Vendor: Honeywell

Product: Honeywell Pro-Watch

Rules	Models	MITRE TTPs	Event Types	Parsers
2	1	1	1	1

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal User Activity	failed-physical-access ↳ s-honeywell-physical-badge-access ↳ honeywell-physical-badge-access ↳ prowatch-badge-access-3 ↳ q-prowatch-badge-access ↳ cef-prowatch-badge-access ↳ prowatch-badge-access-1 ↳ s-prowatch-badge-access ↳ s-prowatch-badge-access-2 ↳ prowatch-badge-access physical-access ↳ s-honeywell-physical-badge-access ↳ honeywell-physical-badge-access ↳ prowatch-badge-access-3 ↳ q-prowatch-badge-access ↳ cef-prowatch-badge-access ↳ prowatch-badge-access-1 ↳ s-prowatch-badge-access ↳ s-prowatch-badge-access-2 ↳ prowatch-badge-access	T1078 - Valid Accounts	1 Rules 1 Models
Access to Physical Space	failed-physical-access ↳ s-honeywell-physical-badge-access ↳ honeywell-physical-badge-access ↳ prowatch-badge-access-3 ↳ q-prowatch-badge-access ↳ cef-prowatch-badge-access ↳ prowatch-badge-access-1 ↳ s-prowatch-badge-access ↳ s-prowatch-badge-access-2 ↳ prowatch-badge-access physical-access ↳ s-honeywell-physical-badge-access ↳ honeywell-physical-badge-access ↳ prowatch-badge-access-3 ↳ q-prowatch-badge-access ↳ cef-prowatch-badge-access ↳ prowatch-badge-access-1 ↳ s-prowatch-badge-access ↳ s-prowatch-badge-access-2 ↳ prowatch-badge-access	T1078 - Valid Accounts	1 Rules

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts		Valid Accounts	Valid Accounts	Valid Accounts