| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 33 | 16 | 6 | 2 | 0 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | file-read:success (file-read) ↳vormetric-v-kv-file-read-success-code |
T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.003 - T1003.003 T1083 - File and Directory Discovery |
|
| Data Access | file-read:success (file-read) ↳vormetric-v-kv-file-read-success-code |
T1083 - File and Directory Discovery |
|
| Data Exfiltration | alert-trigger:success (file-alert) ↳vormetric-v-kv-file-read-success-code |
TA0002 - TA0002 |
|
| Malware | alert-trigger:success (file-alert) ↳vormetric-v-kv-file-read-success-code |
TA0002 - TA0002 |
|
| Privilege Abuse | alert-trigger:success (file-alert) ↳vormetric-v-kv-file-read-success-code file-read:success (file-read) ↳vormetric-v-kv-file-read-success-code |
T1078 - Valid Accounts |
|
| Privileged Activity | alert-trigger:success (file-alert) ↳vormetric-v-kv-file-read-success-code file-read:success (file-read) ↳vormetric-v-kv-file-read-success-code |
T1078 - Valid Accounts |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts |
Valid Accounts |
Valid Accounts |
Valid Accounts |
OS Credential Dumping |
File and Directory Discovery |