Abnormal Application Access |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Abnormal Authentication & Access |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts T1133 - External Remote Services
|
|
Abnormal File Access |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1083 - File and Directory Discovery
|
|
Abnormal User Activity |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts T1133 - External Remote Services
|
|
Access to Application Data |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Access to File Data |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1083 - File and Directory Discovery
|
|
Account Manipulation |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Compromised Service Account |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Data Exfiltration |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1204 - User Execution
|
|
Data Leak |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1204 - User Execution
|
|
Data Leak via Email |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1114.003 - Email Collection: Email Forwarding Rule
|
|
Disabled Account Abuse |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Disabled Account Activity |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Evasion |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1090.003 - Proxy: Multi-hop Proxy
|
|
Executive Account Activity |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Malware |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1204 - User Execution
|
|
Membership and Permission Modifications |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Permission Changes |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Privileged Account Abuse |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Ransomware |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|
Service Account Abuse |
app-activity ↳ symantec-cloud-activity
app-login ↳ symantec-cloud-activity
dlp-alert ↳ symantec-cloud-dlp-alert
failed-app-login ↳ symantec-cloud-activity
file-delete ↳ symantec-cloud-activity
file-download ↳ symantec-cloud-activity
file-upload ↳ symantec-cloud-activity
|
T1078 - Valid Accounts
|
|