Product: SecurityIQ
Use-Case: Privilege Abuse
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 1 | 0 | 1 | 5 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| file-delete | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |
|
| file-permission-change | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |
|
| file-read | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |
|
| file-upload | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |
|
| file-write | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |