Powerpipe MCP Server →
Powerpipe Hub 
Hub
Mods
turbot/tailpipe-mod-github-audit-log-detections
Overview
3Dashboards
17Benchmarks
24Queries
1Variables
GitHub

Benchmark: TA0006 Credential Access

Overview

The adversary is trying to steal account names and passwords.

Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0006 Credential Access.

Run this benchmark in your terminal:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0006

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0006 --share

Benchmarks

Tags

category = Detections
mitre_attack_tactic_id = TA0006
mitre_attack_version = v16.1
plugin = github
service = GitHub/Organization
type = Benchmark