# DET0060 — Detect Ingress Tool Transfers via Behavioral Chain ## Descrição Estratégia de detecção DET0060. Plataformas: ESXi, Linux, Windows, macOS. ## Data Components Necessários | Data Component | Descrição | |---|---| | [[dc0032-process-creation\|DC0032 — Process Creation]] | Telemetria necessária | | [[dc0039-file-creation\|DC0039 — File Creation]] | Telemetria necessária | | [[dc0064-command-execution\|DC0064 — Command Execution]] | Telemetria necessária | | [[dc0078-network-traffic-flow\|DC0078 — Network Traffic Flow]] | Telemetria necessária | | [[dc0082-network-connection-creation\|DC0082 — Network Connection Creation]] | Telemetria necessária | ## Analytics Relacionadas - [[an0165-analytic-0165|AN0165 (Windows)]] - [[an0166-analytic-0166|AN0166 (Linux)]] - [[an0167-analytic-0167|AN0167 (macOS)]] - [[an0168-analytic-0168|AN0168 (ESXi)]] --- *Fonte: [MITRE ATT&CK — DET0060](https://attack.mitre.org/detectionstrategies/DET0060)*