LetsDefend Monitoring Alert

Possible Token Manipulation Detected

Jan, 17, 2024, 12:19 PM

Event ID: 219

Event Time: Jan, 17, 2024, 12:19 PM

Rule Name: SOC255 - Possible Token Manipulation Detected

Alert Type: Brute Force

MITRE Technique:
T1053.005 - Persistence - Scheduled Task,
T1059.001 - Execution - Command and Scripting Interpreter: PowerShell,
T1110 - Credential Access - Brute Force,
T1133 - Initial Access - External Remote Services,
T1078 - Initial Access - Valid Accounts,
T1136 - Persistence - Create Account,
T1134.001 - Privilege Escalation - Access Token Manipulation: Token Impersonation/Theft,
T1562.004 - Defense Evasion - Impair Defenses: Disable or Modify System Firewall,

Severity: High

Incident Responder

2025 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166