Incident Response Eventhoods

The map organizes event codes into distinct categories, such as

  • Network Activity

  • initial access

  • Privilege Escalation Detection

  • Process Creation

  • Persistence Detection - schedule task

  • Persistence Registry Detection

  • PowerShell Detection

  • Buffer Overflow Detection

  • lateral movement Detection

  • DCSync Activity Detection

  • Golden Ticket Detection

  • Pass-the-Hash (PtH) Attack Detection

  • Pass-the-Ticket (PtT) Attack Detection

Here is the HTML map with high quality

Here is a photo of the content above

Last updated