo_alto_networks_traps_Privileged_Activity.md │ │ └── ds_palo_alto_networks_traps.md │ └── WildFire │ │ ├── 2_ds_palo_alto_networks_wildfire.md │ │ ├── Ps │ │ ├── pC_leefpanspywarealert.md │ │ ├── pC_leefpanvirusalert.md │ │ ├── pC_leefpanvulnerabilityalert.md │ │ ├── pC_leefpanwildfirealert.md │ │ ├── pC_panalert.md │ │ ├── pC_panalert1.md │ │ ├── pC_pancefalert.md │ │ ├── pC_pancefalert1.md │ │ ├── pC_pancefalert2.md │ │ ├── pC_pancefalert3.md │ │ ├── pC_pancefalert5.md │ │ ├── pC_pancefalert6.md │ │ ├── pC_pancefalert7.md │ │ ├── pC_qpanleefalert.md │ │ └── pC_spancorrelationalert.md │ │ ├── RM │ │ ├── r_m_palo_alto_networks_wildfire_Compromised_Credentials.md │ │ ├── r_m_palo_alto_networks_wildfire_Data_Exfiltration.md │ │ ├── r_m_palo_alto_networks_wildfire_Lateral_Movement.md │ │ ├── r_m_palo_alto_networks_wildfire_Malware.md │ │ ├── r_m_palo_alto_networks_wildfire_Privilege_Abuse.md │ │ └── r_m_palo_alto_networks_wildfire_Privileged_Activity.md │ │ └── ds_palo_alto_networks_wildfire.md ├── Paxton │ └── NET2DOOR │ │ ├── Ps │ │ ├── pC_paxtonbadgeaccess.md │ │ └── pC_snet2doorbadgeaccess.md │ │ ├── RM │ │ ├── r_m_paxton_net2door_Abnormal_Authentication_&_Access.md │ │ ├── r_m_paxton_net2door_Physical_Security.md │ │ └── r_m_paxton_net2door_Privileged_Activity.md │ │ └── ds_paxton_net2door.md ├── Perforce │ └── Perforce │ │ ├── Ps │ │ ├── pC_perforceappactivity.md │ │ └── pC_perforceappactivity1.md │ │ ├── RM │ │ ├── r_m_perforce_perforce_Abnormal_Authentication_&_Access.md │ │ ├── r_m_perforce_perforce_Account_Manipulation.md │ │ ├── r_m_perforce_perforce_Compromised_Credentials.md │ │ ├── r_m_perforce_perforce_Data_Access.md │ │ ├── r_m_perforce_perforce_Data_Leak.md │ │ ├── r_m_perforce_perforce_Lateral_Movement.md │ │ ├── r_m_perforce_perforce_Malware.md │ │ ├── r_m_perforce_perforce_Privilege_Abuse.md │ │ ├── r_m_perforce_perforce_Privilege_Escalation.md │ │ ├── r_m_perforce_perforce_Privileged_Activity.md │ │ └── r_m_perforce_perforce_Ransomware.md │ │ └── ds_perforce_perforce.md ├── Phantom │ └── Phantom │ │ ├── Ps │ │ └── pC_sphantomdlpemailin.md │ │ ├── RM │ │ ├── r_m_phantom_phantom_Malware.md │ │ ├── r_m_phantom_phantom_Privilege_Abuse.md │ │ └── r_m_phantom_phantom_Privileged_Activity.md │ │ └── ds_phantom_phantom.md ├── Pharos │ └── Pharos │ │ ├── Ps │ │ └── pC_spharosprintactivity.md │ │ ├── RM │ │ ├── r_m_pharos_pharos_Abnormal_Authentication_&_Access.md │ │ └── r_m_pharos_pharos_Data_Leak.md │ │ └── ds_pharos_pharos.md ├── PicturePerfect │ └── PicturePerfect │ │ ├── Ps │ │ └── pC_spictureperfectbadgeaccess.md │ │ ├── RM │ │ ├── r_m_pictureperfect_pictureperfect_Abnormal_Authentication_&_Access.md │ │ ├── r_m_pictureperfect_pictureperfect_Physical_Security.md │ │ └── r_m_pictureperfect_pictureperfect_Privileged_Activity.md │ │ └── ds_pictureperfect_pictureperfect.md ├── Ping_Identity │ ├── PingOne │ │ ├── Ps │ │ │ ├── pC_cefpingapplogin2.md │ │ │ ├── pC_cefpingauthsuccessful4.md │ │ │ ├── pC_cefpingauthsuccessful5.md │ │ │ ├── pC_cefpingfailedapplogin2.md │ │ │ └── pC_cefpingonevpnlogin.md │ │ ├── RM │ │ │ ├── r_m_ping_identity_pingone_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_ping_identity_pingone_Compromised_Credentials.md │ │ │ ├── r_m_ping_identity_pingone_Data_Access.md │ │ │ ├── r_m_ping_identity_pingone_Lateral_Movement.md │ │ │ ├── r_m_ping_identity_pingone_Malware.md │ │ │ ├── r_m_ping_identity_pingone_Physical_Security.md │ │ │ ├── r_m_ping_identity_pingone_Privilege_Abuse.md │ │ │ ├── r_m_ping_identity_pingone_Privileged_Activity.md │ │ │ └── r_m_ping_identity_pingone_Ransomware.md │ │ └── ds_ping_identity_pingone.md │ └── Ping_Identity │ │ ├── 2_ds_ping_identity_ping_identity.md │ │ ├── Ps │ │ ├── pC_cefpingapplogin.md │ │ ├── pC_cefpingapplogin1.md │ │ ├── pC_cefpingauthfailed.md │ │ ├── pC_cefpingauthfailed1.md │ │ ├── pC_cefpingauthfailed2.md │ │ ├── pC_cefpingauthfailed3.md │ │ ├── pC_cefpingauthsuccessful.md │ │ ├── pC_cefpingauthsuccessful1.md │ │ ├── pC_cefpingauthsuccessful2.md │ │ ├── pC_cefpingauthsuccessful3.md │ │ ├── pC_cefpingauthsuccessful6.md │ │ ├── pC_cefpingauthsuccessful7.md │ │ ├── pC_cefpingeventsskyformationappactivity.md │ │ ├── pC_cefpingeventsskyformationpassword.md │ │ ├── pC_cefpingeventsskyformationsso.md │ │ ├── pC_cefpingeventsskyformationssoidp.md │ │ ├── pC_cefpingeventsskyformationssosession.md │ │ ├── pC_cefpingfailedapplogin.md │ │ ├── pC_cefpingfailedapplogin1.md │ │ ├── pC_cefpingidauth.md │ │ ├── pC_jsonpingidauthfailed.md │ │ ├── pC_jsonpingidauthfailed1.md │ │ ├── pC_jsonpingidauthfailed2.md │ │ ├── pC_pingapplogin.md │ │ ├── pC_pingapplogin4.md │ │ ├── pC_pingauthenticationfailed.md │ │ ├── pC_pingauthenticationfailed1.md │ │ ├── pC_pingauthenticationsuccessful.md │ │ ├── pC_pingauthenticationsuccessful1.md │ │ ├── pC_pingauthfailed1.md │ │ ├── pC_pingauthfailed2.md │ │ ├── pC_pingauthfailed4.md │ │ ├── pC_pingauthfailed5.md │ │ ├── pC_pingauthsuccessful1.md │ │ ├── pC_pingauthsuccessful2.md │ │ ├── pC_pingauthsuccessful4.md │ │ ├── pC_pingauthsuccessful5.md │ │ ├── pC_pingauthsuccessful6.md │ │ ├── pC_pingauthsuccessful7.md │ │ ├── pC_pingauthsuccessful8.md │ │ ├── pC_pingfailedapplogin4.md │ │ ├── pC_pingfederateauth.md │ │ ├── pC_spingapplogin.md │ │ ├── pC_spingauthattempt4.md │ │ ├── pC_spingauthfailed.md │ │ ├── pC_spingauthsuccessful.md │ │ ├── pC_spingfailedapplogin.md │ │ ├── pC_spingsso.md │ │ └── pC_wazuhpingapplogin2.md │ │ ├── RM │ │ ├── r_m_ping_identity_ping_identity_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ping_identity_ping_identity_Account_Manipulation.md │ │ ├── r_m_ping_identity_ping_identity_Compromised_Credentials.md │ │ ├── r_m_ping_identity_ping_identity_Data_Access.md │ │ ├── r_m_ping_identity_ping_identity_Data_Leak.md │ │ ├── r_m_ping_identity_ping_identity_Lateral_Movement.md │ │ ├── r_m_ping_identity_ping_identity_Malware.md │ │ ├── r_m_ping_identity_ping_identity_Privilege_Abuse.md │ │ ├── r_m_ping_identity_ping_identity_Privilege_Escalation.md │ │ ├── r_m_ping_identity_ping_identity_Privileged_Activity.md │ │ └── r_m_ping_identity_ping_identity_Ransomware.md │ │ └── ds_ping_identity_ping_identity.md ├── Portnox │ └── Portnox_CLEAR │ │ ├── Ps │ │ ├── pC_portoxnacfailedlogon.md │ │ ├── pC_portoxnacfailedlogon1.md │ │ ├── pC_portoxnacfailedlogon2.md │ │ ├── pC_portoxnacfailedlogon3.md │ │ ├── pC_portoxnaclogon.md │ │ └── pC_portoxnaclogon1.md │ │ ├── RM │ │ ├── r_m_portnox_portnox_clear_Abnormal_Authentication_&_Access.md │ │ ├── r_m_portnox_portnox_clear_Compromised_Credentials.md │ │ └── r_m_portnox_portnox_clear_Lateral_Movement.md │ │ └── ds_portnox_portnox_clear.md ├── PostScript │ └── PostScript │ │ ├── Ps │ │ └── pC_cefpostscriptprintactivity.md │ │ ├── RM │ │ ├── r_m_postscript_postscript_Abnormal_Authentication_&_Access.md │ │ └── r_m_postscript_postscript_Data_Leak.md │ │ └── ds_postscript_postscript.md ├── Postfix │ └── Postfix │ │ ├── Ps │ │ ├── pC_postfixdlpemailfrom.md │ │ ├── pC_spostfixdlpemail.md │ │ └── pC_spostfixdlpemail1.md │ │ ├── RM │ │ ├── r_m_postfix_postfix_Data_Leak.md │ │ ├── r_m_postfix_postfix_Malware.md │ │ ├── r_m_postfix_postfix_Phishing.md │ │ ├── r_m_postfix_postfix_Privilege_Abuse.md │ │ ├── r_m_postfix_postfix_Privileged_Activity.md │ │ └── r_m_postfix_postfix_Workforce_Protection.md │ │ └── ds_postfix_postfix.md ├── PostgreSQL │ └── PostgreSQL │ │ ├── Ps │ │ ├── pC_cefpostgresqlaudit.md │ │ ├── pC_pgsqldbquery.md │ │ └── pC_postgresqldatabaselogin.md │ │ ├── RM │ │ ├── r_m_postgresql_postgresql_Compromised_Credentials.md │ │ └── r_m_postgresql_postgresql_Data_Access.md │ │ └── ds_postgresql_postgresql.md ├── PowerSentry │ └── PowerSentry │ │ ├── Ps │ │ ├── pC_powersentryappactivity.md │ │ ├── pC_powersentryapplogin.md │ │ └── pC_powersentryfailedlogin.md │ │ ├── RM │ │ ├── r_m_powersentry_powersentry_Abnormal_Authentication_&_Access.md │ │ ├── r_m_powersentry_powersentry_Account_Manipulation.md │ │ ├── r_m_powersentry_powersentry_Compromised_Credentials.md │ │ ├── r_m_powersentry_powersentry_Data_Access.md │ │ ├── r_m_powersentry_powersentry_Data_Leak.md │ │ ├── r_m_powersentry_powersentry_Lateral_Movement.md │ │ ├── r_m_powersentry_powersentry_Malware.md │ │ ├── r_m_powersentry_powersentry_Privilege_Abuse.md │ │ ├── r_m_powersentry_powersentry_Privilege_Escalation.md │ │ ├── r_m_powersentry_powersentry_Privileged_Activity.md │ │ └── r_m_powersentry_powersentry_Ransomware.md │ │ └── ds_powersentry_powersentry.md ├── Procad │ └── Pro.File_DMS │ │ ├── Ps │ │ └── pC_profileobject.md │ │ ├── RM │ │ ├── r_m_procad_pro.file_dms_Abnormal_Authentication_&_Access.md │ │ ├── r_m_procad_pro.file_dms_Account_Manipulation.md │ │ ├── r_m_procad_pro.file_dms_Compromised_Credentials.md │ │ ├── r_m_procad_pro.file_dms_Data_Access.md │ │ ├── r_m_procad_pro.file_dms_Data_Leak.md │ │ ├── r_m_procad_pro.file_dms_Lateral_Movement.md │ │ ├── r_m_procad_pro.file_dms_Malware.md │ │ ├── r_m_procad_pro.file_dms_Privilege_Abuse.md │ │ ├── r_m_procad_pro.file_dms_Privilege_Escalation.md │ │ ├── r_m_procad_pro.file_dms_Privileged_Activity.md │ │ └── r_m_procad_pro.file_dms_Ransomware.md │ │ └── ds_procad_pro.file_dms.md ├── Progress │ └── Progress_Database │ │ ├── Ps │ │ └── pC_progressdbremotelogon.md │ │ ├── RM │ │ ├── r_m_progress_progress_database_Abnormal_Authentication_&_Access.md │ │ ├── r_m_progress_progress_database_Compromised_Credentials.md │ │ ├── r_m_progress_progress_database_Lateral_Movement.md │ │ ├── r_m_progress_progress_database_Malware.md │ │ ├── r_m_progress_progress_database_Privilege_Abuse.md │ │ ├── r_m_progress_progress_database_Privilege_Escalation.md │ │ ├── r_m_progress_progress_database_Privileged_Activity.md │ │ └── r_m_progress_progress_database_Ransomware.md │ │ └── ds_progress_progress_database.md ├── Proofpoint │ ├── ObserveIT │ │ ├── Ps │ │ │ ├── pC_observeitdlpalert1.md │ │ │ ├── pC_observeitdlpalert2.md │ │ │ ├── pC_observeitsecurityalert1.md │ │ │ └── pC_observeitsecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_proofpoint_observeit_Compromised_Credentials.md │ │ │ ├── r_m_proofpoint_observeit_Data_Exfiltration.md │ │ │ ├── r_m_proofpoint_observeit_Data_Leak.md │ │ │ ├── r_m_proofpoint_observeit_Lateral_Movement.md │ │ │ ├── r_m_proofpoint_observeit_Malware.md │ │ │ └── r_m_proofpoint_observeit_Privileged_Activity.md │ │ └── ds_proofpoint_observeit.md │ ├── Proofpoint_CASB │ │ ├── Ps │ │ │ ├── pC_proofpointdlpalert.md │ │ │ ├── pC_proofpointsecurityalert.md │ │ │ └── pC_proofpointsecurityalert1.md │ │ ├── RM │ │ │ ├── r_m_proofpoint_proofpoint_casb_Compromised_Credentials.md │ │ │ ├── r_m_proofpoint_proofpoint_casb_Data_Exfiltration.md │ │ │ ├── r_m_proofpoint_proofpoint_casb_Data_Leak.md │ │ │ ├── r_m_proofpoint_proofpoint_casb_Lateral_Movement.md │ │ │ ├── r_m_proofpoint_proofpoint_casb_Malware.md │ │ │ └── r_m_proofpoint_proofpoint_casb_Privileged_Activity.md │ │ └── ds_proofpoint_proofpoint_casb.md │ ├── Proofpoint_DLP │ │ ├── Ps │ │ │ └── pC_proofpointm1.md │ │ ├── RM │ │ │ ├── r_m_proofpoint_proofpoint_dlp_Data_Leak.md │ │ │ ├── r_m_proofpoint_proofpoint_dlp_Malware.md │ │ │ ├── r_m_proofpoint_proofpoint_dlp_Phishing.md │ │ │ ├── r_m_proofpoint_proofpoint_dlp_Privilege_Abuse.md │ │ │ ├── r_m_proofpoint_proofpoint_dlp_Privileged_Activity.md │ │ │ └── r_m_proofpoint_proofpoint_dlp_Workforce_Protection.md │ │ └── ds_proofpoint_proofpoint_dlp.md │ ├── Proofpoint_Enterprise_Protection │ │ ├── 2_ds_proofpoint_proofpoint_enterprise_protection.md │ │ ├── Ps │ │ │ ├── pC_cefproofpointdlpalert1.md │ │ │ ├── pC_cefproofpointdlpalert2.md │ │ │ ├── pC_cefproofpointdlpalert3.md │ │ │ ├── pC_cefproofpointemailin1.md │ │ │ ├── pC_cefproofpointemailinfailed.md │ │ │ ├── pC_cefproofpointemailout.md │ │ │ ├── pC_cefproofpointemailoutfailed.md │ │ │ ├── pC_sproofpointemailalert4.md │ │ │ └── pC_sproofpointemailin2.md │ │ ├── RM │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Compromised_Credentials.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Data_Exfiltration.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Data_Leak.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Lateral_Movement.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Malware.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Phishing.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Privilege_Abuse.md │ │ │ ├── r_m_proofpoint_proofpoint_enterprise_protection_Privileged_Activity.md │ │ │ └── r_m_proofpoint_proofpoint_enterprise_protection_Workforce_Protection.md │ │ └── ds_proofpoint_proofpoint_enterprise_protection.md │ └── Proofpoint_TAP │ │ ├── 2_ds_proofpoint_proofpoint_tap.md │ │ ├── POD │ │ ├── 2_ds_proofpoint_proofpoint_tap_pod.md │ │ ├── Ps │ │ │ ├── pC_proofpointdlpemailfrom.md │ │ │ ├── pC_proofpointemail.md │ │ │ ├── pC_proofpointemail4.md │ │ │ ├── pC_proofpointemail5.md │ │ │ ├── pC_proofpointemail6.md │ │ │ └── pC_qproofpointemail.md │ │ ├── RM │ │ │ ├── r_m_proofpoint_proofpoint_tap_pod_Data_Leak.md │ │ │ ├── r_m_proofpoint_proofpoint_tap_pod_Malware.md │ │ │ ├── r_m_proofpoint_proofpoint_tap_pod_Phishing.md │ │ │ ├── r_m_proofpoint_proofpoint_tap_pod_Privilege_Abuse.md │ │ │ ├── r_m_proofpoint_proofpoint_tap_pod_Privileged_Activity.md │ │ │ └── r_m_proofpoint_proofpoint_tap_pod_Workforce_Protection.md │ │ └── ds_proofpoint_proofpoint_tap_pod.md │ │ ├── Ps │ │ ├── pC_cefproofpointemailin.md │ │ ├── pC_jsonsproofpointemailalert2.md │ │ ├── pC_proofpointemail1.md │ │ ├── pC_proofpointemail2.md │ │ ├── pC_proofpointemail3.md │ │ ├── pC_sproofpointemailalert2.md │ │ ├── pC_sproofpointemailalert3.md │ │ └── pC_sproofpointemailin.md │ │ ├── RM │ │ ├── r_m_proofpoint_proofpoint_tap_Data_Exfiltration.md │ │ ├── r_m_proofpoint_proofpoint_tap_Data_Leak.md │ │ ├── r_m_proofpoint_proofpoint_tap_Malware.md │ │ ├── r_m_proofpoint_proofpoint_tap_Phishing.md │ │ ├── r_m_proofpoint_proofpoint_tap_Privilege_Abuse.md │ │ ├── r_m_proofpoint_proofpoint_tap_Privileged_Activity.md │ │ └── r_m_proofpoint_proofpoint_tap_Workforce_Protection.md │ │ └── ds_proofpoint_proofpoint_tap.md ├── ProxySG │ └── ProxySG │ │ ├── Ps │ │ ├── pC_proxysgauthfailed1.md │ │ └── pC_proxysgauthfailed2.md │ │ ├── RM │ │ ├── r_m_proxysg_proxysg_Abnormal_Authentication_&_Access.md │ │ ├── r_m_proxysg_proxysg_Lateral_Movement.md │ │ └── r_m_proxysg_proxysg_Ransomware.md │ │ └── ds_proxysg_proxysg.md ├── QUSH │ └── Reveal │ │ ├── 2_ds_qush_reveal.md │ │ ├── Ps │ │ ├── pC_qushrevealdlpalert.md │ │ ├── pC_qushrevealfileupload.md │ │ ├── pC_qushrevealfileupload1.md │ │ ├── pC_qushrevealfilewrite.md │ │ ├── pC_qushrevealfilewrite1.md │ │ ├── pC_qushrevealnaclogon.md │ │ ├── pC_qushrevealprintactivity.md │ │ ├── pC_qushrevealremotelogon.md │ │ ├── pC_qushrevealusbinsert.md │ │ ├── pC_qushrevealwebactivity.md │ │ └── pC_qushrevealwebactivity1.md │ │ ├── RM │ │ ├── r_m_qush_reveal_Abnormal_Authentication_&_Access.md │ │ ├── r_m_qush_reveal_Compromised_Credentials.md │ │ ├── r_m_qush_reveal_Cryptomining.md │ │ ├── r_m_qush_reveal_Data_Access.md │ │ ├── r_m_qush_reveal_Data_Exfiltration.md │ │ ├── r_m_qush_reveal_Data_Leak.md │ │ ├── r_m_qush_reveal_Lateral_Movement.md │ │ ├── r_m_qush_reveal_Malware.md │ │ ├── r_m_qush_reveal_Phishing.md │ │ ├── r_m_qush_reveal_Privilege_Abuse.md │ │ ├── r_m_qush_reveal_Privilege_Escalation.md │ │ ├── r_m_qush_reveal_Privileged_Activity.md │ │ ├── r_m_qush_reveal_Ransomware.md │ │ └── r_m_qush_reveal_Workforce_Protection.md │ │ └── ds_qush_reveal.md ├── Qualys │ └── Qualys │ │ ├── Ps │ │ └── pC_qualyssecurityalert.md │ │ ├── RM │ │ ├── r_m_qualys_qualys_Compromised_Credentials.md │ │ ├── r_m_qualys_qualys_Lateral_Movement.md │ │ ├── r_m_qualys_qualys_Malware.md │ │ └── r_m_qualys_qualys_Privileged_Activity.md │ │ └── ds_qualys_qualys.md ├── Quest_InTrust │ └── Quest_InTrust │ │ ├── Ps │ │ └── pC_sintrustdns.md │ │ ├── RM │ │ └── r_m_quest_intrust_quest_intrust_Enrichment.md │ │ └── ds_quest_intrust_quest_intrust.md ├── Quest_Software │ └── Change_Auditor │ │ ├── 2_ds_quest_software_change_auditor.md │ │ ├── Ps │ │ ├── pC_qquestdirectoryaccess.md │ │ ├── pC_questaccountlocked.md │ │ ├── pC_questaccountunlocked.md │ │ ├── pC_questchangeaccountenabled.md │ │ ├── pC_questchangeaccountlockout.md │ │ ├── pC_questchangeaccountpasswordchange.md │ │ ├── pC_questchangeauditfilecreate.md │ │ ├── pC_questchangeauditfiledelete.md │ │ ├── pC_questchangeauditfilemove.md │ │ ├── pC_questchangeauditfileopen.md │ │ ├── pC_questchangeauditfilerename.md │ │ ├── pC_questchangeauditfilewrite.md │ │ ├── pC_questchangelocallogon.md │ │ ├── pC_questchangememberadded.md │ │ ├── pC_questchangememberadded1.md │ │ ├── pC_questchangememberadded2.md │ │ ├── pC_questchangememberremoved1.md │ │ ├── pC_questchangememberremoved2.md │ │ ├── pC_questchangememberremoved3.md │ │ ├── pC_questchangeremotelogon.md │ │ ├── pC_questmemberadded.md │ │ ├── pC_questmemberremoved1.md │ │ ├── pC_questpasswordchanged.md │ │ ├── pC_questpasswordchanged1.md │ │ ├── pC_squestdirectoryaccess.md │ │ └── pC_squestfailedlogon.md │ │ ├── RM │ │ ├── r_m_quest_software_change_auditor_Abnormal_Authentication_&_Access.md │ │ ├── r_m_quest_software_change_auditor_Account_Manipulation.md │ │ ├── r_m_quest_software_change_auditor_Brute_Force_Attack.md │ │ ├── r_m_quest_software_change_auditor_Compromised_Credentials.md │ │ ├── r_m_quest_software_change_auditor_Data_Access.md │ │ ├── r_m_quest_software_change_auditor_Data_Exfiltration.md │ │ ├── r_m_quest_software_change_auditor_Data_Leak.md │ │ ├── r_m_quest_software_change_auditor_Destruction_of_Data.md │ │ ├── r_m_quest_software_change_auditor_Lateral_Movement.md │ │ ├── r_m_quest_software_change_auditor_Malware.md │ │ ├── r_m_quest_software_change_auditor_Privilege_Abuse.md │ │ ├── r_m_quest_software_change_auditor_Privilege_Escalation.md │ │ ├── r_m_quest_software_change_auditor_Privileged_Activity.md │ │ └── r_m_quest_software_change_auditor_Ransomware.md │ │ └── ds_quest_software_change_auditor.md ├── README.md ├── RS2 │ ├── RS2 │ │ ├── Ps │ │ │ └── pC_rs2physicalaccess.md │ │ ├── RM │ │ │ ├── r_m_rs2_rs2_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_rs2_rs2_Physical_Security.md │ │ │ └── r_m_rs2_rs2_Privileged_Activity.md │ │ └── ds_rs2_rs2.md │ └── RS2_Technologies │ │ ├── Ps │ │ ├── pC_rs2badgeaccess.md │ │ ├── pC_rs2badgefailedphysicalaccess1.md │ │ ├── pC_rs2badgefailedphysicalaccess2.md │ │ ├── pC_rs2badgephysicalaccess1.md │ │ └── pC_rs2badgephysicalaccess2.md │ │ ├── RM │ │ ├── r_m_rs2_rs2_technologies_Abnormal_Authentication_&_Access.md │ │ ├── r_m_rs2_rs2_technologies_Physical_Security.md │ │ └── r_m_rs2_rs2_technologies_Privileged_Activity.md │ │ └── ds_rs2_rs2_technologies.md ├── RSA │ ├── RSA │ │ ├── Ps │ │ │ └── pC_rsanetflowconnection.md │ │ ├── RM │ │ │ ├── r_m_rsa_rsa_Compromised_Credentials.md │ │ │ ├── r_m_rsa_rsa_Data_Exfiltration.md │ │ │ ├── r_m_rsa_rsa_Lateral_Movement.md │ │ │ └── r_m_rsa_rsa_Malware.md │ │ └── ds_rsa_rsa.md │ ├── RSA_Authentication_Manager │ │ ├── Ps │ │ │ ├── pC_rsaauthenticationsuccessful.md │ │ │ └── pC_rsaauthenticationsuccessful1.md │ │ ├── RM │ │ │ ├── r_m_rsa_rsa_authentication_manager_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_rsa_rsa_authentication_manager_Compromised_Credentials.md │ │ │ ├── r_m_rsa_rsa_authentication_manager_Lateral_Movement.md │ │ │ ├── r_m_rsa_rsa_authentication_manager_Malware.md │ │ │ └── r_m_rsa_rsa_authentication_manager_Ransomware.md │ │ └── ds_rsa_rsa_authentication_manager.md │ ├── RSA_DLP │ │ ├── Ps │ │ │ ├── pC_rsadlpalert.md │ │ │ └── pC_rsadlpemailalert.md │ │ ├── RM │ │ │ ├── r_m_rsa_rsa_dlp_Data_Exfiltration.md │ │ │ ├── r_m_rsa_rsa_dlp_Data_Leak.md │ │ │ ├── r_m_rsa_rsa_dlp_Malware.md │ │ │ ├── r_m_rsa_rsa_dlp_Phishing.md │ │ │ ├── r_m_rsa_rsa_dlp_Privilege_Abuse.md │ │ │ ├── r_m_rsa_rsa_dlp_Privileged_Activity.md │ │ │ └── r_m_rsa_rsa_dlp_Workforce_Protection.md │ │ └── ds_rsa_rsa_dlp.md │ ├── RSA_ECAT │ │ ├── Ps │ │ │ └── pC_cefecatsecurityalert.md │ │ ├── RM │ │ │ ├── r_m_rsa_rsa_ecat_Compromised_Credentials.md │ │ │ ├── r_m_rsa_rsa_ecat_Lateral_Movement.md │ │ │ ├── r_m_rsa_rsa_ecat_Malware.md │ │ │ └── r_m_rsa_rsa_ecat_Privileged_Activity.md │ │ └── ds_rsa_rsa_ecat.md │ ├── RSA_NetWitness │ │ ├── Ps │ │ │ └── pC_cefrsaapplogin1.md │ │ ├── RM │ │ │ ├── r_m_rsa_rsa_netwitness_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_rsa_rsa_netwitness_Compromised_Credentials.md │ │ │ ├── r_m_rsa_rsa_netwitness_Data_Access.md │ │ │ ├── r_m_rsa_rsa_netwitness_Lateral_Movement.md │ │ │ ├── r_m_rsa_rsa_netwitness_Malware.md │ │ │ ├── r_m_rsa_rsa_netwitness_Privilege_Abuse.md │ │ │ ├── r_m_rsa_rsa_netwitness_Privileged_Activity.md │ │ │ └── r_m_rsa_rsa_netwitness_Ransomware.md │ │ └── ds_rsa_rsa_netwitness.md │ └── SecurID │ │ ├── Ps │ │ ├── pC_rsasecuridauthfail.md │ │ ├── pC_rsasecuridauthsuccess.md │ │ └── pC_rsavpnend.md │ │ ├── RM │ │ ├── r_m_rsa_securid_Abnormal_Authentication_&_Access.md │ │ ├── r_m_rsa_securid_Account_Manipulation.md │ │ ├── r_m_rsa_securid_Brute_Force_Attack.md │ │ ├── r_m_rsa_securid_Compromised_Credentials.md │ │ ├── r_m_rsa_securid_Data_Access.md │ │ ├── r_m_rsa_securid_Data_Exfiltration.md │ │ ├── r_m_rsa_securid_Data_Leak.md │ │ ├── r_m_rsa_securid_Lateral_Movement.md │ │ ├── r_m_rsa_securid_Malware.md │ │ ├── r_m_rsa_securid_Phishing.md │ │ ├── r_m_rsa_securid_Privilege_Abuse.md │ │ ├── r_m_rsa_securid_Privilege_Escalation.md │ │ └── r_m_rsa_securid_Ransomware.md │ │ └── ds_rsa_securid.md ├── RUID │ └── RUID │ │ ├── Ps │ │ └── pC_cefruidauthsuccess.md │ │ ├── RM │ │ ├── r_m_ruid_ruid_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ruid_ruid_Compromised_Credentials.md │ │ ├── r_m_ruid_ruid_Lateral_Movement.md │ │ ├── r_m_ruid_ruid_Malware.md │ │ └── r_m_ruid_ruid_Ransomware.md │ │ └── ds_ruid_ruid.md ├── Radius │ └── Radius │ │ ├── Ps │ │ ├── pC_graylograsauthfailed.md │ │ ├── pC_graylograsauthsuccessful.md │ │ └── pC_radiusnaclogon.md │ │ ├── RM │ │ ├── r_m_radius_radius_Abnormal_Authentication_&_Access.md │ │ ├── r_m_radius_radius_Compromised_Credentials.md │ │ ├── r_m_radius_radius_Lateral_Movement.md │ │ ├── r_m_radius_radius_Malware.md │ │ └── r_m_radius_radius_Ransomware.md │ │ └── ds_radius_radius.md ├── RangerAudit │ └── RangerAudit │ │ ├── 2_ds_rangeraudit_rangeraudit.md │ │ ├── Ps │ │ ├── pC_cefrangerauditappactivity.md │ │ ├── pC_cefrangerauditapplogin.md │ │ ├── pC_cefrangerauditdbquery1.md │ │ ├── pC_cefrangerauditdbquery2.md │ │ ├── pC_cefrangerauditdbquery3.md │ │ ├── pC_cefrangerauditdbquery4.md │ │ ├── pC_cefrangerauditdbquery5.md │ │ ├── pC_cefrangerauditdbquery6.md │ │ ├── pC_cefrangerauditdbquery7.md │ │ ├── pC_cefrangerauditfailedlogin.md │ │ └── pC_cefrangerauditfileoperations.md │ │ ├── RM │ │ ├── r_m_rangeraudit_rangeraudit_Abnormal_Authentication_&_Access.md │ │ ├── r_m_rangeraudit_rangeraudit_Account_Manipulation.md │ │ ├── r_m_rangeraudit_rangeraudit_Compromised_Credentials.md │ │ ├── r_m_rangeraudit_rangeraudit_Data_Access.md │ │ ├── r_m_rangeraudit_rangeraudit_Data_Exfiltration.md │ │ ├── r_m_rangeraudit_rangeraudit_Data_Leak.md │ │ ├── r_m_rangeraudit_rangeraudit_Lateral_Movement.md │ │ ├── r_m_rangeraudit_rangeraudit_Malware.md │ │ ├── r_m_rangeraudit_rangeraudit_Privilege_Abuse.md │ │ ├── r_m_rangeraudit_rangeraudit_Privilege_Escalation.md │ │ ├── r_m_rangeraudit_rangeraudit_Privileged_Activity.md │ │ └── r_m_rangeraudit_rangeraudit_Ransomware.md │ │ └── ds_rangeraudit_rangeraudit.md ├── Rapid7 │ ├── InsightVM │ │ ├── Ps │ │ │ └── pC_rapid7securityalert.md │ │ ├── RM │ │ │ ├── r_m_rapid7_insightvm_Compromised_Credentials.md │ │ │ ├── r_m_rapid7_insightvm_Lateral_Movement.md │ │ │ ├── r_m_rapid7_insightvm_Malware.md │ │ │ └── r_m_rapid7_insightvm_Privileged_Activity.md │ │ └── ds_rapid7_insightvm.md │ └── Nexpose │ │ ├── Ps │ │ └── pC_srapid7securityalert.md │ │ ├── RM │ │ ├── r_m_rapid7_nexpose_Compromised_Credentials.md │ │ ├── r_m_rapid7_nexpose_Lateral_Movement.md │ │ ├── r_m_rapid7_nexpose_Malware.md │ │ └── r_m_rapid7_nexpose_Privileged_Activity.md │ │ └── ds_rapid7_nexpose.md ├── RedCloud │ └── RedCloud │ │ ├── Ps │ │ └── pC_redcloudphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_redcloud_redcloud_Abnormal_Authentication_&_Access.md │ │ ├── r_m_redcloud_redcloud_Physical_Security.md │ │ └── r_m_redcloud_redcloud_Privileged_Activity.md │ │ └── ds_redcloud_redcloud.md ├── Red_Canary │ └── Red_Canary │ │ ├── Ps │ │ └── pC_redcanarysecurityalert.md │ │ ├── RM │ │ ├── r_m_red_canary_red_canary_Compromised_Credentials.md │ │ ├── r_m_red_canary_red_canary_Lateral_Movement.md │ │ ├── r_m_red_canary_red_canary_Malware.md │ │ └── r_m_red_canary_red_canary_Privileged_Activity.md │ │ └── ds_red_canary_red_canary.md ├── Ricoh │ └── Ricoh │ │ ├── Ps │ │ └── pC_syslogricohprintactivity.md │ │ ├── RM │ │ ├── r_m_ricoh_ricoh_Abnormal_Authentication_&_Access.md │ │ └── r_m_ricoh_ricoh_Data_Leak.md │ │ └── ds_ricoh_ricoh.md ├── RightCrowd │ └── RightCrowd │ │ ├── Ps │ │ ├── pC_cefrightcrowdfailedphysicalaccess.md │ │ ├── pC_cefrightcrowdfailedphysicalaccess1.md │ │ ├── pC_cefrightcrowdfailedphysicalaccess2.md │ │ ├── pC_cefrightcrowdfailedphysicalaccess3.md │ │ └── pC_cefrightcrowdphysicalaccess.md │ │ ├── RM │ │ ├── r_m_rightcrowd_rightcrowd_Abnormal_Authentication_&_Access.md │ │ ├── r_m_rightcrowd_rightcrowd_Physical_Security.md │ │ └── r_m_rightcrowd_rightcrowd_Privileged_Activity.md │ │ └── ds_rightcrowd_rightcrowd.md ├── Rubrik │ └── Rubrik_CDM │ │ ├── Ps │ │ ├── pC_rubrikaccountcreation.md │ │ ├── pC_rubrikapplogin.md │ │ ├── pC_rubrikapplogin1.md │ │ └── pC_rubrikprivilegedaccess.md │ │ ├── RM │ │ ├── r_m_rubrik_rubrik_cdm_Abnormal_Authentication_&_Access.md │ │ ├── r_m_rubrik_rubrik_cdm_Account_Manipulation.md │ │ ├── r_m_rubrik_rubrik_cdm_Compromised_Credentials.md │ │ ├── r_m_rubrik_rubrik_cdm_Data_Access.md │ │ ├── r_m_rubrik_rubrik_cdm_Lateral_Movement.md │ │ ├── r_m_rubrik_rubrik_cdm_Malware.md │ │ ├── r_m_rubrik_rubrik_cdm_Privilege_Abuse.md │ │ ├── r_m_rubrik_rubrik_cdm_Privileged_Activity.md │ │ └── r_m_rubrik_rubrik_cdm_Ransomware.md │ │ └── ds_rubrik_rubrik_cdm.md ├── Ruckus │ └── Ruckus │ │ ├── Ps │ │ ├── pC_exasyslognaclogon1.md │ │ ├── pC_exasyslognaclogon2.md │ │ ├── pC_exasyslognaclogon3.md │ │ └── pC_exasyslognaclogon4.md │ │ ├── RM │ │ ├── r_m_ruckus_ruckus_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ruckus_ruckus_Compromised_Credentials.md │ │ └── r_m_ruckus_ruckus_Lateral_Movement.md │ │ └── ds_ruckus_ruckus.md ├── SAP │ └── SAP │ │ ├── 2_ds_sap_sap.md │ │ ├── Ps │ │ ├── pC_cefsapaccountcreation.md │ │ ├── pC_cefsapaccountdeleted.md │ │ ├── pC_cefsapaccountlockout.md │ │ ├── pC_cefsapaccountpasswordchange.md │ │ ├── pC_cefsapaccountunlocked.md │ │ ├── pC_cefsapappactivity1.md │ │ ├── pC_cefsapappactivity2.md │ │ ├── pC_cefsapappactivity3.md │ │ ├── pC_cefsapauthenticationattempt.md │ │ ├── pC_cefsapauthenticationattempt1.md │ │ ├── pC_cefsapfiledownload.md │ │ ├── pC_cefsapfilewrite.md │ │ ├── pC_gcpgeneralactivity.md │ │ ├── pC_sapaccountpasswordchange.md │ │ ├── pC_sapapplogin.md │ │ ├── pC_sapfailedapplogin.md │ │ ├── pC_sapremotelogon.md │ │ └── pC_sapremotelogon1.md │ │ ├── RM │ │ ├── r_m_sap_sap_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sap_sap_Account_Manipulation.md │ │ ├── r_m_sap_sap_Brute_Force_Attack.md │ │ ├── r_m_sap_sap_Cloud_Data_Protection.md │ │ ├── r_m_sap_sap_Compromised_Credentials.md │ │ ├── r_m_sap_sap_Data_Access.md │ │ ├── r_m_sap_sap_Data_Exfiltration.md │ │ ├── r_m_sap_sap_Data_Leak.md │ │ ├── r_m_sap_sap_Lateral_Movement.md │ │ ├── r_m_sap_sap_Malware.md │ │ ├── r_m_sap_sap_Privilege_Abuse.md │ │ ├── r_m_sap_sap_Privilege_Escalation.md │ │ ├── r_m_sap_sap_Privileged_Activity.md │ │ └── r_m_sap_sap_Ransomware.md │ │ └── ds_sap_sap.md ├── SFTP │ └── SFTP │ │ ├── 2_ds_sftp_sftp.md │ │ ├── Ps │ │ ├── pC_sftpapplogin.md │ │ ├── pC_sftpfailedapplogin.md │ │ ├── pC_sftpfiledelete.md │ │ ├── pC_sftpfiledownload.md │ │ ├── pC_sftpfileread.md │ │ ├── pC_sftpfileupload.md │ │ ├── pC_sftpfilewrite1.md │ │ └── pC_sftpfilewrite2.md │ │ ├── RM │ │ ├── r_m_sftp_sftp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sftp_sftp_Compromised_Credentials.md │ │ ├── r_m_sftp_sftp_Data_Access.md │ │ ├── r_m_sftp_sftp_Data_Exfiltration.md │ │ ├── r_m_sftp_sftp_Data_Leak.md │ │ ├── r_m_sftp_sftp_Destruction_of_Data.md │ │ ├── r_m_sftp_sftp_Lateral_Movement.md │ │ ├── r_m_sftp_sftp_Malware.md │ │ ├── r_m_sftp_sftp_Privilege_Abuse.md │ │ ├── r_m_sftp_sftp_Privileged_Activity.md │ │ └── r_m_sftp_sftp_Ransomware.md │ │ └── ds_sftp_sftp.md ├── SIGSCI │ └── SIGSCI │ │ ├── Ps │ │ ├── pC_sigsciwebactivity.md │ │ └── pC_sigsciwebactivity1.md │ │ ├── RM │ │ ├── r_m_sigsci_sigsci_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sigsci_sigsci_Compromised_Credentials.md │ │ ├── r_m_sigsci_sigsci_Cryptomining.md │ │ ├── r_m_sigsci_sigsci_Data_Exfiltration.md │ │ ├── r_m_sigsci_sigsci_Data_Leak.md │ │ ├── r_m_sigsci_sigsci_Lateral_Movement.md │ │ ├── r_m_sigsci_sigsci_Malware.md │ │ ├── r_m_sigsci_sigsci_Phishing.md │ │ ├── r_m_sigsci_sigsci_Privilege_Abuse.md │ │ ├── r_m_sigsci_sigsci_Privileged_Activity.md │ │ ├── r_m_sigsci_sigsci_Ransomware.md │ │ └── r_m_sigsci_sigsci_Workforce_Protection.md │ │ └── ds_sigsci_sigsci.md ├── SSL_Open_VPN │ └── SSL_Open_VPN │ │ ├── 2_ds_ssl_open_vpn_ssl_open_vpn.md │ │ ├── Ps │ │ ├── pC_graylograsvpnstart.md │ │ ├── pC_openvpnappactivity.md │ │ ├── pC_openvpnauthfailed.md │ │ ├── pC_openvpnauthfailed2.md │ │ ├── pC_openvpnauthsuccessful.md │ │ ├── pC_openvpnfailedvpnlogin.md │ │ ├── pC_openvpnvpnend.md │ │ ├── pC_openvpnvpnend1.md │ │ ├── pC_openvpnvpnend2.md │ │ ├── pC_openvpnvpnend3.md │ │ ├── pC_openvpnvpnend4.md │ │ ├── pC_openvpnvpnlogin.md │ │ └── pC_openvpnvpnlogin1.md │ │ ├── RM │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Account_Manipulation.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Brute_Force_Attack.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Compromised_Credentials.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Data_Access.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Data_Exfiltration.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Data_Leak.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Lateral_Movement.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Malware.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Phishing.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Physical_Security.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Privilege_Abuse.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Privilege_Escalation.md │ │ ├── r_m_ssl_open_vpn_ssl_open_vpn_Privileged_Activity.md │ │ └── r_m_ssl_open_vpn_ssl_open_vpn_Ransomware.md │ │ └── ds_ssl_open_vpn_ssl_open_vpn.md ├── SafeSend │ └── SafeSend │ │ ├── Ps │ │ └── pC_ssafesenddlpemailalert.md │ │ ├── RM │ │ ├── r_m_safesend_safesend_Data_Leak.md │ │ ├── r_m_safesend_safesend_Malware.md │ │ ├── r_m_safesend_safesend_Phishing.md │ │ ├── r_m_safesend_safesend_Privilege_Abuse.md │ │ ├── r_m_safesend_safesend_Privileged_Activity.md │ │ └── r_m_safesend_safesend_Workforce_Protection.md │ │ └── ds_safesend_safesend.md ├── Safend │ └── Data_Protection_Suite_(DPS) │ │ ├── Ps │ │ ├── pC_safenddlpalert.md │ │ ├── pC_safendusbinsert.md │ │ ├── pC_safendusbread.md │ │ └── pC_safendusbwrite.md │ │ ├── RM │ │ ├── r_m_safend_data_protection_suite_(dps)_Data_Exfiltration.md │ │ ├── r_m_safend_data_protection_suite_(dps)_Data_Leak.md │ │ └── r_m_safend_data_protection_suite_(dps)_Malware.md │ │ └── ds_safend_data_protection_suite_(dps).md ├── Sailpoint │ ├── FAM │ │ ├── 2_ds_sailpoint_fam.md │ │ ├── Ps │ │ │ ├── pC_ssailpointfamfiledelete.md │ │ │ ├── pC_ssailpointfamfileperimssionchange.md │ │ │ ├── pC_ssailpointfamfileread.md │ │ │ ├── pC_ssailpointfamfilewrite.md │ │ │ ├── pC_ssailpointfamfilewrite1.md │ │ │ ├── pC_ssailpointfamfilewrite2.md │ │ │ └── pC_ssailpointfamfilewrite3.md │ │ ├── RM │ │ │ ├── r_m_sailpoint_fam_Compromised_Credentials.md │ │ │ ├── r_m_sailpoint_fam_Data_Access.md │ │ │ ├── r_m_sailpoint_fam_Data_Exfiltration.md │ │ │ ├── r_m_sailpoint_fam_Data_Leak.md │ │ │ ├── r_m_sailpoint_fam_Destruction_of_Data.md │ │ │ ├── r_m_sailpoint_fam_Malware.md │ │ │ ├── r_m_sailpoint_fam_Privilege_Abuse.md │ │ │ ├── r_m_sailpoint_fam_Privileged_Activity.md │ │ │ └── r_m_sailpoint_fam_Ransomware.md │ │ └── ds_sailpoint_fam.md │ ├── IdentityNow │ │ ├── 2_ds_sailpoint_identitynow.md │ │ ├── Ps │ │ │ ├── pC_sailpointappactivity1.md │ │ │ ├── pC_sailpointappactivity2.md │ │ │ ├── pC_sailpointauth.md │ │ │ ├── pC_sailpointpasswordchange.md │ │ │ ├── pC_ssailpointappactivity.md │ │ │ ├── pC_ssailpointauth.md │ │ │ ├── pC_ssailpointlaunch.md │ │ │ ├── pC_ssailpointpwd.md │ │ │ └── pC_ssailpointsso.md │ │ ├── RM │ │ │ ├── r_m_sailpoint_identitynow_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_sailpoint_identitynow_Account_Manipulation.md │ │ │ ├── r_m_sailpoint_identitynow_Compromised_Credentials.md │ │ │ ├── r_m_sailpoint_identitynow_Data_Access.md │ │ │ ├── r_m_sailpoint_identitynow_Data_Leak.md │ │ │ ├── r_m_sailpoint_identitynow_Lateral_Movement.md │ │ │ ├── r_m_sailpoint_identitynow_Malware.md │ │ │ ├── r_m_sailpoint_identitynow_Privilege_Abuse.md │ │ │ ├── r_m_sailpoint_identitynow_Privilege_Escalation.md │ │ │ ├── r_m_sailpoint_identitynow_Privileged_Activity.md │ │ │ └── r_m_sailpoint_identitynow_Ransomware.md │ │ └── ds_sailpoint_identitynow.md │ ├── SailPoint_IIQ │ │ ├── Ps │ │ │ └── pC_sailpointappactivity3.md │ │ ├── RM │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Account_Manipulation.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Compromised_Credentials.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Data_Access.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Data_Leak.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Lateral_Movement.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Malware.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Privilege_Abuse.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Privilege_Escalation.md │ │ │ ├── r_m_sailpoint_sailpoint_iiq_Privileged_Activity.md │ │ │ └── r_m_sailpoint_sailpoint_iiq_Ransomware.md │ │ └── ds_sailpoint_sailpoint_iiq.md │ └── SecurityIQ │ │ ├── 2_ds_sailpoint_securityiq.md │ │ ├── Ps │ │ ├── pC_sailfileoperation.md │ │ ├── pC_ssailpointsiqadaccountcreation.md │ │ ├── pC_ssailpointsiqadaccountdeleted.md │ │ ├── pC_ssailpointsiqadaccountlockout.md │ │ ├── pC_ssailpointsiqadaccountpasswdreset.md │ │ ├── pC_ssailpointsiqnetappcifsfiledelete.md │ │ ├── pC_ssailpointsiqnetappcifsfileopen.md │ │ ├── pC_ssailpointsiqnetappcifsfileread.md │ │ ├── pC_ssailpointsiqnetappcifsfilewrite.md │ │ ├── pC_ssailpointsiqnetappcifsfoldercreate.md │ │ ├── pC_ssailpointsiqnetappcifsfolderdelete.md │ │ ├── pC_ssailpointsiqonedrivefiledelete.md │ │ ├── pC_ssailpointsiqonedrivefiledownload.md │ │ ├── pC_ssailpointsiqonedrivefileread.md │ │ ├── pC_ssailpointsiqonedrivefileupload.md │ │ ├── pC_ssailpointsiqonedrivefilewrite.md │ │ ├── pC_ssailpointsiqonedrivefoldercreate.md │ │ ├── pC_ssailpointsiqonedrivefolderdelete.md │ │ ├── pC_ssailpointsiqonedrivefoldermodify.md │ │ ├── pC_ssailpointsiqsponlinefileoperations.md │ │ ├── pC_ssailpointsiqsponpremisefiledelete.md │ │ ├── pC_ssailpointsiqwindowsfsfileread.md │ │ ├── pC_ssailpointsiqwindowsfsmemberadded.md │ │ ├── pC_ssailpointsiqwindowsfsmemberremoved.md │ │ ├── pC_ssailpointsiqwindowsfspermaddfile.md │ │ ├── pC_ssailpointsiqwindowsfspermaddfolder.md │ │ ├── pC_ssailpointsiqwindowsfspermremovefile.md │ │ └── pC_ssailpointsiqwindowsfspermremovefolder.md │ │ ├── RM │ │ ├── r_m_sailpoint_securityiq_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sailpoint_securityiq_Account_Manipulation.md │ │ ├── r_m_sailpoint_securityiq_Brute_Force_Attack.md │ │ ├── r_m_sailpoint_securityiq_Compromised_Credentials.md │ │ ├── r_m_sailpoint_securityiq_Data_Access.md │ │ ├── r_m_sailpoint_securityiq_Data_Exfiltration.md │ │ ├── r_m_sailpoint_securityiq_Data_Leak.md │ │ ├── r_m_sailpoint_securityiq_Destruction_of_Data.md │ │ ├── r_m_sailpoint_securityiq_Malware.md │ │ ├── r_m_sailpoint_securityiq_Privilege_Abuse.md │ │ ├── r_m_sailpoint_securityiq_Privileged_Activity.md │ │ └── r_m_sailpoint_securityiq_Ransomware.md │ │ └── ds_sailpoint_securityiq.md ├── Salesforce │ └── Salesforce │ │ ├── 2_ds_salesforce_salesforce.md │ │ ├── Ps │ │ ├── pC_cefsalesforceaccountswitch.md │ │ ├── pC_cefsalesforceappactivity1.md │ │ ├── pC_cefsalesforceappactivity10.md │ │ ├── pC_cefsalesforceappactivity11.md │ │ ├── pC_cefsalesforceappactivity12.md │ │ ├── pC_cefsalesforceappactivity13.md │ │ ├── pC_cefsalesforceappactivity14.md │ │ ├── pC_cefsalesforceappactivity15.md │ │ ├── pC_cefsalesforceappactivity16.md │ │ ├── pC_cefsalesforceappactivity17.md │ │ ├── pC_cefsalesforceappactivity18.md │ │ ├── pC_cefsalesforceappactivity19.md │ │ ├── pC_cefsalesforceappactivity2.md │ │ ├── pC_cefsalesforceappactivity20.md │ │ ├── pC_cefsalesforceappactivity21.md │ │ ├── pC_cefsalesforceappactivity22.md │ │ ├── pC_cefsalesforceappactivity23.md │ │ ├── pC_cefsalesforceappactivity24.md │ │ ├── pC_cefsalesforceappactivity25.md │ │ ├── pC_cefsalesforceappactivity26.md │ │ ├── pC_cefsalesforceappactivity27.md │ │ ├── pC_cefsalesforceappactivity28.md │ │ ├── pC_cefsalesforceappactivity29.md │ │ ├── pC_cefsalesforceappactivity3.md │ │ ├── pC_cefsalesforceappactivity30.md │ │ ├── pC_cefsalesforceappactivity31.md │ │ ├── pC_cefsalesforceappactivity32.md │ │ ├── pC_cefsalesforceappactivity34.md │ │ ├── pC_cefsalesforceappactivity35.md │ │ ├── pC_cefsalesforceappactivity36.md │ │ ├── pC_cefsalesforceappactivity37.md │ │ ├── pC_cefsalesforceappactivity38.md │ │ ├── pC_cefsalesforceappactivity39.md │ │ ├── pC_cefsalesforceappactivity4.md │ │ ├── pC_cefsalesforceappactivity41.md │ │ ├── pC_cefsalesforceappactivity42.md │ │ ├── pC_cefsalesforceappactivity43.md │ │ ├── pC_cefsalesforceappactivity44.md │ │ ├── pC_cefsalesforceappactivity45.md │ │ ├── pC_cefsalesforceappactivity46.md │ │ ├── pC_cefsalesforceappactivity47.md │ │ ├── pC_cefsalesforceappactivity5.md │ │ ├── pC_cefsalesforceappactivity6.md │ │ ├── pC_cefsalesforceappactivity7.md │ │ ├── pC_cefsalesforceappactivity8.md │ │ ├── pC_cefsalesforceappactivity9.md │ │ ├── pC_cefsalesforceapplogin.md │ │ ├── pC_cefsalesforcefailedapplogin.md │ │ ├── pC_cefsalesforcefiledownload.md │ │ ├── pC_cefsalesforcefileupload.md │ │ ├── pC_salesforceapplogin.md │ │ ├── pC_salesforcefailedapplogin.md │ │ ├── pC_sfdcappactivity.md │ │ ├── pC_sfdcapplogin.md │ │ ├── pC_sfdcapplogin1.md │ │ └── pC_ssalesforceapplogin.md │ │ ├── RM │ │ ├── r_m_salesforce_salesforce_Abnormal_Authentication_&_Access.md │ │ ├── r_m_salesforce_salesforce_Account_Manipulation.md │ │ ├── r_m_salesforce_salesforce_Compromised_Credentials.md │ │ ├── r_m_salesforce_salesforce_Data_Access.md │ │ ├── r_m_salesforce_salesforce_Data_Leak.md │ │ ├── r_m_salesforce_salesforce_Lateral_Movement.md │ │ ├── r_m_salesforce_salesforce_Malware.md │ │ ├── r_m_salesforce_salesforce_Phishing.md │ │ ├── r_m_salesforce_salesforce_Privilege_Abuse.md │ │ ├── r_m_salesforce_salesforce_Privilege_Escalation.md │ │ ├── r_m_salesforce_salesforce_Privileged_Activity.md │ │ ├── r_m_salesforce_salesforce_Ransomware.md │ │ └── r_m_salesforce_salesforce_Workforce_Protection.md │ │ └── ds_salesforce_salesforce.md ├── Sangfor │ └── NGAF │ │ ├── Ps │ │ ├── pC_sangfornetworkalert.md │ │ └── pC_sangforwebactivity.md │ │ ├── RM │ │ ├── r_m_sangfor_ngaf_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sangfor_ngaf_Compromised_Credentials.md │ │ ├── r_m_sangfor_ngaf_Cryptomining.md │ │ ├── r_m_sangfor_ngaf_Data_Exfiltration.md │ │ ├── r_m_sangfor_ngaf_Data_Leak.md │ │ ├── r_m_sangfor_ngaf_Lateral_Movement.md │ │ ├── r_m_sangfor_ngaf_Malware.md │ │ ├── r_m_sangfor_ngaf_Phishing.md │ │ ├── r_m_sangfor_ngaf_Privilege_Abuse.md │ │ ├── r_m_sangfor_ngaf_Privileged_Activity.md │ │ ├── r_m_sangfor_ngaf_Ransomware.md │ │ └── r_m_sangfor_ngaf_Workforce_Protection.md │ │ └── ds_sangfor_ngaf.md ├── Seclore │ └── Seclore │ │ ├── Ps │ │ ├── pC_seclorefilepermissionchange.md │ │ ├── pC_seclorefilepermissionchange1.md │ │ ├── pC_seclorefilepermissionchange2.md │ │ ├── pC_seclorefileread.md │ │ ├── pC_seclorefileread1.md │ │ └── pC_seclorefilewrite.md │ │ ├── RM │ │ ├── r_m_seclore_seclore_Compromised_Credentials.md │ │ ├── r_m_seclore_seclore_Data_Access.md │ │ ├── r_m_seclore_seclore_Data_Exfiltration.md │ │ ├── r_m_seclore_seclore_Data_Leak.md │ │ ├── r_m_seclore_seclore_Malware.md │ │ ├── r_m_seclore_seclore_Privilege_Abuse.md │ │ ├── r_m_seclore_seclore_Privileged_Activity.md │ │ └── r_m_seclore_seclore_Ransomware.md │ │ └── ds_seclore_seclore.md ├── SecureAuth │ └── SecureAuth_Login │ │ ├── Ps │ │ ├── pC_secureauthapplogin.md │ │ ├── pC_secureauthauthsuccessful.md │ │ ├── pC_secureauthauthsuccessful1.md │ │ └── pC_secureauthsystemsessionstart.md │ │ ├── RM │ │ ├── r_m_secureauth_secureauth_login_Abnormal_Authentication_&_Access.md │ │ ├── r_m_secureauth_secureauth_login_Compromised_Credentials.md │ │ ├── r_m_secureauth_secureauth_login_Data_Access.md │ │ ├── r_m_secureauth_secureauth_login_Lateral_Movement.md │ │ ├── r_m_secureauth_secureauth_login_Malware.md │ │ ├── r_m_secureauth_secureauth_login_Privilege_Abuse.md │ │ ├── r_m_secureauth_secureauth_login_Privileged_Activity.md │ │ └── r_m_secureauth_secureauth_login_Ransomware.md │ │ └── ds_secureauth_secureauth_login.md ├── SecureLink │ └── SecureLink │ │ ├── Ps │ │ ├── pC_securelinkappactivity.md │ │ ├── pC_securelinkapplogin.md │ │ ├── pC_securelinklogin.md │ │ └── pC_securelinkloginfailed.md │ │ ├── RM │ │ ├── r_m_securelink_securelink_Abnormal_Authentication_&_Access.md │ │ ├── r_m_securelink_securelink_Account_Manipulation.md │ │ ├── r_m_securelink_securelink_Compromised_Credentials.md │ │ ├── r_m_securelink_securelink_Data_Access.md │ │ ├── r_m_securelink_securelink_Data_Leak.md │ │ ├── r_m_securelink_securelink_Lateral_Movement.md │ │ ├── r_m_securelink_securelink_Malware.md │ │ ├── r_m_securelink_securelink_Privilege_Abuse.md │ │ ├── r_m_securelink_securelink_Privilege_Escalation.md │ │ ├── r_m_securelink_securelink_Privileged_Activity.md │ │ └── r_m_securelink_securelink_Ransomware.md │ │ └── ds_securelink_securelink.md ├── SecureNet │ └── SecureNet │ │ ├── Ps │ │ └── pC_ipsecvpnuser.md │ │ ├── RM │ │ ├── r_m_securenet_securenet_Abnormal_Authentication_&_Access.md │ │ ├── r_m_securenet_securenet_Account_Manipulation.md │ │ ├── r_m_securenet_securenet_Brute_Force_Attack.md │ │ ├── r_m_securenet_securenet_Compromised_Credentials.md │ │ ├── r_m_securenet_securenet_Data_Access.md │ │ ├── r_m_securenet_securenet_Data_Exfiltration.md │ │ ├── r_m_securenet_securenet_Data_Leak.md │ │ ├── r_m_securenet_securenet_Lateral_Movement.md │ │ ├── r_m_securenet_securenet_Malware.md │ │ ├── r_m_securenet_securenet_Phishing.md │ │ ├── r_m_securenet_securenet_Physical_Security.md │ │ ├── r_m_securenet_securenet_Privilege_Abuse.md │ │ ├── r_m_securenet_securenet_Privilege_Escalation.md │ │ └── r_m_securenet_securenet_Ransomware.md │ │ └── ds_securenet_securenet.md ├── SecureWorks │ └── iSensor_IPS │ │ ├── Ps │ │ └── pC_unixsecureworkssecurityalert.md │ │ ├── RM │ │ ├── r_m_secureworks_isensor_ips_Compromised_Credentials.md │ │ ├── r_m_secureworks_isensor_ips_Lateral_Movement.md │ │ ├── r_m_secureworks_isensor_ips_Malware.md │ │ └── r_m_secureworks_isensor_ips_Privileged_Activity.md │ │ └── ds_secureworks_isensor_ips.md ├── Secure_Computing │ └── Secure_Computing_SafeWord │ │ ├── Ps │ │ └── pC_safewordauthsuccessful.md │ │ ├── RM │ │ ├── r_m_secure_computing_secure_computing_safeword_Abnormal_Authentication_&_Access.md │ │ ├── r_m_secure_computing_secure_computing_safeword_Compromised_Credentials.md │ │ ├── r_m_secure_computing_secure_computing_safeword_Lateral_Movement.md │ │ ├── r_m_secure_computing_secure_computing_safeword_Malware.md │ │ └── r_m_secure_computing_secure_computing_safeword_Ransomware.md │ │ └── ds_secure_computing_secure_computing_safeword.md ├── Secure_Envoy │ └── Secure_Envoy │ │ ├── Ps │ │ ├── pC_secureenvoyfailed.md │ │ └── pC_secureenvoysuccessful.md │ │ ├── RM │ │ ├── r_m_secure_envoy_secure_envoy_Abnormal_Authentication_&_Access.md │ │ ├── r_m_secure_envoy_secure_envoy_Compromised_Credentials.md │ │ ├── r_m_secure_envoy_secure_envoy_Lateral_Movement.md │ │ ├── r_m_secure_envoy_secure_envoy_Malware.md │ │ └── r_m_secure_envoy_secure_envoy_Ransomware.md │ │ └── ds_secure_envoy_secure_envoy.md ├── SecurityExpert │ └── SecurityExpert │ │ ├── Ps │ │ └── pC_securityexpertbadgeaccess.md │ │ ├── RM │ │ ├── r_m_securityexpert_securityexpert_Abnormal_Authentication_&_Access.md │ │ ├── r_m_securityexpert_securityexpert_Physical_Security.md │ │ └── r_m_securityexpert_securityexpert_Privileged_Activity.md │ │ └── ds_securityexpert_securityexpert.md ├── Semperis │ └── DSP │ │ ├── Ps │ │ ├── pC_semperisdspapplogin.md │ │ ├── pC_semperisdspapplogin1.md │ │ ├── pC_semperisdspdsaccess.md │ │ ├── pC_semperisdspdsaccess1.md │ │ ├── pC_semperisdspdsaccess2.md │ │ ├── pC_semperisdspdsaccess3.md │ │ └── pC_semperisdspprivilegedobjectaccess.md │ │ ├── RM │ │ ├── r_m_semperis_dsp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_semperis_dsp_Account_Manipulation.md │ │ ├── r_m_semperis_dsp_Compromised_Credentials.md │ │ ├── r_m_semperis_dsp_Data_Access.md │ │ ├── r_m_semperis_dsp_Lateral_Movement.md │ │ ├── r_m_semperis_dsp_Malware.md │ │ ├── r_m_semperis_dsp_Privilege_Abuse.md │ │ ├── r_m_semperis_dsp_Privileged_Activity.md │ │ └── r_m_semperis_dsp_Ransomware.md │ │ └── ds_semperis_dsp.md ├── Sensormatik │ └── Sensormatik │ │ ├── Ps │ │ ├── pC_cefsensormatikbadgeaccess.md │ │ └── pC_kvsensormatikbadgeaccess.md │ │ ├── RM │ │ ├── r_m_sensormatik_sensormatik_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sensormatik_sensormatik_Physical_Security.md │ │ └── r_m_sensormatik_sensormatik_Privileged_Activity.md │ │ └── ds_sensormatik_sensormatik.md ├── SentinelOne │ ├── SentinelOne │ │ ├── Ps │ │ │ └── pC_sentineloneprocessalert.md │ │ ├── RM │ │ │ ├── r_m_sentinelone_sentinelone_Compromised_Credentials.md │ │ │ └── r_m_sentinelone_sentinelone_Malware.md │ │ └── ds_sentinelone_sentinelone.md │ ├── Singularity │ │ ├── 2_ds_sentinelone_singularity.md │ │ ├── Ps │ │ │ ├── pC_cefsentinelonefilealert.md │ │ │ ├── pC_cefsentinelonenetworkalert.md │ │ │ ├── pC_cefsentinelonenetworkalert1.md │ │ │ ├── pC_cefsentinelonesecurityalert.md │ │ │ ├── pC_cefsentinelonesecurityalert2.md │ │ │ ├── pC_cefsentinelonesecurityalert3.md │ │ │ ├── pC_cefsentinelonesecurityalert4.md │ │ │ ├── pC_cefsentinelonesecurityalert5.md │ │ │ ├── pC_cefsentinelonesecurityalert6.md │ │ │ ├── pC_jsonsentineloneprocessalert.md │ │ │ ├── pC_jsonsentineloneprocesscreated.md │ │ │ ├── pC_jsonsentineloneregistrywrite4.md │ │ │ ├── pC_jsonsentineloneregistrywrite5.md │ │ │ ├── pC_jsonsentineloneregistrywrite6.md │ │ │ ├── pC_jsonsentineloneregistrywrite7.md │ │ │ ├── pC_jsonsentinelonesecurityalert.md │ │ │ ├── pC_jsonsentinelonethreatfiledelete.md │ │ │ ├── pC_jsonsentinelonethreatfilewrite.md │ │ │ ├── pC_jsonsentinelonethreatfilewrite2.md │ │ │ ├── pC_jsonsentinelonethreatnetworkconnection.md │ │ │ ├── pC_sentinelonednsquery.md │ │ │ ├── pC_sentinelonednsresponse.md │ │ │ ├── pC_sentinelonednsresponse1.md │ │ │ ├── pC_sentinelonefilecreate.md │ │ │ ├── pC_sentinelonefilecreate1.md │ │ │ ├── pC_sentinelonefiledelete.md │ │ │ ├── pC_sentinelonefiledelete1.md │ │ │ ├── pC_sentinelonefilemodify.md │ │ │ ├── pC_sentinelonefilemodify1.md │ │ │ ├── pC_sentinelonenetworkconnection.md │ │ │ ├── pC_sentinelonenetworkconnection1.md │ │ │ ├── pC_sentinelonenetworkconnection2.md │ │ │ ├── pC_sentineloneprocesscreated.md │ │ │ ├── pC_sentineloneprocesscreated1.md │ │ │ ├── pC_sentinelonesecurityalert.md │ │ │ ├── pC_sentinelonesecurityalert1.md │ │ │ ├── pC_sentinelonesecurityalert10.md │ │ │ ├── pC_sentinelonesecurityalert2.md │ │ │ ├── pC_sentinelonesecurityalert3.md │ │ │ ├── pC_sentinelonesecurityalert4.md │ │ │ ├── pC_sentinelonesecurityalert5.md │ │ │ ├── pC_sentinelonesecurityalert6.md │ │ │ ├── pC_sentinelonesecurityalert7.md │ │ │ ├── pC_sentinelonesecurityalert8.md │ │ │ ├── pC_sentinelonesecurityalert9.md │ │ │ ├── pC_sentinelonetaskregister.md │ │ │ ├── pC_sentinelonetaskupdate.md │ │ │ ├── pC_sentinelonetaskupdate1.md │ │ │ ├── pC_sentinelonetaskupdate2.md │ │ │ ├── pC_sentinelonewebactivity.md │ │ │ ├── pC_sentinelonewebactivity1.md │ │ │ └── pC_sentinelonewebactivity2.md │ │ ├── RM │ │ │ ├── r_m_sentinelone_singularity_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_sentinelone_singularity_Account_Manipulation.md │ │ │ ├── r_m_sentinelone_singularity_Audit_Tampering.md │ │ │ ├── r_m_sentinelone_singularity_Compromised_Credentials.md │ │ │ ├── r_m_sentinelone_singularity_Cryptomining.md │ │ │ ├── r_m_sentinelone_singularity_Data_Access.md │ │ │ ├── r_m_sentinelone_singularity_Data_Exfiltration.md │ │ │ ├── r_m_sentinelone_singularity_Data_Leak.md │ │ │ ├── r_m_sentinelone_singularity_Destruction_of_Data.md │ │ │ ├── r_m_sentinelone_singularity_Evasion.md │ │ │ ├── r_m_sentinelone_singularity_Lateral_Movement.md │ │ │ ├── r_m_sentinelone_singularity_Malware.md │ │ │ ├── r_m_sentinelone_singularity_Phishing.md │ │ │ ├── r_m_sentinelone_singularity_Privilege_Abuse.md │ │ │ ├── r_m_sentinelone_singularity_Privilege_Escalation.md │ │ │ ├── r_m_sentinelone_singularity_Privileged_Activity.md │ │ │ ├── r_m_sentinelone_singularity_Ransomware.md │ │ │ └── r_m_sentinelone_singularity_Workforce_Protection.md │ │ └── ds_sentinelone_singularity.md │ ├── Singularity_Platform │ │ ├── Ps │ │ │ ├── pC_jsonsentinelonesingularitypalert.md │ │ │ ├── pC_jsonsentinelonesingularitypalert1.md │ │ │ ├── pC_jsonsentinelonesingularitypalert2.md │ │ │ ├── pC_jsonsentinelonesingularitypalert3.md │ │ │ ├── pC_jsonsentinelonesingularitypalert4.md │ │ │ ├── pC_jsonsentinelonesingularitypalert5.md │ │ │ ├── pC_jsonsentinelonesingularitypfile.md │ │ │ ├── pC_jsonsentinelonesingularitypfile1.md │ │ │ ├── pC_jsonsentinelonesingularitypprocesscreated1.md │ │ │ ├── pC_jsonsentinelonesingularitypprocesscreated2.md │ │ │ ├── pC_jsonsentinelonesingularitypprocessnetwork.md │ │ │ └── pC_jsonsentinelonesingularitypprocessnetwork1.md │ │ ├── RM │ │ │ └── r_m_sentinelone_singularity_platform_Enrichment.md │ │ └── ds_sentinelone_singularity_platform.md │ └── Vigilance │ │ ├── 2_ds_sentinelone_vigilance.md │ │ ├── Ps │ │ ├── pC_cefsentinelonevigilanceappactivity.md │ │ ├── pC_cefsentinelonevigilanceappactivity1.md │ │ ├── pC_cefsentinelonevigilanceappactivity2.md │ │ ├── pC_cefsentinelonevigilanceapplogin.md │ │ ├── pC_cefsentinelonevigilancefailedapplogin.md │ │ ├── pC_cefsentinelonevigilancesecurityalert.md │ │ └── pC_cefsentinelonevigilancesecurityalert1.md │ │ ├── RM │ │ ├── r_m_sentinelone_vigilance_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sentinelone_vigilance_Account_Manipulation.md │ │ ├── r_m_sentinelone_vigilance_Compromised_Credentials.md │ │ ├── r_m_sentinelone_vigilance_Data_Access.md │ │ ├── r_m_sentinelone_vigilance_Data_Leak.md │ │ ├── r_m_sentinelone_vigilance_Lateral_Movement.md │ │ ├── r_m_sentinelone_vigilance_Malware.md │ │ ├── r_m_sentinelone_vigilance_Privilege_Abuse.md │ │ ├── r_m_sentinelone_vigilance_Privilege_Escalation.md │ │ ├── r_m_sentinelone_vigilance_Privileged_Activity.md │ │ └── r_m_sentinelone_vigilance_Ransomware.md │ │ └── ds_sentinelone_vigilance.md ├── ServiceNow │ └── ServiceNow │ │ ├── 2_ds_servicenow_servicenow.md │ │ ├── Ps │ │ ├── pC_cefservicenowfileoperation2.md │ │ ├── pC_cefservicenowlogin1.md │ │ ├── pC_cefservicenowlogin2.md │ │ ├── pC_cefservicenowloginfailed.md │ │ └── pC_snowappactivity.md │ │ ├── RM │ │ ├── r_m_servicenow_servicenow_Abnormal_Authentication_&_Access.md │ │ ├── r_m_servicenow_servicenow_Account_Manipulation.md │ │ ├── r_m_servicenow_servicenow_Compromised_Credentials.md │ │ ├── r_m_servicenow_servicenow_Data_Access.md │ │ ├── r_m_servicenow_servicenow_Data_Leak.md │ │ ├── r_m_servicenow_servicenow_Destruction_of_Data.md │ │ ├── r_m_servicenow_servicenow_Lateral_Movement.md │ │ ├── r_m_servicenow_servicenow_Malware.md │ │ ├── r_m_servicenow_servicenow_Privilege_Abuse.md │ │ ├── r_m_servicenow_servicenow_Privilege_Escalation.md │ │ ├── r_m_servicenow_servicenow_Privileged_Activity.md │ │ └── r_m_servicenow_servicenow_Ransomware.md │ │ └── ds_servicenow_servicenow.md ├── Shibboleth │ ├── Shibboleth_IdP │ │ ├── Ps │ │ │ └── pC_shibbolethauthsuccessful.md │ │ ├── RM │ │ │ ├── r_m_shibboleth_shibboleth_idp_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_shibboleth_shibboleth_idp_Compromised_Credentials.md │ │ │ ├── r_m_shibboleth_shibboleth_idp_Lateral_Movement.md │ │ │ ├── r_m_shibboleth_shibboleth_idp_Malware.md │ │ │ └── r_m_shibboleth_shibboleth_idp_Ransomware.md │ │ └── ds_shibboleth_shibboleth_idp.md │ └── Shibboleth_SSO │ │ ├── Ps │ │ ├── pC_shibbolethpasswordchange.md │ │ ├── pC_sshibbolethsso.md │ │ └── pC_sshibbolethsso1.md │ │ ├── RM │ │ ├── r_m_shibboleth_shibboleth_sso_Abnormal_Authentication_&_Access.md │ │ ├── r_m_shibboleth_shibboleth_sso_Account_Manipulation.md │ │ ├── r_m_shibboleth_shibboleth_sso_Compromised_Credentials.md │ │ ├── r_m_shibboleth_shibboleth_sso_Data_Access.md │ │ ├── r_m_shibboleth_shibboleth_sso_Lateral_Movement.md │ │ ├── r_m_shibboleth_shibboleth_sso_Malware.md │ │ ├── r_m_shibboleth_shibboleth_sso_Privilege_Abuse.md │ │ ├── r_m_shibboleth_shibboleth_sso_Privileged_Activity.md │ │ └── r_m_shibboleth_shibboleth_sso_Ransomware.md │ │ └── ds_shibboleth_shibboleth_sso.md ├── Siemens │ └── Siemens │ │ ├── Ps │ │ ├── pC_physicalbadgeaccess3.md │ │ └── pC_rsyslogphysicalbadgeaccess.md │ │ ├── RM │ │ ├── r_m_siemens_siemens_Abnormal_Authentication_&_Access.md │ │ ├── r_m_siemens_siemens_Physical_Security.md │ │ └── r_m_siemens_siemens_Privileged_Activity.md │ │ └── ds_siemens_siemens.md ├── Silverfort │ └── Silverfort │ │ ├── Ps │ │ ├── pC_cefsilverfortapplogin.md │ │ ├── pC_silverfortauthfailed.md │ │ └── pC_silverfortauthsuccessful.md │ │ ├── RM │ │ ├── r_m_silverfort_silverfort_Abnormal_Authentication_&_Access.md │ │ ├── r_m_silverfort_silverfort_Compromised_Credentials.md │ │ ├── r_m_silverfort_silverfort_Data_Access.md │ │ ├── r_m_silverfort_silverfort_Lateral_Movement.md │ │ ├── r_m_silverfort_silverfort_Malware.md │ │ ├── r_m_silverfort_silverfort_Privilege_Abuse.md │ │ ├── r_m_silverfort_silverfort_Privileged_Activity.md │ │ └── r_m_silverfort_silverfort_Ransomware.md │ │ └── ds_silverfort_silverfort.md ├── SiteMinder │ └── SiteMinder │ │ ├── 2_ds_siteminder_siteminder.md │ │ ├── Ps │ │ ├── pC_cefsiteminderauthfailed.md │ │ ├── pC_cefsiteminderauthsuccessful.md │ │ ├── pC_siteminderauthattempt.md │ │ ├── pC_siteminderauthfailed.md │ │ ├── pC_siteminderauthfailed1.md │ │ └── pC_siteminderauthsuccessful.md │ │ ├── RM │ │ ├── r_m_siteminder_siteminder_Abnormal_Authentication_&_Access.md │ │ ├── r_m_siteminder_siteminder_Compromised_Credentials.md │ │ ├── r_m_siteminder_siteminder_Lateral_Movement.md │ │ ├── r_m_siteminder_siteminder_Malware.md │ │ └── r_m_siteminder_siteminder_Ransomware.md │ │ └── ds_siteminder_siteminder.md ├── SkySea │ └── ClientView │ │ ├── 2_ds_skysea_clientview.md │ │ ├── Ps │ │ ├── pC_sskyseaappactivity.md │ │ ├── pC_sskyseaappactivity1.md │ │ ├── pC_sskyseadlpemailalert.md │ │ ├── pC_sskyseafileaccess.md │ │ ├── pC_sskyseafilecopied.md │ │ ├── pC_sskyseafiledownload.md │ │ ├── pC_sskyseafileoperations.md │ │ ├── pC_sskyseafileupload.md │ │ ├── pC_sskyseaprintactivity.md │ │ ├── pC_sskyseaprocesscreated1.md │ │ ├── pC_sskyseaprocesscreated2.md │ │ ├── pC_sskyseasecurityalert.md │ │ ├── pC_sskyseashareaccess.md │ │ ├── pC_sskyseausbactivity.md │ │ ├── pC_sskyseawebactivity.md │ │ ├── pC_sskyseawebactivity1.md │ │ └── pC_sskyseawebactivity2.md │ │ ├── RM │ │ ├── r_m_skysea_clientview_Abnormal_Authentication_&_Access.md │ │ ├── r_m_skysea_clientview_Account_Manipulation.md │ │ ├── r_m_skysea_clientview_Audit_Tampering.md │ │ ├── r_m_skysea_clientview_Compromised_Credentials.md │ │ ├── r_m_skysea_clientview_Cryptomining.md │ │ ├── r_m_skysea_clientview_Data_Access.md │ │ ├── r_m_skysea_clientview_Data_Exfiltration.md │ │ ├── r_m_skysea_clientview_Data_Leak.md │ │ ├── r_m_skysea_clientview_Destruction_of_Data.md │ │ ├── r_m_skysea_clientview_Evasion.md │ │ ├── r_m_skysea_clientview_Lateral_Movement.md │ │ ├── r_m_skysea_clientview_Malware.md │ │ ├── r_m_skysea_clientview_Phishing.md │ │ ├── r_m_skysea_clientview_Privilege_Abuse.md │ │ ├── r_m_skysea_clientview_Privilege_Escalation.md │ │ ├── r_m_skysea_clientview_Privileged_Activity.md │ │ ├── r_m_skysea_clientview_Ransomware.md │ │ └── r_m_skysea_clientview_Workforce_Protection.md │ │ └── ds_skysea_clientview.md ├── Slack │ └── Slack │ │ ├── 2_ds_slack_slack.md │ │ ├── Ps │ │ ├── pC_cefslackappactivity.md │ │ ├── pC_slackappactivity1.md │ │ ├── pC_slackappactivity2.md │ │ ├── pC_slackappactivity3.md │ │ ├── pC_slackappactivity4.md │ │ ├── pC_slackappactivity5.md │ │ ├── pC_slackappactivity6.md │ │ ├── pC_slackappactivity7.md │ │ ├── pC_slackappactivity8.md │ │ ├── pC_slackapplogin.md │ │ ├── pC_slackfiledownload.md │ │ └── pC_slackfileupload.md │ │ ├── RM │ │ ├── r_m_slack_slack_Abnormal_Authentication_&_Access.md │ │ ├── r_m_slack_slack_Account_Manipulation.md │ │ ├── r_m_slack_slack_Compromised_Credentials.md │ │ ├── r_m_slack_slack_Data_Access.md │ │ ├── r_m_slack_slack_Data_Leak.md │ │ ├── r_m_slack_slack_Lateral_Movement.md │ │ ├── r_m_slack_slack_Malware.md │ │ ├── r_m_slack_slack_Privilege_Abuse.md │ │ ├── r_m_slack_slack_Privilege_Escalation.md │ │ ├── r_m_slack_slack_Privileged_Activity.md │ │ └── r_m_slack_slack_Ransomware.md │ │ └── ds_slack_slack.md ├── Snort │ └── Snort │ │ ├── Ps │ │ ├── pC_cefsnortnetworkalert.md │ │ ├── pC_qsnortalert.md │ │ ├── pC_qsnortalert1.md │ │ ├── pC_snortalert.md │ │ ├── pC_snortnetworkalert.md │ │ ├── pC_snortnetworkalert1.md │ │ ├── pC_snortnetworkalert2.md │ │ └── pC_snortnetworkalert3.md │ │ ├── RM │ │ ├── r_m_snort_snort_Compromised_Credentials.md │ │ ├── r_m_snort_snort_Lateral_Movement.md │ │ ├── r_m_snort_snort_Malware.md │ │ └── r_m_snort_snort_Privileged_Activity.md │ │ └── ds_snort_snort.md ├── Snowflake │ └── Snowflake │ │ ├── Ps │ │ ├── pC_cefsnowflakedblogin.md │ │ ├── pC_cefsnowflakedblogin1.md │ │ ├── pC_cefsnowflakedbquery.md │ │ ├── pC_ssnowflakedblogin1.md │ │ └── pC_ssnowflakedbquery1.md │ │ ├── RM │ │ ├── r_m_snowflake_snowflake_Compromised_Credentials.md │ │ └── r_m_snowflake_snowflake_Data_Access.md │ │ └── ds_snowflake_snowflake.md ├── Sonicwall │ └── Sonicwall │ │ ├── 2_ds_sonicwall_sonicwall.md │ │ ├── Ps │ │ ├── pC_cefsonicwallfailedvpnlogin.md │ │ ├── pC_cefsonicwallrdplogon.md │ │ ├── pC_cefsonicwallvpnend.md │ │ ├── pC_cefsonicwallvpnstart.md │ │ ├── pC_sonicwallfwnetworkalert.md │ │ ├── pC_sonicwallfwnetworkalert1.md │ │ ├── pC_sonicwallfwnetworkalert2.md │ │ ├── pC_sonicwallfwwebactivity.md │ │ ├── pC_ssonicwallfailedvpnlogin.md │ │ ├── pC_ssonicwallfailedvpnlogin2.md │ │ ├── pC_ssonicwallremotelogon.md │ │ ├── pC_ssonicwallvpnend.md │ │ ├── pC_ssonicwallvpnend1.md │ │ ├── pC_ssonicwallvpnlogin2.md │ │ ├── pC_ssonicwallvpnstart.md │ │ └── pC_ssonicwallvpnstart1.md │ │ ├── RM │ │ ├── r_m_sonicwall_sonicwall_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sonicwall_sonicwall_Account_Manipulation.md │ │ ├── r_m_sonicwall_sonicwall_Brute_Force_Attack.md │ │ ├── r_m_sonicwall_sonicwall_Compromised_Credentials.md │ │ ├── r_m_sonicwall_sonicwall_Cryptomining.md │ │ ├── r_m_sonicwall_sonicwall_Data_Access.md │ │ ├── r_m_sonicwall_sonicwall_Data_Exfiltration.md │ │ ├── r_m_sonicwall_sonicwall_Data_Leak.md │ │ ├── r_m_sonicwall_sonicwall_Lateral_Movement.md │ │ ├── r_m_sonicwall_sonicwall_Malware.md │ │ ├── r_m_sonicwall_sonicwall_Phishing.md │ │ ├── r_m_sonicwall_sonicwall_Physical_Security.md │ │ ├── r_m_sonicwall_sonicwall_Privilege_Abuse.md │ │ ├── r_m_sonicwall_sonicwall_Privilege_Escalation.md │ │ ├── r_m_sonicwall_sonicwall_Privileged_Activity.md │ │ ├── r_m_sonicwall_sonicwall_Ransomware.md │ │ └── r_m_sonicwall_sonicwall_Workforce_Protection.md │ │ └── ds_sonicwall_sonicwall.md ├── Sophos │ ├── Sophos_Endpoint_Protection │ │ ├── 2_ds_sophos_sophos_endpoint_protection.md │ │ ├── Ps │ │ │ ├── pC_ccsophosdlpalert.md │ │ │ ├── pC_ccsophossecurityalert.md │ │ │ ├── pC_cefsophosdlpalert13.md │ │ │ ├── pC_cefsophosdlpalert6.md │ │ │ ├── pC_cefsophosdlpalert7.md │ │ │ ├── pC_cefsophosdlpalert8.md │ │ │ ├── pC_cefsophossecurityalert1.md │ │ │ ├── pC_cefsophossecurityalert10.md │ │ │ ├── pC_cefsophossecurityalert11.md │ │ │ ├── pC_cefsophossecurityalert12.md │ │ │ ├── pC_cefsophossecurityalert13.md │ │ │ ├── pC_cefsophossecurityalert14.md │ │ │ ├── pC_cefsophossecurityalert15.md │ │ │ ├── pC_cefsophossecurityalert18.md │ │ │ ├── pC_cefsophossecurityalert2.md │ │ │ ├── pC_cefsophossecurityalert26.md │ │ │ ├── pC_cefsophossecurityalert3.md │ │ │ ├── pC_cefsophossecurityalert30.md │ │ │ ├── pC_cefsophossecurityalert32.md │ │ │ ├── pC_cefsophossecurityalert33.md │ │ │ ├── pC_cefsophossecurityalert34.md │ │ │ ├── pC_cefsophossecurityalert35.md │ │ │ ├── pC_cefsophossecurityalert36.md │ │ │ ├── pC_cefsophossecurityalert37.md │ │ │ ├── pC_cefsophossecurityalert38.md │ │ │ ├── pC_cefsophossecurityalert39.md │ │ │ ├── pC_cefsophossecurityalert4.md │ │ │ ├── pC_cefsophossecurityalert40.md │ │ │ ├── pC_cefsophossecurityalert41.md │ │ │ ├── pC_cefsophossecurityalert42.md │ │ │ ├── pC_cefsophossecurityalert43.md │ │ │ ├── pC_cefsophossecurityalert5.md │ │ │ ├── pC_cefsophossecurityalert6.md │ │ │ ├── pC_cefsophossecurityalert7.md │ │ │ ├── pC_cefsophossecurityalert8.md │ │ │ ├── pC_cefsophosusbinsert.md │ │ │ ├── pC_cefsophosusbinsert1.md │ │ │ ├── pC_cefsophosusbread.md │ │ │ ├── pC_sophosappactivityfailed.md │ │ │ ├── pC_sophosappactivityfailed1.md │ │ │ ├── pC_sophosappusbinsert.md │ │ │ ├── pC_sophosdlpalert1.md │ │ │ ├── pC_sophosepplogwriteralert.md │ │ │ ├── pC_sophosleefeppdlpalert.md │ │ │ ├── pC_sophosleefeppusbactivity.md │ │ │ ├── pC_sophosleefeppusbactivity2.md │ │ │ ├── pC_sophosleefeppusbblock.md │ │ │ ├── pC_sophosleefeppvirusalert.md │ │ │ ├── pC_sophosleefeppwebalert.md │ │ │ ├── pC_sophosnetworkalert.md │ │ │ ├── pC_sophosnetworkconnection1.md │ │ │ ├── pC_sophosnetworkconnection3.md │ │ │ ├── pC_sophossecurityalert.md │ │ │ ├── pC_sophossecurityalert1.md │ │ │ ├── pC_sophossecurityalert2.md │ │ │ ├── pC_sophosthreatalert.md │ │ │ ├── pC_sophosthreatalert1.md │ │ │ ├── pC_sophosusbinsert.md │ │ │ ├── pC_sophoswebalert.md │ │ │ ├── pC_syslogsophossnmpalertbelongs.md │ │ │ ├── pC_syslogsophossnmpalertdetected.md │ │ │ ├── pC_syslogsophossnmpdenied.md │ │ │ └── pC_xmlsophossecurityalert.md │ │ ├── RM │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Compromised_Credentials.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Data_Exfiltration.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Data_Leak.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Lateral_Movement.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Malware.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Privilege_Abuse.md │ │ │ ├── r_m_sophos_sophos_endpoint_protection_Privileged_Activity.md │ │ │ └── r_m_sophos_sophos_endpoint_protection_Ransomware.md │ │ └── ds_sophos_sophos_endpoint_protection.md │ ├── Sophos_Firewall │ │ ├── Ps │ │ │ └── pC_sophosnetworkconnection2.md │ │ ├── RM │ │ │ ├── r_m_sophos_sophos_firewall_Lateral_Movement.md │ │ │ └── r_m_sophos_sophos_firewall_Malware.md │ │ └── ds_sophos_sophos_firewall.md │ ├── Sophos_Invincea │ │ ├── Ps │ │ │ ├── pC_interceptxinvinceaalert.md │ │ │ └── pC_qleefinvinceaalert.md │ │ ├── RM │ │ │ ├── r_m_sophos_sophos_invincea_Compromised_Credentials.md │ │ │ ├── r_m_sophos_sophos_invincea_Lateral_Movement.md │ │ │ ├── r_m_sophos_sophos_invincea_Malware.md │ │ │ └── r_m_sophos_sophos_invincea_Privileged_Activity.md │ │ └── ds_sophos_sophos_invincea.md │ ├── Sophos_SafeGuard │ │ ├── Ps │ │ │ └── pC_sophossafeguardactivity.md │ │ ├── RM │ │ │ ├── r_m_sophos_sophos_safeguard_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_sophos_sophos_safeguard_Account_Manipulation.md │ │ │ ├── r_m_sophos_sophos_safeguard_Compromised_Credentials.md │ │ │ ├── r_m_sophos_sophos_safeguard_Data_Access.md │ │ │ ├── r_m_sophos_sophos_safeguard_Data_Leak.md │ │ │ ├── r_m_sophos_sophos_safeguard_Lateral_Movement.md │ │ │ ├── r_m_sophos_sophos_safeguard_Malware.md │ │ │ ├── r_m_sophos_sophos_safeguard_Privilege_Abuse.md │ │ │ ├── r_m_sophos_sophos_safeguard_Privilege_Escalation.md │ │ │ ├── r_m_sophos_sophos_safeguard_Privileged_Activity.md │ │ │ └── r_m_sophos_sophos_safeguard_Ransomware.md │ │ └── ds_sophos_sophos_safeguard.md │ ├── Sophos_UTM │ │ ├── Ps │ │ │ ├── pC_sophosproxy.md │ │ │ ├── pC_sophosproxy1.md │ │ │ └── pC_sophosproxy2.md │ │ ├── RM │ │ │ ├── r_m_sophos_sophos_utm_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_sophos_sophos_utm_Compromised_Credentials.md │ │ │ ├── r_m_sophos_sophos_utm_Cryptomining.md │ │ │ ├── r_m_sophos_sophos_utm_Data_Exfiltration.md │ │ │ ├── r_m_sophos_sophos_utm_Data_Leak.md │ │ │ ├── r_m_sophos_sophos_utm_Lateral_Movement.md │ │ │ ├── r_m_sophos_sophos_utm_Malware.md │ │ │ ├── r_m_sophos_sophos_utm_Phishing.md │ │ │ ├── r_m_sophos_sophos_utm_Privilege_Abuse.md │ │ │ ├── r_m_sophos_sophos_utm_Privileged_Activity.md │ │ │ ├── r_m_sophos_sophos_utm_Ransomware.md │ │ │ └── r_m_sophos_sophos_utm_Workforce_Protection.md │ │ └── ds_sophos_sophos_utm.md │ └── Sophos_XG_Firewall │ │ ├── 2_ds_sophos_sophos_xg_firewall.md │ │ ├── Ps │ │ ├── pC_cefsophosnetworkconnection.md │ │ ├── pC_cefsophoswebactivity.md │ │ ├── pC_sophosapplogin.md │ │ ├── pC_sophosnetworkconnection.md │ │ └── pC_ssophosnetworkconnection.md │ │ ├── RM │ │ ├── r_m_sophos_sophos_xg_firewall_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sophos_sophos_xg_firewall_Account_Manipulation.md │ │ ├── r_m_sophos_sophos_xg_firewall_Brute_Force_Attack.md │ │ ├── r_m_sophos_sophos_xg_firewall_Compromised_Credentials.md │ │ ├── r_m_sophos_sophos_xg_firewall_Cryptomining.md │ │ ├── r_m_sophos_sophos_xg_firewall_Data_Access.md │ │ ├── r_m_sophos_sophos_xg_firewall_Data_Exfiltration.md │ │ ├── r_m_sophos_sophos_xg_firewall_Data_Leak.md │ │ ├── r_m_sophos_sophos_xg_firewall_Lateral_Movement.md │ │ ├── r_m_sophos_sophos_xg_firewall_Malware.md │ │ ├── r_m_sophos_sophos_xg_firewall_Phishing.md │ │ ├── r_m_sophos_sophos_xg_firewall_Physical_Security.md │ │ ├── r_m_sophos_sophos_xg_firewall_Privilege_Abuse.md │ │ ├── r_m_sophos_sophos_xg_firewall_Privilege_Escalation.md │ │ ├── r_m_sophos_sophos_xg_firewall_Privileged_Activity.md │ │ ├── r_m_sophos_sophos_xg_firewall_Ransomware.md │ │ └── r_m_sophos_sophos_xg_firewall_Workforce_Protection.md │ │ └── ds_sophos_sophos_xg_firewall.md ├── Specops │ └── Specops_Password_Reset │ │ ├── Ps │ │ ├── pC_specopsaccountpasswordreset.md │ │ └── pC_specopsaccountunlocked.md │ │ ├── RM │ │ ├── r_m_specops_specops_password_reset_Abnormal_Authentication_&_Access.md │ │ ├── r_m_specops_specops_password_reset_Account_Manipulation.md │ │ └── r_m_specops_specops_password_reset_Privilege_Abuse.md │ │ └── ds_specops_specops_password_reset.md ├── Splunk │ └── Splunk_Stream │ │ ├── Ps │ │ ├── pC_ssplunkstreamdnsquery.md │ │ ├── pC_ssplunkstreamdnsresponse.md │ │ └── pC_sstreamdhcp.md │ │ ├── RM │ │ └── r_m_splunk_splunk_stream_Malware.md │ │ └── ds_splunk_splunk_stream.md ├── Squid │ └── Squid │ │ ├── 2_ds_squid_squid.md │ │ ├── Ps │ │ ├── pC_squidwebactivity.md │ │ ├── pC_squidwebactivity1.md │ │ ├── pC_squidwebactivity2.md │ │ ├── pC_squidwebactivity3.md │ │ ├── pC_squidwebactivity4.md │ │ └── pC_squidwebactivity5.md │ │ ├── RM │ │ ├── r_m_squid_squid_Abnormal_Authentication_&_Access.md │ │ ├── r_m_squid_squid_Compromised_Credentials.md │ │ ├── r_m_squid_squid_Cryptomining.md │ │ ├── r_m_squid_squid_Data_Exfiltration.md │ │ ├── r_m_squid_squid_Data_Leak.md │ │ ├── r_m_squid_squid_Lateral_Movement.md │ │ ├── r_m_squid_squid_Malware.md │ │ ├── r_m_squid_squid_Phishing.md │ │ ├── r_m_squid_squid_Privilege_Abuse.md │ │ ├── r_m_squid_squid_Privileged_Activity.md │ │ ├── r_m_squid_squid_Ransomware.md │ │ └── r_m_squid_squid_Workforce_Protection.md │ │ └── ds_squid_squid.md ├── StealthBits │ └── StealthIntercept │ │ ├── 2_ds_stealthbits_stealthintercept.md │ │ ├── Ps │ │ ├── pC_cefstealthbitsfileoperations.md │ │ ├── pC_qleefdsaccountdisabled.md │ │ ├── pC_qleefdsaccountenabled.md │ │ ├── pC_qleefdsmemberadded.md │ │ ├── pC_qleefdsmemberremoved.md │ │ ├── pC_qleefdsobjectmodification.md │ │ ├── pC_stealthinterceptauthfailed.md │ │ └── pC_stealthinterceptauthsuccessful.md │ │ ├── RM │ │ ├── r_m_stealthbits_stealthintercept_Abnormal_Authentication_&_Access.md │ │ ├── r_m_stealthbits_stealthintercept_Account_Manipulation.md │ │ ├── r_m_stealthbits_stealthintercept_Compromised_Credentials.md │ │ ├── r_m_stealthbits_stealthintercept_Data_Access.md │ │ ├── r_m_stealthbits_stealthintercept_Data_Exfiltration.md │ │ ├── r_m_stealthbits_stealthintercept_Data_Leak.md │ │ ├── r_m_stealthbits_stealthintercept_Lateral_Movement.md │ │ ├── r_m_stealthbits_stealthintercept_Malware.md │ │ ├── r_m_stealthbits_stealthintercept_Privilege_Abuse.md │ │ ├── r_m_stealthbits_stealthintercept_Privileged_Activity.md │ │ └── r_m_stealthbits_stealthintercept_Ransomware.md │ │ └── ds_stealthbits_stealthintercept.md ├── Sun_One │ └── LDAP │ │ ├── Ps │ │ ├── pC_ldapauthattempt.md │ │ ├── pC_qldapauthattempt.md │ │ └── pC_qldapauthattempt1.md │ │ ├── RM │ │ ├── r_m_sun_one_ldap_Abnormal_Authentication_&_Access.md │ │ ├── r_m_sun_one_ldap_Compromised_Credentials.md │ │ ├── r_m_sun_one_ldap_Lateral_Movement.md │ │ ├── r_m_sun_one_ldap_Malware.md │ │ └── r_m_sun_one_ldap_Ransomware.md │ │ └── ds_sun_one_ldap.md ├── Suricata │ ├── Suricata │ │ ├── Ps │ │ │ └── pC_suricatanetworkalert1.md │ │ ├── RM │ │ │ ├── r_m_suricata_suricata_Compromised_Credentials.md │ │ │ └── r_m_suricata_suricata_Malware.md │ │ └── ds_suricata_suricata.md │ └── Suricata_IDS │ │ ├── Ps │ │ ├── pC_suricatanetworkalert.md │ │ ├── pC_suricatanetworkalert2.md │ │ └── pC_suricatanetworkalert3.md │ │ ├── RM │ │ ├── r_m_suricata_suricata_ids_Compromised_Credentials.md │ │ └── r_m_suricata_suricata_ids_Malware.md │ │ └── ds_suricata_suricata_ids.md ├── Swift │ └── Swift │ │ ├── Ps │ │ ├── pC_swiftaccountpasswordchange.md │ │ ├── pC_swiftaccountpasswordchangefailed.md │ │ ├── pC_swiftapplogin.md │ │ ├── pC_swiftapplogin1.md │ │ └── pC_swiftapploginfailed.md │ │ ├── RM │ │ ├── r_m_swift_swift_Abnormal_Authentication_&_Access.md │ │ ├── r_m_swift_swift_Account_Manipulation.md │ │ ├── r_m_swift_swift_Compromised_Credentials.md │ │ ├── r_m_swift_swift_Data_Access.md │ │ ├── r_m_swift_swift_Lateral_Movement.md │ │ ├── r_m_swift_swift_Malware.md │ │ ├── r_m_swift_swift_Privilege_Abuse.md │ │ ├── r_m_swift_swift_Privileged_Activity.md │ │ └── r_m_swift_swift_Ransomware.md │ │ └── ds_swift_swift.md ├── Swipes │ └── Swipes │ │ ├── Ps │ │ └── pC_sswipesbadgeaccess.md │ │ ├── RM │ │ ├── r_m_swipes_swipes_Abnormal_Authentication_&_Access.md │ │ ├── r_m_swipes_swipes_Physical_Security.md │ │ └── r_m_swipes_swipes_Privileged_Activity.md │ │ └── ds_swipes_swipes.md ├── Swivel │ └── Swivel │ │ ├── Ps │ │ ├── pC_swivelauthenticationactivity.md │ │ ├── pC_swivelauthenticationfailed.md │ │ └── pC_swivelauthenticationsuccess.md │ │ ├── RM │ │ ├── r_m_swivel_swivel_Abnormal_Authentication_&_Access.md │ │ ├── r_m_swivel_swivel_Account_Manipulation.md │ │ ├── r_m_swivel_swivel_Compromised_Credentials.md │ │ ├── r_m_swivel_swivel_Data_Access.md │ │ ├── r_m_swivel_swivel_Data_Leak.md │ │ ├── r_m_swivel_swivel_Lateral_Movement.md │ │ ├── r_m_swivel_swivel_Malware.md │ │ ├── r_m_swivel_swivel_Privilege_Abuse.md │ │ ├── r_m_swivel_swivel_Privilege_Escalation.md │ │ ├── r_m_swivel_swivel_Privileged_Activity.md │ │ └── r_m_swivel_swivel_Ransomware.md │ │ └── ds_swivel_swivel.md ├── Sybase │ └── Sybase │ │ ├── Ps │ │ ├── pC_cefsybasedblogin.md │ │ ├── pC_cefsybasedbquery.md │ │ ├── pC_jsonsybasedbaccess.md │ │ ├── pC_jsonsybasedbaccess1.md │ │ ├── pC_jsonsybasedblogin.md │ │ ├── pC_jsonsybasedbquerycreate.md │ │ ├── pC_jsonsybasedbquerydelete.md │ │ ├── pC_jsonsybasedbqueryinsert.md │ │ ├── pC_jsonsybasedbqueryselect.md │ │ └── pC_jsonsybasedbqueryupdate.md │ │ ├── RM │ │ ├── r_m_sybase_sybase_Compromised_Credentials.md │ │ └── r_m_sybase_sybase_Data_Access.md │ │ └── ds_sybase_sybase.md ├── Symantec │ ├── ICDx │ │ ├── Ps │ │ │ ├── pC_symantecicdxnetworkalert.md │ │ │ ├── pC_symantecicdxprocessalert.md │ │ │ └── pC_symantecicdxsecurityalert.md │ │ ├── RM │ │ │ ├── r_m_symantec_icdx_Compromised_Credentials.md │ │ │ ├── r_m_symantec_icdx_Lateral_Movement.md │ │ │ ├── r_m_symantec_icdx_Malware.md │ │ │ └── r_m_symantec_icdx_Privileged_Activity.md │ │ └── ds_symantec_icdx.md │ ├── Symantec │ │ ├── Ps │ │ │ └── pC_symantecprintactivity.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_Abnormal_Authentication_&_Access.md │ │ │ └── r_m_symantec_symantec_Data_Leak.md │ │ └── ds_symantec_symantec.md │ ├── Symantec_Advanced_Threat_Protection │ │ ├── Ps │ │ │ ├── pC_cefsymantecatpalert.md │ │ │ └── pC_symantecatpalert.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_advanced_threat_protection_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_advanced_threat_protection_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_advanced_threat_protection_Malware.md │ │ │ └── r_m_symantec_symantec_advanced_threat_protection_Privileged_Activity.md │ │ └── ds_symantec_symantec_advanced_threat_protection.md │ ├── Symantec_Blue_Coat_Content_Analysis_System │ │ ├── Ps │ │ │ └── pC_rsyslogbluecoatcasalert.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_blue_coat_content_analysis_system_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_blue_coat_content_analysis_system_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_blue_coat_content_analysis_system_Malware.md │ │ │ └── r_m_symantec_symantec_blue_coat_content_analysis_system_Privileged_Activity.md │ │ └── ds_symantec_symantec_blue_coat_content_analysis_system.md │ ├── Symantec_Blue_Coat_ProxySG_Appliance │ │ ├── 2_ds_symantec_symantec_blue_coat_proxysg_appliance.md │ │ ├── Ps │ │ │ ├── pC_bluecoatproxy1.md │ │ │ ├── pC_bluecoatproxy10.md │ │ │ ├── pC_bluecoatproxy11.md │ │ │ ├── pC_bluecoatproxy12.md │ │ │ ├── pC_bluecoatproxy13.md │ │ │ ├── pC_bluecoatproxy14.md │ │ │ ├── pC_bluecoatproxy15.md │ │ │ ├── pC_bluecoatproxy2.md │ │ │ ├── pC_bluecoatproxy3.md │ │ │ ├── pC_bluecoatproxy4.md │ │ │ ├── pC_bluecoatproxy5.md │ │ │ ├── pC_bluecoatproxy6.md │ │ │ ├── pC_bluecoatproxy7.md │ │ │ ├── pC_bluecoatproxy8.md │ │ │ ├── pC_bluecoatproxy9.md │ │ │ ├── pC_bluecoatproxyv2.md │ │ │ ├── pC_bluecoatproxyv3.md │ │ │ ├── pC_bluecoatproxyv4.md │ │ │ ├── pC_bluecoatproxyv5.md │ │ │ ├── pC_bluecoatproxyv6.md │ │ │ ├── pC_bluecoatproxyv7.md │ │ │ ├── pC_bluecoatwebactivity.md │ │ │ ├── pC_cefbluecoatproxy.md │ │ │ ├── pC_jsonbluecoatproxywebactivity.md │ │ │ └── pC_ncefbluecoatproxy.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Cryptomining.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Malware.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Phishing.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Privileged_Activity.md │ │ │ ├── r_m_symantec_symantec_blue_coat_proxysg_appliance_Ransomware.md │ │ │ └── r_m_symantec_symantec_blue_coat_proxysg_appliance_Workforce_Protection.md │ │ └── ds_symantec_symantec_blue_coat_proxysg_appliance.md │ ├── Symantec_Brightmail │ │ ├── 2_ds_symantec_symantec_brightmail.md │ │ ├── Ps │ │ │ ├── pC_sbrightmailemail.md │ │ │ ├── pC_syslogbrightmailemailaccept.md │ │ │ └── pC_syslogbrightmailemailin.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_brightmail_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_brightmail_Malware.md │ │ │ ├── r_m_symantec_symantec_brightmail_Phishing.md │ │ │ ├── r_m_symantec_symantec_brightmail_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_brightmail_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_brightmail_Workforce_Protection.md │ │ └── ds_symantec_symantec_brightmail.md │ ├── Symantec_CloudSOC │ │ ├── Ps │ │ │ ├── pC_symanteccloudactivity.md │ │ │ └── pC_symantecclouddlpalert.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_cloudsoc_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Account_Manipulation.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Data_Access.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Destruction_of_Data.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Malware.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Privilege_Escalation.md │ │ │ ├── r_m_symantec_symantec_cloudsoc_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_cloudsoc_Ransomware.md │ │ └── ds_symantec_symantec_cloudsoc.md │ ├── Symantec_Critical_System_Protection │ │ ├── 2_ds_symantec_symantec_critical_system_protection.md │ │ ├── Ps │ │ │ ├── pC_symantecaccountconfigchange.md │ │ │ ├── pC_symantecaccountmemberadded.md │ │ │ ├── pC_symantecaccountmemberremoved.md │ │ │ ├── pC_symantecaccountswitchfailed.md │ │ │ ├── pC_symantecaccountswitchsuccess.md │ │ │ ├── pC_symantecgroupcreated.md │ │ │ ├── pC_symantecgroupmemberchanged.md │ │ │ ├── pC_symantecgroupmemberdeleted.md │ │ │ ├── pC_symanteclocallogonfailed.md │ │ │ ├── pC_symanteclocallogonsuccess.md │ │ │ └── pC_symantecprimarygroupchanged.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Account_Manipulation.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Brute_Force_Attack.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Malware.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Privilege_Escalation.md │ │ │ ├── r_m_symantec_symantec_critical_system_protection_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_critical_system_protection_Ransomware.md │ │ └── ds_symantec_symantec_critical_system_protection.md │ ├── Symantec_DLP │ │ ├── 2_ds_symantec_symantec_dlp.md │ │ ├── Ps │ │ │ ├── pC_cefsymantecdlpalert.md │ │ │ ├── pC_cefsymantecdlpalert1.md │ │ │ ├── pC_cefsymantecdlpalert2.md │ │ │ ├── pC_cefvontudlpalert.md │ │ │ ├── pC_cefvontudlpalert2.md │ │ │ ├── pC_cefvontudlpalert3.md │ │ │ ├── pC_cefvontudlpalert4.md │ │ │ ├── pC_qdlpalert.md │ │ │ ├── pC_qsymantecdlpalert.md │ │ │ ├── pC_qsymantecdlpalert1.md │ │ │ ├── pC_qsymantecdlpemailout.md │ │ │ ├── pC_qvontudlpalert.md │ │ │ ├── pC_rsyslogvontudlp.md │ │ │ ├── pC_rsyslogvontudlp1.md │ │ │ ├── pC_ssymantecdlpalert.md │ │ │ ├── pC_ssymantecdlpalert1.md │ │ │ ├── pC_ssymantecdlpemailalert.md │ │ │ ├── pC_svontudlpalert.md │ │ │ ├── pC_svontudlpemailalert.md │ │ │ ├── pC_svontuemaildlp.md │ │ │ ├── pC_symantecdlpalert.md │ │ │ ├── pC_symantecdlpalert1.md │ │ │ ├── pC_symantecdlpalert2.md │ │ │ ├── pC_symantecdlpcitalert.md │ │ │ ├── pC_symantecdlpemailalertin.md │ │ │ ├── pC_symantecemailalertout.md │ │ │ ├── pC_symantecmessagealert.md │ │ │ ├── pC_symantecsecurityalert.md │ │ │ ├── pC_symantecusbactivity.md │ │ │ ├── pC_symantecusbdelete.md │ │ │ ├── pC_symantecusbdelete1.md │ │ │ ├── pC_symantecusbinsert.md │ │ │ ├── pC_symantecusbinsert1.md │ │ │ ├── pC_symantecusbread.md │ │ │ ├── pC_symantecusbread1.md │ │ │ ├── pC_symantecusbwrite.md │ │ │ ├── pC_symantecusbwrite1.md │ │ │ ├── pC_symantecusbwrite2.md │ │ │ ├── pC_syslogsymantecdlpalert.md │ │ │ ├── pC_syslogsymantecdlpalert1.md │ │ │ ├── pC_syslogsymantecdlpalert2.md │ │ │ ├── pC_syslogsymantecdlpalert3.md │ │ │ ├── pC_syslogsymantecdlpalert4.md │ │ │ ├── pC_syslogsymantecdlpalert6.md │ │ │ ├── pC_syslogsymantecdlpalert7.md │ │ │ ├── pC_syslogsymantecusbwrite.md │ │ │ ├── pC_syslogvontudlpalert.md │ │ │ ├── pC_vontudlp.md │ │ │ ├── pC_vontudlp1.md │ │ │ ├── pC_vontuemaildlp.md │ │ │ ├── pC_vontuemaildlp1.md │ │ │ └── pC_vontuemaildlp2.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_dlp_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_dlp_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_dlp_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_dlp_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_dlp_Malware.md │ │ │ ├── r_m_symantec_symantec_dlp_Phishing.md │ │ │ ├── r_m_symantec_symantec_dlp_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_dlp_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_dlp_Workforce_Protection.md │ │ └── ds_symantec_symantec_dlp.md │ ├── Symantec_EDR │ │ ├── 2_ds_symantec_symantec_edr.md │ │ ├── Ps │ │ │ ├── pC_symantecauthenticationsuccessful.md │ │ │ ├── pC_symantecedralert1.md │ │ │ ├── pC_symantecedralert2.md │ │ │ ├── pC_symantecfilealert.md │ │ │ ├── pC_symantecfiledelete.md │ │ │ ├── pC_symantecfiledelete2.md │ │ │ ├── pC_symantecfilewrite.md │ │ │ ├── pC_symantecfilewrite2.md │ │ │ ├── pC_symantecfilewrite3.md │ │ │ ├── pC_symantecfilewrite4.md │ │ │ ├── pC_symantecfilewrite5.md │ │ │ ├── pC_symantecprocesscreated.md │ │ │ └── pC_symantecremotelogon.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_edr_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_edr_Account_Manipulation.md │ │ │ ├── r_m_symantec_symantec_edr_Audit_Tampering.md │ │ │ ├── r_m_symantec_symantec_edr_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_edr_Cryptomining.md │ │ │ ├── r_m_symantec_symantec_edr_Data_Access.md │ │ │ ├── r_m_symantec_symantec_edr_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_edr_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_edr_Destruction_of_Data.md │ │ │ ├── r_m_symantec_symantec_edr_Evasion.md │ │ │ ├── r_m_symantec_symantec_edr_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_edr_Malware.md │ │ │ ├── r_m_symantec_symantec_edr_Phishing.md │ │ │ ├── r_m_symantec_symantec_edr_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_edr_Privilege_Escalation.md │ │ │ ├── r_m_symantec_symantec_edr_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_edr_Ransomware.md │ │ └── ds_symantec_symantec_edr.md │ ├── Symantec_Email_Security.cloud │ │ ├── 2_ds_symantec_symantec_email_security.cloud.md │ │ ├── Ps │ │ │ ├── pC_cefsymantecemailalert.md │ │ │ ├── pC_cefsymantecemailalert1.md │ │ │ ├── pC_messagelabsemailin.md │ │ │ ├── pC_messagelabsemailout.md │ │ │ ├── pC_ssymantecemailalert.md │ │ │ └── pC_symantecsecurityalert1.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Malware.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Phishing.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_email_security.cloud_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_email_security.cloud_Workforce_Protection.md │ │ └── ds_symantec_symantec_email_security.cloud.md │ ├── Symantec_Endpoint_Protection │ │ ├── 2_ds_symantec_symantec_endpoint_protection.md │ │ ├── Ps │ │ │ ├── pC_cefsymantecatpalert1.md │ │ │ ├── pC_cefsymantecnetworkalert.md │ │ │ ├── pC_cefsymantecsepalert.md │ │ │ ├── pC_cefsymantecsepalert1.md │ │ │ ├── pC_cefsymantecsepalert2.md │ │ │ ├── pC_cefsymantecsepalert3.md │ │ │ ├── pC_cefsymantecsepalert4.md │ │ │ ├── pC_cefsymantecsepalert5.md │ │ │ ├── pC_esetscanactivity.md │ │ │ ├── pC_nforwardedcefsymanteceppalert.md │ │ │ ├── pC_ssymanteceppalert.md │ │ │ ├── pC_ssymantecnetworkalert.md │ │ │ ├── pC_ssymantecprocessalert.md │ │ │ ├── pC_ssymantecsecurityalert.md │ │ │ ├── pC_ssymantecsecurityalert1.md │ │ │ ├── pC_ssymantecsecurityalert2.md │ │ │ ├── pC_symantecalertjp.md │ │ │ ├── pC_symantecalertjp1.md │ │ │ ├── pC_symantecalertjp2.md │ │ │ ├── pC_symantecalertjp3.md │ │ │ ├── pC_symantecavdlpalert.md │ │ │ ├── pC_symantecavdlpalertcn.md │ │ │ ├── pC_symanteceppalert.md │ │ │ ├── pC_symanteceppalertchinese.md │ │ │ ├── pC_symanteceppalertjapanese.md │ │ │ ├── pC_symanteceppcefalert.md │ │ │ ├── pC_symanteceppcefalert2.md │ │ │ ├── pC_symanteceppnetworkalert.md │ │ │ ├── pC_symanteceppnetworkalert1.md │ │ │ ├── pC_symanteceppnetworkalert2.md │ │ │ ├── pC_symanteceppnetworkalert3.md │ │ │ ├── pC_symanteceppnetworkconnection.md │ │ │ ├── pC_symanteceppntpalert.md │ │ │ ├── pC_symanteceppntpalertchinese.md │ │ │ ├── pC_symanteceppusbactivity1.md │ │ │ ├── pC_symantecnetworkconnection.md │ │ │ ├── pC_symantecnetworkconnection1.md │ │ │ ├── pC_symantecnetworkconnection2.md │ │ │ ├── pC_symantecsecurityalert2.md │ │ │ ├── pC_symantecsecurityalert3.md │ │ │ ├── pC_symantecsecurityalertfrench.md │ │ │ └── pC_symantecusbblock.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Account_Manipulation.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Data_Access.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Malware.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Privilege_Escalation.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_endpoint_protection_Ransomware.md │ │ └── ds_symantec_symantec_endpoint_protection.md │ ├── Symantec_Endpoint_Protection_Mobile │ │ ├── Ps │ │ │ ├── pC_ssepmobilealert1.md │ │ │ ├── pC_ssepmobilealert2.md │ │ │ ├── pC_ssepmobilealert3.md │ │ │ ├── pC_ssepmobilealert4.md │ │ │ └── pC_ssepmobilealert5.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_endpoint_protection_mobile_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_mobile_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_endpoint_protection_mobile_Malware.md │ │ │ └── r_m_symantec_symantec_endpoint_protection_mobile_Privileged_Activity.md │ │ └── ds_symantec_symantec_endpoint_protection_mobile.md │ ├── Symantec_Fireglass │ │ ├── Ps │ │ │ ├── pC_cefsymantecwebactivity2.md │ │ │ ├── pC_ssymantecwebactivity.md │ │ │ └── pC_ssymantecwebactivity1.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_fireglass_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_fireglass_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_fireglass_Cryptomining.md │ │ │ ├── r_m_symantec_symantec_fireglass_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_fireglass_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_fireglass_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_fireglass_Malware.md │ │ │ ├── r_m_symantec_symantec_fireglass_Phishing.md │ │ │ ├── r_m_symantec_symantec_fireglass_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_fireglass_Privileged_Activity.md │ │ │ ├── r_m_symantec_symantec_fireglass_Ransomware.md │ │ │ └── r_m_symantec_symantec_fireglass_Workforce_Protection.md │ │ └── ds_symantec_symantec_fireglass.md │ ├── Symantec_Managed_Security_Services │ │ ├── Ps │ │ │ └── pC_syslogsymantecmssalert.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_managed_security_services_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_managed_security_services_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_managed_security_services_Malware.md │ │ │ └── r_m_symantec_symantec_managed_security_services_Privileged_Activity.md │ │ └── ds_symantec_symantec_managed_security_services.md │ ├── Symantec_Secure_Web_Gateway │ │ ├── Ps │ │ │ ├── pC_cefsymantecwebactivity.md │ │ │ └── pC_cefsymantecwebactivity1.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Cryptomining.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Data_Exfiltration.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Malware.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Phishing.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Privileged_Activity.md │ │ │ ├── r_m_symantec_symantec_secure_web_gateway_Ransomware.md │ │ │ └── r_m_symantec_symantec_secure_web_gateway_Workforce_Protection.md │ │ └── ds_symantec_symantec_secure_web_gateway.md │ ├── Symantec_VIP │ │ ├── 2_ds_symantec_symantec_vip.md │ │ ├── Ps │ │ │ ├── pC_ssymantecauthfailed.md │ │ │ ├── pC_ssymantecauthfailed1.md │ │ │ ├── pC_ssymantecauthfailed2.md │ │ │ ├── pC_ssymantecauthsuccessful.md │ │ │ ├── pC_ssymantecauthsuccessful1.md │ │ │ └── pC_symantecappactivity.md │ │ ├── RM │ │ │ ├── r_m_symantec_symantec_vip_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_symantec_symantec_vip_Account_Manipulation.md │ │ │ ├── r_m_symantec_symantec_vip_Compromised_Credentials.md │ │ │ ├── r_m_symantec_symantec_vip_Data_Access.md │ │ │ ├── r_m_symantec_symantec_vip_Data_Leak.md │ │ │ ├── r_m_symantec_symantec_vip_Lateral_Movement.md │ │ │ ├── r_m_symantec_symantec_vip_Malware.md │ │ │ ├── r_m_symantec_symantec_vip_Privilege_Abuse.md │ │ │ ├── r_m_symantec_symantec_vip_Privilege_Escalation.md │ │ │ ├── r_m_symantec_symantec_vip_Privileged_Activity.md │ │ │ └── r_m_symantec_symantec_vip_Ransomware.md │ │ └── ds_symantec_symantec_vip.md │ └── Symantec_WSS │ │ ├── 2_ds_symantec_symantec_wss.md │ │ ├── Ps │ │ ├── pC_symantecwebactivity.md │ │ ├── pC_symantecwebactivity1.md │ │ ├── pC_symantecwebactivity2.md │ │ ├── pC_symantecwebactivity3.md │ │ ├── pC_symantecwebactivity4.md │ │ └── pC_symantecwebactivity5.md │ │ ├── RM │ │ ├── r_m_symantec_symantec_wss_Abnormal_Authentication_&_Access.md │ │ ├── r_m_symantec_symantec_wss_Compromised_Credentials.md │ │ ├── r_m_symantec_symantec_wss_Cryptomining.md │ │ ├── r_m_symantec_symantec_wss_Data_Exfiltration.md │ │ ├── r_m_symantec_symantec_wss_Data_Leak.md │ │ ├── r_m_symantec_symantec_wss_Lateral_Movement.md │ │ ├── r_m_symantec_symantec_wss_Malware.md │ │ ├── r_m_symantec_symantec_wss_Phishing.md │ │ ├── r_m_symantec_symantec_wss_Privilege_Abuse.md │ │ ├── r_m_symantec_symantec_wss_Privileged_Activity.md │ │ ├── r_m_symantec_symantec_wss_Ransomware.md │ │ └── r_m_symantec_symantec_wss_Workforce_Protection.md │ │ └── ds_symantec_symantec_wss.md ├── Synology_NAS │ └── Synology_NAS │ │ ├── Ps │ │ ├── pC_nasshareaccess.md │ │ └── pC_nasshareaccess1.md │ │ ├── RM │ │ ├── r_m_synology_nas_synology_nas_Compromised_Credentials.md │ │ ├── r_m_synology_nas_synology_nas_Lateral_Movement.md │ │ ├── r_m_synology_nas_synology_nas_Malware.md │ │ └── r_m_synology_nas_synology_nas_Privilege_Escalation.md │ │ └── ds_synology_nas_synology_nas.md ├── Tanium │ ├── Cloud_Platform │ │ ├── Ps │ │ │ ├── pC_taniumcloudappactivity.md │ │ │ ├── pC_taniumcloudappactivity1.md │ │ │ ├── pC_taniumcloudapplogin.md │ │ │ └── pC_taniumcloudfailedapplogin.md │ │ ├── RM │ │ │ ├── r_m_tanium_cloud_platform_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_tanium_cloud_platform_Account_Manipulation.md │ │ │ ├── r_m_tanium_cloud_platform_Compromised_Credentials.md │ │ │ ├── r_m_tanium_cloud_platform_Data_Access.md │ │ │ ├── r_m_tanium_cloud_platform_Data_Leak.md │ │ │ ├── r_m_tanium_cloud_platform_Lateral_Movement.md │ │ │ ├── r_m_tanium_cloud_platform_Malware.md │ │ │ ├── r_m_tanium_cloud_platform_Privilege_Abuse.md │ │ │ ├── r_m_tanium_cloud_platform_Privilege_Escalation.md │ │ │ ├── r_m_tanium_cloud_platform_Privileged_Activity.md │ │ │ └── r_m_tanium_cloud_platform_Ransomware.md │ │ └── ds_tanium_cloud_platform.md │ ├── Endpoint_Platform │ │ ├── 2_ds_tanium_endpoint_platform.md │ │ ├── Ps │ │ │ ├── pC_staniumcliexecution.md │ │ │ ├── pC_staniumprocessalert1.md │ │ │ ├── pC_staniumsecurityalert.md │ │ │ ├── pC_staniumsecurityalert2.md │ │ │ ├── pC_staniumsecurityalert3.md │ │ │ ├── pC_staniumsecurityalert4.md │ │ │ ├── pC_staniumsecurityalert5.md │ │ │ ├── pC_staniumsecurityalert6.md │ │ │ ├── pC_staniumsecurityalert7.md │ │ │ ├── pC_taniumauth.md │ │ │ ├── pC_taniumdnsresponse.md │ │ │ └── pC_taniumprocesscreated.md │ │ ├── RM │ │ │ ├── r_m_tanium_endpoint_platform_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_tanium_endpoint_platform_Account_Manipulation.md │ │ │ ├── r_m_tanium_endpoint_platform_Audit_Tampering.md │ │ │ ├── r_m_tanium_endpoint_platform_Compromised_Credentials.md │ │ │ ├── r_m_tanium_endpoint_platform_Cryptomining.md │ │ │ ├── r_m_tanium_endpoint_platform_Data_Access.md │ │ │ ├── r_m_tanium_endpoint_platform_Data_Exfiltration.md │ │ │ ├── r_m_tanium_endpoint_platform_Evasion.md │ │ │ ├── r_m_tanium_endpoint_platform_Lateral_Movement.md │ │ │ ├── r_m_tanium_endpoint_platform_Malware.md │ │ │ ├── r_m_tanium_endpoint_platform_Phishing.md │ │ │ ├── r_m_tanium_endpoint_platform_Privilege_Abuse.md │ │ │ ├── r_m_tanium_endpoint_platform_Privilege_Escalation.md │ │ │ ├── r_m_tanium_endpoint_platform_Privileged_Activity.md │ │ │ └── r_m_tanium_endpoint_platform_Ransomware.md │ │ └── ds_tanium_endpoint_platform.md │ ├── Integrity_Monitor │ │ ├── 2_ds_tanium_integrity_monitor.md │ │ ├── Ps │ │ │ ├── pC_taniumfiledelete.md │ │ │ ├── pC_taniumfiledelete1.md │ │ │ ├── pC_taniumfileownerchange.md │ │ │ ├── pC_taniumfilepermissionchange.md │ │ │ ├── pC_taniumfilepermissionchange1.md │ │ │ ├── pC_taniumfilerename.md │ │ │ ├── pC_taniumfilewrite.md │ │ │ ├── pC_taniumfilewrite1.md │ │ │ ├── pC_taniumfilewrite2.md │ │ │ ├── pC_taniumfilewrite3.md │ │ │ ├── pC_taniumnetworkconnectionfailed.md │ │ │ ├── pC_taniumnetworkconnectionsuccessful.md │ │ │ ├── pC_taniumnetworkconnectionsuccessful1.md │ │ │ ├── pC_taniumnewfilecreate.md │ │ │ └── pC_taniumprocesscreated1.md │ │ ├── RM │ │ │ ├── r_m_tanium_integrity_monitor_Account_Manipulation.md │ │ │ ├── r_m_tanium_integrity_monitor_Audit_Tampering.md │ │ │ ├── r_m_tanium_integrity_monitor_Compromised_Credentials.md │ │ │ ├── r_m_tanium_integrity_monitor_Cryptomining.md │ │ │ ├── r_m_tanium_integrity_monitor_Data_Access.md │ │ │ ├── r_m_tanium_integrity_monitor_Data_Exfiltration.md │ │ │ ├── r_m_tanium_integrity_monitor_Data_Leak.md │ │ │ ├── r_m_tanium_integrity_monitor_Destruction_of_Data.md │ │ │ ├── r_m_tanium_integrity_monitor_Evasion.md │ │ │ ├── r_m_tanium_integrity_monitor_Lateral_Movement.md │ │ │ ├── r_m_tanium_integrity_monitor_Malware.md │ │ │ ├── r_m_tanium_integrity_monitor_Phishing.md │ │ │ ├── r_m_tanium_integrity_monitor_Privilege_Abuse.md │ │ │ ├── r_m_tanium_integrity_monitor_Privilege_Escalation.md │ │ │ ├── r_m_tanium_integrity_monitor_Privileged_Activity.md │ │ │ └── r_m_tanium_integrity_monitor_Ransomware.md │ │ └── ds_tanium_integrity_monitor.md │ └── Threat_Response │ │ ├── Ps │ │ └── pC_taniumprocessalert.md │ │ ├── RM │ │ ├── r_m_tanium_threat_response_Compromised_Credentials.md │ │ └── r_m_tanium_threat_response_Malware.md │ │ └── ds_tanium_threat_response.md ├── Tenable.io │ └── Tenable.io │ │ ├── Ps │ │ ├── pC_tenablesecurityalert.md │ │ └── pC_tenablesecurityalert1.md │ │ ├── RM │ │ ├── r_m_tenable.io_tenable.io_Compromised_Credentials.md │ │ ├── r_m_tenable.io_tenable.io_Lateral_Movement.md │ │ ├── r_m_tenable.io_tenable.io_Malware.md │ │ └── r_m_tenable.io_tenable.io_Privileged_Activity.md │ │ └── ds_tenable.io_tenable.io.md ├── Teradata │ └── Teradata_RDBMS │ │ ├── Ps │ │ ├── pC_teradatadatabasereq2.md │ │ ├── pC_teradatadatabasereq4.md │ │ └── pC_teradatadatabasereq8.md │ │ ├── RM │ │ ├── r_m_teradata_teradata_rdbms_Compromised_Credentials.md │ │ └── r_m_teradata_teradata_rdbms_Data_Access.md │ │ └── ds_teradata_teradata_rdbms.md ├── ThreatBlockr │ └── ThreatBlockr │ │ ├── Ps │ │ ├── pC_threatblockrdnsresponse.md │ │ └── pC_threatblockrnetworkconnection.md │ │ ├── RM │ │ ├── r_m_threatblockr_threatblockr_Lateral_Movement.md │ │ └── r_m_threatblockr_threatblockr_Malware.md │ │ └── ds_threatblockr_threatblockr.md ├── TimeLox │ └── TimeLox │ │ ├── Ps │ │ └── pC_timeloxbadgeaccess.md │ │ ├── RM │ │ ├── r_m_timelox_timelox_Abnormal_Authentication_&_Access.md │ │ ├── r_m_timelox_timelox_Physical_Security.md │ │ └── r_m_timelox_timelox_Privileged_Activity.md │ │ └── ds_timelox_timelox.md ├── TitanFTP │ └── TitanFTP │ │ ├── Ps │ │ ├── pC_stitanftpappactivity1.md │ │ ├── pC_stitanftpappactivity2.md │ │ ├── pC_stitanftpappactivity3.md │ │ ├── pC_stitanftpappactivity4.md │ │ ├── pC_stitanftpfiledelete.md │ │ ├── pC_stitanftpfileread1.md │ │ └── pC_stitanftpfileread2.md │ │ ├── RM │ │ ├── r_m_titanftp_titanftp_Abnormal_Authentication_&_Access.md │ │ ├── r_m_titanftp_titanftp_Account_Manipulation.md │ │ ├── r_m_titanftp_titanftp_Compromised_Credentials.md │ │ ├── r_m_titanftp_titanftp_Data_Access.md │ │ ├── r_m_titanftp_titanftp_Data_Leak.md │ │ ├── r_m_titanftp_titanftp_Destruction_of_Data.md │ │ ├── r_m_titanftp_titanftp_Lateral_Movement.md │ │ ├── r_m_titanftp_titanftp_Malware.md │ │ ├── r_m_titanftp_titanftp_Privilege_Abuse.md │ │ ├── r_m_titanftp_titanftp_Privilege_Escalation.md │ │ ├── r_m_titanftp_titanftp_Privileged_Activity.md │ │ └── r_m_titanftp_titanftp_Ransomware.md │ │ └── ds_titanftp_titanftp.md ├── TrapX │ └── TrapX │ │ ├── Ps │ │ ├── pC_trapxalert.md │ │ ├── pC_trapxnetworkalert.md │ │ └── pC_trapxnetworkalert1.md │ │ ├── RM │ │ ├── r_m_trapx_trapx_Compromised_Credentials.md │ │ └── r_m_trapx_trapx_Malware.md │ │ └── ds_trapx_trapx.md ├── Trend_Micro │ ├── Apex_One │ │ ├── 2_ds_trend_micro_apex_one.md │ │ ├── Ps │ │ │ ├── pC_ceftrendmicrodlpemailalert.md │ │ │ └── pC_ceftrendmicrosecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_apex_one_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_apex_one_Data_Leak.md │ │ │ ├── r_m_trend_micro_apex_one_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_apex_one_Malware.md │ │ │ ├── r_m_trend_micro_apex_one_Phishing.md │ │ │ ├── r_m_trend_micro_apex_one_Privilege_Abuse.md │ │ │ ├── r_m_trend_micro_apex_one_Privileged_Activity.md │ │ │ └── r_m_trend_micro_apex_one_Workforce_Protection.md │ │ └── ds_trend_micro_apex_one.md │ ├── Cloud_App_Security │ │ ├── Ps │ │ │ └── pC_ceftrendmicrosecurityalert9.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_cloud_app_security_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_cloud_app_security_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_cloud_app_security_Malware.md │ │ │ └── r_m_trend_micro_cloud_app_security_Privileged_Activity.md │ │ └── ds_trend_micro_cloud_app_security.md │ ├── Deep_Discovery_Email_Inspector │ │ ├── Ps │ │ │ ├── pC_ceftrendmicrodlp.md │ │ │ └── pC_ceftrendmicrodlpemailalertin.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_deep_discovery_email_inspector_Malware.md │ │ │ ├── r_m_trend_micro_deep_discovery_email_inspector_Privilege_Abuse.md │ │ │ └── r_m_trend_micro_deep_discovery_email_inspector_Privileged_Activity.md │ │ └── ds_trend_micro_deep_discovery_email_inspector.md │ ├── Deep_Discovery_Inspector │ │ ├── Ps │ │ │ ├── pC_ceftrendmicroalert.md │ │ │ ├── pC_ceftrendmicroapplogin.md │ │ │ ├── pC_ceftrendmicropasswordchange.md │ │ │ ├── pC_ceftrendmicrosecurityalert1.md │ │ │ ├── pC_ceftrendmicrosecurityalert4.md │ │ │ └── pC_nforwardedceftrendmicrosecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Account_Manipulation.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Data_Access.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Malware.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Privilege_Abuse.md │ │ │ ├── r_m_trend_micro_deep_discovery_inspector_Privileged_Activity.md │ │ │ └── r_m_trend_micro_deep_discovery_inspector_Ransomware.md │ │ └── ds_trend_micro_deep_discovery_inspector.md │ ├── Deep_Security_Agent │ │ ├── 2_ds_trend_micro_deep_security_agent.md │ │ ├── Ps │ │ │ ├── pC_ceftrendmicrosecurityalert3.md │ │ │ ├── pC_ceftrendmicrosecurityalert5.md │ │ │ ├── pC_ceftrendmicrosecurityalert6.md │ │ │ ├── pC_ceftrendmicrosecurityalert7.md │ │ │ ├── pC_ceftrendmicrosecurityalert8.md │ │ │ ├── pC_trendmicronetworkconnfailed.md │ │ │ └── pC_trendmicronetworkconnsuccessful.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_deep_security_agent_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_deep_security_agent_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_deep_security_agent_Malware.md │ │ │ └── r_m_trend_micro_deep_security_agent_Privileged_Activity.md │ │ └── ds_trend_micro_deep_security_agent.md │ ├── InterScan_Web_Security │ │ ├── 2_ds_trend_micro_interscan_web_security.md │ │ ├── Ps │ │ │ ├── pC_nforwardedceftrendmicrowebactivity1.md │ │ │ ├── pC_nforwardedceftrendmicrowebactivity2.md │ │ │ └── pC_nforwardedceftrendmicrowebactivity3.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_interscan_web_security_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Cryptomining.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Data_Exfiltration.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Data_Leak.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Malware.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Phishing.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Privilege_Abuse.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Privileged_Activity.md │ │ │ ├── r_m_trend_micro_interscan_web_security_Ransomware.md │ │ │ └── r_m_trend_micro_interscan_web_security_Workforce_Protection.md │ │ └── ds_trend_micro_interscan_web_security.md │ ├── OfficeScan │ │ ├── 2_ds_trend_micro_officescan.md │ │ ├── Ps │ │ │ ├── pC_ceftrendmicrodlpalert.md │ │ │ ├── pC_ceftrendmicrodlpalert1.md │ │ │ ├── pC_ceftrendmicrosecurityalert.md │ │ │ ├── pC_ceftrendmicrousbwrite.md │ │ │ ├── pC_leeftrendmicroprivilegedobjectaccess.md │ │ │ ├── pC_leeftrendmicrosecurityalert.md │ │ │ ├── pC_qtrendmicrodlpalert.md │ │ │ ├── pC_qtrendmicroeppalert.md │ │ │ ├── pC_qtrendmicrosyslogalert.md │ │ │ ├── pC_strendmicroeppalert.md │ │ │ ├── pC_strendmicroeppalert1.md │ │ │ ├── pC_strendmicroeppalert2.md │ │ │ ├── pC_strendmicrosecurityalert.md │ │ │ ├── pC_strendmicrosecurityalert1.md │ │ │ ├── pC_strendmicrosecurityalert2.md │ │ │ ├── pC_strendmicrosecurityalert3.md │ │ │ ├── pC_trendmicroalert1.md │ │ │ ├── pC_trendmicroalert2.md │ │ │ ├── pC_trendmicroalert3.md │ │ │ ├── pC_trendmicroalert4.md │ │ │ ├── pC_trendmicroalert5.md │ │ │ ├── pC_trendmicroalert6.md │ │ │ ├── pC_trendmicroalert7.md │ │ │ ├── pC_trendmicroalert8.md │ │ │ ├── pC_trendmicrocefalert.md │ │ │ └── pC_trendmicrocefwebactivity.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_officescan_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_trend_micro_officescan_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_officescan_Cryptomining.md │ │ │ ├── r_m_trend_micro_officescan_Data_Exfiltration.md │ │ │ ├── r_m_trend_micro_officescan_Data_Leak.md │ │ │ ├── r_m_trend_micro_officescan_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_officescan_Malware.md │ │ │ ├── r_m_trend_micro_officescan_Phishing.md │ │ │ ├── r_m_trend_micro_officescan_Privilege_Abuse.md │ │ │ ├── r_m_trend_micro_officescan_Privileged_Activity.md │ │ │ ├── r_m_trend_micro_officescan_Ransomware.md │ │ │ └── r_m_trend_micro_officescan_Workforce_Protection.md │ │ └── ds_trend_micro_officescan.md │ ├── ScanMail │ │ ├── Ps │ │ │ ├── pC_cefexchangescanmailalert.md │ │ │ └── pC_jsonexchangescanmailalert.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_scanmail_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_scanmail_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_scanmail_Malware.md │ │ │ └── r_m_trend_micro_scanmail_Privileged_Activity.md │ │ └── ds_trend_micro_scanmail.md │ ├── TippingPoint_NGIPS │ │ ├── 2_ds_trend_micro_tippingpoint_ngips.md │ │ ├── Ps │ │ │ ├── pC_ceftippingpointnetworkalert.md │ │ │ ├── pC_ceftippingpointnetworkalert1.md │ │ │ ├── pC_qtippingpointsmsalert.md │ │ │ ├── pC_qtippingpointsmsalert1.md │ │ │ ├── pC_qtippingpointsmsalert2.md │ │ │ ├── pC_qtippingpointsmsalert3.md │ │ │ ├── pC_qtippingpointsmsalert4.md │ │ │ ├── pC_qtippingpointsmsalert5.md │ │ │ └── pC_tippingpointsmsalert.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_tippingpoint_ngips_Compromised_Credentials.md │ │ │ ├── r_m_trend_micro_tippingpoint_ngips_Lateral_Movement.md │ │ │ ├── r_m_trend_micro_tippingpoint_ngips_Malware.md │ │ │ └── r_m_trend_micro_tippingpoint_ngips_Privileged_Activity.md │ │ └── ds_trend_micro_tippingpoint_ngips.md │ ├── Trend_Micro │ │ ├── Ps │ │ │ ├── pC_ceftrendmicrodatabasefailedlogin.md │ │ │ └── pC_trendmicronetworkconnection.md │ │ ├── RM │ │ │ ├── r_m_trend_micro_trend_micro_Lateral_Movement.md │ │ │ └── r_m_trend_micro_trend_micro_Malware.md │ │ └── ds_trend_micro_trend_micro.md │ └── Vision_One │ │ ├── Ps │ │ └── pC_ceftrendmicrovisiononealert.md │ │ ├── RM │ │ ├── r_m_trend_micro_vision_one_Compromised_Credentials.md │ │ ├── r_m_trend_micro_vision_one_Lateral_Movement.md │ │ ├── r_m_trend_micro_vision_one_Malware.md │ │ └── r_m_trend_micro_vision_one_Privileged_Activity.md │ │ └── ds_trend_micro_vision_one.md ├── Tripwire_Enterprise │ └── Tripwire_Enterprise │ │ ├── Ps │ │ ├── pC_ceftripwirefilealert.md │ │ ├── pC_tripwirefilealert1.md │ │ └── pC_tripwirefilealert2.md │ │ ├── RM │ │ ├── r_m_tripwire_enterprise_tripwire_enterprise_Data_Exfiltration.md │ │ ├── r_m_tripwire_enterprise_tripwire_enterprise_Malware.md │ │ ├── r_m_tripwire_enterprise_tripwire_enterprise_Privilege_Abuse.md │ │ └── r_m_tripwire_enterprise_tripwire_enterprise_Privileged_Activity.md │ │ └── ds_tripwire_enterprise_tripwire_enterprise.md ├── Tufin │ └── SecureTrack │ │ ├── Ps │ │ └── pC_securesystemlogin.md │ │ ├── RM │ │ ├── r_m_tufin_securetrack_Abnormal_Authentication_&_Access.md │ │ ├── r_m_tufin_securetrack_Compromised_Credentials.md │ │ ├── r_m_tufin_securetrack_Lateral_Movement.md │ │ ├── r_m_tufin_securetrack_Malware.md │ │ └── r_m_tufin_securetrack_Ransomware.md │ │ └── ds_tufin_securetrack.md ├── Tyco │ └── CCURE_Building_Management_System │ │ ├── 2_ds_tyco_ccure_building_management_system.md │ │ ├── Ps │ │ ├── pC_ccureappactivity.md │ │ ├── pC_ccureapplogin.md │ │ ├── pC_ccureapplogin1.md │ │ ├── pC_ccurebadgeaccess.md │ │ ├── pC_ccurebadgeaccess1.md │ │ ├── pC_ccurebadgeaccess2.md │ │ ├── pC_ccurebadgeaccess3.md │ │ ├── pC_ccurebadgeaccess4.md │ │ ├── pC_cefccurebadgeaccess.md │ │ ├── pC_cefccurebadgeaccess1.md │ │ ├── pC_cefccurebadgeaccess2.md │ │ ├── pC_jsonccurebadgeaccess.md │ │ ├── pC_jsonccurebadgeaccess2.md │ │ ├── pC_qccurebadgeaccess.md │ │ └── pC_sccurebadgeaccess.md │ │ ├── RM │ │ ├── r_m_tyco_ccure_building_management_system_Abnormal_Authentication_&_Access.md │ │ ├── r_m_tyco_ccure_building_management_system_Account_Manipulation.md │ │ ├── r_m_tyco_ccure_building_management_system_Compromised_Credentials.md │ │ ├── r_m_tyco_ccure_building_management_system_Data_Access.md │ │ ├── r_m_tyco_ccure_building_management_system_Data_Leak.md │ │ ├── r_m_tyco_ccure_building_management_system_Lateral_Movement.md │ │ ├── r_m_tyco_ccure_building_management_system_Malware.md │ │ ├── r_m_tyco_ccure_building_management_system_Physical_Security.md │ │ ├── r_m_tyco_ccure_building_management_system_Privilege_Abuse.md │ │ ├── r_m_tyco_ccure_building_management_system_Privilege_Escalation.md │ │ ├── r_m_tyco_ccure_building_management_system_Privileged_Activity.md │ │ └── r_m_tyco_ccure_building_management_system_Ransomware.md │ │ └── ds_tyco_ccure_building_management_system.md ├── USB │ └── USB │ │ ├── Ps │ │ └── pC_usbfilewrite.md │ │ ├── RM │ │ └── r_m_usb_usb_Enrichment.md │ │ └── ds_usb_usb.md ├── Unix │ ├── Auditbeat │ │ ├── 2_ds_unix_auditbeat.md │ │ ├── Ps │ │ │ ├── pC_auditbeatauthenticationsuccessful.md │ │ │ ├── pC_auditbeatprocessaudit.md │ │ │ ├── pC_auditbeatprocesscreated.md │ │ │ └── pC_auditbeatprocessnetwork.md │ │ ├── RM │ │ │ ├── r_m_unix_auditbeat_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_unix_auditbeat_Account_Manipulation.md │ │ │ ├── r_m_unix_auditbeat_Audit_Tampering.md │ │ │ ├── r_m_unix_auditbeat_Compromised_Credentials.md │ │ │ ├── r_m_unix_auditbeat_Cryptomining.md │ │ │ ├── r_m_unix_auditbeat_Data_Access.md │ │ │ ├── r_m_unix_auditbeat_Data_Exfiltration.md │ │ │ ├── r_m_unix_auditbeat_Data_Leak.md │ │ │ ├── r_m_unix_auditbeat_Evasion.md │ │ │ ├── r_m_unix_auditbeat_Lateral_Movement.md │ │ │ ├── r_m_unix_auditbeat_Malware.md │ │ │ ├── r_m_unix_auditbeat_Phishing.md │ │ │ ├── r_m_unix_auditbeat_Privilege_Abuse.md │ │ │ ├── r_m_unix_auditbeat_Privilege_Escalation.md │ │ │ ├── r_m_unix_auditbeat_Privileged_Activity.md │ │ │ └── r_m_unix_auditbeat_Ransomware.md │ │ └── ds_unix_auditbeat.md │ ├── Unix │ │ ├── 2_ds_unix_unix.md │ │ ├── Ps │ │ │ ├── pC_aixauthfailed.md │ │ │ ├── pC_aixauthsuccessful.md │ │ │ ├── pC_aixfileopenoperation.md │ │ │ ├── pC_aixfilereadoperation.md │ │ │ ├── pC_aixfilerenameoperation.md │ │ │ ├── pC_aixfilewriteoperation.md │ │ │ ├── pC_aixprocesscreated.md │ │ │ ├── pC_aixtaskcreated.md │ │ │ ├── pC_aixtaskcreated1.md │ │ │ ├── pC_auditbeataccountswitch2.md │ │ │ ├── pC_auditbeatauthsuccess.md │ │ │ ├── pC_auditbeatfileaccess.md │ │ │ ├── pC_auditbeatfileoperations.md │ │ │ ├── pC_auditbeatfileoperations2.md │ │ │ ├── pC_auditbeatfileoperations3.md │ │ │ ├── pC_auditbeatlocallogon.md │ │ │ ├── pC_auditbeatpasswordchange.md │ │ │ ├── pC_auditbeatpermmod.md │ │ │ ├── pC_auditbeatprocesscreation.md │ │ │ ├── pC_auditbeatsecurityalert.md │ │ │ ├── pC_auditbeatsecurityalert2.md │ │ │ ├── pC_auditbeatsecurityalert3.md │ │ │ ├── pC_auditbeatsecurityalert4.md │ │ │ ├── pC_auditbeatsshlogin.md │ │ │ ├── pC_auditbeatsshlogin2.md │ │ │ ├── pC_auditbeatsshlogin3.md │ │ │ ├── pC_auditbeatsshlogin4.md │ │ │ ├── pC_auditbeatunixaccountcreated.md │ │ │ ├── pC_auditbeatunixaccountdelete.md │ │ │ ├── pC_auditbeatunixaccountdelete2.md │ │ │ ├── pC_auditbeatunixaccountdelete3.md │ │ │ ├── pC_auditbeatunixmemberremoved.md │ │ │ ├── pC_auditbeatunixmemberremoved2.md │ │ │ ├── pC_cdsprocesscreation.md │ │ │ ├── pC_cefsshlogin.md │ │ │ ├── pC_cefsshlogin1.md │ │ │ ├── pC_cefsshloginfailed.md │ │ │ ├── pC_cefunixaccountswitch.md │ │ │ ├── pC_cefunixauthfailed.md │ │ │ ├── pC_cefunixbatchlogon.md │ │ │ ├── pC_cefunixdlpemailalert.md │ │ │ ├── pC_cefunixsu.md │ │ │ ├── pC_cefunixsudo.md │ │ │ ├── pC_cefunixsudo1.md │ │ │ ├── pC_httpdauthevent.md │ │ │ ├── pC_jsonauditdaccountswitch.md │ │ │ ├── pC_jsonauditdprocesscreation.md │ │ │ ├── pC_jsonunixsshloginfailed.md │ │ │ ├── pC_kerberosas.md │ │ │ ├── pC_kerberostgs.md │ │ │ ├── pC_qunixas.md │ │ │ ├── pC_qunixaudispdlogon.md │ │ │ ├── pC_rawsshlogin.md │ │ │ ├── pC_rawunixaccountcreated.md │ │ │ ├── pC_rawunixaccountdeleted.md │ │ │ ├── pC_rawunixaccountdeleted1.md │ │ │ ├── pC_rawunixdnsappliedadd.md │ │ │ ├── pC_rawunixmemberadded1.md │ │ │ ├── pC_rawunixmemberadded2.md │ │ │ ├── pC_rawunixmemberremoved.md │ │ │ ├── pC_rawunixpasswordchange.md │ │ │ ├── pC_rawunixprocesscreated.md │ │ │ ├── pC_rawunixsu.md │ │ │ ├── pC_rawunixsudo.md │ │ │ ├── pC_sftpfileclose.md │ │ │ ├── pC_sftpfileopen.md │ │ │ ├── pC_sftpfilerename.md │ │ │ ├── pC_sftpremotelogon.md │ │ │ ├── pC_sk4jsonunixaccountcreated.md │ │ │ ├── pC_snareunixsu1.md │ │ │ ├── pC_snareunixsu2.md │ │ │ ├── pC_ssshloginfailed.md │ │ │ ├── pC_sunixauthevent.md │ │ │ ├── pC_unixaccountkeyinit.md │ │ │ ├── pC_unixaccountlockout.md │ │ │ ├── pC_unixaccountswitchjson.md │ │ │ ├── pC_unixas.md │ │ │ ├── pC_unixaudispdremotelogon.md │ │ │ ├── pC_unixaudispdremotelogon1.md │ │ │ ├── pC_unixauditdlogin2.md │ │ │ ├── pC_unixauthenticationfail.md │ │ │ ├── pC_unixauthenticationfailed1.md │ │ │ ├── pC_unixauthenticationsuccessful.md │ │ │ ├── pC_unixauthevent1.md │ │ │ ├── pC_unixauthevent2.md │ │ │ ├── pC_unixauthfailed.md │ │ │ ├── pC_unixauthfailed1.md │ │ │ ├── pC_unixauthfailed2.md │ │ │ ├── pC_unixauthfailed3.md │ │ │ ├── pC_unixauthfailed4.md │ │ │ ├── pC_unixauthfailed5.md │ │ │ ├── pC_unixdlpemailout.md │ │ │ ├── pC_unixfailedlogon1.md │ │ │ ├── pC_unixfailedlogon10.md │ │ │ ├── pC_unixfailedlogon11.md │ │ │ ├── pC_unixfailedlogon12.md │ │ │ ├── pC_unixfailedlogon2.md │ │ │ ├── pC_unixfailedlogon3.md │ │ │ ├── pC_unixfailedlogon4.md │ │ │ ├── pC_unixfailedlogon5.md │ │ │ ├── pC_unixfailedlogon6.md │ │ │ ├── pC_unixfailedlogon7.md │ │ │ ├── pC_unixfailedlogon8.md │ │ │ ├── pC_unixfailedlogon9.md │ │ │ ├── pC_unixfileoperation.md │ │ │ ├── pC_unixlocallogon.md │ │ │ ├── pC_unixlocallogon1.md │ │ │ ├── pC_unixmemberadded.md │ │ │ ├── pC_unixpamsshlogin.md │ │ │ ├── pC_unixpasswordchange.md │ │ │ ├── pC_unixpasswordchange1.md │ │ │ ├── pC_unixpasswordchange2.md │ │ │ ├── pC_unixpasswordchange3.md │ │ │ ├── pC_unixpasswordchange4.md │ │ │ ├── pC_unixprivcommand5.md │ │ │ ├── pC_unixremoteaccess.md │ │ │ ├── pC_unixremotelogon1.md │ │ │ ├── pC_unixremotelogon2.md │ │ │ ├── pC_unixremotelogon3.md │ │ │ ├── pC_unixsshfail38.md │ │ │ ├── pC_unixsshlogin.md │ │ │ ├── pC_unixsshloginfailed2.md │ │ │ ├── pC_unixsshloginfailedjson.md │ │ │ ├── pC_unixsshloginfailedjson1.md │ │ │ ├── pC_unixsshloginjson.md │ │ │ ├── pC_unixsshloginjson1.md │ │ │ ├── pC_unixsu37.md │ │ │ ├── pC_wazuhpamauthfail.md │ │ │ ├── pC_wazuhsshfailedlogin.md │ │ │ ├── pC_wazuhsshfailedlogin2.md │ │ │ ├── pC_wazuhsshlogin.md │ │ │ ├── pC_wazuhsysauthfail.md │ │ │ ├── pC_wazuhunixas.md │ │ │ ├── pC_wazuhunixchkpwdfail.md │ │ │ ├── pC_wazuhunixpasswordchange.md │ │ │ ├── pC_wazuhunixsu.md │ │ │ ├── pC_wazuhunixsudo.md │ │ │ ├── pC_wazuhunixsudosu.md │ │ │ └── pC_wazuhunixsudosu2.md │ │ ├── RM │ │ │ ├── r_m_unix_unix_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_unix_unix_Account_Manipulation.md │ │ │ ├── r_m_unix_unix_Audit_Tampering.md │ │ │ ├── r_m_unix_unix_Brute_Force_Attack.md │ │ │ ├── r_m_unix_unix_Compromised_Credentials.md │ │ │ ├── r_m_unix_unix_Cryptomining.md │ │ │ ├── r_m_unix_unix_Data_Access.md │ │ │ ├── r_m_unix_unix_Data_Exfiltration.md │ │ │ ├── r_m_unix_unix_Data_Leak.md │ │ │ ├── r_m_unix_unix_Destruction_of_Data.md │ │ │ ├── r_m_unix_unix_Evasion.md │ │ │ ├── r_m_unix_unix_Lateral_Movement.md │ │ │ ├── r_m_unix_unix_Malware.md │ │ │ ├── r_m_unix_unix_Phishing.md │ │ │ ├── r_m_unix_unix_Privilege_Abuse.md │ │ │ ├── r_m_unix_unix_Privilege_Escalation.md │ │ │ ├── r_m_unix_unix_Privileged_Activity.md │ │ │ ├── r_m_unix_unix_Ransomware.md │ │ │ └── r_m_unix_unix_Workforce_Protection.md │ │ └── ds_unix_unix.md │ ├── Unix_Auditd │ │ ├── 2_ds_unix_unix_auditd.md │ │ ├── Ps │ │ │ ├── pC_auditdunixaccountswitch.md │ │ │ ├── pC_auditdunixprocesscreated.md │ │ │ ├── pC_auditunixprocesscreated.md │ │ │ ├── pC_cefaixprocesscreated.md │ │ │ ├── pC_cefunixaccount1.md │ │ │ ├── pC_cefunixauditdlogin.md │ │ │ ├── pC_cefunixauthentication1.md │ │ │ ├── pC_cefunixcrypto1.md │ │ │ ├── pC_cefunixcryptokey1.md │ │ │ ├── pC_cefunixexe1.md │ │ │ ├── pC_cefunixlocallogon.md │ │ │ ├── pC_cefunixlocallogon1.md │ │ │ ├── pC_cefunixlocallogon2.md │ │ │ ├── pC_cefunixprocess1.md │ │ │ ├── pC_cefunixsshdisconnect.md │ │ │ ├── pC_cefunixsshfail.md │ │ │ ├── pC_cefunixsu1.md │ │ │ ├── pC_cefunixsu2.md │ │ │ ├── pC_cefunixusercmd1.md │ │ │ ├── pC_cefunixuserlogin1.md │ │ │ ├── pC_cefunixuserstart1.md │ │ │ ├── pC_unixaccountswitch1.md │ │ │ ├── pC_unixauditdaccountcreatedid.md │ │ │ ├── pC_unixauditdaccountdeleted.md │ │ │ ├── pC_unixauditdaccountswitch.md │ │ │ ├── pC_unixauditdaccountswitch1.md │ │ │ ├── pC_unixauditdgrppwchange.md │ │ │ ├── pC_unixauditdlogin.md │ │ │ ├── pC_unixauditdlogin1.md │ │ │ ├── pC_unixauditdmemberadded.md │ │ │ ├── pC_unixauditdmemberadded2.md │ │ │ ├── pC_unixauditdmemberadded3.md │ │ │ ├── pC_unixauditdmemberremoved.md │ │ │ ├── pC_unixlocallogon2.md │ │ │ ├── pC_unixprocesscreated1.md │ │ │ ├── pC_unixprocesscreatedfailed.md │ │ │ └── pC_unixprocesscreationfailure.md │ │ ├── RM │ │ │ ├── r_m_unix_unix_auditd_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_unix_unix_auditd_Account_Manipulation.md │ │ │ ├── r_m_unix_unix_auditd_Audit_Tampering.md │ │ │ ├── r_m_unix_unix_auditd_Brute_Force_Attack.md │ │ │ ├── r_m_unix_unix_auditd_Compromised_Credentials.md │ │ │ ├── r_m_unix_unix_auditd_Cryptomining.md │ │ │ ├── r_m_unix_unix_auditd_Data_Access.md │ │ │ ├── r_m_unix_unix_auditd_Data_Exfiltration.md │ │ │ ├── r_m_unix_unix_auditd_Evasion.md │ │ │ ├── r_m_unix_unix_auditd_Lateral_Movement.md │ │ │ ├── r_m_unix_unix_auditd_Malware.md │ │ │ ├── r_m_unix_unix_auditd_Phishing.md │ │ │ ├── r_m_unix_unix_auditd_Privilege_Abuse.md │ │ │ ├── r_m_unix_unix_auditd_Privilege_Escalation.md │ │ │ ├── r_m_unix_unix_auditd_Privileged_Activity.md │ │ │ └── r_m_unix_unix_auditd_Ransomware.md │ │ └── ds_unix_unix_auditd.md │ ├── Unix_Privilege_Management │ │ ├── Ps │ │ │ └── pC_upmaccountswitch.md │ │ ├── RM │ │ │ ├── r_m_unix_unix_privilege_management_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_unix_unix_privilege_management_Malware.md │ │ │ ├── r_m_unix_unix_privilege_management_Privilege_Abuse.md │ │ │ ├── r_m_unix_unix_privilege_management_Privilege_Escalation.md │ │ │ └── r_m_unix_unix_privilege_management_Privileged_Activity.md │ │ └── ds_unix_unix_privilege_management.md │ ├── Unix_Sendmail │ │ ├── 2_ds_unix_unix_sendmail.md │ │ ├── Ps │ │ │ ├── pC_qsendmaildlpemailalert.md │ │ │ ├── pC_sendmailemailfrom.md │ │ │ └── pC_ssendmailemailfrom.md │ │ ├── RM │ │ │ ├── r_m_unix_unix_sendmail_Data_Leak.md │ │ │ ├── r_m_unix_unix_sendmail_Malware.md │ │ │ ├── r_m_unix_unix_sendmail_Phishing.md │ │ │ ├── r_m_unix_unix_sendmail_Privilege_Abuse.md │ │ │ ├── r_m_unix_unix_sendmail_Privileged_Activity.md │ │ │ └── r_m_unix_unix_sendmail_Workforce_Protection.md │ │ └── ds_unix_unix_sendmail.md │ └── Unix_dhcpd │ │ ├── Ps │ │ ├── pC_cefunixdhcp.md │ │ ├── pC_dhcpddhcpacklogon.md │ │ ├── pC_dhcpdrenew.md │ │ ├── pC_qunixdhcp1.md │ │ ├── pC_rawunixdhcp.md │ │ ├── pC_rawunixdhcpforwardmap.md │ │ ├── pC_rawunixdhcpreversemap.md │ │ ├── pC_syslogdhcpd1.md │ │ ├── pC_syslogdhcpd2.md │ │ ├── pC_syslogdhcpd3.md │ │ └── pC_syslogdhcpd4.md │ │ ├── RM │ │ └── r_m_unix_unix_dhcpd_Enrichment.md │ │ └── ds_unix_unix_dhcpd.md ├── VBCorp │ └── VBCorp │ │ ├── Ps │ │ ├── pC_vbcorpsecurityalert.md │ │ └── pC_vbcorpsecurityalert1.md │ │ ├── RM │ │ ├── r_m_vbcorp_vbcorp_Compromised_Credentials.md │ │ ├── r_m_vbcorp_vbcorp_Lateral_Movement.md │ │ ├── r_m_vbcorp_vbcorp_Malware.md │ │ └── r_m_vbcorp_vbcorp_Privileged_Activity.md │ │ └── ds_vbcorp_vbcorp.md ├── VMS_Software │ └── OpenVMS │ │ ├── Ps │ │ ├── pC_openvmsbatchlogon.md │ │ ├── pC_openvmsfailedlogon.md │ │ ├── pC_openvmsfileaccess.md │ │ ├── pC_openvmsfiledelete.md │ │ └── pC_openvmsremotelogin.md │ │ ├── RM │ │ ├── r_m_vms_software_openvms_Abnormal_Authentication_&_Access.md │ │ ├── r_m_vms_software_openvms_Brute_Force_Attack.md │ │ ├── r_m_vms_software_openvms_Compromised_Credentials.md │ │ ├── r_m_vms_software_openvms_Data_Access.md │ │ ├── r_m_vms_software_openvms_Destruction_of_Data.md │ │ ├── r_m_vms_software_openvms_Lateral_Movement.md │ │ ├── r_m_vms_software_openvms_Malware.md │ │ ├── r_m_vms_software_openvms_Privilege_Abuse.md │ │ ├── r_m_vms_software_openvms_Privilege_Escalation.md │ │ ├── r_m_vms_software_openvms_Privileged_Activity.md │ │ └── r_m_vms_software_openvms_Ransomware.md │ │ └── ds_vms_software_openvms.md ├── VMware │ ├── AirWatch │ │ ├── Ps │ │ │ ├── pC_airwatchadminloggedin.md │ │ │ ├── pC_airwatchadminloginfailed.md │ │ │ ├── pC_airwatchauthentication.md │ │ │ ├── pC_airwatchauthsuccessful.md │ │ │ └── pC_airwatchsecurityalerts.md │ │ ├── RM │ │ │ ├── r_m_vmware_airwatch_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_airwatch_Compromised_Credentials.md │ │ │ ├── r_m_vmware_airwatch_Lateral_Movement.md │ │ │ ├── r_m_vmware_airwatch_Malware.md │ │ │ ├── r_m_vmware_airwatch_Privileged_Activity.md │ │ │ └── r_m_vmware_airwatch_Ransomware.md │ │ └── ds_vmware_airwatch.md │ ├── Carbon_Black_App_Control │ │ ├── 2_ds_vmware_carbon_black_app_control.md │ │ ├── Ps │ │ │ ├── pC_carbonblackfileactivity.md │ │ │ ├── pC_carbonblackfileoperations.md │ │ │ ├── pC_carbonblackfileoperations1.md │ │ │ ├── pC_carbonblackprocessalert.md │ │ │ ├── pC_carbonblackprocessalert1.md │ │ │ ├── pC_carbonblackprocesscreated.md │ │ │ ├── pC_carbonblackprocesscreated1.md │ │ │ ├── pC_carbonblackusbinsert.md │ │ │ ├── pC_carbonblackusbinsert1.md │ │ │ ├── pC_carbonblackusbremoved1.md │ │ │ ├── pC_cefbit9applogin.md │ │ │ ├── pC_cefbit9eppalert.md │ │ │ ├── pC_cefbit9filealert.md │ │ │ ├── pC_cefbit9processalert.md │ │ │ ├── pC_cefbit9usbactivity.md │ │ │ ├── pC_cefcarbonblackapplogin.md │ │ │ ├── pC_cefcarbonblackfilealert3.md │ │ │ ├── pC_cefcarbonblacklocallogon.md │ │ │ ├── pC_cefcarbonblacklocallogon3.md │ │ │ ├── pC_cefcarbonblackprocessalert.md │ │ │ ├── pC_cefcarbonblackusbactivity.md │ │ │ ├── pC_cefcarbonblackworkstationlocked.md │ │ │ ├── pC_cefcarbonblackworkstationlocked2.md │ │ │ ├── pC_cefcarbonblackworkstationunlocked.md │ │ │ ├── pC_cefcarbonblackworkstationunlocked2.md │ │ │ ├── pC_leefcarbonblackfilealert1.md │ │ │ ├── pC_leefcarbonblacklocallogon1.md │ │ │ ├── pC_leefcarbonblacklocallogon2.md │ │ │ ├── pC_leefcarbonblackusbactivity.md │ │ │ ├── pC_leefcarbonblackworkstationlocked.md │ │ │ ├── pC_leefcarbonblackworkstationunlocked.md │ │ │ ├── pC_qbit9eppalert.md │ │ │ ├── pC_sbit9eppalert.md │ │ │ └── pC_syslogbit9filealert.md │ │ ├── RM │ │ │ ├── r_m_vmware_carbon_black_app_control_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Account_Manipulation.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Audit_Tampering.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Compromised_Credentials.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Cryptomining.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Data_Access.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Data_Exfiltration.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Data_Leak.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Evasion.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Lateral_Movement.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Malware.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Phishing.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Privilege_Abuse.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Privilege_Escalation.md │ │ │ ├── r_m_vmware_carbon_black_app_control_Privileged_Activity.md │ │ │ └── r_m_vmware_carbon_black_app_control_Ransomware.md │ │ └── ds_vmware_carbon_black_app_control.md │ ├── Carbon_Black_Cloud_Endpoint_Standard │ │ ├── 2_ds_vmware_carbon_black_cloud_endpoint_standard.md │ │ ├── Ps │ │ │ ├── pC_carbonblacksecurityalert2.md │ │ │ ├── pC_cbdefenseapplogin.md │ │ │ ├── pC_cbdefenseauthsuccessfull.md │ │ │ ├── pC_cbdefensefailedapplogin.md │ │ │ ├── pC_cefcarbonblacknetworkconnection.md │ │ │ ├── pC_cefcarbonblacksecurityalert.md │ │ │ ├── pC_cefcarbonblacksecurityalert1.md │ │ │ ├── pC_conferalert.md │ │ │ ├── pC_jsoncarbonblackdevicecontrolsecurityalert.md │ │ │ ├── pC_jsoncarbonblackngavcrossproc.md │ │ │ ├── pC_jsoncarbonblackngavfilemod.md │ │ │ ├── pC_jsoncarbonblackngavnetconn.md │ │ │ ├── pC_jsoncarbonblackngavprocstart.md │ │ │ ├── pC_jsoncarbonblackngavregmod.md │ │ │ ├── pC_leefcarbonblacksecurityalert.md │ │ │ ├── pC_leefcbdefsecurityalert.md │ │ │ └── pC_scarbonblacksecurityalert.md │ │ ├── RM │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Account_Manipulation.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Audit_Tampering.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Compromised_Credentials.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Cryptomining.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Data_Access.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Data_Exfiltration.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Data_Leak.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Evasion.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Lateral_Movement.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Malware.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Phishing.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Privilege_Abuse.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Privilege_Escalation.md │ │ │ ├── r_m_vmware_carbon_black_cloud_endpoint_standard_Privileged_Activity.md │ │ │ └── r_m_vmware_carbon_black_cloud_endpoint_standard_Ransomware.md │ │ └── ds_vmware_carbon_black_cloud_endpoint_standard.md │ ├── Carbon_Black_Cloud_Enterprise_EDR │ │ ├── 2_ds_vmware_carbon_black_cloud_enterprise_edr.md │ │ ├── Ps │ │ │ ├── pC_carbonblackedrauthsuccessful.md │ │ │ ├── pC_carbonblackedrcrossproc.md │ │ │ ├── pC_carbonblackedrfilemod.md │ │ │ ├── pC_carbonblackedrnetconn.md │ │ │ ├── pC_carbonblackedrprocstart.md │ │ │ ├── pC_carbonblackedrprocstart1.md │ │ │ ├── pC_carbonblackedrregmod.md │ │ │ ├── pC_cccarbonblackedrcrossproc.md │ │ │ ├── pC_cccarbonblackedrfilemod.md │ │ │ ├── pC_cccarbonblackedrnetconn.md │ │ │ ├── pC_cccarbonblackedrprocstart.md │ │ │ ├── pC_cccarbonblackprocessalert1.md │ │ │ ├── pC_jsoncarbonblackedrfilelessscriptload.md │ │ │ ├── pC_jsoncarbonblackedrnetconn.md │ │ │ ├── pC_jsoncarbonblackedrscriptload.md │ │ │ ├── pC_scarbonblacksecurityalert1.md │ │ │ └── pC_scarbonblacksecurityalert2.md │ │ ├── RM │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Account_Manipulation.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Audit_Tampering.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Compromised_Credentials.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Cryptomining.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Data_Access.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Data_Exfiltration.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Data_Leak.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Evasion.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Lateral_Movement.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Malware.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Phishing.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Privilege_Abuse.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Privilege_Escalation.md │ │ │ ├── r_m_vmware_carbon_black_cloud_enterprise_edr_Privileged_Activity.md │ │ │ └── r_m_vmware_carbon_black_cloud_enterprise_edr_Ransomware.md │ │ └── ds_vmware_carbon_black_cloud_enterprise_edr.md │ ├── Carbon_Black_EDR │ │ ├── 2_ds_vmware_carbon_black_edr.md │ │ ├── Ps │ │ │ ├── pC_carbonblackendpointprocessfile.md │ │ │ ├── pC_carbonblackendpointprocessnetwork.md │ │ │ ├── pC_carbonblackendpointprocessstart.md │ │ │ ├── pC_cefcarbonblackalert.md │ │ │ ├── pC_cefcarbonblackalert1.md │ │ │ ├── pC_cefcarbonblackalert2.md │ │ │ ├── pC_cefcarbonblackedrprocessalert.md │ │ │ ├── pC_cefcarbonblackendpointprocess.md │ │ │ ├── pC_cefcarbonblackfilecreate.md │ │ │ ├── pC_cefcarbonblackfileread1.md │ │ │ ├── pC_cefcarbonblackfileread2.md │ │ │ ├── pC_cefcarbonblackfilewrite1.md │ │ │ ├── pC_cefcarbonblackfilewrite2.md │ │ │ ├── pC_cefcarbonblackfilewrite3.md │ │ │ ├── pC_cefcarbonblackfilewrite4.md │ │ │ ├── pC_cefcarbonblacknetworkconnectionfailed1.md │ │ │ ├── pC_cefcarbonblacknetworkconnectionfailed2.md │ │ │ ├── pC_cefcarbonblacknetworkconnectionsuccessful1.md │ │ │ ├── pC_cefcarbonblacknetworkconnectionsuccessful2.md │ │ │ ├── pC_cefcarbonblackprocessalert1.md │ │ │ ├── pC_cefcarbonblackprocessalert2.md │ │ │ ├── pC_cefcarbonblackprocessalert3.md │ │ │ ├── pC_cefcarbonblackprocessalertquery.md │ │ │ ├── pC_cefcarbonblackprocessalertstorage.md │ │ │ ├── pC_cefcarbonblackprocesscreated.md │ │ │ ├── pC_cefcarbonblackprocesscreated1.md │ │ │ ├── pC_cefcarbonblackprocesscreated2.md │ │ │ ├── pC_cefcarbonblackprocesscreated3.md │ │ │ ├── pC_cefcarbonblackprocesscreatedfailed1.md │ │ │ ├── pC_leefbit9securityalert.md │ │ │ ├── pC_leefcarbonblackfilealert.md │ │ │ ├── pC_leefcarbonblackprocessalert.md │ │ │ ├── pC_qprocessalertcarbonblack.md │ │ │ ├── pC_qprocessalertcarbonblack1.md │ │ │ ├── pC_sprocessalertcarbonblack.md │ │ │ ├── pC_sprocessalertcarbonblack1.md │ │ │ ├── pC_sprocessalertcarbonblack2.md │ │ │ ├── pC_sprocesscreatedcarbonblack.md │ │ │ └── pC_sprocessnetworkcarbonblack.md │ │ ├── RM │ │ │ ├── r_m_vmware_carbon_black_edr_Account_Manipulation.md │ │ │ ├── r_m_vmware_carbon_black_edr_Audit_Tampering.md │ │ │ ├── r_m_vmware_carbon_black_edr_Compromised_Credentials.md │ │ │ ├── r_m_vmware_carbon_black_edr_Cryptomining.md │ │ │ ├── r_m_vmware_carbon_black_edr_Data_Access.md │ │ │ ├── r_m_vmware_carbon_black_edr_Data_Exfiltration.md │ │ │ ├── r_m_vmware_carbon_black_edr_Data_Leak.md │ │ │ ├── r_m_vmware_carbon_black_edr_Destruction_of_Data.md │ │ │ ├── r_m_vmware_carbon_black_edr_Evasion.md │ │ │ ├── r_m_vmware_carbon_black_edr_Lateral_Movement.md │ │ │ ├── r_m_vmware_carbon_black_edr_Malware.md │ │ │ ├── r_m_vmware_carbon_black_edr_Phishing.md │ │ │ ├── r_m_vmware_carbon_black_edr_Privilege_Abuse.md │ │ │ ├── r_m_vmware_carbon_black_edr_Privilege_Escalation.md │ │ │ ├── r_m_vmware_carbon_black_edr_Privileged_Activity.md │ │ │ └── r_m_vmware_carbon_black_edr_Ransomware.md │ │ └── ds_vmware_carbon_black_edr.md │ ├── NSX_Advanced_Threat_Prevention │ │ ├── Ps │ │ │ ├── pC_lastlinesecurityalert1.md │ │ │ ├── pC_lastlinesecurityalert2.md │ │ │ ├── pC_lastlinesecurityalert3.md │ │ │ ├── pC_leeflastlinesecurityalert.md │ │ │ └── pC_nforwardedceflastline.md │ │ ├── RM │ │ │ ├── r_m_vmware_nsx_advanced_threat_prevention_Compromised_Credentials.md │ │ │ ├── r_m_vmware_nsx_advanced_threat_prevention_Lateral_Movement.md │ │ │ ├── r_m_vmware_nsx_advanced_threat_prevention_Malware.md │ │ │ └── r_m_vmware_nsx_advanced_threat_prevention_Privileged_Activity.md │ │ └── ds_vmware_nsx_advanced_threat_prevention.md │ ├── NSX_FW │ │ ├── Ps │ │ │ └── pC_cefnsxfwlogs1.md │ │ ├── RM │ │ │ ├── r_m_vmware_nsx_fw_Lateral_Movement.md │ │ │ └── r_m_vmware_nsx_fw_Malware.md │ │ └── ds_vmware_nsx_fw.md │ ├── VMWare_ID_Manager_(VIDM) │ │ ├── 2_ds_vmware_vmware_id_manager_(vidm).md │ │ ├── Ps │ │ │ ├── pC_vmwareidmanageractivationtoken.md │ │ │ ├── pC_vmwareidmanagerapppreferences.md │ │ │ ├── pC_vmwareidmanagerdevice.md │ │ │ ├── pC_vmwareidmanagerfailedlogin.md │ │ │ ├── pC_vmwareidmanagerlaunch.md │ │ │ ├── pC_vmwareidmanagerlogin.md │ │ │ ├── pC_vmwareidmanageroauh2authorize.md │ │ │ ├── pC_vmwareidmanageroauth.md │ │ │ ├── pC_vmwareidmanageroauth2client.md │ │ │ ├── pC_vmwareidmanagerobjaccess.md │ │ │ ├── pC_vmwareidmanageronetimeaccesstoken.md │ │ │ ├── pC_vmwareidmanagerredirectdenied.md │ │ │ ├── pC_vmwareidmanagersamlartifactcreate.md │ │ │ ├── pC_vmwareidmanagersamlrequest.md │ │ │ ├── pC_vmwareidmanagersamlvalidation.md │ │ │ └── pC_vmwareidmanageruser.md │ │ ├── RM │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Account_Manipulation.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Compromised_Credentials.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Data_Access.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Data_Leak.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Lateral_Movement.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Malware.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Privilege_Abuse.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Privilege_Escalation.md │ │ │ ├── r_m_vmware_vmware_id_manager_(vidm)_Privileged_Activity.md │ │ │ └── r_m_vmware_vmware_id_manager_(vidm)_Ransomware.md │ │ └── ds_vmware_vmware_id_manager_(vidm).md │ ├── VMware_ESXi │ │ ├── Ps │ │ │ ├── pC_vmwareesxilogin.md │ │ │ ├── pC_vmwareesxilogin1.md │ │ │ └── pC_vmwaresshlogin.md │ │ ├── RM │ │ │ ├── r_m_vmware_vmware_esxi_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_vmware_esxi_Compromised_Credentials.md │ │ │ ├── r_m_vmware_vmware_esxi_Lateral_Movement.md │ │ │ ├── r_m_vmware_vmware_esxi_Malware.md │ │ │ ├── r_m_vmware_vmware_esxi_Privilege_Abuse.md │ │ │ ├── r_m_vmware_vmware_esxi_Privilege_Escalation.md │ │ │ ├── r_m_vmware_vmware_esxi_Privileged_Activity.md │ │ │ └── r_m_vmware_vmware_esxi_Ransomware.md │ │ └── ds_vmware_vmware_esxi.md │ ├── VMware_Horizon │ │ ├── Ps │ │ │ ├── pC_vmwarefailedauth.md │ │ │ ├── pC_vmwarehorizonlogon.md │ │ │ ├── pC_vmwareremotelogon.md │ │ │ └── pC_vmwareremotelogon1.md │ │ ├── RM │ │ │ ├── r_m_vmware_vmware_horizon_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_vmware_horizon_Compromised_Credentials.md │ │ │ ├── r_m_vmware_vmware_horizon_Lateral_Movement.md │ │ │ ├── r_m_vmware_vmware_horizon_Malware.md │ │ │ ├── r_m_vmware_vmware_horizon_Privilege_Abuse.md │ │ │ ├── r_m_vmware_vmware_horizon_Privilege_Escalation.md │ │ │ ├── r_m_vmware_vmware_horizon_Privileged_Activity.md │ │ │ └── r_m_vmware_vmware_horizon_Ransomware.md │ │ └── ds_vmware_vmware_horizon.md │ ├── VMware_NSX │ │ ├── Ps │ │ │ ├── pC_nsxnetworkconnectionfailed.md │ │ │ ├── pC_nsxnetworkconnectionsuccessful.md │ │ │ ├── pC_vmnsxconfigcreate.md │ │ │ ├── pC_vmnsxconfigdelete.md │ │ │ └── pC_vmnsxconfigupdate.md │ │ ├── RM │ │ │ ├── r_m_vmware_vmware_nsx_Lateral_Movement.md │ │ │ └── r_m_vmware_vmware_nsx_Malware.md │ │ └── ds_vmware_vmware_nsx.md │ ├── VMware_VCenter │ │ ├── Ps │ │ │ ├── pC_vmwarefailedlogon.md │ │ │ ├── pC_vmwarevcenteractivity.md │ │ │ └── pC_vmwarevcenterlogin.md │ │ ├── RM │ │ │ ├── r_m_vmware_vmware_vcenter_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vmware_vmware_vcenter_Account_Manipulation.md │ │ │ ├── r_m_vmware_vmware_vcenter_Brute_Force_Attack.md │ │ │ ├── r_m_vmware_vmware_vcenter_Compromised_Credentials.md │ │ │ ├── r_m_vmware_vmware_vcenter_Data_Access.md │ │ │ ├── r_m_vmware_vmware_vcenter_Data_Leak.md │ │ │ ├── r_m_vmware_vmware_vcenter_Lateral_Movement.md │ │ │ ├── r_m_vmware_vmware_vcenter_Malware.md │ │ │ ├── r_m_vmware_vmware_vcenter_Privilege_Abuse.md │ │ │ ├── r_m_vmware_vmware_vcenter_Privilege_Escalation.md │ │ │ ├── r_m_vmware_vmware_vcenter_Privileged_Activity.md │ │ │ └── r_m_vmware_vmware_vcenter_Ransomware.md │ │ └── ds_vmware_vmware_vcenter.md │ └── VMware_View │ │ ├── 2_ds_vmware_vmware_view.md │ │ ├── Ps │ │ ├── pC_vmwareviewappactivity.md │ │ ├── pC_vmwareviewapplogin.md │ │ ├── pC_vmwareviewfailedlogin.md │ │ ├── pC_vmwareviewlogin.md │ │ ├── pC_vmwareviewpasswordchange.md │ │ ├── pC_vmwareviewremotelogon.md │ │ └── pC_vmwareviewremotelogon1.md │ │ ├── RM │ │ ├── r_m_vmware_vmware_view_Abnormal_Authentication_&_Access.md │ │ ├── r_m_vmware_vmware_view_Account_Manipulation.md │ │ ├── r_m_vmware_vmware_view_Compromised_Credentials.md │ │ ├── r_m_vmware_vmware_view_Data_Access.md │ │ ├── r_m_vmware_vmware_view_Data_Leak.md │ │ ├── r_m_vmware_vmware_view_Lateral_Movement.md │ │ ├── r_m_vmware_vmware_view_Malware.md │ │ ├── r_m_vmware_vmware_view_Privilege_Abuse.md │ │ ├── r_m_vmware_vmware_view_Privilege_Escalation.md │ │ ├── r_m_vmware_vmware_view_Privileged_Activity.md │ │ └── r_m_vmware_vmware_view_Ransomware.md │ │ └── ds_vmware_vmware_view.md ├── Vanderbilt │ └── Vanderbilt │ │ ├── Ps │ │ └── pC_cefvanderbiltbadgeaccess.md │ │ ├── RM │ │ ├── r_m_vanderbilt_vanderbilt_Abnormal_Authentication_&_Access.md │ │ ├── r_m_vanderbilt_vanderbilt_Physical_Security.md │ │ └── r_m_vanderbilt_vanderbilt_Privileged_Activity.md │ │ └── ds_vanderbilt_vanderbilt.md ├── Varonis │ └── Data_Security_Platform │ │ ├── 2_ds_varonis_data_security_platform.md │ │ ├── Ps │ │ ├── pC_qvaronisfileactivity.md │ │ ├── pC_varonisdlpalert.md │ │ ├── pC_varonisdlpalert1.md │ │ ├── pC_varonisdlpalert2.md │ │ └── pC_varonisfileactivity.md │ │ ├── RM │ │ ├── r_m_varonis_data_security_platform_Compromised_Credentials.md │ │ ├── r_m_varonis_data_security_platform_Data_Access.md │ │ ├── r_m_varonis_data_security_platform_Data_Exfiltration.md │ │ ├── r_m_varonis_data_security_platform_Data_Leak.md │ │ ├── r_m_varonis_data_security_platform_Destruction_of_Data.md │ │ ├── r_m_varonis_data_security_platform_Malware.md │ │ ├── r_m_varonis_data_security_platform_Privilege_Abuse.md │ │ ├── r_m_varonis_data_security_platform_Privileged_Activity.md │ │ └── r_m_varonis_data_security_platform_Ransomware.md │ │ └── ds_varonis_data_security_platform.md ├── Vectra │ ├── Cognito_Stream │ │ ├── 2_ds_vectra_cognito_stream.md │ │ ├── Ps │ │ │ ├── pC_rdpvectrametadata.md │ │ │ ├── pC_sshvectrametadata.md │ │ │ ├── pC_vectraauthenticationattempt.md │ │ │ ├── pC_vectradlpemailalert.md │ │ │ ├── pC_vectrafileoperations.md │ │ │ ├── pC_vectrantlmlogon.md │ │ │ └── pC_vectrawebactivity.md │ │ ├── RM │ │ │ ├── r_m_vectra_cognito_stream_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_vectra_cognito_stream_Compromised_Credentials.md │ │ │ ├── r_m_vectra_cognito_stream_Cryptomining.md │ │ │ ├── r_m_vectra_cognito_stream_Data_Access.md │ │ │ ├── r_m_vectra_cognito_stream_Data_Exfiltration.md │ │ │ ├── r_m_vectra_cognito_stream_Data_Leak.md │ │ │ ├── r_m_vectra_cognito_stream_Destruction_of_Data.md │ │ │ ├── r_m_vectra_cognito_stream_Lateral_Movement.md │ │ │ ├── r_m_vectra_cognito_stream_Malware.md │ │ │ ├── r_m_vectra_cognito_stream_Phishing.md │ │ │ ├── r_m_vectra_cognito_stream_Privilege_Abuse.md │ │ │ ├── r_m_vectra_cognito_stream_Privilege_Escalation.md │ │ │ ├── r_m_vectra_cognito_stream_Privileged_Activity.md │ │ │ ├── r_m_vectra_cognito_stream_Ransomware.md │ │ │ └── r_m_vectra_cognito_stream_Workforce_Protection.md │ │ └── ds_vectra_cognito_stream.md │ └── Vectra_Cognito_Detect │ │ ├── Ps │ │ ├── pC_cefvectraalert.md │ │ ├── pC_vectraactivity1.md │ │ ├── pC_vectraalert.md │ │ ├── pC_vectraalert1.md │ │ └── pC_vectraalert3.md │ │ ├── RM │ │ ├── r_m_vectra_vectra_cognito_detect_Abnormal_Authentication_&_Access.md │ │ ├── r_m_vectra_vectra_cognito_detect_Account_Manipulation.md │ │ ├── r_m_vectra_vectra_cognito_detect_Compromised_Credentials.md │ │ ├── r_m_vectra_vectra_cognito_detect_Data_Access.md │ │ ├── r_m_vectra_vectra_cognito_detect_Data_Leak.md │ │ ├── r_m_vectra_vectra_cognito_detect_Lateral_Movement.md │ │ ├── r_m_vectra_vectra_cognito_detect_Malware.md │ │ ├── r_m_vectra_vectra_cognito_detect_Privilege_Abuse.md │ │ ├── r_m_vectra_vectra_cognito_detect_Privilege_Escalation.md │ │ ├── r_m_vectra_vectra_cognito_detect_Privileged_Activity.md │ │ └── r_m_vectra_vectra_cognito_detect_Ransomware.md │ │ └── ds_vectra_vectra_cognito_detect.md ├── Virtru │ └── Virtru │ │ ├── Ps │ │ └── pC_virtruemailencryptionalert.md │ │ ├── RM │ │ ├── r_m_virtru_virtru_Data_Exfiltration.md │ │ ├── r_m_virtru_virtru_Data_Leak.md │ │ └── r_m_virtru_virtru_Malware.md │ │ └── ds_virtru_virtru.md ├── Viscount │ └── Viscount │ │ ├── Ps │ │ └── pC_sviscountbadgeaccess.md │ │ ├── RM │ │ ├── r_m_viscount_viscount_Abnormal_Authentication_&_Access.md │ │ ├── r_m_viscount_viscount_Physical_Security.md │ │ └── r_m_viscount_viscount_Privileged_Activity.md │ │ └── ds_viscount_viscount.md ├── Visma │ └── Megaflex │ │ ├── Ps │ │ └── pC_vismaphysicalaccess.md │ │ ├── RM │ │ ├── r_m_visma_megaflex_Abnormal_Authentication_&_Access.md │ │ ├── r_m_visma_megaflex_Physical_Security.md │ │ └── r_m_visma_megaflex_Privileged_Activity.md │ │ └── ds_visma_megaflex.md ├── Vormetric │ └── Vormetric │ │ ├── Ps │ │ └── pC_vormetricfileoperations.md │ │ ├── RM │ │ ├── r_m_vormetric_vormetric_Compromised_Credentials.md │ │ ├── r_m_vormetric_vormetric_Data_Access.md │ │ ├── r_m_vormetric_vormetric_Data_Exfiltration.md │ │ ├── r_m_vormetric_vormetric_Malware.md │ │ ├── r_m_vormetric_vormetric_Privilege_Abuse.md │ │ └── r_m_vormetric_vormetric_Privileged_Activity.md │ │ └── ds_vormetric_vormetric.md ├── Watchguard │ └── Watchguard │ │ ├── 2_ds_watchguard_watchguard.md │ │ ├── Ps │ │ ├── pC_watchguardevent1.md │ │ ├── pC_watchguardevent2.md │ │ ├── pC_watchguardevent3.md │ │ ├── pC_watchguardwebactivity.md │ │ ├── pC_watchguardwebactivity1.md │ │ ├── pC_watchguardwebactivity2.md │ │ ├── pC_watchguardwebactivitydeny.md │ │ └── pC_watchguardwebactivitydrop.md │ │ ├── RM │ │ ├── r_m_watchguard_watchguard_Abnormal_Authentication_&_Access.md │ │ ├── r_m_watchguard_watchguard_Compromised_Credentials.md │ │ ├── r_m_watchguard_watchguard_Cryptomining.md │ │ ├── r_m_watchguard_watchguard_Data_Exfiltration.md │ │ ├── r_m_watchguard_watchguard_Data_Leak.md │ │ ├── r_m_watchguard_watchguard_Lateral_Movement.md │ │ ├── r_m_watchguard_watchguard_Malware.md │ │ ├── r_m_watchguard_watchguard_Phishing.md │ │ ├── r_m_watchguard_watchguard_Privilege_Abuse.md │ │ ├── r_m_watchguard_watchguard_Privileged_Activity.md │ │ ├── r_m_watchguard_watchguard_Ransomware.md │ │ └── r_m_watchguard_watchguard_Workforce_Protection.md │ │ └── ds_watchguard_watchguard.md ├── Weblogin │ └── Weblogin │ │ ├── Ps │ │ └── pC_webloginappactivity1.md │ │ ├── RM │ │ ├── r_m_weblogin_weblogin_Abnormal_Authentication_&_Access.md │ │ ├── r_m_weblogin_weblogin_Compromised_Credentials.md │ │ ├── r_m_weblogin_weblogin_Cryptomining.md │ │ ├── r_m_weblogin_weblogin_Data_Exfiltration.md │ │ ├── r_m_weblogin_weblogin_Data_Leak.md │ │ ├── r_m_weblogin_weblogin_Lateral_Movement.md │ │ ├── r_m_weblogin_weblogin_Malware.md │ │ ├── r_m_weblogin_weblogin_Phishing.md │ │ ├── r_m_weblogin_weblogin_Privilege_Abuse.md │ │ ├── r_m_weblogin_weblogin_Privileged_Activity.md │ │ ├── r_m_weblogin_weblogin_Ransomware.md │ │ └── r_m_weblogin_weblogin_Workforce_Protection.md │ │ └── ds_weblogin_weblogin.md ├── Wiz │ └── Wiz │ │ ├── Ps │ │ ├── pC_wizapplogin.md │ │ └── pC_wizdeleteuser.md │ │ ├── RM │ │ ├── r_m_wiz_wiz_Abnormal_Authentication_&_Access.md │ │ ├── r_m_wiz_wiz_Account_Manipulation.md │ │ ├── r_m_wiz_wiz_Compromised_Credentials.md │ │ ├── r_m_wiz_wiz_Data_Access.md │ │ ├── r_m_wiz_wiz_Lateral_Movement.md │ │ ├── r_m_wiz_wiz_Malware.md │ │ ├── r_m_wiz_wiz_Privilege_Abuse.md │ │ ├── r_m_wiz_wiz_Privileged_Activity.md │ │ └── r_m_wiz_wiz_Ransomware.md │ │ └── ds_wiz_wiz.md ├── Workday │ └── Workday │ │ ├── 2_ds_workday_workday.md │ │ ├── Ps │ │ ├── pC_sk4workdayappauthfailed.md │ │ ├── pC_sk4workdayapplogin.md │ │ ├── pC_sk4workdayfailedapplogin.md │ │ ├── pC_workdayappactivity1.md │ │ ├── pC_workdayappactivity2.md │ │ ├── pC_workdayapplogin1.md │ │ └── pC_workdayapplogin2.md │ │ ├── RM │ │ ├── r_m_workday_workday_Abnormal_Authentication_&_Access.md │ │ ├── r_m_workday_workday_Account_Manipulation.md │ │ ├── r_m_workday_workday_Compromised_Credentials.md │ │ ├── r_m_workday_workday_Data_Access.md │ │ ├── r_m_workday_workday_Data_Leak.md │ │ ├── r_m_workday_workday_Lateral_Movement.md │ │ ├── r_m_workday_workday_Malware.md │ │ ├── r_m_workday_workday_Privilege_Abuse.md │ │ ├── r_m_workday_workday_Privilege_Escalation.md │ │ ├── r_m_workday_workday_Privileged_Activity.md │ │ └── r_m_workday_workday_Ransomware.md │ │ └── ds_workday_workday.md ├── XPS │ └── XPS │ │ ├── Ps │ │ ├── pC_cefxpsprintactivity.md │ │ └── pC_cefxpsprintactivity1.md │ │ ├── RM │ │ ├── r_m_xps_xps_Abnormal_Authentication_&_Access.md │ │ └── r_m_xps_xps_Data_Leak.md │ │ └── ds_xps_xps.md ├── Xceedium │ └── Xceedium │ │ ├── Ps │ │ ├── pC_syslogxceediumfailedlogin.md │ │ └── pC_syslogxceediumlogin.md │ │ ├── RM │ │ ├── r_m_xceedium_xceedium_Abnormal_Authentication_&_Access.md │ │ ├── r_m_xceedium_xceedium_Compromised_Credentials.md │ │ ├── r_m_xceedium_xceedium_Data_Access.md │ │ ├── r_m_xceedium_xceedium_Lateral_Movement.md │ │ ├── r_m_xceedium_xceedium_Malware.md │ │ ├── r_m_xceedium_xceedium_Privilege_Abuse.md │ │ ├── r_m_xceedium_xceedium_Privileged_Activity.md │ │ └── r_m_xceedium_xceedium_Ransomware.md │ │ └── ds_xceedium_xceedium.md ├── Xerox │ └── Xerox │ │ ├── Ps │ │ └── pC_xeroxprint.md │ │ ├── RM │ │ ├── r_m_xerox_xerox_Abnormal_Authentication_&_Access.md │ │ └── r_m_xerox_xerox_Data_Leak.md │ │ └── ds_xerox_xerox.md ├── Xiting │ └── XAMS │ │ ├── Ps │ │ ├── pC_xamsapplogin.md │ │ └── pC_xamsfailedapplogin.md │ │ ├── RM │ │ ├── r_m_xiting_xams_Abnormal_Authentication_&_Access.md │ │ ├── r_m_xiting_xams_Compromised_Credentials.md │ │ ├── r_m_xiting_xams_Data_Access.md │ │ ├── r_m_xiting_xams_Lateral_Movement.md │ │ ├── r_m_xiting_xams_Malware.md │ │ ├── r_m_xiting_xams_Privilege_Abuse.md │ │ ├── r_m_xiting_xams_Privileged_Activity.md │ │ └── r_m_xiting_xams_Ransomware.md │ │ └── ds_xiting_xams.md ├── YSoft │ └── YSoft │ │ ├── Ps │ │ └── pC_ysoftprintactivity.md │ │ ├── RM │ │ ├── r_m_ysoft_ysoft_Abnormal_Authentication_&_Access.md │ │ └── r_m_ysoft_ysoft_Data_Leak.md │ │ └── ds_ysoft_ysoft.md ├── Zeek │ └── Zeek_Network_Security_Monitor │ │ ├── 2_ds_zeek_zeek_network_security_monitor.md │ │ ├── Ps │ │ ├── pC_broconn.md │ │ ├── pC_brodce_rpc.md │ │ ├── pC_brodhcp1.md │ │ ├── pC_brodhcpactivity2.md │ │ ├── pC_brodns.md │ │ ├── pC_brodnsquery.md │ │ ├── pC_brodnsresponse.md │ │ ├── pC_brodnsresponse1.md │ │ ├── pC_brodnsresponse2.md │ │ ├── pC_brofiles.md │ │ ├── pC_brofilesanalysis.md │ │ ├── pC_broftp1.md │ │ ├── pC_broftpactivity2.md │ │ ├── pC_broftpappactivity.md │ │ ├── pC_brohttpeth0.md │ │ ├── pC_brohttpwebactivity2.md │ │ ├── pC_brokerberos.md │ │ ├── pC_brokerberos1.md │ │ ├── pC_bronetworkalert.md │ │ ├── pC_bronetworkconnection.md │ │ ├── pC_bronetworkconnection1.md │ │ ├── pC_brontlm.md │ │ ├── pC_brontlm1.md │ │ ├── pC_broradius.md │ │ ├── pC_broradius1.md │ │ ├── pC_brordpremotelogon1.md │ │ ├── pC_brordpremotelogon2.md │ │ ├── pC_brordpremotelogon3.md │ │ ├── pC_broremotelogon2.md │ │ ├── pC_broshareaccess.md │ │ ├── pC_broshareaccess2.md │ │ ├── pC_brosmb_mapping.md │ │ ├── pC_brosmb_mapping1.md │ │ ├── pC_brosmb_mapping2.md │ │ ├── pC_brosmbfiles.md │ │ ├── pC_brosmtp.md │ │ ├── pC_brosmtp1.md │ │ ├── pC_brosmtpactivity2.md │ │ ├── pC_brossh.md │ │ ├── pC_brossh1.md │ │ ├── pC_brossh2.md │ │ ├── pC_brosslactivity2.md │ │ ├── pC_browebactivity.md │ │ ├── pC_corelightdnsquery.md │ │ ├── pC_jsonbrodce_rpc.md │ │ ├── pC_jsonbrodhcp2.md │ │ ├── pC_jsonbrodnsquery.md │ │ ├── pC_jsonbrodnsquery2.md │ │ ├── pC_jsonbroemailin.md │ │ ├── pC_jsonbrofilesanalysis.md │ │ ├── pC_jsonbrofilesanalysis2.md │ │ ├── pC_jsonbrokerberos.md │ │ ├── pC_jsonbrontlm.md │ │ ├── pC_jsonbrossl.md │ │ ├── pC_jsonbrosslfailed.md │ │ ├── pC_jsonbrosslfailed2.md │ │ ├── pC_jsonbrotls.md │ │ ├── pC_jsonbrowebactivity.md │ │ ├── pC_jsonbroweird.md │ │ ├── pC_jsonzeek_dce_rpc.md │ │ ├── pC_jsonzeek_dhcp.md │ │ ├── pC_jsonzeek_dns.md │ │ ├── pC_jsonzeek_files.md │ │ ├── pC_jsonzeek_ntlm.md │ │ ├── pC_jsonzeek_ssl.md │ │ ├── pC_jsonzeek_weird.md │ │ ├── pC_jsonzeekkerberos.md │ │ ├── pC_jsonzeeknetworkconnection.md │ │ ├── pC_jsonzeeknetworkconnection1.md │ │ ├── pC_jsonzeeknetworkconnection2.md │ │ ├── pC_sbrodhcp.md │ │ ├── pC_sbroemailin.md │ │ └── pC_sbrowebactivity.md │ │ ├── RM │ │ ├── r_m_zeek_zeek_network_security_monitor_Abnormal_Authentication_&_Access.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Account_Manipulation.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Brute_Force_Attack.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Compromised_Credentials.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Cryptomining.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Data_Access.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Data_Exfiltration.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Data_Leak.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Destruction_of_Data.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Lateral_Movement.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Malware.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Phishing.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Privilege_Abuse.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Privilege_Escalation.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Privileged_Activity.md │ │ ├── r_m_zeek_zeek_network_security_monitor_Ransomware.md │ │ └── r_m_zeek_zeek_network_security_monitor_Workforce_Protection.md │ │ └── ds_zeek_zeek_network_security_monitor.md ├── Zendesk │ └── Zendesk │ │ ├── Ps │ │ ├── pC_cefzendeskticketappactivity.md │ │ └── pC_cefzendeskuserappactivity.md │ │ ├── RM │ │ ├── r_m_zendesk_zendesk_Abnormal_Authentication_&_Access.md │ │ ├── r_m_zendesk_zendesk_Account_Manipulation.md │ │ ├── r_m_zendesk_zendesk_Compromised_Credentials.md │ │ ├── r_m_zendesk_zendesk_Data_Access.md │ │ ├── r_m_zendesk_zendesk_Data_Leak.md │ │ ├── r_m_zendesk_zendesk_Lateral_Movement.md │ │ ├── r_m_zendesk_zendesk_Malware.md │ │ ├── r_m_zendesk_zendesk_Privilege_Abuse.md │ │ ├── r_m_zendesk_zendesk_Privilege_Escalation.md │ │ ├── r_m_zendesk_zendesk_Privileged_Activity.md │ │ └── r_m_zendesk_zendesk_Ransomware.md │ │ └── ds_zendesk_zendesk.md ├── Zimperium │ └── MOBILE_ENDPOINT_SECURITY │ │ ├── Ps │ │ └── pC_zimperiummobileendpointsecurityalert.md │ │ ├── RM │ │ ├── r_m_zimperium_mobile_endpoint_security_Compromised_Credentials.md │ │ ├── r_m_zimperium_mobile_endpoint_security_Lateral_Movement.md │ │ ├── r_m_zimperium_mobile_endpoint_security_Malware.md │ │ └── r_m_zimperium_mobile_endpoint_security_Privileged_Activity.md │ │ └── ds_zimperium_mobile_endpoint_security.md ├── Zlock │ └── Zlock │ │ ├── Ps │ │ └── pC_cefzlockappactivity.md │ │ ├── RM │ │ ├── r_m_zlock_zlock_Abnormal_Authentication_&_Access.md │ │ ├── r_m_zlock_zlock_Account_Manipulation.md │ │ ├── r_m_zlock_zlock_Compromised_Credentials.md │ │ ├── r_m_zlock_zlock_Data_Access.md │ │ ├── r_m_zlock_zlock_Data_Leak.md │ │ ├── r_m_zlock_zlock_Lateral_Movement.md │ │ ├── r_m_zlock_zlock_Malware.md │ │ ├── r_m_zlock_zlock_Privilege_Abuse.md │ │ ├── r_m_zlock_zlock_Privilege_Escalation.md │ │ ├── r_m_zlock_zlock_Privileged_Activity.md │ │ └── r_m_zlock_zlock_Ransomware.md │ │ └── ds_zlock_zlock.md ├── Zoom │ └── Zoom │ │ ├── Ps │ │ ├── pC_zoomlogin.md │ │ ├── pC_zoommeetingcreated.md │ │ ├── pC_zoommeetingended.md │ │ ├── pC_zoommeetingparticipantjoined.md │ │ ├── pC_zoommeetingstarted.md │ │ ├── pC_zoommeetingupdated.md │ │ └── pC_zoomoperationsactivity.md │ │ ├── RM │ │ ├── r_m_zoom_zoom_Ransomware.md │ │ └── r_m_zoom_zoom_Workforce_Protection.md │ │ └── ds_zoom_zoom.md ├── Zscaler │ ├── Zscaler_Internet_Access │ │ ├── 2_ds_zscaler_zscaler_internet_access.md │ │ ├── Ps │ │ │ ├── pC_cefzscalerwebactivity.md │ │ │ ├── pC_qzscalerwebactivity.md │ │ │ ├── pC_szscalerdlpalert.md │ │ │ ├── pC_szscalerdlpalert1.md │ │ │ ├── pC_szscalerwebactivity.md │ │ │ ├── pC_szscalerwebactivity1.md │ │ │ ├── pC_szscalerwebactivity2.md │ │ │ ├── pC_szscalerwebactivity3.md │ │ │ ├── pC_szscalerwebactivity4.md │ │ │ ├── pC_szscalerwebactivity5.md │ │ │ ├── pC_szscalerwebactivity6.md │ │ │ ├── pC_szscalerwebactivity7.md │ │ │ ├── pC_szscalerwebactivity8.md │ │ │ ├── pC_zscaleractivity.md │ │ │ ├── pC_zscalerdlpalert1.md │ │ │ ├── pC_zscalerdlpalert2.md │ │ │ ├── pC_zscalerfirewall.md │ │ │ ├── pC_zscalerfirewall1.md │ │ │ ├── pC_zscalernetworkconnection.md │ │ │ ├── pC_zscalernetworkconnection1.md │ │ │ ├── pC_zscalerproxy.md │ │ │ ├── pC_zscalerstatus.md │ │ │ └── pC_zscalerwebactivity7.md │ │ ├── RM │ │ │ ├── r_m_zscaler_zscaler_internet_access_Abnormal_Authentication_&_Access.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Compromised_Credentials.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Cryptomining.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Data_Access.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Data_Exfiltration.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Data_Leak.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Lateral_Movement.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Malware.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Phishing.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Privilege_Abuse.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Privileged_Activity.md │ │ │ ├── r_m_zscaler_zscaler_internet_access_Ransomware.md │ │ │ └── r_m_zscaler_zscaler_internet_access_Workforce_Protection.md │ │ └── ds_zscaler_zscaler_internet_access.md │ └── Zscaler_Private_Access │ │ ├── Ps │ │ ├── pC_zscalervpnactivity.md │ │ ├── pC_zscalervpnend.md │ │ ├── pC_zscalervpnend1.md │ │ ├── pC_zscalervpnstart.md │ │ └── pC_zscalervpnuser.md │ │ ├── RM │ │ ├── r_m_zscaler_zscaler_private_access_Abnormal_Authentication_&_Access.md │ │ ├── r_m_zscaler_zscaler_private_access_Account_Manipulation.md │ │ ├── r_m_zscaler_zscaler_private_access_Brute_Force_Attack.md │ │ ├── r_m_zscaler_zscaler_private_access_Compromised_Credentials.md │ │ ├── r_m_zscaler_zscaler_private_access_Data_Access.md │ │ ├── r_m_zscaler_zscaler_private_access_Data_Exfiltration.md │ │ ├── r_m_zscaler_zscaler_private_access_Data_Leak.md │ │ ├── r_m_zscaler_zscaler_private_access_Lateral_Movement.md │ │ ├── r_m_zscaler_zscaler_private_access_Malware.md │ │ ├── r_m_zscaler_zscaler_private_access_Phishing.md │ │ ├── r_m_zscaler_zscaler_private_access_Physical_Security.md │ │ ├── r_m_zscaler_zscaler_private_access_Privilege_Abuse.md │ │ ├── r_m_zscaler_zscaler_private_access_Privilege_Escalation.md │ │ └── r_m_zscaler_zscaler_private_access_Ransomware.md │ │ └── ds_zscaler_zscaler_private_access.md ├── eDocs │ └── eDocs │ │ ├── Ps │ │ └── pC_edocsappactivity.md │ │ ├── RM │ │ ├── r_m_edocs_edocs_Abnormal_Authentication_&_Access.md │ │ ├── r_m_edocs_edocs_Account_Manipulation.md │ │ ├── r_m_edocs_edocs_Compromised_Credentials.md │ │ ├── r_m_edocs_edocs_Data_Access.md │ │ ├── r_m_edocs_edocs_Data_Leak.md │ │ ├── r_m_edocs_edocs_Lateral_Movement.md │ │ ├── r_m_edocs_edocs_Malware.md │ │ ├── r_m_edocs_edocs_Privilege_Abuse.md │ │ ├── r_m_edocs_edocs_Privilege_Escalation.md │ │ ├── r_m_edocs_edocs_Privileged_Activity.md │ │ └── r_m_edocs_edocs_Ransomware.md │ │ └── ds_edocs_edocs.md ├── iBoss │ └── Secure_Web_Gateway │ │ ├── Ps │ │ └── pC_ibosswebactivity.md │ │ ├── RM │ │ ├── r_m_iboss_secure_web_gateway_Abnormal_Authentication_&_Access.md │ │ ├── r_m_iboss_secure_web_gateway_Compromised_Credentials.md │ │ ├── r_m_iboss_secure_web_gateway_Cryptomining.md │ │ ├── r_m_iboss_secure_web_gateway_Data_Exfiltration.md │ │ ├── r_m_iboss_secure_web_gateway_Data_Leak.md │ │ ├── r_m_iboss_secure_web_gateway_Lateral_Movement.md │ │ ├── r_m_iboss_secure_web_gateway_Malware.md │ │ ├── r_m_iboss_secure_web_gateway_Phishing.md │ │ ├── r_m_iboss_secure_web_gateway_Privilege_Abuse.md │ │ ├── r_m_iboss_secure_web_gateway_Privileged_Activity.md │ │ ├── r_m_iboss_secure_web_gateway_Ransomware.md │ │ └── r_m_iboss_secure_web_gateway_Workforce_Protection.md │ │ └── ds_iboss_secure_web_gateway.md ├── iManage │ └── iManage │ │ ├── Ps │ │ ├── pC_filesiteappactivity.md │ │ ├── pC_imanageappactivity.md │ │ └── pC_imanagedlpalert.md │ │ ├── RM │ │ ├── r_m_imanage_imanage_Abnormal_Authentication_&_Access.md │ │ ├── r_m_imanage_imanage_Account_Manipulation.md │ │ ├── r_m_imanage_imanage_Compromised_Credentials.md │ │ ├── r_m_imanage_imanage_Data_Access.md │ │ ├── r_m_imanage_imanage_Data_Exfiltration.md │ │ ├── r_m_imanage_imanage_Data_Leak.md │ │ ├── r_m_imanage_imanage_Lateral_Movement.md │ │ ├── r_m_imanage_imanage_Malware.md │ │ ├── r_m_imanage_imanage_Privilege_Abuse.md │ │ ├── r_m_imanage_imanage_Privilege_Escalation.md │ │ ├── r_m_imanage_imanage_Privileged_Activity.md │ │ └── r_m_imanage_imanage_Ransomware.md │ │ └── ds_imanage_imanage.md ├── jSONAR │ └── SonarG │ │ ├── Ps │ │ ├── pC_jsonardatabaselogin.md │ │ └── pC_jsonardatabaselogin1.md │ │ ├── RM │ │ ├── r_m_jsonar_sonarg_Compromised_Credentials.md │ │ └── r_m_jsonar_sonarg_Data_Access.md │ │ └── ds_jsonar_sonarg.md ├── oVirt │ └── oVirt │ │ ├── 2_ds_ovirt_ovirt.md │ │ ├── Ps │ │ ├── pC_ovirtappactivity1.md │ │ ├── pC_ovirtappactivity10.md │ │ ├── pC_ovirtappactivity11.md │ │ ├── pC_ovirtappactivity12.md │ │ ├── pC_ovirtappactivity13.md │ │ ├── pC_ovirtappactivity14.md │ │ ├── pC_ovirtappactivity15.md │ │ ├── pC_ovirtappactivity16.md │ │ ├── pC_ovirtappactivity17.md │ │ ├── pC_ovirtappactivity18.md │ │ ├── pC_ovirtappactivity2.md │ │ ├── pC_ovirtappactivity20.md │ │ ├── pC_ovirtappactivity21.md │ │ ├── pC_ovirtappactivity22.md │ │ ├── pC_ovirtappactivity23.md │ │ ├── pC_ovirtappactivity24.md │ │ ├── pC_ovirtappactivity25.md │ │ ├── pC_ovirtappactivity26.md │ │ ├── pC_ovirtappactivity27.md │ │ ├── pC_ovirtappactivity28.md │ │ ├── pC_ovirtappactivity29.md │ │ ├── pC_ovirtappactivity3.md │ │ ├── pC_ovirtappactivity30.md │ │ ├── pC_ovirtappactivity31.md │ │ ├── pC_ovirtappactivity32.md │ │ ├── pC_ovirtappactivity33.md │ │ ├── pC_ovirtappactivity34.md │ │ ├── pC_ovirtappactivity35.md │ │ ├── pC_ovirtappactivity36.md │ │ ├── pC_ovirtappactivity37.md │ │ ├── pC_ovirtappactivity38.md │ │ ├── pC_ovirtappactivity39.md │ │ ├── pC_ovirtappactivity4.md │ │ ├── pC_ovirtappactivity5.md │ │ ├── pC_ovirtappactivity6.md │ │ ├── pC_ovirtappactivity7.md │ │ ├── pC_ovirtappactivity8.md │ │ ├── pC_ovirtappactivity9.md │ │ ├── pC_ovirtappactivityfailed.md │ │ ├── pC_ovirtapplogin.md │ │ ├── pC_ovirtfailedapplogin.md │ │ └── pC_ovirtfailedapplogin1.md │ │ ├── RM │ │ ├── r_m_ovirt_ovirt_Abnormal_Authentication_&_Access.md │ │ ├── r_m_ovirt_ovirt_Account_Manipulation.md │ │ ├── r_m_ovirt_ovirt_Compromised_Credentials.md │ │ ├── r_m_ovirt_ovirt_Data_Access.md │ │ ├── r_m_ovirt_ovirt_Data_Leak.md │ │ ├── r_m_ovirt_ovirt_Lateral_Movement.md │ │ ├── r_m_ovirt_ovirt_Malware.md │ │ ├── r_m_ovirt_ovirt_Privilege_Abuse.md │ │ ├── r_m_ovirt_ovirt_Privilege_Escalation.md │ │ ├── r_m_ovirt_ovirt_Privileged_Activity.md │ │ └── r_m_ovirt_ovirt_Ransomware.md │ │ └── ds_ovirt_ovirt.md ├── pfSense │ └── pfSense │ │ ├── Ps │ │ ├── pC_pfsensenetworkconnectionfailed.md │ │ └── pC_pfsensenetworkconnectionsuccessful.md │ │ ├── RM │ │ ├── r_m_pfsense_pfsense_Lateral_Movement.md │ │ └── r_m_pfsense_pfsense_Malware.md │ │ └── ds_pfsense_pfsense.md └── xsuite │ └── xsuite │ ├── Ps │ └── pC_syslogxsuiteremotelogon.md │ ├── RM │ ├── r_m_xsuite_xsuite_Abnormal_Authentication_&_Access.md │ ├── r_m_xsuite_xsuite_Compromised_Credentials.md │ ├── r_m_xsuite_xsuite_Lateral_Movement.md │ ├── r_m_xsuite_xsuite_Malware.md │ ├── r_m_xsuite_xsuite_Privilege_Abuse.md │ ├── r_m_xsuite_xsuite_Privilege_Escalation.md │ ├── r_m_xsuite_xsuite_Privileged_Activity.md │ └── r_m_xsuite_xsuite_Ransomware.md │ └── ds_xsuite_xsuite.md ├── Exabeam Data Sources.md ├── Exabeam Use Cases.md ├── LICENSE ├── README.md ├── UseCases ├── README.md ├── uc_abnormal_authentication_&_access.md ├── uc_account_manipulation.md ├── uc_audit_tampering.md ├── uc_brute_force_attack.md ├── uc_cloud_data_protection.md ├── uc_compromised_credentials.md ├── uc_cryptomining.md ├── uc_data_access.md ├── uc_data_exfiltration.md ├── uc_data_leak.md ├── uc_destruction_of_data.md ├── uc_evasion.md ├── uc_lateral_movement.md ├── uc_malware.md ├── uc_phishing.md ├── uc_physical_security.md ├── uc_privilege_abuse.md ├── uc_privilege_escalation.md ├── uc_privileged_activity.md ├── uc_ransomware.md └── uc_workforce_protection.md ├── banner.png └── resources ├── README.md ├── cim.json ├── field_def.json └── mitre_map.json /.gitignore: -------------------------------------------------------------------------------- 1 | Mockups 2 | .DS_Store 3 | CDS_Tool_Output* 4 | summary.json 5 | MitreMap.md 6 | -------------------------------------------------------------------------------- /DataSources/AMD/Pensando/ds_amd_pensando.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/AMD/Pensando/ds_amd_pensando.md -------------------------------------------------------------------------------- /DataSources/APC/APC/Ps/pC_apcdlpemailalertin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/Ps/pC_apcdlpemailalertin.md -------------------------------------------------------------------------------- /DataSources/APC/APC/Ps/pC_apcnetworkalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/Ps/pC_apcnetworkalert.md -------------------------------------------------------------------------------- /DataSources/APC/APC/Ps/pC_apcremotelogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/Ps/pC_apcremotelogon.md -------------------------------------------------------------------------------- /DataSources/APC/APC/RM/r_m_apc_apc_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/RM/r_m_apc_apc_Malware.md -------------------------------------------------------------------------------- /DataSources/APC/APC/RM/r_m_apc_apc_Ransomware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/RM/r_m_apc_apc_Ransomware.md -------------------------------------------------------------------------------- /DataSources/APC/APC/ds_apc_apc.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/APC/APC/ds_apc_apc.md -------------------------------------------------------------------------------- /DataSources/ASUPIM/ASUPIM/ds_asupim_asupim.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/ASUPIM/ASUPIM/ds_asupim_asupim.md -------------------------------------------------------------------------------- /DataSources/Adaxes/Adaxes/ds_adaxes_adaxes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Adaxes/Adaxes/ds_adaxes_adaxes.md -------------------------------------------------------------------------------- /DataSources/Amazon/AWS_WAF/ds_amazon_aws_waf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Amazon/AWS_WAF/ds_amazon_aws_waf.md -------------------------------------------------------------------------------- /DataSources/Apache/Apache/ds_apache_apache.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Apache/Apache/ds_apache_apache.md -------------------------------------------------------------------------------- /DataSources/Apple/macOS/Ps/pC_osxlocallogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Apple/macOS/Ps/pC_osxlocallogon.md -------------------------------------------------------------------------------- /DataSources/Apple/macOS/ds_apple_macos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Apple/macOS/ds_apple_macos.md -------------------------------------------------------------------------------- /DataSources/Arbor/Arbor/Ps/pC_arbornetworkfail.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Arbor/Arbor/Ps/pC_arbornetworkfail.md -------------------------------------------------------------------------------- /DataSources/Arbor/Arbor/ds_arbor_arbor.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Arbor/Arbor/ds_arbor_arbor.md -------------------------------------------------------------------------------- /DataSources/Armis/Armis/Ps/pC_armisalertiot.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Armis/Armis/Ps/pC_armisalertiot.md -------------------------------------------------------------------------------- /DataSources/Armis/Armis/ds_armis_armis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Armis/Armis/ds_armis_armis.md -------------------------------------------------------------------------------- /DataSources/Attivo/BOTsink/ds_attivo_botsink.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Attivo/BOTsink/ds_attivo_botsink.md -------------------------------------------------------------------------------- /DataSources/Auth0/Auth0/Ps/pC_auth0loginfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Auth0/Auth0/Ps/pC_auth0loginfailed.md -------------------------------------------------------------------------------- /DataSources/Auth0/Auth0/ds_auth0_auth0.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Auth0/Auth0/ds_auth0_auth0.md -------------------------------------------------------------------------------- /DataSources/Avaya/Avaya_VPN/ds_avaya_avaya_vpn.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Avaya/Avaya_VPN/ds_avaya_avaya_vpn.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/Ps/pC_binddnsquery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/Ps/pC_binddnsquery.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/Ps/pC_binddnsquery2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/Ps/pC_binddnsquery2.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/Ps/pC_binddnsquery3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/Ps/pC_binddnsquery3.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/Ps/pC_binddnsquery4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/Ps/pC_binddnsquery4.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/RM/r_m_bind_bind_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/RM/r_m_bind_bind_Malware.md -------------------------------------------------------------------------------- /DataSources/BIND/BIND/ds_bind_bind.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/BIND/BIND/ds_bind_bind.md -------------------------------------------------------------------------------- /DataSources/Badge/Badge/2_ds_badge_badge.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Badge/Badge/2_ds_badge_badge.md -------------------------------------------------------------------------------- /DataSources/Badge/Badge/ds_badge_badge.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Badge/Badge/ds_badge_badge.md -------------------------------------------------------------------------------- /DataSources/Brivo/Brivo/Ps/pC_brivobadgeaccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Brivo/Brivo/Ps/pC_brivobadgeaccess.md -------------------------------------------------------------------------------- /DataSources/Brivo/Brivo/ds_brivo_brivo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Brivo/Brivo/ds_brivo_brivo.md -------------------------------------------------------------------------------- /DataSources/CDS/CDS/Ps/pC_cdsaccountauth.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/CDS/CDS/Ps/pC_cdsaccountauth.md -------------------------------------------------------------------------------- /DataSources/CDS/CDS/Ps/pC_cdsuserlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/CDS/CDS/Ps/pC_cdsuserlogin.md -------------------------------------------------------------------------------- /DataSources/CDS/CDS/RM/r_m_cds_cds_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/CDS/CDS/RM/r_m_cds_cds_Malware.md -------------------------------------------------------------------------------- /DataSources/CDS/CDS/RM/r_m_cds_cds_Ransomware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/CDS/CDS/RM/r_m_cds_cds_Ransomware.md -------------------------------------------------------------------------------- /DataSources/CDS/CDS/ds_cds_cds.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/CDS/CDS/ds_cds_cds.md -------------------------------------------------------------------------------- /DataSources/Cimtrak/Cimtrak/ds_cimtrak_cimtrak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cimtrak/Cimtrak/ds_cimtrak_cimtrak.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACI/Ps/pC_ciscoconfigchange1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACI/Ps/pC_ciscoconfigchange1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACI/RM/r_m_cisco_aci_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACI/RM/r_m_cisco_aci_Malware.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACI/ds_cisco_aci.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACI/ds_cisco_aci.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACS/Ps/pC_ciscoacsauthfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACS/Ps/pC_ciscoacsauthfailed.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACS/RM/r_m_cisco_acs_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACS/RM/r_m_cisco_acs_Malware.md -------------------------------------------------------------------------------- /DataSources/Cisco/ACS/ds_cisco_acs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ACS/ds_cisco_acs.md -------------------------------------------------------------------------------- /DataSources/Cisco/ADC/RM/r_m_cisco_adc_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ADC/RM/r_m_cisco_adc_Malware.md -------------------------------------------------------------------------------- /DataSources/Cisco/ADC/ds_cisco_adc.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ADC/ds_cisco_adc.md -------------------------------------------------------------------------------- /DataSources/Cisco/Airespace/ds_cisco_airespace.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Airespace/ds_cisco_airespace.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_ciscosshlogin1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_ciscosshlogin1.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_duoappactivity10.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_duoappactivity10.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_duoappactivity6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_duoappactivity6.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_duoappactivity7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_duoappactivity7.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_duoappactivity8.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_duoappactivity8.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/Ps/pC_duoappactivity9.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/Ps/pC_duoappactivity9.md -------------------------------------------------------------------------------- /DataSources/Cisco/Cisco/ds_cisco_cisco.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Cisco/ds_cisco_cisco.md -------------------------------------------------------------------------------- /DataSources/Cisco/CloudLock/ds_cisco_cloudlock.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/CloudLock/ds_cisco_cloudlock.md -------------------------------------------------------------------------------- /DataSources/Cisco/Console/ds_cisco_console.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Console/ds_cisco_console.md -------------------------------------------------------------------------------- /DataSources/Cisco/DHCP/Ps/pC_ciscodhcp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/DHCP/Ps/pC_ciscodhcp.md -------------------------------------------------------------------------------- /DataSources/Cisco/DHCP/ds_cisco_dhcp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/DHCP/ds_cisco_dhcp.md -------------------------------------------------------------------------------- /DataSources/Cisco/Firepower/ds_cisco_firepower.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Firepower/ds_cisco_firepower.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/2_ds_cisco_ise.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/2_ds_cisco_ise.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_cefnaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_cefnaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciscoacsnaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciscoacsnaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciscoacsvpnlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciscoacsvpnlogin.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciscoacsvpnlogout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciscoacsvpnlogout.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciscoisevpnlogout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciscoisevpnlogout.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_cisconaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_cisconaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_cisconaclogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_cisconaclogon1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_cisconaclogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_cisconaclogon2.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_cisconaclogon3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_cisconaclogon3.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseconfigchange.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseconfigchange.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseconfigchange1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseconfigchange1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseremotelogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseremotelogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseremotelogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseremotelogon1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseremotelogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseremotelogon2.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_ciseremotelogon3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_ciseremotelogon3.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_qciscoacsnaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_qciscoacsnaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_sciscoacsnaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_sciscoacsnaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snacfailedlogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snacfailedlogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snacfailedlogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snacfailedlogon1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snacfailedlogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snacfailedlogon2.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snaclogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snaclogon.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snaclogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snaclogon1.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/Ps/pC_snaclogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/Ps/pC_snaclogon2.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/RM/r_m_cisco_ise_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/RM/r_m_cisco_ise_Malware.md -------------------------------------------------------------------------------- /DataSources/Cisco/ISE/ds_cisco_ise.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/ISE/ds_cisco_ise.md -------------------------------------------------------------------------------- /DataSources/Cisco/NPE/RM/r_m_cisco_npe_Evasion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/NPE/RM/r_m_cisco_npe_Evasion.md -------------------------------------------------------------------------------- /DataSources/Cisco/NPE/RM/r_m_cisco_npe_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/NPE/RM/r_m_cisco_npe_Malware.md -------------------------------------------------------------------------------- /DataSources/Cisco/NPE/ds_cisco_npe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/NPE/ds_cisco_npe.md -------------------------------------------------------------------------------- /DataSources/Cisco/Netflow/ds_cisco_netflow.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Netflow/ds_cisco_netflow.md -------------------------------------------------------------------------------- /DataSources/Cisco/TACACS/ds_cisco_tacacs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/TACACS/ds_cisco_tacacs.md -------------------------------------------------------------------------------- /DataSources/Cisco/Umbrella/2_ds_cisco_umbrella.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Umbrella/2_ds_cisco_umbrella.md -------------------------------------------------------------------------------- /DataSources/Cisco/Umbrella/ds_cisco_umbrella.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cisco/Umbrella/ds_cisco_umbrella.md -------------------------------------------------------------------------------- /DataSources/Cofense/Phishme/ds_cofense_phishme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Cofense/Phishme/ds_cofense_phishme.md -------------------------------------------------------------------------------- /DataSources/EMP/EMP/Ps/pC_empappactivity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/EMP/EMP/Ps/pC_empappactivity.md -------------------------------------------------------------------------------- /DataSources/EMP/EMP/RM/r_m_emp_emp_Data_Leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/EMP/EMP/RM/r_m_emp_emp_Data_Leak.md -------------------------------------------------------------------------------- /DataSources/EMP/EMP/RM/r_m_emp_emp_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/EMP/EMP/RM/r_m_emp_emp_Malware.md -------------------------------------------------------------------------------- /DataSources/EMP/EMP/ds_emp_emp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/EMP/EMP/ds_emp_emp.md -------------------------------------------------------------------------------- /DataSources/Egnyte/Egnyte/2_ds_egnyte_egnyte.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Egnyte/Egnyte/2_ds_egnyte_egnyte.md -------------------------------------------------------------------------------- /DataSources/Egnyte/Egnyte/ds_egnyte_egnyte.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Egnyte/Egnyte/ds_egnyte_egnyte.md -------------------------------------------------------------------------------- /DataSources/EnSilo/EnSilo/ds_ensilo_ensilo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/EnSilo/EnSilo/ds_ensilo_ensilo.md -------------------------------------------------------------------------------- /DataSources/Epic/Epic_SIEM/ds_epic_epic_siem.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Epic/Epic_SIEM/ds_epic_epic_siem.md -------------------------------------------------------------------------------- /DataSources/F5/BIG-IP_DNS/ds_f5_big-ip_dns.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/BIG-IP_DNS/ds_f5_big-ip_dns.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/2_ds_f5_f5_big-ip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/2_ds_f5_f5_big-ip.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnassignip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnassignip.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpncertuser.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpncertuser.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnos.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnpolicy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnpolicy.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnsrchost.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnsrchost.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnuser.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/Ps/pC_f5vpnuser.md -------------------------------------------------------------------------------- /DataSources/F5/F5_BIG-IP/ds_f5_f5_big-ip.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/F5_BIG-IP/ds_f5_f5_big-ip.md -------------------------------------------------------------------------------- /DataSources/F5/WebSafe/Ps/pC_f5webactivity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/WebSafe/Ps/pC_f5webactivity.md -------------------------------------------------------------------------------- /DataSources/F5/WebSafe/ds_f5_websafe.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/F5/WebSafe/ds_f5_websafe.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/2_ds_ftp_ftp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/2_ds_ftp_ftp.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_commonftpapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_commonftpapplogin.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftpdelete.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftpdelete.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftpdelete1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftpdelete1.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftpdownload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftpdownload.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftplogin.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftplogin1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftplogin1.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftpupload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftpupload.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/Ps/pC_scommonftpupload1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/Ps/pC_scommonftpupload1.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/RM/r_m_ftp_ftp_Data_Leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/RM/r_m_ftp_ftp_Data_Leak.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/RM/r_m_ftp_ftp_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/RM/r_m_ftp_ftp_Malware.md -------------------------------------------------------------------------------- /DataSources/FTP/FTP/ds_ftp_ftp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/FTP/FTP/ds_ftp_ftp.md -------------------------------------------------------------------------------- /DataSources/Galaxy/Galaxy/ds_galaxy_galaxy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Galaxy/Galaxy/ds_galaxy_galaxy.md -------------------------------------------------------------------------------- /DataSources/Gamma/Gamma/ds_gamma_gamma.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Gamma/Gamma/ds_gamma_gamma.md -------------------------------------------------------------------------------- /DataSources/GitHub/GitHub/2_ds_github_github.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/GitHub/GitHub/2_ds_github_github.md -------------------------------------------------------------------------------- /DataSources/GitHub/GitHub/Ps/pC_sgithubaudit.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/GitHub/GitHub/Ps/pC_sgithubaudit.md -------------------------------------------------------------------------------- /DataSources/GitHub/GitHub/ds_github_github.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/GitHub/GitHub/ds_github_github.md -------------------------------------------------------------------------------- /DataSources/HP/HP_Comware/ds_hp_hp_comware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/HP/HP_Comware/ds_hp_hp_comware.md -------------------------------------------------------------------------------- /DataSources/HP/HP_SafeCom/ds_hp_hp_safecom.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/HP/HP_SafeCom/ds_hp_hp_safecom.md -------------------------------------------------------------------------------- /DataSources/HP/HP_iLO/Ps/pC_hpiloapplogin1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/HP/HP_iLO/Ps/pC_hpiloapplogin1.md -------------------------------------------------------------------------------- /DataSources/HP/HP_iLO/Ps/pC_hpiloapplogin2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/HP/HP_iLO/Ps/pC_hpiloapplogin2.md -------------------------------------------------------------------------------- /DataSources/HP/HP_iLO/ds_hp_hp_ilo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/HP/HP_iLO/ds_hp_hp_ilo.md -------------------------------------------------------------------------------- /DataSources/IBM/Guardium/ds_ibm_guardium.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/Guardium/ds_ibm_guardium.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM/Ps/pC_ibmauthsuccessful.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM/Ps/pC_ibmauthsuccessful.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM/RM/r_m_ibm_ibm_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM/RM/r_m_ibm_ibm_Malware.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM/ds_ibm_ibm.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM/ds_ibm_ibm.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_DB2/Ps/pC_cefdb2fileread.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_DB2/Ps/pC_cefdb2fileread.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_DB2/ds_ibm_ibm_db2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_DB2/ds_ibm_ibm_db2.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess1.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess2.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess3.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/Ps/pC_racfdbaccess4.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Racf/ds_ibm_ibm_racf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Racf/ds_ibm_ibm_racf.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Sense/Ps/pC_cefibmsense.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Sense/Ps/pC_cefibmsense.md -------------------------------------------------------------------------------- /DataSources/IBM/IBM_Sense/ds_ibm_ibm_sense.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IBM/IBM_Sense/ds_ibm_ibm_sense.md -------------------------------------------------------------------------------- /DataSources/ICDB/ICDB/ds_icdb_icdb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/ICDB/ICDB/ds_icdb_icdb.md -------------------------------------------------------------------------------- /DataSources/ICPAM/ICPAM/ds_icpam_icpam.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/ICPAM/ICPAM/ds_icpam_icpam.md -------------------------------------------------------------------------------- /DataSources/IMSS/IMSS/Ps/pC_imssdlpalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IMSS/IMSS/Ps/pC_imssdlpalert.md -------------------------------------------------------------------------------- /DataSources/IMSS/IMSS/Ps/pC_imssdlpalert1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IMSS/IMSS/Ps/pC_imssdlpalert1.md -------------------------------------------------------------------------------- /DataSources/IMSS/IMSS/ds_imss_imss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IMSS/IMSS/ds_imss_imss.md -------------------------------------------------------------------------------- /DataSources/IMSVA/IMSVA/ds_imsva_imsva.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/IMSVA/IMSVA/ds_imsva_imsva.md -------------------------------------------------------------------------------- /DataSources/Infoblox/NIOS/ds_infoblox_nios.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Infoblox/NIOS/ds_infoblox_nios.md -------------------------------------------------------------------------------- /DataSources/JH/JH/Ps/pC_jhfiledownload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/JH/JH/Ps/pC_jhfiledownload.md -------------------------------------------------------------------------------- /DataSources/JH/JH/ds_jh_jh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/JH/JH/ds_jh_jh.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapaccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapaccess.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapappactivity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapappactivity.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapappactivity1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapappactivity1.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapappactivity2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapappactivity2.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapappactivity3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapappactivity3.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/Ps/pC_leapaudit.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/Ps/pC_leapaudit.md -------------------------------------------------------------------------------- /DataSources/LEAP/LEAP/ds_leap_leap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/LEAP/LEAP/ds_leap_leap.md -------------------------------------------------------------------------------- /DataSources/Lenel/OnGuard/2_ds_lenel_onguard.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Lenel/OnGuard/2_ds_lenel_onguard.md -------------------------------------------------------------------------------- /DataSources/Lenel/OnGuard/ds_lenel_onguard.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Lenel/OnGuard/ds_lenel_onguard.md -------------------------------------------------------------------------------- /DataSources/Linux/SSH/Ps/pC_sshremotelogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Linux/SSH/Ps/pC_sshremotelogon.md -------------------------------------------------------------------------------- /DataSources/Linux/SSH/ds_linux_ssh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Linux/SSH/ds_linux_ssh.md -------------------------------------------------------------------------------- /DataSources/Lyrix/Lyrix/ds_lyrix_lyrix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Lyrix/Lyrix/ds_lyrix_lyrix.md -------------------------------------------------------------------------------- /DataSources/MSDHCP/MSDHCP/Ps/pC_msdhcp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/MSDHCP/MSDHCP/Ps/pC_msdhcp.md -------------------------------------------------------------------------------- /DataSources/MSDHCP/MSDHCP/ds_msdhcp_msdhcp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/MSDHCP/MSDHCP/ds_msdhcp_msdhcp.md -------------------------------------------------------------------------------- /DataSources/McAfee/MDAM/Ps/pC_cefmdamdbalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/McAfee/MDAM/Ps/pC_cefmdamdbalert.md -------------------------------------------------------------------------------- /DataSources/McAfee/MDAM/Ps/pC_smdamdbquery.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/McAfee/MDAM/Ps/pC_smdamdbquery.md -------------------------------------------------------------------------------- /DataSources/McAfee/MDAM/ds_mcafee_mdam.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/McAfee/MDAM/ds_mcafee_mdam.md -------------------------------------------------------------------------------- /DataSources/Microsoft/IIS/ds_microsoft_iis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/IIS/ds_microsoft_iis.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4648.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4648.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4688.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4688.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4720.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4720.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4722.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4722.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4725.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4725.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4740.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4740.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4768.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4768.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4769.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4769.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4770.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4770.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4776.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4776.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef4801.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef4801.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5136.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5136.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5140.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5140.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5142.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5142.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef51421.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef51421.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5143.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5143.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5144.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5144.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef5145.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef5145.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef528.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef528.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef540.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef540.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef576.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef576.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_cef673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_cef673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_jp4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_jp4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_jp5158.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_jp5158.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4104.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4104.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4622.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4622.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4648.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4648.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4698.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4698.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4719.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4719.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4720.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4720.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4722.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4722.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4725.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4725.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4726.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4726.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4728.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4728.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4729.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4729.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4738.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4738.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4740.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4740.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4767.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4767.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4768.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4768.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4769.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4769.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4770.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4770.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4776.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4776.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4778.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4778.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4779.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4779.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5136.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5136.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5140.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5140.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5145.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5145.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5156.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5156.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5158.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5158.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json5478.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json5478.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json6272.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json6272.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_json6416.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_json6416.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4688v2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4688v2.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4720.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4720.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4722.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4722.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4725.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4725.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4740.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4740.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_l4767.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_l4767.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic4688.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic4688.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic4770.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic4770.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic5136.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic5136.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic5137.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic5137.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic5141.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic5141.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic528.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic528.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_nic627.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_nic627.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q4697.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q4697.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q4698.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q4698.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q4801.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q4801.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q5156.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q5156.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q5158.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q5158.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q6272.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q6272.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q6273.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q6273.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q628.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q628.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q675.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q675.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_q680.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_q680.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw10016.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw10016.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw104.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw104.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw1149.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw1149.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw11491.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw11491.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw148.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw148.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw216.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw216.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw325.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw325.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw326.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw326.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw327.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw327.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4104.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4104.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4622.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4622.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46241.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46241.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46242.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46242.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46243.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46243.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46244.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46244.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46245.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46245.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46246.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46246.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46247.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46247.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46248.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46248.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46249.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46249.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46251.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46251.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4648.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4648.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46481.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46481.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46482.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46482.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46483.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46483.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46484.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46484.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46485.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46485.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4649.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4649.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46571.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46571.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46621.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46621.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46622.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46622.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46623.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46623.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46631.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46631.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46632.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46632.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46633.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46633.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46634.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46634.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46635.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46635.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46636.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46636.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46637.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46637.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46638.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46638.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46639.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46639.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46721.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46721.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46722.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46722.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46731.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46731.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46732.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46732.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46741.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46741.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46742.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46742.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46743.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46743.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46744.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46744.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw46745.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw46745.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4700.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4700.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4719.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4719.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4738.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4738.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4742.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4742.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4743.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4743.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47431.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47431.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47432.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47432.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4767.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4767.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4768.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4768.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47681.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47681.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47682.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47682.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47683.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47683.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47684.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47684.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47685.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47685.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4769.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4769.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47691.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47691.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47692.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47692.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47693.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47693.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47694.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47694.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47695.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47695.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47696.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47696.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47697.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47697.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4770.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4770.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47701.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47701.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47712.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47712.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4776.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4776.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47761.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47761.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47762.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47762.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47763.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47763.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47764.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47764.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47765.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47765.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4778.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4778.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw47781.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw47781.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4779.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4779.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4801.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4801.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4928.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4928.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw4929.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw4929.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5136.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5136.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5137.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5137.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5138.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5138.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5139.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5139.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5140.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5140.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51401.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51401.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51402.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51402.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5141.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5141.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5142.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5142.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5143.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5143.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51431.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51431.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5144.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5144.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5145.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5145.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51451.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51451.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51452.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51452.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51453.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51453.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51454.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51454.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51455.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51455.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51456.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51456.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51457.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51457.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51458.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51458.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51459.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51459.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5156.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5156.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5157.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5157.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw51571.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw51571.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw528.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw528.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw540.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw540.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5478.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5478.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw552.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw552.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw567.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw567.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw5805.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw5805.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw627.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw627.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw628.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw628.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw675.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw675.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw680.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw680.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_raw7045.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_raw7045.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_rnic4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_rnic4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_rnic528.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_rnic528.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_rnic540.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_rnic540.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_rs4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_rs4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_rs4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_rs4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4624jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4624jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4625jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4625jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4648jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4648jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4663jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4663jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4672jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4672jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4674jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4674jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4688jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4688jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4697.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4697.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4698.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4698.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4719.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4719.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s47191.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s47191.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4720jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4720jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4722jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4722jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4723jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4723jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4724jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4724jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4725jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4725jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4726jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4726jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s47401.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s47401.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s47402.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s47402.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4740jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4740jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4768jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4768jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4769jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4769jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4770jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4770jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4771jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4771jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4776jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4776jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s4801.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s4801.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s48011.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s48011.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s5137.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s5137.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s5141.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s5141.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s51411.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s51411.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s516.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s516.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s517.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s517.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s560.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s560.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s560jp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s560jp.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s576.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s576.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s592.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s592.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s612.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s612.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s627.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s627.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s675.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s675.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s680.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s680.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_s7045.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_s7045.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare517.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare517.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare576.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare576.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare577.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare577.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare578.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare578.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare592.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare592.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_snare612.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_snare612.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml1200.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml1200.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml1202.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml1202.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml1203.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml1203.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4697.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4697.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4698.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4698.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4720.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4720.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4725.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4725.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4726.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4726.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4740.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4740.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4770.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4770.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_sxml7045.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_sxml7045.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_u4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_u4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_u4688.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_u4688.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_u680.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_u680.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4688.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4688.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4720.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4720.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4723.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4723.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4724.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4724.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4725.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4725.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4726.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4726.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4740.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4740.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4768.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4768.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4769.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4769.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4771.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4771.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls4776.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls4776.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls627.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls627.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls644.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls644.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_wls675.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_wls675.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml104.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml104.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml1102.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml1102.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml11021.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml11021.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml1149.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml1149.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml1310.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml1310.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4622.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4622.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4624.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4624.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml46241.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml46241.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4625.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4625.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml46251.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml46251.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4648.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4648.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4649.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4649.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4657.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4657.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4662.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4662.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4663.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4663.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4672.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4672.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4673.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4673.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4674.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4674.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml46741.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml46741.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4688.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4688.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4719.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4719.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4738.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4738.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4739.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4739.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4767.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4767.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4768.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4768.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4769.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4769.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml47691.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml47691.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4776.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4776.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4778.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4778.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4779.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4779.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4800.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4800.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4801.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4801.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml4825.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml4825.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5136.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5136.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5137.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5137.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5138.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5138.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5139.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5139.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5140.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5140.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5141.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5141.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5143.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5143.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5144.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5144.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5145.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5145.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml51451.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml51451.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5156.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5156.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5157.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5157.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5158.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5158.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5478.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5478.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml5861.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml5861.md -------------------------------------------------------------------------------- /DataSources/Microsoft/Windows/Ps/pC_xml6272.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Microsoft/Windows/Ps/pC_xml6272.md -------------------------------------------------------------------------------- /DataSources/Mysql/Mysql/ds_mysql_mysql.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Mysql/Mysql/ds_mysql_mysql.md -------------------------------------------------------------------------------- /DataSources/N3K/N3K/Ps/pC_sn3kdhcp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/N3K/N3K/Ps/pC_sn3kdhcp.md -------------------------------------------------------------------------------- /DataSources/N3K/N3K/ds_n3k_n3k.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/N3K/N3K/ds_n3k_n3k.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/Ps/pC_ncpauthfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/Ps/pC_ncpauthfailed.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/Ps/pC_ncpvpnend.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/Ps/pC_ncpvpnend.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/Ps/pC_ncpvpnstart.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/Ps/pC_ncpvpnstart.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/RM/r_m_ncp_ncp_Data_Leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/RM/r_m_ncp_ncp_Data_Leak.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/RM/r_m_ncp_ncp_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/RM/r_m_ncp_ncp_Malware.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/RM/r_m_ncp_ncp_Phishing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/RM/r_m_ncp_ncp_Phishing.md -------------------------------------------------------------------------------- /DataSources/NCP/NCP/ds_ncp_ncp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NCP/NCP/ds_ncp_ncp.md -------------------------------------------------------------------------------- /DataSources/Nasuni/Nasuni/2_ds_nasuni_nasuni.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Nasuni/Nasuni/2_ds_nasuni_nasuni.md -------------------------------------------------------------------------------- /DataSources/Nasuni/Nasuni/ds_nasuni_nasuni.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Nasuni/Nasuni/ds_nasuni_nasuni.md -------------------------------------------------------------------------------- /DataSources/NetApp/NetApp/2_ds_netapp_netapp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NetApp/NetApp/2_ds_netapp_netapp.md -------------------------------------------------------------------------------- /DataSources/NetApp/NetApp/ds_netapp_netapp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NetApp/NetApp/ds_netapp_netapp.md -------------------------------------------------------------------------------- /DataSources/NetIQ/NetIQ/Ps/pC_netiqapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NetIQ/NetIQ/Ps/pC_netiqapplogin.md -------------------------------------------------------------------------------- /DataSources/NetIQ/NetIQ/ds_netiq_netiq.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/NetIQ/NetIQ/ds_netiq_netiq.md -------------------------------------------------------------------------------- /DataSources/OSSEC/OSSEC/ds_ossec_ossec.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/OSSEC/OSSEC/ds_ossec_ossec.md -------------------------------------------------------------------------------- /DataSources/Oracle/AVDF/ds_oracle_avdf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Oracle/AVDF/ds_oracle_avdf.md -------------------------------------------------------------------------------- /DataSources/Oracle/Solaris/ds_oracle_solaris.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Oracle/Solaris/ds_oracle_solaris.md -------------------------------------------------------------------------------- /DataSources/Ordr/Ordr_SCE/ds_ordr_ordr_sce.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Ordr/Ordr_SCE/ds_ordr_ordr_sce.md -------------------------------------------------------------------------------- /DataSources/Pharos/Pharos/ds_pharos_pharos.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Pharos/Pharos/ds_pharos_pharos.md -------------------------------------------------------------------------------- /DataSources/QUSH/Reveal/2_ds_qush_reveal.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/QUSH/Reveal/2_ds_qush_reveal.md -------------------------------------------------------------------------------- /DataSources/QUSH/Reveal/ds_qush_reveal.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/QUSH/Reveal/ds_qush_reveal.md -------------------------------------------------------------------------------- /DataSources/Qualys/Qualys/ds_qualys_qualys.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Qualys/Qualys/ds_qualys_qualys.md -------------------------------------------------------------------------------- /DataSources/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/README.md -------------------------------------------------------------------------------- /DataSources/RS2/RS2/Ps/pC_rs2physicalaccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RS2/RS2/Ps/pC_rs2physicalaccess.md -------------------------------------------------------------------------------- /DataSources/RS2/RS2/ds_rs2_rs2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RS2/RS2/ds_rs2_rs2.md -------------------------------------------------------------------------------- /DataSources/RSA/RSA/RM/r_m_rsa_rsa_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/RSA/RM/r_m_rsa_rsa_Malware.md -------------------------------------------------------------------------------- /DataSources/RSA/RSA/ds_rsa_rsa.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/RSA/ds_rsa_rsa.md -------------------------------------------------------------------------------- /DataSources/RSA/RSA_DLP/Ps/pC_rsadlpalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/RSA_DLP/Ps/pC_rsadlpalert.md -------------------------------------------------------------------------------- /DataSources/RSA/RSA_DLP/ds_rsa_rsa_dlp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/RSA_DLP/ds_rsa_rsa_dlp.md -------------------------------------------------------------------------------- /DataSources/RSA/RSA_ECAT/ds_rsa_rsa_ecat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/RSA_ECAT/ds_rsa_rsa_ecat.md -------------------------------------------------------------------------------- /DataSources/RSA/SecurID/Ps/pC_rsavpnend.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/SecurID/Ps/pC_rsavpnend.md -------------------------------------------------------------------------------- /DataSources/RSA/SecurID/ds_rsa_securid.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RSA/SecurID/ds_rsa_securid.md -------------------------------------------------------------------------------- /DataSources/RUID/RUID/ds_ruid_ruid.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/RUID/RUID/ds_ruid_ruid.md -------------------------------------------------------------------------------- /DataSources/Radius/Radius/ds_radius_radius.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Radius/Radius/ds_radius_radius.md -------------------------------------------------------------------------------- /DataSources/Rapid7/Nexpose/ds_rapid7_nexpose.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Rapid7/Nexpose/ds_rapid7_nexpose.md -------------------------------------------------------------------------------- /DataSources/Ricoh/Ricoh/ds_ricoh_ricoh.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Ricoh/Ricoh/ds_ricoh_ricoh.md -------------------------------------------------------------------------------- /DataSources/Ruckus/Ruckus/ds_ruckus_ruckus.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Ruckus/Ruckus/ds_ruckus_ruckus.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/2_ds_sap_sap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/2_ds_sap_sap.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_cefsapappactivity1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_cefsapappactivity1.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_cefsapappactivity2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_cefsapappactivity2.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_cefsapappactivity3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_cefsapappactivity3.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_cefsapfiledownload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_cefsapfiledownload.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_cefsapfilewrite.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_cefsapfilewrite.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_gcpgeneralactivity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_gcpgeneralactivity.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_sapapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_sapapplogin.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_sapfailedapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_sapfailedapplogin.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_sapremotelogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_sapremotelogon.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/Ps/pC_sapremotelogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/Ps/pC_sapremotelogon1.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/RM/r_m_sap_sap_Data_Leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/RM/r_m_sap_sap_Data_Leak.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/RM/r_m_sap_sap_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/RM/r_m_sap_sap_Malware.md -------------------------------------------------------------------------------- /DataSources/SAP/SAP/ds_sap_sap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SAP/SAP/ds_sap_sap.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/2_ds_sftp_sftp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/2_ds_sftp_sftp.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpapplogin.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfiledelete.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfiledelete.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfiledownload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfiledownload.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfileread.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfileread.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfileupload.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfileupload.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfilewrite1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfilewrite1.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/Ps/pC_sftpfilewrite2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/Ps/pC_sftpfilewrite2.md -------------------------------------------------------------------------------- /DataSources/SFTP/SFTP/ds_sftp_sftp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SFTP/SFTP/ds_sftp_sftp.md -------------------------------------------------------------------------------- /DataSources/SIGSCI/SIGSCI/ds_sigsci_sigsci.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/SIGSCI/SIGSCI/ds_sigsci_sigsci.md -------------------------------------------------------------------------------- /DataSources/Sailpoint/FAM/2_ds_sailpoint_fam.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Sailpoint/FAM/2_ds_sailpoint_fam.md -------------------------------------------------------------------------------- /DataSources/Sailpoint/FAM/ds_sailpoint_fam.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Sailpoint/FAM/ds_sailpoint_fam.md -------------------------------------------------------------------------------- /DataSources/Sangfor/NGAF/ds_sangfor_ngaf.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Sangfor/NGAF/ds_sangfor_ngaf.md -------------------------------------------------------------------------------- /DataSources/Semperis/DSP/ds_semperis_dsp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Semperis/DSP/ds_semperis_dsp.md -------------------------------------------------------------------------------- /DataSources/Slack/Slack/2_ds_slack_slack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Slack/Slack/2_ds_slack_slack.md -------------------------------------------------------------------------------- /DataSources/Slack/Slack/Ps/pC_slackapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Slack/Slack/Ps/pC_slackapplogin.md -------------------------------------------------------------------------------- /DataSources/Slack/Slack/ds_slack_slack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Slack/Slack/ds_slack_slack.md -------------------------------------------------------------------------------- /DataSources/Snort/Snort/Ps/pC_qsnortalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Snort/Snort/Ps/pC_qsnortalert.md -------------------------------------------------------------------------------- /DataSources/Snort/Snort/Ps/pC_qsnortalert1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Snort/Snort/Ps/pC_qsnortalert1.md -------------------------------------------------------------------------------- /DataSources/Snort/Snort/Ps/pC_snortalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Snort/Snort/Ps/pC_snortalert.md -------------------------------------------------------------------------------- /DataSources/Snort/Snort/ds_snort_snort.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Snort/Snort/ds_snort_snort.md -------------------------------------------------------------------------------- /DataSources/Squid/Squid/2_ds_squid_squid.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Squid/Squid/2_ds_squid_squid.md -------------------------------------------------------------------------------- /DataSources/Squid/Squid/ds_squid_squid.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Squid/Squid/ds_squid_squid.md -------------------------------------------------------------------------------- /DataSources/Sun_One/LDAP/ds_sun_one_ldap.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Sun_One/LDAP/ds_sun_one_ldap.md -------------------------------------------------------------------------------- /DataSources/Swift/Swift/Ps/pC_swiftapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Swift/Swift/Ps/pC_swiftapplogin.md -------------------------------------------------------------------------------- /DataSources/Swift/Swift/Ps/pC_swiftapplogin1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Swift/Swift/Ps/pC_swiftapplogin1.md -------------------------------------------------------------------------------- /DataSources/Swift/Swift/ds_swift_swift.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Swift/Swift/ds_swift_swift.md -------------------------------------------------------------------------------- /DataSources/Swipes/Swipes/ds_swipes_swipes.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Swipes/Swipes/ds_swipes_swipes.md -------------------------------------------------------------------------------- /DataSources/Swivel/Swivel/ds_swivel_swivel.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Swivel/Swivel/ds_swivel_swivel.md -------------------------------------------------------------------------------- /DataSources/Sybase/Sybase/ds_sybase_sybase.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Sybase/Sybase/ds_sybase_sybase.md -------------------------------------------------------------------------------- /DataSources/Symantec/ICDx/ds_symantec_icdx.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Symantec/ICDx/ds_symantec_icdx.md -------------------------------------------------------------------------------- /DataSources/TrapX/TrapX/Ps/pC_trapxalert.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/TrapX/TrapX/Ps/pC_trapxalert.md -------------------------------------------------------------------------------- /DataSources/TrapX/TrapX/ds_trapx_trapx.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/TrapX/TrapX/ds_trapx_trapx.md -------------------------------------------------------------------------------- /DataSources/USB/USB/Ps/pC_usbfilewrite.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/USB/USB/Ps/pC_usbfilewrite.md -------------------------------------------------------------------------------- /DataSources/USB/USB/ds_usb_usb.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/USB/USB/ds_usb_usb.md -------------------------------------------------------------------------------- /DataSources/Unix/Auditbeat/ds_unix_auditbeat.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Auditbeat/ds_unix_auditbeat.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/2_ds_unix_unix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/2_ds_unix_unix.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_aixauthfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_aixauthfailed.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_aixtaskcreated.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_aixtaskcreated.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_aixtaskcreated1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_aixtaskcreated1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_auditbeatpermmod.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_auditbeatpermmod.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_cefsshlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_cefsshlogin.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_cefsshlogin1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_cefsshlogin1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_cefunixsu.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_cefunixsu.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_cefunixsudo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_cefunixsudo.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_cefunixsudo1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_cefunixsudo1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_httpdauthevent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_httpdauthevent.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_kerberosas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_kerberosas.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_kerberostgs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_kerberostgs.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_qunixas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_qunixas.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_rawsshlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_rawsshlogin.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_rawunixsu.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_rawunixsu.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_rawunixsudo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_rawunixsudo.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_sftpfileclose.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_sftpfileclose.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_sftpfileopen.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_sftpfileopen.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_sftpfilerename.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_sftpfilerename.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_sftpremotelogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_sftpremotelogon.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_snareunixsu1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_snareunixsu1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_snareunixsu2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_snareunixsu2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_ssshloginfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_ssshloginfailed.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_sunixauthevent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_sunixauthevent.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixas.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauditdlogin2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauditdlogin2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthevent1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthevent1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthevent2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthevent2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed3.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed4.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixauthfailed5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixauthfailed5.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixdlpemailout.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixdlpemailout.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon3.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon4.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon5.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon6.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon6.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon7.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon7.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon8.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon8.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixfailedlogon9.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixfailedlogon9.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixlocallogon.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixlocallogon.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixlocallogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixlocallogon1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixmemberadded.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixmemberadded.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixpamsshlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixpamsshlogin.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixprivcommand5.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixprivcommand5.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixremoteaccess.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixremoteaccess.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixremotelogon1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixremotelogon1.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixremotelogon2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixremotelogon2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixremotelogon3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixremotelogon3.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixsshfail38.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixsshfail38.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixsshlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixsshlogin.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixsshloginjson.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixsshloginjson.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_unixsu37.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_unixsu37.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhpamauthfail.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhpamauthfail.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhsshlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhsshlogin.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhsysauthfail.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhsysauthfail.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhunixas.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhunixas.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhunixsu.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhunixsu.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhunixsudo.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhunixsudo.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhunixsudosu.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhunixsudosu.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/Ps/pC_wazuhunixsudosu2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/Ps/pC_wazuhunixsudosu2.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix/ds_unix_unix.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix/ds_unix_unix.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix_dhcpd/Ps/pC_dhcpdrenew.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix_dhcpd/Ps/pC_dhcpdrenew.md -------------------------------------------------------------------------------- /DataSources/Unix/Unix_dhcpd/Ps/pC_qunixdhcp1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Unix/Unix_dhcpd/Ps/pC_qunixdhcp1.md -------------------------------------------------------------------------------- /DataSources/VBCorp/VBCorp/ds_vbcorp_vbcorp.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/VBCorp/VBCorp/ds_vbcorp_vbcorp.md -------------------------------------------------------------------------------- /DataSources/VMware/NSX_FW/ds_vmware_nsx_fw.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/VMware/NSX_FW/ds_vmware_nsx_fw.md -------------------------------------------------------------------------------- /DataSources/Virtru/Virtru/ds_virtru_virtru.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Virtru/Virtru/ds_virtru_virtru.md -------------------------------------------------------------------------------- /DataSources/Visma/Megaflex/ds_visma_megaflex.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Visma/Megaflex/ds_visma_megaflex.md -------------------------------------------------------------------------------- /DataSources/Wiz/Wiz/Ps/pC_wizapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Wiz/Wiz/Ps/pC_wizapplogin.md -------------------------------------------------------------------------------- /DataSources/Wiz/Wiz/Ps/pC_wizdeleteuser.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Wiz/Wiz/Ps/pC_wizdeleteuser.md -------------------------------------------------------------------------------- /DataSources/Wiz/Wiz/RM/r_m_wiz_wiz_Malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Wiz/Wiz/RM/r_m_wiz_wiz_Malware.md -------------------------------------------------------------------------------- /DataSources/Wiz/Wiz/ds_wiz_wiz.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Wiz/Wiz/ds_wiz_wiz.md -------------------------------------------------------------------------------- /DataSources/XPS/XPS/RM/r_m_xps_xps_Data_Leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/XPS/XPS/RM/r_m_xps_xps_Data_Leak.md -------------------------------------------------------------------------------- /DataSources/XPS/XPS/ds_xps_xps.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/XPS/XPS/ds_xps_xps.md -------------------------------------------------------------------------------- /DataSources/Xerox/Xerox/Ps/pC_xeroxprint.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Xerox/Xerox/Ps/pC_xeroxprint.md -------------------------------------------------------------------------------- /DataSources/Xerox/Xerox/ds_xerox_xerox.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Xerox/Xerox/ds_xerox_xerox.md -------------------------------------------------------------------------------- /DataSources/Xiting/XAMS/Ps/pC_xamsapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Xiting/XAMS/Ps/pC_xamsapplogin.md -------------------------------------------------------------------------------- /DataSources/Xiting/XAMS/ds_xiting_xams.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Xiting/XAMS/ds_xiting_xams.md -------------------------------------------------------------------------------- /DataSources/YSoft/YSoft/ds_ysoft_ysoft.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/YSoft/YSoft/ds_ysoft_ysoft.md -------------------------------------------------------------------------------- /DataSources/Zlock/Zlock/ds_zlock_zlock.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Zlock/Zlock/ds_zlock_zlock.md -------------------------------------------------------------------------------- /DataSources/Zoom/Zoom/Ps/pC_zoomlogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Zoom/Zoom/Ps/pC_zoomlogin.md -------------------------------------------------------------------------------- /DataSources/Zoom/Zoom/Ps/pC_zoommeetingended.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Zoom/Zoom/Ps/pC_zoommeetingended.md -------------------------------------------------------------------------------- /DataSources/Zoom/Zoom/ds_zoom_zoom.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/Zoom/Zoom/ds_zoom_zoom.md -------------------------------------------------------------------------------- /DataSources/eDocs/eDocs/ds_edocs_edocs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/eDocs/eDocs/ds_edocs_edocs.md -------------------------------------------------------------------------------- /DataSources/jSONAR/SonarG/ds_jsonar_sonarg.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/jSONAR/SonarG/ds_jsonar_sonarg.md -------------------------------------------------------------------------------- /DataSources/oVirt/oVirt/2_ds_ovirt_ovirt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/oVirt/oVirt/2_ds_ovirt_ovirt.md -------------------------------------------------------------------------------- /DataSources/oVirt/oVirt/Ps/pC_ovirtapplogin.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/oVirt/oVirt/Ps/pC_ovirtapplogin.md -------------------------------------------------------------------------------- /DataSources/oVirt/oVirt/ds_ovirt_ovirt.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/oVirt/oVirt/ds_ovirt_ovirt.md -------------------------------------------------------------------------------- /DataSources/xsuite/xsuite/ds_xsuite_xsuite.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/DataSources/xsuite/xsuite/ds_xsuite_xsuite.md -------------------------------------------------------------------------------- /Exabeam Data Sources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/Exabeam Data Sources.md -------------------------------------------------------------------------------- /Exabeam Use Cases.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/Exabeam Use Cases.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/README.md -------------------------------------------------------------------------------- /UseCases/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/README.md -------------------------------------------------------------------------------- /UseCases/uc_abnormal_authentication_&_access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_abnormal_authentication_&_access.md -------------------------------------------------------------------------------- /UseCases/uc_account_manipulation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_account_manipulation.md -------------------------------------------------------------------------------- /UseCases/uc_audit_tampering.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_audit_tampering.md -------------------------------------------------------------------------------- /UseCases/uc_brute_force_attack.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_brute_force_attack.md -------------------------------------------------------------------------------- /UseCases/uc_cloud_data_protection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_cloud_data_protection.md -------------------------------------------------------------------------------- /UseCases/uc_compromised_credentials.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_compromised_credentials.md -------------------------------------------------------------------------------- /UseCases/uc_cryptomining.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_cryptomining.md -------------------------------------------------------------------------------- /UseCases/uc_data_access.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_data_access.md -------------------------------------------------------------------------------- /UseCases/uc_data_exfiltration.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_data_exfiltration.md -------------------------------------------------------------------------------- /UseCases/uc_data_leak.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_data_leak.md -------------------------------------------------------------------------------- /UseCases/uc_destruction_of_data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_destruction_of_data.md -------------------------------------------------------------------------------- /UseCases/uc_evasion.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_evasion.md -------------------------------------------------------------------------------- /UseCases/uc_lateral_movement.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_lateral_movement.md -------------------------------------------------------------------------------- /UseCases/uc_malware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_malware.md -------------------------------------------------------------------------------- /UseCases/uc_phishing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_phishing.md -------------------------------------------------------------------------------- /UseCases/uc_physical_security.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_physical_security.md -------------------------------------------------------------------------------- /UseCases/uc_privilege_abuse.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_privilege_abuse.md -------------------------------------------------------------------------------- /UseCases/uc_privilege_escalation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_privilege_escalation.md -------------------------------------------------------------------------------- /UseCases/uc_privileged_activity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_privileged_activity.md -------------------------------------------------------------------------------- /UseCases/uc_ransomware.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_ransomware.md -------------------------------------------------------------------------------- /UseCases/uc_workforce_protection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/UseCases/uc_workforce_protection.md -------------------------------------------------------------------------------- /banner.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/banner.png -------------------------------------------------------------------------------- /resources/README.md: -------------------------------------------------------------------------------- 1 | General purpose content files and information. 2 | -------------------------------------------------------------------------------- /resources/cim.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/resources/cim.json -------------------------------------------------------------------------------- /resources/field_def.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/resources/field_def.json -------------------------------------------------------------------------------- /resources/mitre_map.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ExabeamLabs/Content-Doc/HEAD/resources/mitre_map.json --------------------------------------------------------------------------------