Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 11.3 KB

ds_click_studios_passwordstate.md

File metadata and controls

21 lines (19 loc) · 11.3 KB

Vendor: Click Studios

Product: Passwordstate

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
136 61 21 7 4
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access user-disable:success (account-disabled)
clickstudios-passwordstate-kv-user-disable-success-servicedisable

user-password-modify:success (account-password-change)
clickstudios-passwordstate-kv-user-password-modify-success-modifiedpassword

user-password-reset:success (account-password-reset)
clickstudios-passwordstate-kv-user-password-reset-fail-apifailed
clickstudios-passwordstate-kv-user-password-reset-success-apiresetsuccess
clickstudios-passwordstate-kv-user-password-reset-success-resetsuccess

app-activity:success (app-activity)
clickstudios-passwordstate-kv-app-activity-success-updatepassword
clickstudios-passwordstate-kv-app-activity-success-modifyaccess

vpn-authentication:success (authentication-successful)
clickstudios-passwordstate-kv-app-authentication-success-loginforuserid
clickstudios-passwordstate-kv-app-authentication-success-authtoapi

group-member-remove:success (member-removed)
clickstudios-passwordstate-kv-group-member-remove-success-serviceremove

ssh-traffic:success (remote-logon)
clickstudios-passwordstate-kv-endpoint-login-success-remotesession
 T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
Account Manipulation user-password-modify:success (account-password-change)
clickstudios-passwordstate-kv-user-password-modify-success-modifiedpassword

user-password-reset:success (account-password-reset)
clickstudios-passwordstate-kv-user-password-reset-fail-apifailed
clickstudios-passwordstate-kv-user-password-reset-success-apiresetsuccess
clickstudios-passwordstate-kv-user-password-reset-success-resetsuccess

app-activity:success (app-activity)
clickstudios-passwordstate-kv-app-activity-success-updatepassword
clickstudios-passwordstate-kv-app-activity-success-modifyaccess

group-member-remove:success (member-removed)
clickstudios-passwordstate-kv-group-member-remove-success-serviceremove
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 19 Rules
  • 9 Models
Data Access app-activity:success (app-activity)
clickstudios-passwordstate-kv-app-activity-success-updatepassword
clickstudios-passwordstate-kv-app-activity-success-modifyaccess
 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Leak app-activity:success (app-activity)
clickstudios-passwordstate-kv-app-activity-success-updatepassword
clickstudios-passwordstate-kv-app-activity-success-modifyaccess
 T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

 Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Valid Accounts: Local Accounts

 Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

 Remote System Discovery

 Remote Services

Use Alternate Authentication Material

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Proxy