T1654

Log Enumeration

Adversaries may enumerate system and service logs to find useful data. These logs may highlight various types of valuable insights for an adversary, such as user authentication records ([Account Discovery](https://attack.mitre.org/techniques/T1087)), security or vulnerable software ([Software Discovery](https://attack.mitre.org/techniques/T1518)), or hosts within a compromised network ([Remote System Discovery](https://attack.mitre.org/techniques/T1018)). Host binaries may be leveraged to colle...

ESXiIaaSLinuxmacOSWindows

Detections

Sources

Threat Actors

BY SOURCE

1splunk_escu

PROCEDURES (1)

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

THREAT ACTORS (5)

APT5 Aquatic Panda Ember Bear Mustang Panda Volt Typhoon

DETECTIONS (1)

Windows EventLog Recon Activity Using Log Query Utilities

splunk_escu