Given below are some threat categories and their descriptions.
Drag and drop each threat category to its corresponding descriptions, and then click Submit.
- Cloud: Detect account compromise, Kubernetes abuse, and computer resource abuse. (This category focuses on threats specific to cloud environments, including misconfigurations, compromised cloud accounts, and vulnerabilities in cloud-native technologies like Kubernetes.)
- UEBA: Identify peer-group anomalies, excessive alert volumes, and suspicious logins. (UEBA is about detecting threats by analyzing the behavioral patterns of users and entities to spot deviations from the norm, often indicating insider threats or compromised accounts.)
- Identity: Spot unusual account creation, privilege escalation, and factor tampering. (This category is concerned with threats that target user identities and access management systems, including credential theft, unauthorized privilege changes, and attempts to bypass authentication factors.)
- Endpoint: Prioritize EDR alerts, prevent data loss, and detect malicious PowerShell activity. (Endpoint security focuses on protecting individual devices like laptops, desktops, and servers. EDR (Endpoint Detection and Response) tools are key here for monitoring and responding to threats at the device level, including malware, script-based attacks, and data exfiltration.)
- Network: Monitor malicious and anomalous network activity. (This covers threats that manifest on the network itself, such as unauthorized access, suspicious traffic patterns, command and control communications, and lateral movement.)
- Mandiant Emerging Threats: Track threat actor methodologies, nation-state activities, and top threats from M-Trends. (This refers to high-fidelity, expert-curated threat intelligence from Mandiant, providing insights into advanced threat actors, their evolving TTPs, and significant trends in the cyber threat landscape, often summarized in reports like M-Trends.)