Product: Deep Discovery Inspector
Use-Case: Access to Application Data
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 4 | 1 | 3 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| app-login | T1078 - Valid Accounts ↳ APP-AppU-F: First login to an application for a user with no history ↳ APP-AppG-F: First login to an application for group ↳ APP-GApp-A: Abnormal login to an application for group ↳ APP-UAg-3: More than two new user agents used by the user in the same session |
• APP-UAg: User Agent Strings • APP-GApp: Group Logons to Applications • APP-AppG: Groups per Application • APP-AppU: User Logons to Applications |