Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-github-audit-log-detections
Overview
3Dashboards
17Benchmarks
24Queries
1Variables
GitHub

Benchmark: TA0001 Initial Access

Overview

The adversary is trying to get into your network.

Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0001 Initial Access.

Run this benchmark in your terminal:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0001

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0001 --share

Benchmarks

Tags

category = Detections
mitre_attack_tactic_id = TA0001
mitre_attack_version = v16.1
plugin = github
service = GitHub/Organization
type = Benchmark