Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 8.07 KB

ds_rsa_rsa_authentication_manager.md

File metadata and controls

22 lines (20 loc) · 8.07 KB

Vendor: RSA

Product: RSA Authentication Manager

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
48 17 6 5 15
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access user-lock:success (account-lockout)
dell-rsaauthmngr-csv-user-lock-success-authlockout

app-login:success (app-login)
dell-ram-kv-app-login-success-userprotectedappauth

vpn-login:fail (authentication-failed)
dell-rsaauthmngr-csv-endpoint-login-fail-13002
dell-rsaauthmngr-csv-endpoint-login-fail-auth
dell-rsaauthmngr-kv-endpoint-authentication-fail-authfail
dell-rsaauthmngr-kv-endpoint-login-fail-authorizationfail
dell-rsaauthmngr-kv-endpoint-authentication-fail-usertokenfailed
dell-rsaauthmngr-kv-endpoint-authentication-fail-userauthz
dell-rsaauthmngr-kv-endpoint-authentication-userlogin
dell-rsaauthmngr-kv-endpoint-authentication-userauthn
dell-rsaauthmngr-kv-endpoint-authentication-userstepup

vpn-authentication:success (authentication-successful)
dell-rsaauthmngr-csv-endpoint-login-success-13002
dell-rsaauthmngr-str-endpoint-login-success-ucm
dell-rsaauthmngr-kv-endpoint-authentication-userlogin
dell-rsaauthmngr-kv-endpoint-authentication-success-userauthz
dell-rsaauthmngr-kv-endpoint-authentication-userauthn
dell-rsaauthmngr-kv-endpoint-authentication-userstepup
dell-rsaauthmngr-kv-endpoint-authentication-success-authsuccess
dell-rsaauthmngr-kv-endpoint-login-success-authorizationsuccess
dell-rsaauthmngr-kv-endpoint-authentication-success-usertokencreated
rsa-ram-csv-endpoint-authentication-success-validuser
rsa-ram-csv-endpoint-authentication-success-authorizationsuccess

app-login:fail (failed-app-login)
dell-rsaauthmngr-kv-app-login-fail-notauth
 T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 16 Rules
  • 4 Models
Brute Force Attack user-lock:success (account-lockout)
dell-rsaauthmngr-csv-user-lock-success-authlockout
 T1110 - Brute Force
  • 1 Rules
Data Access app-login:success (app-login)
dell-ram-kv-app-login-success-userprotectedappauth

app-login:fail (failed-app-login)
dell-rsaauthmngr-kv-app-login-fail-notauth
 T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
Privilege Abuse app-login:success (app-login)
dell-ram-kv-app-login-success-userprotectedappauth

app-login:fail (failed-app-login)
dell-rsaauthmngr-kv-app-login-fail-notauth
 T1078 - Valid Accounts
  • 2 Rules
Privileged Activity app-login:success (app-login)
dell-ram-kv-app-login-success-userprotectedappauth

app-login:fail (failed-app-login)
dell-rsaauthmngr-kv-app-login-fail-notauth
 T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

 Valid Accounts

 Valid Accounts

 Brute Force

 Proxy: Multi-hop Proxy

Proxy