Use-Case: Access to File Data
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 3 | 2 | 3 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| file-write | T1083 - File and Directory Discovery ↳ FA-FG-F: First access to folder for group ↳ FA-OG-A: Abnormal access to source code files for user in the peer group ↳ FA-SFU-F: First access to folder containing source code by user |
• FA-SFU: Source code folder access by users • FA-OG: Users accessing source code files in the peer group • FA-FG: Folder access by groups |
| process-created | T1003 - OS Credential Dumping ↳ A-CP-Sensitive-Files: Copying sensitive files with credential data on this asset |