# AN1878 — Detection of Lateral Tool Transfer (ICS) ## Descrição Analítico para detecção de — na plataforma ICS. **Plataformas:** ICS --- ### Fontes de Log | Fonte | Detalhe | |-------|--------| | Network Share Access (DC0102) | Network Share | | File Metadata (DC0059) | File | | File Creation (DC0039) | File | | Network Traffic Content (DC0085) | Network Traffic | | Command Execution (DC0064) | Command | | Process Creation (DC0032) | Process | | Network Traffic Flow (DC0078) | Network Traffic | ### Data Components Utilizados - [[dc0032-process-creation|DC0032]] - [[dc0039-file-creation|DC0039]] - [[dc0059-file-metadata|DC0059]] - [[dc0064-command-execution|DC0064]] - [[dc0078-network-traffic-flow|DC0078]] - [[dc0085-network-traffic-content|DC0085]] - [[dc0102-network-share-access|DC0102]] --- *Fonte: [MITRE ATT&CK — AN1878](https://attack.mitre.org/detectionstrategies/DET0745#AN1878)*