AXI
OM
← HUNT INTERFACE
SOC DASHBOARD
⚡ NO SIEM
PLATFORM:
XSIAM
Sentinel
Splunk
Falcon
S1
MAY 20, 2026
XSIAM
Cortex XSIAM / XDR
XQL
▶ LAUNCH XSIAM HUNT
overview
hypotheses
coverage
recent
TOTAL HYPOTHESES
140
CRITICAL PRIORITY
43
ATT&CK TECHNIQUES
119
TACTICS COVERED
13
// SELECT ACTIVE PLATFORM
XSIAM
Palo Alto Networks
140
HYPOTHESES
ACTIVE
Sentinel
Microsoft
140
HYPOTHESES
Splunk
Splunk
140
HYPOTHESES
Falcon
CrowdStrike
140
HYPOTHESES
S1
SentinelOne
140
HYPOTHESES
// RECOMMENDED — START HERE
CRITICAL PRIORITY
CRIT
Office Application Spawning Shell Interpreter
▶
T1566.001 · Execution
CRIT
LSASS Memory Dumping
▶
T1003.001 · Credential Access
CRIT
DCSync — Unauthorized AD Replication
▶
T1003.006 · Credential Access
CRIT
Pass-the-Hash Lateral Movement
▶
T1550.002 · Lateral Movement
CRIT
Shadow Copy Deletion — Ransomware Precursor
▶
T1490 · Impact
CRIT
C2 Beaconing — High Frequency Outbound
▶
T1071 · Command and Control
// SESSION ACTIVITY
0 hunts this session
No hunts yet this session
Run a hunt in the main interface.
Your session activity appears here.
▶ START HUNTING
AXIOM · PEAK METHODOLOGY · ATT&CK-ALIGNED · XSIAM · DEFENDER · SPLUNK · FALCON · S1 · NO-SIEM