You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/alerts-overview.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,7 +63,7 @@ The following table lists the mapping between alert names, their corresponding u
63
63
|[Suspected WannaCry ransomware attack](lateral-movement-alerts.md#suspected-wannacry-ransomware-attack-external-id-2035)| 2035 | Medium | Lateral movement |
64
64
|[Remote code execution over DNS](lateral-movement-alerts.md#remote-code-execution-attempt-over-dns-external-id-2036)| 2036 | Medium | Lateral movement, Privilege escalation |
65
65
|[Suspected NTLM relay attack](lateral-movement-alerts.md#suspected-ntlm-relay-attack-exchange-account-external-id-2037)| 2037 | Medium or Low if observed using signed NTLM v2 protocol | Lateral movement, Privilege escalation |
66
-
|[Security principal reconnaissance (LDAP)](credential-access-alerts.md#security-principal-reconnaissance-ldap-external-id-2038)| 2038 | Medium | Credential access |
66
+
|[Security principal reconnaissance (LDAP)](credential-access-alerts.md#security-principal-reconnaissance-ldap-external-id-2038)| 2038 |High (in case resolutions issues or Specific Tool detected) and Medium | Credential access |
|[Suspected Golden Ticket usage (ticket anomaly using RBCD)](persistence-privilege-escalation-alerts.md#suspected-golden-ticket-usage-ticket-anomaly-using-rbcd-external-id-2040)| 2040 | High | Persistence |
69
69
|[Suspected rogue Kerberos certificate usage](lateral-movement-alerts.md#suspected-rogue-kerberos-certificate-usage-external-id-2047)| 2047 | High | Lateral movement |
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments