Rules | Models | MITRE TTPs | Event Types | Parsers |
---|---|---|---|---|
41 | 19 | 7 | 1 | 1 |
Use-Case | Event Types/Parsers | MITRE TTP | Content |
---|---|---|---|
Abnormal Authentication & Access | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts T1078.003 - Valid Accounts: Local Accounts |
|
Brute Force Attack | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts |
|
Compromised Credentials | local-logon ↳jsonar-database-login |
T1078.002 - T1078.002 T1558 - Steal or Forge Kerberos Tickets |
|
Lateral Movement | local-logon ↳jsonar-database-login |
T1558 - Steal or Forge Kerberos Tickets |
|
Malware | local-logon ↳jsonar-database-login |
T1204 - User Execution |
|
Privilege Abuse | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts T1078.002 - T1078.002 |
|
Privilege Escalation | local-logon ↳jsonar-database-login |
T1021.002 - Remote Services: SMB/Windows Admin Shares T1078 - Valid Accounts T1087 - Account Discovery |
|
Privileged Activity | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts |
|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts |
User Execution |
Valid Accounts |
Valid Accounts |
Valid Accounts Valid Accounts: Local Accounts |
Steal or Forge Kerberos Tickets |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |