"##grade the event instead of escalating it as likely compromise. example 3 : privileged vpn or administrative access from a first - time external ip source : vpn / pam platform severity : high user : it - ops - admin access type : successful privileged vpn authentication source i…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1110Brute Force
53%
"could easily miss if they only treated the ip as a generic login source. on port 7000, the host was serving a web interface for vpnbrute v1. 3. 0, a tool associated with brute forcing vpn credentials. censys classified the host as a security _ tool with an initial _ access tactic…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.001Default Accounts
38%
"##grade the event instead of escalating it as likely compromise. example 3 : privileged vpn or administrative access from a first - time external ip source : vpn / pam platform severity : high user : it - ops - admin access type : successful privileged vpn authentication source i…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1133External Remote Services
35%
"could easily miss if they only treated the ip as a generic login source. on port 7000, the host was serving a web interface for vpnbrute v1. 3. 0, a tool associated with brute forcing vpn credentials. censys classified the host as a security _ tool with an initial _ access tactic…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
30%
"- seen external ip source : okta risk engine severity : medium user : jane. doe @ company. com application : microsoft 365 event : successful login after mfa challenge source ip : { redacted } risk factors : first - seen ip, new asn, unusual location disposition : allowed this is…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
In our recent post, The Internet’s Best Map Is Now Its Clearest Risk Signal, we introduced Censys Reputation Score and why it matters: it offers a faster way to apply judgment to the public infrastructure behind real security incidents. This post is the next step. It’s the first in a series on a simpler question: […]