valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 17:45:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6458166c19
atomic-threat-coverage/generated_analytics/analytics.csv
Wydra Mateusz 38b9ff8ad3 customer funcionality + fixes for multiple dr paths
2019-03-26 04:37:51 +01:00

702 KiB
Raw Blame History 

customer,tactic,technique,detection_rule,category,platform,type,channel,provider,data_needed,logging policy,enrichment,enrichment requirements,response playbook,response action
None,TA0006: Credential Access,T1003: Credential Dumping,SAM Dump to AppData,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Malicious Service Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz DC Sync,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,RDP Login from localhost,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,RDP Login from localhost,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,-,,,-,title
None,TA0006: Credential Access,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0003: Persistence,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,-,,,-,title
None,TA0003: Persistence,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,-,,,-,title
None,TA0006: Credential Access,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0003: Persistence,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,-,,,-,title
None,TA0003: Persistence,T1098: Account Manipulation,Active Directory User Backdoors,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1075: Pass the Hash,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1114: Email Collection,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1059: Command-Line Interface,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1087: Account Discovery,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1075: Pass the Hash,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1114: Email Collection,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1075: Pass the Hash,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1114: Email Collection,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0007: Discovery,T1059: Command-Line Interface,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1087: Account Discovery,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1075: Pass the Hash,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1114: Email Collection,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Hacktool Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1075: Pass the Hash,NTLM Logon,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1078: Valid Accounts,Admin User Remote Logon,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1078: Valid Accounts,Admin User Remote Logon,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1075: Pass the Hash,Successful Overpass the Hash Attempt,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1075: Pass the Hash,Successful Overpass the Hash Attempt,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,Security Eventlog Cleared,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,-,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,Eventlog Cleared,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DHCP Server Loaded the CallOut DLL,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,-,,,-,title
None,TA0008: Lateral Movement,T1077: Windows Admin Shares,smbexec.py Service Installation,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0008: Lateral Movement,T1035: Service Execution,smbexec.py Service Installation,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0002: Execution,T1077: Windows Admin Shares,smbexec.py Service Installation,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0002: Execution,T1035: Service Execution,smbexec.py Service Installation,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS Server Error Failed Loading the ServerLevelPluginDLL,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,-,,,-,title
None,TA0003: Persistence,T1050: New Service,Malicious Service Installations,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0004: Privilege Escalation,T1050: New Service,Malicious Service Installations,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Eventlog,DN_0038_517_the_audit_log_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Windows Error Reporting,DN_0045_1001_windows_error_reporting,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0026_5136_windows_directory_service_object_was_modified,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0048_1033_dhcp_service_successfully_loaded_callout_dlls,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0009_5_windows_sysmon_process_terminated,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0030_4662_operation_was_performed_on_an_object,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0049_1034_dhcp_service_failed_to_load_callout_dlls,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0047_1032_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-NTLM/Operational,Microsoft-Windows-NTLM,DN_0082_8002_ntlm_server_blocked_audit,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Kernel-General,DN_0083_16_access_history_in_hive_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0063_4697_service_was_installed_in_the_system,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0008_4_windows_sysmon_sysmon_service_state_changed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0013_9_windows_sysmon_RawAccessRead,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Microsoft-Windows-Eventlog,DN_0034_104_log_file_was_cleared,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Application,Application Error,DN_0044_1000_application_crashed,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,System,Microsoft-Windows-DHCP-Server,DN_0046_1031_dhcp_service_callout_dll_file_has_caused_an_exception,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0006_2_windows_sysmon_process_changed_a_file_creation_time,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0029_4661_handle_to_an_object_was_requested,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,-,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0044_windows_ntlm_audit,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0030_windows_audit_file_share,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0028_windows_audit_sam,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0004_windows_audit_logon,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0027_windows_audit_directory_service_access,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0044_windows_ntlm_audit,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0100_windows_audit_security_system_extension,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0030_windows_audit_file_share,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0028_windows_audit_sam,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Use,OS Logs,Windows,Applications and Services Logs,DNS Server,Microsoft-Windows-DNS-Server-Service,DN_0036_150_dns_server_could_not_load_dll,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1050: New Service,Rare Service Installs,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0004: Privilege Escalation,T1050: New Service,Rare Service Installs,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0008: Lateral Movement,T1078: Valid Accounts,Interactive Logon to Server Systems,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0008: Lateral Movement,T1078: Valid Accounts,Interactive Logon to Server Systems,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0004_4624_windows_account_logon,LP_0004_windows_audit_logon,,,-,title
None,TA0003: Persistence,T1098: Account Manipulation,Password Change on Directory Service Restore Mode (DSRM) Account,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0004: Privilege Escalation,T1098: Account Manipulation,Password Change on Directory Service Restore Mode (DSRM) Account,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0028_4794_directory_services_restore_mode_admin_password_set,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1212: Exploitation for Credential Access,NetNTLM Downgrade Attack,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1089: Disabling Security Tools,Weak Encryption Enabled and Kerberoast,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1212: Exploitation for Credential Access,Possible Remote Password Change Through SAMR,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1212: Exploitation for Credential Access,Possible Remote Password Change Through SAMR,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0032_5145_network_share_object_was_accessed_detailed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0006: Credential Access,T1212: Exploitation for Credential Access,Possible Remote Password Change Through SAMR,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0029_windows_audit_detailed_file_share,,,-,title
None,TA0006: Credential Access,T1212: Exploitation for Credential Access,Possible Remote Password Change Through SAMR,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0027_4738_user_account_was_changed,LP_0026_windows_audit_user_account_management,,,-,title
None,TA0008: Lateral Movement,T1077: Windows Admin Shares,Access to ADMIN$ Share,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0033_5140_network_share_object_was_accessed,LP_0030_windows_audit_file_share,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Antivirus Web Shell Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Antivirus Exploitation Framework Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0002: Execution,T1219: Remote Access Tools,Antivirus Exploitation Framework Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0011: Command and Control,T1203: Exploitation for Client Execution,Antivirus Exploitation Framework Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0011: Command and Control,T1219: Remote Access Tools,Antivirus Exploitation Framework Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Antivirus Password Dumper Detection,AV Alerts,antivirus,None,None,None,DN_0084_av_alert,-,,,-,title
None,TA0002: Execution,T1112: Modify Registry,Ursnif,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,-,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0005_7045_windows_service_insatalled,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,-,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Windows Log,System,Service Control Manager,DN_0031_7036_service_started_stopped,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Tool Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1053: Scheduled Task,Rare Scheduled Task Creations,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-TaskScheduler/Operational,Microsoft-Windows-TaskScheduler,DN_0035_106_task_scheduler_task_registered,-,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,-,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0081_5861_wmi_activity,-,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,-,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-WMI-Activity/Operational,Microsoft-Windows-WMI-Activity,DN_0080_5859_wmi_activity,-,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,PowerShell Downgrade Attack,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Downgrade Attack,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious PowerShell Commandlets,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious PowerShell Commandlets,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0005: Defense Evasion,T1096: NTFS File Attributes,NTFS Alternate Data Stream,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0005: Defense Evasion,T1096: NTFS File Attributes,NTFS Alternate Data Stream,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Credential Prompt,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0006: Credential Access,T1086: PowerShell,PowerShell Credential Prompt,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,PowerShell called from an Executable Version Mismatch,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell called from an Executable Version Mismatch,OS Logs,Windows,Applications and Services Logs,Windows PowerShell,PowerShell,DN_0038_400_windows_powershell_engine_lifecycle,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Invocations - Generic,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Invocations - Generic,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0004: Privilege Escalation,T1055: Process Injection,PowerShell ShellCode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0004: Privilege Escalation,T1086: PowerShell,PowerShell ShellCode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1055: Process Injection,PowerShell ShellCode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell ShellCode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious PowerShell Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious PowerShell Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell PSAttack,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Invocations - Specific,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0037_4103_windows_powershell_executing_pipeline,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Invocations - Specific,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-PowerShell/Operational,Microsoft-Windows-PowerShell,DN_0036_4104_windows_powershell_script_block,-,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1047: Windows Management Instrumentation,WMI Persistence - Script Event Consumer,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,WSF/JSE/JS/VBA/VBE File Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1047: Windows Management Instrumentation,Suspicious WMI execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as LOCAL_SYSTEM,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,Powershell AMSI Bypass via .NET Reflection,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1127: Trusted Developer Utilities,Microsoft Workflow Compiler,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,NotPetya Ransomware Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Service Start,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1035: Service Execution,PsExec Service Start,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious GUP Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1138: Application Shimming,Possible Shim Database Persistence via sdbinst.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Activity Related to NTDS.dit Domain Hash Retrieval,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Svchost Process,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious Base64 encoded PowerShell Keywords in command lines,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Download from URL,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1046: Network Service Scanning,Java Running with Remote Debugging,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Dridex Process Pattern,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1158: Hidden Files and Directories,Hiding files with attrib.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0003: Persistence,T1158: Hidden Files and Directories,Hiding files with attrib.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1118: InstallUtil,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1121: Regsvcs/Regasm,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1127: Trusted Developer Utilities,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,Possible Applocker Bypass,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Parent of Csc.exe,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Suspicious Execution from Outlook,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Control Panel DLL Load,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious SYSVOL Domain Group Policy Access,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1036: Masquerading,Exploit for CVE-2015-1641,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1197: BITS Jobs,Bitsadmin Download,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0006: Credential Access,T1003: Credential Dumping,Cmdkey Cached Credentials Recon,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,Suspicious PowerShell Parameter Substring,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1033: System Owner/User Discovery,Whoami Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Process Start Locations,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Execution in Webserver Root Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Script Run in AppData,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1082: System Information Discovery,Reconnaissance Activity with Net Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1053: Scheduled Task,Scheduled Task Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1053: Scheduled Task,Scheduled Task Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1053: Scheduled Task,Scheduled Task Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Webshell Detection With Command Line Keywords,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0011: Command and Control,T1090: Connection Proxy,Netsh Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,WScript or CScript Dropper,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1203: Exploitation for Client Execution,Exploit for CVE-2017-8759,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1059: Command-Line Interface,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1202: Indirect Command Execution,Microsoft Office Product Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,PowerShell Base64 Encoded Shellcode,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1117: Regsvr32,Regsvr32 Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,Shells Spawned by Web Servers,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Calculator Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1036: Masquerading,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Suspicious Use of Procdump,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,System File Execution Location Anomaly,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Execution in Non-Executable Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Rubeus Hack Tool,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1100: Web Shell,IIS Native-Code Module Command Line Installation,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Executables Started in Suspicious Folder,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1211: Exploitation for Defense Evasion,Droppers exploiting CVE-2017-11882,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1105: Remote File Copy,Suspicious Certutil Command,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1086: PowerShell,Suspicious XOR Encoded PowerShell Command Line,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Suspicious Program Location Process Starts,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0011: Command and Control,T1219: Remote Access Tools,Suspicious TSCON Start,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0005: Defense Evasion,T1088: Bypass User Account Control,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0004: Privilege Escalation,T1088: Bypass User Account Control,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0004: Privilege Escalation,T1191: CMSTP,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0002: Execution,T1088: Bypass User Account Control,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP UAC Bypass via COM Object Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Invocation of Active Directory Diagnostic Tool (ntdsutil.exe),OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Suspicious Commandline Escape,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER2;TESTCUSTOMER,TA0005: Defense Evasion,T1047: Windows Management Instrumentation,SquiblyTwo,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0004: Privilege Escalation,T1055: Process Injection,Exploit for CVE-2017-0261,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0007: Discovery,T1087: Account Discovery,Suspicious Reconnaissance Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1070: Indicator Removal on Host,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1067: Bootkit,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1067: Bootkit,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1070: Indicator Removal on Host,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1070: Indicator Removal on Host,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1067: Bootkit,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1067: Bootkit,Possible Ransomware or unauthorized MBR modifications,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1140: Deobfuscate/Decode Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Ping Hex IP,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1036: Masquerading,Taskmgr as Parent,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0001_4688_windows_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Executable used by PlugX in Uncommon Location - Sysmon Version,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA Spawning Windows Shell,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1170: Mshta,MSHTA spwaned by SVCHOST as seen in LethalHTA,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1059: Command-Line Interface,Command Line Execution with suspicious URL and AppData Strings,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,Adwind RAT / JRAT,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1076: Remote Desktop Protocol,Suspicious RDP Redirect Using TSCON,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1175: Distributed Component Object Model,Processes created by MMC,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0008: Lateral Movement,T1021: Remote Services,Netsh RDP Port Forwarding,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1064: Scripting,Suspicious RASdial Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0002: Execution,T1085: Rundll32,Suspicious Rundll32 Activity,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0004: Privilege Escalation,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0003: Persistence,T1015: Accessibility Features,Sticky Key Like Backdoor Usage,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,-,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,-,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,-,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,-,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0005: Defense Evasion,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0007_windows_sysmon_ProcessAccess,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
TESTCUSTOMER,TA0002: Execution,T1191: CMSTP,CMSTP Execution,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1055: Process Injection,Malware Shellcode in Verclsid Target Process,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0004: Privilege Escalation,T1055: Process Injection,Malware Shellcode in Verclsid Target Process,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,PowerShell Rundll32 Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0005: Defense Evasion,T1086: PowerShell,PowerShell Rundll32 Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0002: Execution,T1085: Rundll32,PowerShell Rundll32 Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Rundll32 Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz Detection LSASS Access,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0014_10_windows_sysmon_ProcessAccess,LP_0007_windows_sysmon_ProcessAccess,,,-,title
None,TA0008: Lateral Movement,T1003: Credential Dumping,Mimikatz In-Memory,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Mimikatz In-Memory,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Detection of SafetyKatz,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0004: Privilege Escalation,T1183: Image File Execution Options Injection,Registry Persistence Mechanisms,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0003: Persistence,T1183: Image File Execution Options Injection,Registry Persistence Mechanisms,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1183: Image File Execution Options Injection,Registry Persistence Mechanisms,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0002: Execution,T1086: PowerShell,PowerShell Network Connections,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0005: Defense Evasion,T1055: Process Injection,CobaltStrike Process Injection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0003: Persistence,T1050: New Service,Suspicious Driver Load from Temp,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0010_6_windows_sysmon_driver_loaded,-,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0016_12_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0003: Persistence,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0008: Lateral Movement,T1037: Logon Scripts,Logon Scripts (UserInitMprLogonScript),OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0018_14_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1084: Windows Management Instrumentation Event Subscription,WMI Persistence - Command Line Event Consumer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,Password Dumper Remote Thread in LSASS,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0002_windows_audit_process_creation_with_commandline,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DNS ServerLevelPluginDll Install,OS Logs,Windows,Windows Log,Security,Microsoft-Windows-Security-Auditing,DN_0002_4688_windows_process_creation_with_commandline,LP_0001_windows_audit_process_creation,,,-,title
None,TA0005: Defense Evasion,T1027: Obfuscated Files or Information,Executable in ADS,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0019_15_windows_sysmon_FileCreateStreamHash,-,,,-,title
None,TA0006: Credential Access,T1003: Credential Dumping,QuarksPwDump Dump File,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0005: Defense Evasion,T1088: Bypass User Account Control,UAC Bypass via sdclt,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0004: Privilege Escalation,T1088: Bypass User Account Control,UAC Bypass via sdclt,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0002: Execution,T1055: Process Injection,CACTUSTORCH Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0002: Execution,T1064: Scripting,CACTUSTORCH Remote Thread Creation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0012_8_windows_sysmon_CreateRemoteThread,-,,,-,title
None,TA0008: Lateral Movement,T1105: Remote File Copy,Microsoft Binary Suspicious Communication Endpoint,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0002: Execution,T1053: Scheduled Task,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0002: Execution,T1086: PowerShell,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1053: Scheduled Task,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1086: PowerShell,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1053: Scheduled Task,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1086: PowerShell,Default PowerSploit Schtasks Persistence,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0008: Lateral Movement,T1105: Remote File Copy,Microsoft Binary Github Communication,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0011: Command and Control,T1043: Commonly Used Port,Suspicious Typical Malware Back Connect Ports,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0003: Persistence,T1084: Windows Management Instrumentation Event Subscription,WMI Event Subscription,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0023_20_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0003: Persistence,T1084: Windows Management Instrumentation Event Subscription,WMI Event Subscription,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0024_21_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0003: Persistence,T1084: Windows Management Instrumentation Event Subscription,WMI Event Subscription,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0022_19_windows_sysmon_WmiEvent,LP_0010_windows_sysmon_WmiEvent,,,-,title
None,TA0003: Persistence,T1084: Windows Management Instrumentation Event Subscription,WMI Persistence - Script Event Consumer File Write,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0005: Defense Evasion,T1085: Rundll32,Rundll32 Internet Connection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0002: Execution,T1085: Rundll32,Rundll32 Internet Connection,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0005: Defense Evasion,T1055: Process Injection,Malicious Named Pipe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0004: Privilege Escalation,T1055: Process Injection,Malicious Named Pipe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0021_18_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0005: Defense Evasion,T1055: Process Injection,Malicious Named Pipe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0004: Privilege Escalation,T1055: Process Injection,Malicious Named Pipe,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0020_17_windows_sysmon_PipeEvent,LP_0009_windows_sysmon_PipeEvent,,,-,title
None,TA0003: Persistence,T1060: Registry Run Keys / Startup Folder,Registry Persistence via Explorer Run Key,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,Possible Process Hollowing Image Loading,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0011_7_windows_sysmon_image_loaded,LP_0006_windows_sysmon_image_loaded,,,-,title
None,TA0002: Execution,T1086: PowerShell,Malicious PowerShell Commandlet Names,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0015_11_windows_sysmon_FileCreate,LP_0008_windows_sysmon_FileCreate,,,-,title
None,TA0005: Defense Evasion,T1076: Remote Desktop Protocol,RDP over Reverse SSH Tunnel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0011: Command and Control,T1076: Remote Desktop Protocol,RDP over Reverse SSH Tunnel,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0007_3_windows_sysmon_network_connection,LP_0005_windows_sysmon_network_connection,,,-,title
None,TA0005: Defense Evasion,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0004: Privilege Escalation,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0005: Defense Evasion,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0005: Defense Evasion,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0004: Privilege Escalation,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,-,,,-,title
None,TA0004: Privilege Escalation,T1088: Bypass User Account Control,UAC Bypass via Event Viewer,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0003_1_windows_sysmon_process_creation,LP_0003_windows_sysmon_process_creation,,,-,title
None,TA0003: Persistence,T1011: Exfiltration Over Other Network Medium,Security Support Provider (SSP) added to LSA configuration,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0003: Persistence,T1060: Registry Run Keys / Startup Folder,New RUN Key Pointing to Suspicious Folder,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1073: DLL Side-Loading,DHCP Callout DLL installation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title
None,TA0005: Defense Evasion,T1112: Modify Registry,DHCP Callout DLL installation,OS Logs,Windows,Applications and Services Logs,Microsoft-Windows-Sysmon/Operational,Microsoft-Windows-Sysmon,DN_0017_13_windows_sysmon_RegistryEvent,-,,,-,title