Skip to content

Latest commit

 

History

History
15 lines (13 loc) · 848 Bytes

r_m_wiz_wiz_Privilege_Abuse.md

File metadata and controls

15 lines (13 loc) · 848 Bytes

Rules by Product and UseCase

Vendor: Wiz

Product: Wiz

Use-Case: Privilege Abuse

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
3 1 2 2 0
Event Type Rules Models
account-deleted T1531 - Account Access Removal
AM-UA-AD-F: First account deletion activity for user		 AE-UA: All activity for users
app-login T1078 - Valid Accounts
APP-Account-deactivated: Activity from a de-activated user account
APP-F-SA-NC: New service account access to application