Vendor: Tanium

Product: Integrity Monitor

Rules	Models	MITRE TTPs	Event Types	Parsers
61	24	17	3	3

Use-Case	Event Types/Parsers	MITRE TTP	Content
Compromised Credentials	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1083 - File and Directory Discovery T1204 - User Execution	32 Rules 16 Models
Data Access	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1083 - File and Directory Discovery	23 Rules 12 Models
Data Exfiltration	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1204 - User Execution	2 Rules 1 Models
Data Leak	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1114.001 - T1114.001	1 Rules
Malware	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1003.002 - T1003.002 T1027 - Obfuscated Files or Information T1055.012 - T1055.012 T1204 - User Execution T1218.011 - Signed Binary Proxy Execution: Rundll32	23 Rules 10 Models
Privilege Abuse	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1078 - Valid Accounts	1 Rules
Privilege Escalation	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1012 - Query Registry T1056.004 - T1056.004 T1070.004 - Indicator Removal on Host: File Deletion T1547.006 - T1547.006 T1560 - Archive Collected Data	1 Rules 1 Models
Privileged Activity	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1078 - Valid Accounts	1 Rules
Ransomware	database-activity-failed ↳tanium-file-owner-change ↳tanium-file-permission-change file-write ↳tanium-file-delete process-alert ↳tanium-file-write ↳tanium-new-file-create ↳tanium-file-rename	T1486 - Data Encrypted for Impact	1 Rules

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts	User Execution	Valid Accounts Boot or Logon Autostart Execution	Valid Accounts Process Injection Boot or Logon Autostart Execution	Obfuscated Files or Information: Indicator Removal from Tools Indicator Removal on Host: File Deletion Valid Accounts Indicator Removal on Host Obfuscated Files or Information Process Injection Signed Binary Proxy Execution Signed Binary Proxy Execution: Rundll32	OS Credential Dumping Input Capture	File and Directory Discovery Query Registry		Email Collection Input Capture Archive Collected Data			Data Encrypted for Impact

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_tanium_integrity_monitor.md

ds_tanium_integrity_monitor.md

Vendor: Tanium

Product: Integrity Monitor

ATT&CK Matrix for Enterprise

Files

ds_tanium_integrity_monitor.md

Latest commit

History

ds_tanium_integrity_monitor.md

File metadata and controls

Vendor: Tanium

Product: Integrity Monitor

ATT&CK Matrix for Enterprise