# AN1881 — Detection of Data from Local System (ICS) ## Descrição Analítico para detecção de — na plataforma ICS. **Plataformas:** ICS --- ### Fontes de Log | Fonte | Detalhe | |-------|--------| | File Access (DC0055) | File | | Process Creation (DC0032) | Process | | Script Execution (DC0029) | Script | | OS API Execution (DC0021) | Process | | Command Execution (DC0064) | Command | ### Data Components Utilizados - [[dc0021-active-directory-object-modification|DC0021]] - [[dc0029-network-share-access|DC0029]] - [[dc0032-process-creation|DC0032]] - [[dc0055-file-access|DC0055]] - [[dc0064-command-execution|DC0064]] --- *Fonte: [MITRE ATT&CK — AN1881](https://attack.mitre.org/detectionstrategies/DET0749#AN1881)*