| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 63 | 24 | 9 | 4 | 4 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Compromised Credentials | file-alert ↳cef-kaspersky-security-alert-1 ↳s-kaspersky-es-alert-1 network-alert ↳s-kaspersky-endpoint-security ↳kaspersky-es-alert-1 ↳kaspersky-es-alert-2 ↳s-kaspersky-es-alert ↳kaspersky-es-alert security-alert ↳kaspersky-usb-activity-1 ↳kaspersky-usb-activity-2 usb-insert ↳kaspersky-usb-activity-1 ↳kaspersky-usb-activity-2 |
T1003.001 - T1003.001 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services |
|
| Data Exfiltration | file-alert ↳cef-kaspersky-security-alert-1 ↳s-kaspersky-es-alert-1 network-alert ↳s-kaspersky-endpoint-security ↳kaspersky-es-alert-1 ↳kaspersky-es-alert-2 ↳s-kaspersky-es-alert ↳kaspersky-es-alert security-alert ↳kaspersky-usb-activity-1 ↳kaspersky-usb-activity-2 usb-insert ↳kaspersky-usb-activity-1 ↳kaspersky-usb-activity-2 |
T1204 - User Execution |
|
| Next Page -->> |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| External Remote Services Valid Accounts |
User Execution |
External Remote Services Valid Accounts |
Valid Accounts Exploitation for Privilege Escalation |
Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information |
OS Credential Dumping |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |
Exfiltration Over Physical Medium: Exfiltration over USB Exfiltration Over Physical Medium |