Product: Sophos Endpoint Protection
Use-Case: Disabled Account Activity
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 1 | 0 | 1 | 10 | 10 |
| Event Type | Rules | Models |
|---|---|---|
| file-alert | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |