Last Updated: September 29, 2023
| Sl.No | IoA(Indicators of Attack) |
| 1 | AntiVirus Security Center Notification Disabled |
| 2 | Computer Account Creation Anomalies |
| 3 | Firewall Disabled |
| 4 | Firewall Security Center Notification Disabled |
| 5 | Highly Suspicious Processes |
| 6 | Highly Suspicious Svchost Executable |
| 7 | ICMP DoS Attack Detection |
| 8 | Kerberos Replay Attack Detection |
| 9 | Registry Access Disabled |
| 10 | Scheduled Task Anomalies |
| 11 | Suspicious Explorer |
| 12 | Suspicious Process Called Privileged System Service Operation |
| 13 | Suspicious Service Installation Anomalies |
| 14 | Suspicious Special Group Logon |
| 15 | Suspicious Windows Security Audit Log Cleared |
| 16 | System ASLR Disabled |
| 17 | System DEP AlwaysOff |
| 18 | System ExecShield Disabled |
| 19 | System GateKeeper Disabled |
| 20 | System NX DX Disabled |
| 21 | System UAC Off |
| 22 | Task Manager Disabled |
| 23 | UAC Security Center Notify Disabled |
| 24 | Unauthorized Application Accessing LPC Port |
| 25 | Updates Security Center Notification Disabled |
| 26 | User Account Creation Anomalies |
| 27 | User Account Locked or Unlocked |
| 28 | User Account Logon Failed Anomalies |
| 29 | User or Computer Account Created or Deleted |
| 30 | Windows CPU or RAM Usage More Than 95 Percentage |
| 31 | Windows Filtering Blocked Suspicious Packet Connection |
| 32 | Windows Firewall Failed to Initialize or Start |
