Vendor: Trend Micro

Product: Deep Discovery Inspector

Rules	Models	MITRE TTPs	Event Types	Parsers
53	25	7	3	3

Use-Case	Event Types/Parsers	MITRE TTP	Content
3rd Party Security Alerts	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts	18 Rules 8 Models
Abnormal Application Access	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	4 Rules 4 Models
Abnormal Authentication & Access	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts T1133 - External Remote Services	2 Rules
Abnormal Remote Access	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Abnormal User Activity	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts T1133 - External Remote Services	16 Rules 11 Models
Access to Application Data	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	4 Rules 4 Models
Compromised Service Account	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	1 Rules
Disabled Account Abuse	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	1 Rules
Disabled Account Activity	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	1 Rules
Evasion	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Executive Account Activity	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1068 - Exploitation for Privilege Escalation	1 Rules
Malware	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts T1204 - User Execution	7 Rules 4 Models
Ransomware	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	1 Rules
Service Account Abuse	account-password-change ↳ cef-trendmicro-password-change app-login ↳ cef-trendmicro-app-login security-alert ↳ n-forwarded-cef-trendmicro-security-alert-2 ↳ cef-trendmicro-alert ↳ cef-trendmicro-security-alert-1 ↳ cef-trendmicro-security-alert-4	T1078 - Valid Accounts	1 Rules

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts	Command and Scripting Interperter User Execution Command and Scripting Interperter: PowerShell	External Remote Services Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information					Proxy: Multi-hop Proxy Proxy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_trend_micro_deep_discovery_inspector.md

ds_trend_micro_deep_discovery_inspector.md

Vendor: Trend Micro

Product: Deep Discovery Inspector

ATT&CK Matrix for Enterprise

Files

ds_trend_micro_deep_discovery_inspector.md

Latest commit

History

ds_trend_micro_deep_discovery_inspector.md

File metadata and controls

Vendor: Trend Micro

Product: Deep Discovery Inspector

ATT&CK Matrix for Enterprise