AXI
OM
← HUNT INTERFACE
SOC DASHBOARD
⚡ NO SIEM
PLATFORM:
XSIAM
Sentinel
Splunk
Falcon
S1
QRadar
Wazuh
JUN 2, 2026
XSIAM
Cortex XSIAM / XDR
XQL
▶ LAUNCH XSIAM HUNT
overview
hypotheses
coverage
recent
TOTAL HYPOTHESES
240
CRITICAL PRIORITY
68
ATT&CK TECHNIQUES
141
TACTICS COVERED
13
// SELECT ACTIVE PLATFORM
XSIAM
Palo Alto Networks
240
HYPOTHESES
ACTIVE
Sentinel
Microsoft
240
HYPOTHESES
Splunk
Splunk
240
HYPOTHESES
Falcon
CrowdStrike
240
HYPOTHESES
S1
SentinelOne
240
HYPOTHESES
QRadar
IBM
240
HYPOTHESES
Wazuh
Wazuh
240
HYPOTHESES
// RECOMMENDED — START HERE
CRITICAL PRIORITY
CRIT
Office Application Spawning Shell Interpreter
▶
T1566.001 · Execution
CRIT
LSASS Memory Dumping
▶
T1003.001 · Credential Access
CRIT
DCSync — Unauthorized AD Replication
▶
T1003.006 · Credential Access
CRIT
Pass-the-Hash Lateral Movement
▶
T1550.002 · Lateral Movement
CRIT
Shadow Copy Deletion — Ransomware Precursor
▶
T1490 · Impact
CRIT
C2 Beaconing — High Frequency Outbound
▶
T1071 · Command and Control
// SESSION ACTIVITY
0 hunts this session
No hunts yet this session
Run a hunt in the main interface.
Your session activity appears here.
▶ START HUNTING
AXIOM · PEAK METHODOLOGY · ATT&CK-ALIGNED · XSIAM · DEFENDER · SPLUNK · FALCON · S1 · NO-SIEM