Skip to content

Commit e0e6d3d

Browse files
prmerger-automator[bot]prmerger-automator[bot]
authored
Merge pull request #236533 from AlizaBernstein/WI-72548-move-2alerts-from-Linux-to-win
WI-72548-Update alerts-reference--move 2 win alerts from Linux
2 parents 933d99a + 74faabe commit e0e6d3d

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/defender-for-cloud/alerts-reference.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -600,8 +600,6 @@ The following tables include the Defender for Servers security alerts [to be dep
600600

601601
| **Alert Type** | **Alert Display Name** | **Severity**
602602
|---|---|---|
603-
VM.Windows_KnownCredentialAccessTools | Suspicious process executed | High
604-
VM.Windows_SuspiciousAccountCreation | Suspicious Account Creation Detected | Medium
605603
VM_AbnormalDaemonTermination | Abnormal Termination | Low
606604
VM_BinaryGeneratedFromCommandLine | Suspicious binary detected | Medium
607605
VM_CommandlineSuspectDomain Suspicious | domain name reference | Low
@@ -700,6 +698,7 @@ VM.Windows_ExecutableDecodedUsingCertutil | Detected decoding of an executable u
700698
VM.Windows_FileDeletionIsSospisiousLocation | Suspicious file deletion detected | Medium
701699
VM.Windows_KerberosGoldenTicketAttack | Suspected Kerberos Golden Ticket attack parameters observed | Medium
702700
VM.Windows_KeygenToolKnownProcessName | Detected possible execution of keygen executable Suspicious process executed | Medium
701+
VM.Windows_KnownCredentialAccessTools | Suspicious process executed | High
703702
VM.Windows_KnownSuspiciousPowerShellScript | Suspicious use of PowerShell detected | High
704703
VM.Windows_KnownSuspiciousSoftwareInstallation | High risk software detected | Medium
705704
VM.Windows_MsHtaAndPowerShellCombination | Detected suspicious combination of HTA and PowerShell | Medium
@@ -713,6 +712,7 @@ VM.Windows_RansomwareIndication | Ransomware indicators detected | High
713712
VM.Windows_SqlDumperUsedSuspiciously | Possible credential dumping detected [seen multiple times] | Medium
714713
VM.Windows_StopCriticalServices | Detected the disabling of critical services | Medium
715714
VM.Windows_SubvertingAccessibilityBinary | Sticky keys attack detected <br/> Suspicious account creation detected Medium
715+
VM.Windows_SuspiciousAccountCreation | Suspicious Account Creation Detected | Medium
716716
VM.Windows_SuspiciousFirewallRuleAdded | Detected suspicious new firewall rule | Medium
717717
VM.Windows_SuspiciousFTPSSwitchUsage | Detected suspicious use of FTP -s switch | Medium
718718
VM.Windows_SuspiciousSQLActivity | Suspicious SQL activity | Medium

0 commit comments

Comments
 (0)