| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 14 | 6 | 2 | 2 | 2 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | nac-failed-logon ↳msnetwork-nac-logon ↳msnetwork-nac-logon-2 ↳cef-msn-nac-logon ↳msnetwork-nac-logon-3 ↳msnetwork-nac-logon-4 ↳msnetwork-nac-logon-5 nac-logon ↳microsoft-nps-nac-logon ↳s-radius-wireless-nac-logon ↳microsoft-nps-6278 ↳microsoft-npc-nac-logon-1 ↳microsoft-nps-6272 ↳microsoft-npc-failed-logon-1 ↳microsoft-nps-6274 ↳microsoft-nps-6273 |
T1021 - Remote Services T1078 - Valid Accounts |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts |
Valid Accounts |
Valid Accounts |
Valid Accounts |
Remote Services |