| Use-Case | Activity Type (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Lateral Movement | app-login:success (app-login) ↳clearsense-cs-sk4-app-login-success-loginsuccessful vpn-login:fail (authentication-failed) ↳novell-ed-cef-endpoint-authentication-authenticate vpn-authentication:success (authentication-successful) ↳novell-ed-cef-endpoint-authentication-authenticate ↳oracle-am-kv-endpoint-authentication-success-auth |
T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Ransomware | app-login:success (app-login) ↳clearsense-cs-sk4-app-login-success-loginsuccessful vpn-login:fail (authentication-failed) ↳novell-ed-cef-endpoint-authentication-authenticate vpn-authentication:success (authentication-successful) ↳novell-ed-cef-endpoint-authentication-authenticate ↳oracle-am-kv-endpoint-authentication-success-auth |
T1078 - Valid Accounts |
|