# AN1896 — Detection of Adversary-in-the-Middle (ICS) ## Descrição Analítico para detecção de — na plataforma ICS. **Plataformas:** ICS --- ### Fontes de Log | Fonte | Detalhe | |-------|--------| | Windows Registry Key Modification (DC0063) | Windows Registry | | Process Creation (DC0032) | Process | | Network Traffic Flow (DC0078) | Network Traffic | | Service Creation (DC0060) | Service | | Network Traffic Content (DC0085) | Network Traffic | | Application Log Content (DC0038) | Application Log | ### Data Components Utilizados - [[dc0032-process-creation|DC0032]] - [[dc0038-application-log-content|DC0038]] - [[dc0060-service-creation|DC0060]] - [[dc0063-windows-registry-key-modification|DC0063]] - [[dc0078-network-traffic-flow|DC0078]] - [[dc0085-network-traffic-content|DC0085]] --- *Fonte: [MITRE ATT&CK — AN1896](https://attack.mitre.org/detectionstrategies/DET0764#AN1896)*