Product: Microsoft Windows
Use-Case: Privileged Asset Abuse
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 1 | 1 | 1 | 58 | 58 |
| Event Type | Rules | Models |
|---|---|---|
| local-logon | T1078 - Valid Accounts ↳ AL-HT-PRIV: Non-Privileged logon to privileged asset |
• AL-HT-PRIV: Privilege Users Assets |
| ntlm-logon | T1078 - Valid Accounts ↳ AL-HT-PRIV: Non-Privileged logon to privileged asset |
• AL-HT-PRIV: Privilege Users Assets |
| remote-logon | T1078 - Valid Accounts ↳ AL-HT-PRIV: Non-Privileged logon to privileged asset |
• AL-HT-PRIV: Privilege Users Assets |