Skip to content

Latest commit

 

History

History
24 lines (22 loc) · 8.83 KB

ds_absolute_absolute_dds.md

File metadata and controls

24 lines (22 loc) · 8.83 KB
Raw

Vendor: Absolute

Product: Absolute DDS

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
91 37 13 3 1
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access scheduled_task-trigger:success (app-activity)
absolute-siemconnector-cef-app-activity-success-deviceuserinformationupdated
absolute-siemconnector-cef-app-activity-success-devicelocationupdated

app-login:success (app-login)
absolute-siemconnector-cef-app-login-success-loggedin
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulation scheduled_task-trigger:success (app-activity)
absolute-siemconnector-cef-app-activity-success-deviceuserinformationupdated
absolute-siemconnector-cef-app-activity-success-devicelocationupdated
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Data Leak scheduled_task-trigger:success (app-activity)
absolute-siemconnector-cef-app-activity-success-deviceuserinformationupdated
absolute-siemconnector-cef-app-activity-success-devicelocationupdated
 T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Lateral Movement app-login:success (app-login)
absolute-siemconnector-cef-app-login-success-loggedin

alert-trigger:success (security-alert)
absolute-siemconnector-cef-alert-trigger-success-absolute
 T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Malware app-login:success (app-login)
absolute-siemconnector-cef-app-login-success-loggedin

alert-trigger:success (security-alert)
absolute-siemconnector-cef-alert-trigger-success-absolute
 T1078 - Valid Accounts
TA0002 - TA0002
  • 5 Rules
  • 2 Models
Privilege Escalation scheduled_task-trigger:success (app-activity)
absolute-siemconnector-cef-app-activity-success-deviceuserinformationupdated
absolute-siemconnector-cef-app-activity-success-devicelocationupdated
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Ransomware app-login:success (app-login)
absolute-siemconnector-cef-app-login-success-loggedin
 T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Proxy