Vendor: Dell

Product: Dell EMC Isilon

Rules	Models	MITRE TTPs	Event Types	Parsers
55	27	14	4	4

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal File Access	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1083 - File and Directory Discovery	3 Rules 3 Models
Abnormal Remote Access	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1018 - Remote System Discovery T1021 - Remote Services T1075 - T1075 T1078 - Valid Accounts T1550 - Use Alternate Authentication Material	9 Rules 5 Models
Abnormal User Activity	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1021 - Remote Services T1078 - Valid Accounts	10 Rules 5 Models
Access to File Data	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1083 - File and Directory Discovery	3 Rules 3 Models
Account Manipulation	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1078 - Valid Accounts	1 Rules
Account Switch	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1078 - Valid Accounts	2 Rules 1 Models
Brute Force Attack	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1078 - Valid Accounts	1 Rules 1 Models
Compromised Asset	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1003.003 - T1003.003	5 Rules 1 Models
Data Exfiltration	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1204 - User Execution	2 Rules 1 Models
Disabled Account Abuse	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1078 - Valid Accounts	1 Rules
Disabled Account Activity	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1078 - Valid Accounts	1 Rules
Executive Account Abuse	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1021 - Remote Services T1078 - Valid Accounts	1 Rules 1 Models
Executive Account Activity	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1021 - Remote Services T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	2 Rules 1 Models
Malware	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1003.002 - T1003.002 T1027 - Obfuscated Files or Information T1085 - T1085 T1204 - User Execution	8 Rules 3 Models
Pass the Hash	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1550.002 - Use Alternate Authentication Material: Pass the Hash	2 Rules 2 Models
Pass the Ticket	file-delete ↳ dell-file-operations-2 file-read ↳ dell-file-operations-1 ↳ dell-file-operations-4 file-write ↳ dell-file-operations-3 ↳ json-dell-file-operations remote-access ↳ dell-file-remote-access	T1550.002 - Use Alternate Authentication Material: Pass the Hash T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	13 Rules 6 Models

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts	User Execution	Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Obfuscated Files or Information	OS Credential Dumping Steal or Forge Kerberos Tickets Steal or Forge Kerberos Tickets: Kerberoasting	File and Directory Discovery Remote System Discovery	Remote Services Use Alternate Authentication Material

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_dell_dell_emc_isilon.md

ds_dell_dell_emc_isilon.md

Vendor: Dell

Product: Dell EMC Isilon

ATT&CK Matrix for Enterprise

Files

ds_dell_dell_emc_isilon.md

Latest commit

History

ds_dell_dell_emc_isilon.md

File metadata and controls

Vendor: Dell

Product: Dell EMC Isilon

ATT&CK Matrix for Enterprise