Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 19.9 KB

ds_ping_identity_ping_identity.md

File metadata and controls

22 lines (20 loc) · 19.9 KB

Vendor: Ping Identity

Product: Ping Identity

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
97 35 13 11 11
Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access account-creation
pingidentity-pi-json-endpoint-app-activity-success

account-password-change
pingidentity-pi-cef-endpoint-login-sso

account-password-reset
pingidentity-pi-cef-endpoint-login-sso

app-activity
beyondtrust-prividentity-kv-app-activity-success-sharedcredentiallistaddedaccount
pingidentity-pi-cef-app-activity-success-action

app-login
pingidentity-pi-cef-app-login-success-sso-1
pingidentity-pi-cef-app-login-success-pingfederate
pingidentity-pi-str-app-login-success-ssosuccess
pingidentity-pi-json-app-login-success-sso
pingidentity-pi-json-app-login-success-sso-1
pingidentity-pi-kv-app-login-success-sso
pingidentity-pi-cef-app-login-success-sso
pingidentity-pi-cef-app-login-sso-idp
pingidentity-pi-cef-app-login-password
pingidentity-pi-cef-app-login-sso-session
pingidentity-pi-cef-app-login-sso

authentication-failed
pingidentity-pi-str-endpoint-login-fail-tid
pingidentity-pi-str-endpoint-login-fail-oauth
pingidentity-pi-str-endpoint-login-fail-inprogress
pingidentity-pi-kv-app-authentication-success-authnsessionused
pingidentity-pi-kv-app-authentication-inprogress
pingidentity-pi-cef-app-authentication-success-authattempt
pingidentity-pi-json-app-authentication-success-wazuhalerts
pingidentity-pi-cef-app-authentication-success-authnsessiondeleted
pingidentity-pi-cef-app-authentication-success-authnsessioncreated-1
pingidentity-pi-str-app-authentication-success-oauth
pingidentity-pi-cef-app-authentication-success-oauth
pingidentity-pi-cef-app-authentication-success-authnsessionused
pingidentity-pi-cef-app-authentication-success-inprogress-1
pingidentity-pi-kv-app-authentication-authnrequestinprogress
pingidentity-pi-cef-app-authentication-success-srirevoked
pingidentity-pi-cef-app-authentication-success-oauth-1
pingidentity-pi-cef-app-authentication-success-authnattempt
pingidentity-pi-cef-app-authentication-success-authnsessioncreated
pingidentity-pi-kv-app-authentication-success-oauth
pingidentity-pi-cef-app-authentication-success-authnsessionused-1
pingidentity-pi-cef-app-authentication-success-inprogress
pingidentity-pi-str-app-authentication-success-authattempt
pingidentity-pi-cef-app-authentication-success-eamauth
pingidentity-pi-kv-app-authentication-oauthinprogress
pingidentity-pi-json-app-authentication-success-pingid
pingidentity-pi-json-app-authentication-success-user
pingidentity-pi-kv-app-authentication-success-authnsesioncreated
pingidentity-pi-kv-app-authentication-success
pingidentity-pi-cef-app-logout-success-pingfederate
pingidentity-pi-kv-app-logout-success-slo
pingidentity-pi-cef-app-logout-success-slo
pingidentiy-pi-cef-app-logout-success-authsessiondelete
pingidentity-pi-cef-app-logout-success-slo-1
pingidentity-pi-kv-app-logout-success-authsessiondelete-1
pingidentity-pi-kv-app-logout-success-authsessiondelete
pingidentity-pi-kv-app-logout-success-slo-1
pingidentity-pi-kv-app-logout-failure-slo
pingidentity-pi-json-app-authentication-fail-unsuccessattempt
pingidentity-pi-cef-endpoint-authentication-fail-authnattemptfail
pingidentity-pi-cef-endpoint-authentication-fail-authfailure
pingidentity-pi-cef-endpoint-authentication-fail-failure
pingidentity-pi-cef-endpoint-authentication-fail-failure-1
pingidentity-pi-json-endpoint-authentication-success-fail-idp
pingidentity-pi-cef-app-authentication-fail-failure
pingidentity-pi-cef-app-authentication-fail-failure-1
pingidentity-pi-json-app-authentication-fail-triggeredby
pingidentity-pi-json-app-authentication-fail-ping
pingidentity-pi-json-app-authentication-fail-pingid
pingidentity-pi-json-app-authentication-fail-user
pingidentity-pi-kv-app-authentication-failure
pingidentity-pi-kv-app-authentication-failure-oauth
pingidentity-pi-json-app-authentication-fail-applicationmsg
pingidentity-pi-json-app-authentication-fail-failure-2
pingidentity-pi-cef-endpoint-login-sso

authentication-successful
pingidentity-pi-str-endpoint-login-success-oauth
pingidentity-pi-str-endpoint-login-success-authn
pingidentity-pi-str-endpoint-login-success-stssuccess
pingidentity-pi-str-endpoint-authentication-success-authsessionused
pingidentity-pi-str-endpoint-authentication-success-authnattemptsuccess
pingidentity-pi-str-endpoint-authentication-success-oauthsuccess
pingidentity-pi-cef-endpoint-authentication-success-authsuccess
pingidentity-pi-cef-endpoint-authentication-success-authenticated
pingidentity-pi-str-endpoint-authentication-success-authnsessioncreated
pingidentity-pi-cef-endpoint-authentication-success-authnsessioncreated
pingidentity-pi-json-endpoint-authentication-success-fail-idp
pingidentity-pi-cef-vpn-authentication-success-authnattempt
pingidentity-pi-cef-vpn-authentication-success-pingfederate
pingidentity-pingone-cef-vpn-authentication-success-ping
pingidentity-pi-cef-vpn-authentication-success-authnsessionused
pingidentity-pi-json-vpn-authentication-success-policy
pingidentity-pi-json-vpn-authentication-success-inprogress
pingidentity-pi-json-vpn-authentication-success-pingid
pingidentity-pi-json-vpn-authentication-success-authnattempt-1
pingidentity-pi-cef-endpoint-login-sso

failed-app-login
pingidentity-pi-cef-app-login-fail-sso
pingidentity-pi-kv-app-login-failure-sso
pingidentity-pi-json-app-login-fail-sso
pingidentity-pi-str-app-login-fail-ssofailure
pingidentity-pi-cef-app-login-fail-sso-1
pingidentity-pi-cef-app-login-sso-idp
pingidentity-pi-cef-app-login-password
pingidentity-pi-cef-app-login-sso-session
pingidentity-pi-cef-app-login-sso
pingidentity-pi-sk4-app-authentication-success-delivery
pingidentity-pi-sk4-app-authentication-success-queue

vpn-login
pingidentity-pingone-sk4-vpn-login-success-pingauthsuccess
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 16 Rules
  • 5 Models
Account Manipulation account-creation
pingidentity-pi-json-endpoint-app-activity-success

account-password-change
pingidentity-pi-cef-endpoint-login-sso

account-password-reset
pingidentity-pi-cef-endpoint-login-sso

app-activity
beyondtrust-prividentity-kv-app-activity-success-sharedcredentiallistaddedaccount
pingidentity-pi-cef-app-activity-success-action
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 24 Rules
  • 9 Models
Data Leak app-activity
beyondtrust-prividentity-kv-app-activity-success-sharedcredentiallistaddedaccount
pingidentity-pi-cef-app-activity-success-action
 T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Physical Security vpn-login
pingidentity-pingone-sk4-vpn-login-success-pingauthsuccess
 T1133 - External Remote Services
  • 1 Rules
  • 1 Models
Privilege Escalation app-activity
beyondtrust-prividentity-kv-app-activity-success-sharedcredentiallistaddedaccount
pingidentity-pi-cef-app-activity-success-action
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 Create Account

External Remote Services

Valid Accounts

Account Manipulation

Create Account: Create: Local Account

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

 Valid Accounts

 Email Collection

Email Collection: Email Forwarding Rule

 Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy