| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 41 | 19 | 7 | 1 | 1 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts T1078.003 - Valid Accounts: Local Accounts |
|
| Brute Force Attack | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts |
|
| Compromised Credentials | local-logon ↳jsonar-database-login |
T1078.002 - T1078.002 T1558 - Steal or Forge Kerberos Tickets |
|
| Lateral Movement | local-logon ↳jsonar-database-login |
T1558 - Steal or Forge Kerberos Tickets |
|
| Malware | local-logon ↳jsonar-database-login |
T1204 - User Execution |
|
| Privilege Abuse | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts T1078.002 - T1078.002 |
|
| Privilege Escalation | local-logon ↳jsonar-database-login |
T1021.002 - Remote Services: SMB/Windows Admin Shares T1078 - Valid Accounts T1087 - Account Discovery |
|
| Privileged Activity | local-logon ↳jsonar-database-login |
T1078 - Valid Accounts |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts |
User Execution |
Valid Accounts |
Valid Accounts |
Valid Accounts Valid Accounts: Local Accounts |
Steal or Forge Kerberos Tickets |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |