| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 55 | 26 | 6 | 2 | 4 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | app-activity:success (app-activity) ↳microsoft-intune-json-app-activity-success-deviceenrollmenttype ↳microsoft-azuremon-json-app-activity-success-compliance ↳microsoft-azuremon-json-app-activity-success-devicecompliance ↳microsoft-intune-json-app-activity-auditlogs ↳microsoft-intune-json-app-activity-devices |
T1078 - Valid Accounts T1133 - External Remote Services |
|
| Account Manipulation | app-activity:success (app-activity) ↳microsoft-intune-json-app-activity-success-deviceenrollmenttype ↳microsoft-azuremon-json-app-activity-success-compliance ↳microsoft-azuremon-json-app-activity-success-devicecompliance ↳microsoft-intune-json-app-activity-auditlogs ↳microsoft-intune-json-app-activity-devices |
T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions |
|
| Next Page -->> |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| External Remote Services Valid Accounts |
External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions |
Valid Accounts |
Valid Accounts |
Email Collection Email Collection: Email Forwarding Rule |