Rules | Models | MITRE TTPs | Event Types | Parsers |
---|---|---|---|---|
55 | 27 | 14 | 4 | 4 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts |
User Execution |
Valid Accounts |
Valid Accounts Exploitation for Privilege Escalation |
Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Obfuscated Files or Information |
OS Credential Dumping Steal or Forge Kerberos Tickets Steal or Forge Kerberos Tickets: Kerberoasting |
File and Directory Discovery Remote System Discovery |
Remote Services Use Alternate Authentication Material |