Skip to content

DET0726 Detection of Wireless Compromise

Item Value
ID DET0726
Version 1.0
Created 21 October 2025
Last Modified 21 October 2025

Technique Detected: T0860 (Wireless Compromise)

Analytics

ICS

AN1859

Monitor login sessions for new or unexpected devices or sessions on wireless networks. Monitor application logs for new or unexpected devices or sessions on wireless networks. New or irregular network traffic flows may indicate potentially unwanted devices or sessions on wireless networks. In Wi-Fi networks monitor for changes such as rogue access points or low signal strength, indicating a device is further away from the access point then expected and changes in the physical layer signal.(Citation: Nzyme Alerts Intro) (Citation: Wireless Intrusion Detection) Network traffic content will provide important context, such as hardware (e.g., MAC) addresses, user accounts, and types of messages sent.

Log Sources
Data Component Name Channel
Logon Session Creation (DC0067) Logon Session None
Application Log Content (DC0038) Application Log None
Network Traffic Flow (DC0078) Network Traffic None
Mutable Elements
Field Description