CylanceMDR protection enhancements
CylanceMDR
protection enhancementsDue to some emerging threats,
CylanceMDR
has implemented the following CylanceOPTICS
rules for improved security and telemetry for analysts. These rules are already in effect and no further action is required from your organization.Latest enhancements (April and May 2024)
Threat or vulnerability | Description |
---|---|
Updated rule for advanced detection of the execution of a Stager payload from PowerShell Empire |
|
Updated rule for advanced detection of the Csvde.exe export command |
|
Updated rule for advanced detection of local credential dump from NTDS, SAM or LSA using SecretsDump |
|
Updated rule for advanced detection of a remote credential dump from the registry hive |
|
Updated rule for enhanced investigation of system information discovery through service enumeration |
|
Updated rule for advanced detection of the extraction of the domain database (including password hashes) using ntdsutil.exe |
|
Updated rule for advanced detection of enumeration of browser bookmarks |
|
Updated rule for advanced detection of Windows Defender registry key modification |
|
Updated rule for enhanced investigation of account or group discovery via dscl |
|
Updated rule for enhanced investigation of file and directory discovery through the Windows command line |
|
Updated rule for advanced detection of the ScreenConnect authentication bypass vulnerability CVE-2024-1709 |
|