# AN1897 — Detection of Service Stop (ICS) ## Descrição Analítico para detecção de — na plataforma ICS. **Plataformas:** ICS --- ### Fontes de Log | Fonte | Detalhe | |-------|--------| | File Modification (DC0061) | File | | Command Execution (DC0064) | Command | | OS API Execution (DC0021) | Process | | Process Termination (DC0033) | Process | | Service Metadata (DC0041) | Service | | Windows Registry Key Modification (DC0063) | Windows Registry | | Process Creation (DC0032) | Process | ### Data Components Utilizados - [[dc0021-active-directory-object-modification|DC0021]] - [[dc0032-process-creation|DC0032]] - [[dc0033-process-termination|DC0033]] - [[dc0041-service-metadata|DC0041]] - [[dc0061-file-modification|DC0061]] - [[dc0063-windows-registry-key-modification|DC0063]] - [[dc0064-command-execution|DC0064]] --- *Fonte: [MITRE ATT&CK — AN1897](https://attack.mitre.org/detectionstrategies/DET0765#AN1897)*