Phoenix
Sigma IntelligenceBeta
Detection Validation

Testing & Validation

Rules instrumented with simulation frameworks or regression datasets to validate your detection pipeline end-to-end.

54

Simulations

169

Datasets

49

Fully instrumented

174

Testable rules

54 results
Binary Padding - Linux
highlinux
atomic-red-teamT1027.001
ART

Pad Binary to Change Hash - Linux/macOS dd

ffe2346c-abd5-4b45-a713-bf5f1ebd573a

Important Scheduled Task Deleted/Disabled
highwindows
atomic-red-teamT1490
ART

Windows - Disable the SR scheduled task

1c68c68d-83a4-4981-974e-8993055fa034

Important Scheduled Task Deleted or Disabled
highwindows
atomic-red-teamT1490
ART

Windows - Disable the SR scheduled task

1c68c68d-83a4-4981-974e-8993055fa034

Windows AMSI Related Registry Tampering Via CommandLine
highwindows· process_creation
atomic-red-teamT1562.001
ART

AMSI Bypass - Create AMSIEnable Reg Key

728eca7b-0444-4f6f-ac36-437e3d751dc0

Interactive AT Job
highwindows· process_creation
atomic-red-teamT1053.002
ART

At.exe Scheduled task

4a6c0dc4-0f2a-4203-9298-a5a9bdc21ed8

Windows EventLog Autologger Session Registry Modification Via CommandLine
highwindows· process_creation
atomic-red-teamT1562.001
ART

Disable EventLog-Application Auto Logger Session Via Registry - Cmd

653c6e17-14a2-4849-851d-f1c0cc8ea9ab

atomic-red-teamT1562.001
ART

Disable EventLog-Application Auto Logger Session Via Registry - PowerShell

da86f239-9bd3-4e85-92ed-4a94ef111a1c

atomic-red-teamT1562.001
ART

Disable EventLog-Application ETW Provider Via Registry - Cmd

1cac9b54-810e-495c-8aac-989e0076583b

atomic-red-teamT1562.001
ART

Disable EventLog-Application ETW Provider Via Registry - PowerShell

8f907648-1ebf-4276-b0f0-e2678ca474f0

Boot Configuration Tampering Via Bcdedit.EXE
highwindows· process_creation
atomic-red-teamT1490
ART

Windows - Disable Windows Recovery Console Repair

cf21060a-80b3-4238-a595-22525de4ab81

Suspicious Download From File-Sharing Website Via Bitsadmin
highwindows· process_creation
atomic-red-teamT1105
ART

Windows - BITSAdmin BITS Download

a1921cd3-9a2d-47d5-a891-f1d0f2a7a31b

File With Suspicious Extension Downloaded Via Bitsadmin
highwindows· process_creation
atomic-red-teamT1105
ART

Windows - BITSAdmin BITS Download

a1921cd3-9a2d-47d5-a891-f1d0f2a7a31b

File Download Via Bitsadmin To A Suspicious Target Folder
highwindows· process_creation
atomic-red-teamT1105
ART

Windows - BITSAdmin BITS Download

a1921cd3-9a2d-47d5-a891-f1d0f2a7a31b

Potential Reconnaissance For Cached Credentials Via Cmdkey.EXE
highwindows· process_creation
atomic-red-teamT1003.005
ART

Cached Credential Dump via Cmdkey

56506854-89d6-46a3-9804-b7fde90791f9

Suspicious Curl.EXE Download
highwindows· process_creation
atomic-red-teamT1105
ART

Curl Download File

2b080b99-0deb-4d51-af0f-833d37c4ca6a