Reconocimiento de enumeración de cuentasAccount enumeration reconnaissance |
ALERT_EXTERNAL_AATP_ACCOUNT_ENUMERATION_SECURITY_ALERTALERT_EXTERNAL_AATP_ACCOUNT_ENUMERATION_SECURITY_ALERT |
Reconocimiento de los atributos de Active Directory (LDAP)Active Directory attributes reconnaissance (LDAP) |
ALERT_EXTERNAL_AATP_LDAP_SENSITIVE_ATTRIBUTE_RECONNAISSANCE_SECURITY_ALERTALERT_EXTERNAL_AATP_LDAP_SENSITIVE_ATTRIBUTE_RECONNAISSANCE_SECURITY_ALERT |
Filtración de datos a través de SMBData exfiltration over SMB |
ALERT_EXTERNAL_AATP_SMB_DATA_EXFILTRATION_SECURITY_ALERTALERT_EXTERNAL_AATP_SMB_DATA_EXFILTRATION_SECURITY_ALERT |
Actividad de honeytokenHoneytoken activity |
ALERT_EXTERNAL_AATP_HONEYTOKEN_ACTIVITY_SECURITY_ALERTALERT_EXTERNAL_AATP_HONEYTOKEN_ACTIVITY_SECURITY_ALERT |
Solicitud malintencionada de clave maestra de la API de protección de datosMalicious request of Data Protection API master key |
ALERT_EXTERNAL_AATP_RETRIEVE_DATA_PROTECTION_BACKUP_KEY_SECURITY_ALERTALERT_EXTERNAL_AATP_RETRIEVE_DATA_PROTECTION_BACKUP_KEY_SECURITY_ALERT |
Reconocimiento de asignación de redes (DNS)Network mapping reconnaissance (DNS) |
ALERT_EXTERNAL_AATP_DNS_RECONNAISSANCE_SECURITY_ALERTALERT_EXTERNAL_AATP_DNS_RECONNAISSANCE_SECURITY_ALERT |
Intento de ejecución remota de códigoRemote code execution attempt |
ALERT_EXTERNAL_AATP_REMOTE_EXECUTION_SECURITY_ALERTALERT_EXTERNAL_AATP_REMOTE_EXECUTION_SECURITY_ALERT |
Ejecución remota de código sobre DNSRemote code execution over DNS |
ALERT_EXTERNAL_AATP_DNS_REMOTE_CODE_EXECUTION_SECURITY_ALERTALERT_EXTERNAL_AATP_DNS_REMOTE_CODE_EXECUTION_SECURITY_ALERT |
Reconocimiento de entidad de seguridad (LDAP)Security principal reconnaissance (LDAP) |
ALERT_EXTERNAL_AATP_LDAP_SEARCH_RECONNAISSANCE_SECURITY_ALERTALERT_EXTERNAL_AATP_LDAP_SEARCH_RECONNAISSANCE_SECURITY_ALERT |
Sospecha de ataque por fuerza bruta (Kerberos, NTLM)Suspected Brute Force attack (Kerberos, NTLM) |
ALERT_EXTERNAL_AATP_BRUTE_FORCE_SECURITY_ALERTALERT_EXTERNAL_AATP_BRUTE_FORCE_SECURITY_ALERT |
Sospecha de ataque por fuerza bruta (LDAP)Suspected Brute Force attack (LDAP) |
ALERT_EXTERNAL_AATP_LDAP_BRUTE_FORCE_SECURITY_ALERTALERT_EXTERNAL_AATP_LDAP_BRUTE_FORCE_SECURITY_ALERT |
Sospecha de ataque por fuerza bruta (SMB)Suspected Brute Force attack (SMB) |
ALERT_EXTERNAL_AATP_ABNORMAL_SMB_BRUTE_FORCE_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_SMB_BRUTE_FORCE_SECURITY_ALERT |
Sospecha de ataque DCShadow (promoción de controlador de dominio)Suspected DCShadow attack (domain controller promotion) |
ALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_ROGUE_PROMOTION_SECURITY_ALERTALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_ROGUE_PROMOTION_SECURITY_ALERT |
Sospecha de ataque DCShadow (solicitud de replicación de controlador de dominio)Suspected DCShadow attack (domain controller replication request) |
ALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_ROGUE_REPLICATION_SECURITY_ALERTALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_ROGUE_REPLICATION_SECURITY_ALERT |
Sospecha de ataque DCSync (replicación de servicios de directorio)Suspected DCSync attack (replication of directory services) |
ALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_REPLICATION_SECURITY_ALERTALERT_EXTERNAL_AATP_DIRECTORY_SERVICES_REPLICATION_SECURITY_ALERT |
Sospecha de uso de golden ticket (degradación de cifrado)Suspected Golden Ticket usage (encryption downgrade) |
ALERT_EXTERNAL_AATP_GOLDEN_TICKET_ENCRYPTION_DOWNGRADE_SECURITY_ALERTALERT_EXTERNAL_AATP_GOLDEN_TICKET_ENCRYPTION_DOWNGRADE_SECURITY_ALERT |
Sospecha de uso de golden ticket (datos de autorización falsificados)Suspected Golden Ticket usage (forged authorization data) |
ALERT_EXTERNAL_AATP_FORGED_PAC_SECURITY_ALERTALERT_EXTERNAL_AATP_FORGED_PAC_SECURITY_ALERT |
Sospecha de uso de golden ticket (cuenta inexistente)Suspected Golden Ticket usage (nonexistent account) |
ALERT_EXTERNAL_AATP_FORGED_PRINCIPAL_SECURITY_ALERTALERT_EXTERNAL_AATP_FORGED_PRINCIPAL_SECURITY_ALERT |
Sospecha de uso de golden ticket (anomalía del vale)Suspected Golden Ticket usage (ticket anomaly) |
ALERT_EXTERNAL_AATP_GOLDEN_TICKET_SIZE_ANOMALY_SECURITY_ALERTALERT_EXTERNAL_AATP_GOLDEN_TICKET_SIZE_ANOMALY_SECURITY_ALERT |
Sospecha de uso de golden ticket (anomalía del vale mediante RBCD)Suspected Golden Ticket usage (ticket anomaly using RBCD) |
ALERT_EXTERNAL_AATP_RESOURCE_BASED_CONSTRAINED_DELEGATION_GOLDEN_TICKET_SECURITY_ALERTALERT_EXTERNAL_AATP_RESOURCE_BASED_CONSTRAINED_DELEGATION_GOLDEN_TICKET_SECURITY_ALERT |
Sospecha de uso de golden ticket (anomalía temporal)Suspected Golden Ticket usage (time anomaly) |
ALERT_EXTERNAL_AATP_GOLDEN_TICKET_SECURITY_ALERTALERT_EXTERNAL_AATP_GOLDEN_TICKET_SECURITY_ALERT |
Sospecha de robo de identidad (Pass-the-Hash)Suspected identity theft (pass-the-hash) |
ALERT_EXTERNAL_AATP_PASS_THE_HASH_SECURITY_ALERTALERT_EXTERNAL_AATP_PASS_THE_HASH_SECURITY_ALERT |
Sospecha de robo de identidad (Pass-the-Hash)Suspected identity theft (pass-the-ticket) |
ALERT_EXTERNAL_AATP_PASS_THE_TICKET_SECURITY_ALERTALERT_EXTERNAL_AATP_PASS_THE_TICKET_SECURITY_ALERT |
Exposición de SPN de Kerberos sospechosa (identificador externo 2410)Suspected Kerberos SPN exposure (external ID 2410) |
ALERT_EXTERNAL_AATP_KERBEROASTING_SECURITY_ALERTALERT_EXTERNAL_AATP_KERBEROASTING_SECURITY_ALERT |
Sospecha de intento de elevación de privilegios de Netlogon (abuso CVE-2020-1472)Suspected Netlogon privilege elevation attempt (CVE-2020-1472 exploitation) |
ALERT_EXTERNAL_AATP_NETLOGON_BYPASS_SECURITY_ALERTALERT_EXTERNAL_AATP_NETLOGON_BYPASS_SECURITY_ALERT |
Sospecha de alteración de la autenticación NTLMSuspected NTLM authentication tampering |
ALERT_EXTERNAL_AATP_ABNORMAL_NTLM_SIGNING_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_NTLM_SIGNING_SECURITY_ALERT |
Sospecha de ataque de retransmisión de NTLMSuspected NTLM relay attack |
ALERT_EXTERNAL_AATP_NTLM_RELAY_SECURITY_ALERTALERT_EXTERNAL_AATP_NTLM_RELAY_SECURITY_ALERT |
Sospecha de ataque Overpass-the-Hash (Kerberos)Suspected overpass-the-hash attack (Kerberos) |
ALERT_EXTERNAL_AATP_ABNORMAL_KERBEROS_OVERPASS_THE_HASH_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_KERBEROS_OVERPASS_THE_HASH_SECURITY_ALERT |
Uso de un certificado Kerberos sospechoso de no estar autorizadoSuspected rogue Kerberos certificate usage |
ALERT_EXTERNAL_AATP_ROGUE_CERTIFICATE_USAGE_SECURITY_ALERTALERT_EXTERNAL_AATP_ROGUE_CERTIFICATE_USAGE_SECURITY_ALERT |
Sospecha de ataque de llave maestra (degradación de cifrado)Suspected Skeleton Key attack (encryption downgrade) |
ALERT_EXTERNAL_AATP_SKELETON_KEY_ENCRYPTION_DOWNGRADE_SECURITY_ALERTALERT_EXTERNAL_AATP_SKELETON_KEY_ENCRYPTION_DOWNGRADE_SECURITY_ALERT |
Sospecha de manipulación de paquetes SMB (vulnerabilidad CVE-2020-0796): (versión preliminar)Suspected SMB packet manipulation (CVE-2020-0796 exploitation) - (preview) |
ALERT_EXTERNAL_AATP_SMB_GHOST_SECURITY_ALERTALERT_EXTERNAL_AATP_SMB_GHOST_SECURITY_ALERT |
Sospecha de uso del marco de pirateo MetasploitSuspected use of Metasploit hacking framework |
ALERT_EXTERNAL_AATP_ABNORMAL_SMB_METASPLOIT_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_SMB_METASPLOIT_SECURITY_ALERT |
Presunto ataque de ransomware WannaCrySuspected WannaCry ransomware attack |
ALERT_EXTERNAL_AATP_ABNORMAL_SMB_WANNA_CRY_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_SMB_WANNA_CRY_SECURITY_ALERT |
Adiciones anómalas a grupos confidencialesSuspicious additions to sensitive groups |
ALERT_EXTERNAL_AATP_ABNORMAL_SENSITIVE_GROUP_MEMBERSHIP_CHANGE_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_SENSITIVE_GROUP_MEMBERSHIP_CHANGE_SECURITY_ALERT |
Comunicación sospechosa a través de DNSSuspicious communication over DNS |
ALERT_EXTERNAL_AATP_DNS_SUSPICIOUS_COMMUNICATION_SECURITY_ALERTALERT_EXTERNAL_AATP_DNS_SUSPICIOUS_COMMUNICATION_SECURITY_ALERT |
Creación de servicios sospechososSuspicious service creation |
ALERT_EXTERNAL_AATP_MALICIOUS_SERVICE_CREATION_SECURITY_ALERTALERT_EXTERNAL_AATP_MALICIOUS_SERVICE_CREATION_SECURITY_ALERT |
Conexión de VPN sospechosaSuspicious VPN connection |
ALERT_EXTERNAL_AATP_ABNORMAL_VPN_SECURITY_ALERTALERT_EXTERNAL_AATP_ABNORMAL_VPN_SECURITY_ALERT |
Reconocimiento de pertenencia a grupos y usuarios (SAMR)User and Group membership reconnaissance (SAMR) |
ALERT_EXTERNAL_AATP_SAMR_RECONNAISSANCE_SECURITY_ALERTALERT_EXTERNAL_AATP_SAMR_RECONNAISSANCE_SECURITY_ALERT |
Reconocimiento de usuario y dirección IP (SMB)User and IP address reconnaissance (SMB) |
ALERT_EXTERNAL_AATP_ENUMERATE_SESSIONS_SECURITY_ALERTALERT_EXTERNAL_AATP_ENUMERATE_SESSIONS_SECURITY_ALERT |