Skip to content

Latest commit

 

History

History
6 lines (6 loc) · 4.15 KB

2_ds_darktrace_darktrace.md

File metadata and controls

6 lines (6 loc) · 4.15 KB
Raw
Use-Case Activity Type (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Lateral Movement app-login:success (app-login)
darktrace-darktrace-json-app-login-success-successfullogin

app-login:fail (failed-app-login)
darktrace-darktrace-json-app-login-fail-failedlogin

alert-trigger:success (security-alert)
darktrace-darktrace-json-alert-trigger-success-comparatortype
darktrace-darktrace-cef-alert-trigger-success-darktrace
 T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
Malware app-login:success (app-login)
darktrace-darktrace-json-app-login-success-successfullogin

email-receive:success (dlp-email-alert-in)
darktrace-darktrace-mix-email-send-receive-direction

email-send:success (dlp-email-alert-out)
darktrace-darktrace-mix-email-send-receive-direction

alert-trigger:success (security-alert)
darktrace-darktrace-json-alert-trigger-success-comparatortype
darktrace-darktrace-cef-alert-trigger-success-darktrace
 T1078 - Valid Accounts
T1190 - Exploit Public Fasing Application
TA0002 - TA0002
  • 6 Rules
  • 2 Models
Privilege Abuse app-login:success (app-login)
darktrace-darktrace-json-app-login-success-successfullogin

email-receive:success (dlp-email-alert-in)
darktrace-darktrace-mix-email-send-receive-direction

email-send:success (dlp-email-alert-out)
darktrace-darktrace-mix-email-send-receive-direction

app-login:fail (failed-app-login)
darktrace-darktrace-json-app-login-fail-failedlogin
 T1078 - Valid Accounts
  • 2 Rules
Privileged Activity app-login:success (app-login)
darktrace-darktrace-json-app-login-success-successfullogin

email-receive:success (dlp-email-alert-in)
darktrace-darktrace-mix-email-send-receive-direction

email-send:success (dlp-email-alert-out)
darktrace-darktrace-mix-email-send-receive-direction

app-login:fail (failed-app-login)
darktrace-darktrace-json-app-login-fail-failedlogin

alert-trigger:success (security-alert)
darktrace-darktrace-json-alert-trigger-success-comparatortype
darktrace-darktrace-cef-alert-trigger-success-darktrace
 T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules