Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity:success (app-activity) ↳sailpoint-securityiq-json-app-activity-success-provisioning file-delete:success (file-delete) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-delete-success-sharepoint file-permission-modify:success (file-permission-change) ↳sailpoint-securityiq-csv-file-operation file-read:success (file-read) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline file-write:success (file-write) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline	T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services	71 Rules 38 Models
Data Access	app-activity:success (app-activity) ↳sailpoint-securityiq-json-app-activity-success-provisioning file-delete:success (file-delete) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-delete-success-sharepoint file-permission-modify:success (file-permission-change) ↳sailpoint-securityiq-csv-file-operation file-read:success (file-read) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline file-write:success (file-write) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline	T1078 - Valid Accounts T1083 - File and Directory Discovery	43 Rules 24 Models
Privilege Abuse	app-activity:success (app-activity) ↳sailpoint-securityiq-json-app-activity-success-provisioning file-delete:success (file-delete) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-delete-success-sharepoint file-permission-modify:success (file-permission-change) ↳sailpoint-securityiq-csv-file-operation file-read:success (file-read) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline file-upload:success (file-upload) ↳sailpoint-securityiq-kv-file-success-sharepointonline file-write:success (file-write) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 2 Models
Privileged Activity	app-activity:success (app-activity) ↳sailpoint-securityiq-json-app-activity-success-provisioning file-delete:success (file-delete) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-delete-success-sharepoint file-permission-modify:success (file-permission-change) ↳sailpoint-securityiq-csv-file-operation file-read:success (file-read) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline file-upload:success (file-upload) ↳sailpoint-securityiq-kv-file-success-sharepointonline file-write:success (file-write) ↳sailpoint-securityiq-csv-file-operation ↳sailpoint-securityiq-kv-file-success-sharepointonline	T1078 - Valid Accounts	3 Rules 1 Models

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2_ds_sailpoint_securityiq.md

2_ds_sailpoint_securityiq.md

Files

2_ds_sailpoint_securityiq.md

Latest commit

History

2_ds_sailpoint_securityiq.md

File metadata and controls