Detections_

Identifies potential command-and-control beaconing behaviour by analysing the statistical regularity of DNS queries to external domains from internal hosts.

Detects use of PsExec or similar remote execution tools for lateral movement, based on characteristic service creation events and named pipe patterns.

Detects repeated failed authentication attempts against a single account within a short time window, indicative of password brute-forcing activity.