Product: Symantec Critical System Protection
Use-Case: Privileged Asset Abuse
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 1 | 1 | 1 | 3 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| local-logon | T1078 - Valid Accounts ↳ AL-HT-PRIV: Non-Privileged logon to privileged asset |
• AL-HT-PRIV: Privilege Users Assets |