| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 55 | 26 | 6 | 1 | 4 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | app-activity:success (app-activity) ↳anywhere365-a-kv-app-activity-success-callreceive ↳anywhere365-a-kv-app-activity-success-ucccall ↳anywhere365-a-kv-app-activity-success-outboundcall ↳anywhere365-a-kv-app-activity-success-newconference ↳anywhere365-a-kv-app-activity-success-conferencecreator |
T1078 - Valid Accounts T1133 - External Remote Services |
|
| Account Manipulation | app-activity:success (app-activity) ↳anywhere365-a-kv-app-activity-success-callreceive ↳anywhere365-a-kv-app-activity-success-ucccall ↳anywhere365-a-kv-app-activity-success-outboundcall ↳anywhere365-a-kv-app-activity-success-newconference ↳anywhere365-a-kv-app-activity-success-conferencecreator |
T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions |
|
| Next Page -->> |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| External Remote Services Valid Accounts |
External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions |
Valid Accounts |
Valid Accounts |
Email Collection Email Collection: Email Forwarding Rule |