Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-github-audit-log-detections
Overview
3Dashboards
17Benchmarks
24Queries
1Variables
GitHub

Benchmark: TA0002 Execution

Overview

The adversary is trying to run malicious code.

Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0002 Execution.

Run this benchmark in your terminal:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0002

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0002 --share

Benchmarks

Tags

category = Detections
mitre_attack_tactic_id = TA0002
mitre_attack_version = v16.1
plugin = github
service = GitHub/Organization
type = Benchmark