EXPLORE DETECTIONS
OpenCanary - HTTP GET Request
Detects instances where an HTTP service on an OpenCanary node has received a GET request.
OpenCanary - HTTP POST Login Attempt
Detects instances where an HTTP service on an OpenCanary node has had login attempt via Form POST.
OpenCanary - HTTPPROXY Login Attempt
Detects instances where an HTTPPROXY service on an OpenCanary node has had an attempt to proxy another page.
OpenCanary - MSSQL Login Attempt Via SQLAuth
Detects instances where an MSSQL service on an OpenCanary node has had a login attempt using SQLAuth.
OpenCanary - MSSQL Login Attempt Via Windows Authentication
Detects instances where an MSSQL service on an OpenCanary node has had a login attempt using Windows Authentication.
OpenCanary - MySQL Login Attempt
Detects instances where a MySQL service on an OpenCanary node has had a login attempt.
OpenCanary - NMAP FIN Scan
Detects instances where an OpenCanary node has been targeted by a NMAP FIN Scan
OpenCanary - NMAP NULL Scan
Detects instances where an OpenCanary node has been targeted by a NMAP NULL Scan
OpenCanary - NMAP OS Scan
Detects instances where an OpenCanary node has been targeted by a NMAP OS Scan
OpenCanary - NMAP XMAS Scan
Detects instances where an OpenCanary node has been targeted by a NMAP XMAS Scan
OpenCanary - NTP Monlist Request
Detects instances where an NTP service on an OpenCanary node has had a NTP monlist request.
OpenCanary - RDP New Connection Attempt
Detects instances where an RDP service on an OpenCanary node has had a connection attempt.
OpenCanary - REDIS Action Command Attempt
Detects instances where a REDIS service on an OpenCanary node has had an action command attempted.
OpenCanary - SIP Request
Detects instances where an SIP service on an OpenCanary node has had a SIP request.
OpenCanary - SMB File Open Request
Detects instances where an SMB service on an OpenCanary node has had a file open request.
OpenCanary - SNMP OID Request
Detects instances where an SNMP service on an OpenCanary node has had an OID request.
OpenCanary - SSH Login Attempt
Detects instances where an SSH service on an OpenCanary node has had a login attempt.
OpenCanary - SSH New Connection Attempt
Detects instances where an SSH service on an OpenCanary node has had a connection attempt.
OpenCanary - Telnet Login Attempt
Detects instances where a Telnet service on an OpenCanary node has had a login attempt.
OpenCanary - TFTP Request
Detects instances where a TFTP service on an OpenCanary node has had a request.
OpenCanary - VNC Connection Attempt
Detects instances where a VNC service on an OpenCanary node has had a connection attempt.
OpenEDR Spawning Command Shell
Detects the OpenEDR ssh-shellhost.exe spawning a command shell (cmd.exe) or PowerShell with PTY (pseudo-terminal) capabilities. This may indicate remote command execution through OpenEDR's remote management features, which could be legitimate administrative activity or potential abuse of the remote access tool. Threat actors may leverage OpenEDR's remote shell capabilities to execute commands on compromised systems, facilitating lateral movement or other command-and-control operations.
OpenSSH Server Listening On Socket
Detects scenarios where an attacker enables the OpenSSH server and server starts to listening on SSH socket.
OpenWith.exe Executes Specified Binary
The OpenWith.exe executes other binary