Skip to content

Latest commit

 

History

History
19 lines (17 loc) · 8.93 KB

ds_delinea_centrify_authentication_service.md

File metadata and controls

19 lines (17 loc) · 8.93 KB
Raw

Vendor: Delinea

Product: Centrify Authentication Service

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
114 39 22 6 8
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access user-password-reset:success (account-password-reset)
delinea-centrifyas-kv-user-password-reset-success-6041

endpoint-login:fail (authentication-failed)
delinea-centrifyas-kv-endpoint-login-fail-54207
delinea-centrifyas-kv-endpoint-login-fail-54201

endpoint-login:success (authentication-successful)
delinea-centrifyas-kv-endpoint-login-success-54206
delinea-centrifyas-kv-endpoint-login-success-pam

endpoint-login:fail (failed-logon)
delinea-centrifyas-kv-endpoint-login-fail-6034
delinea-centrifyas-kv-endpoint-login-fail-6049
delinea-centrifyas-cef-endpoint-login-fail-sshd
delinea-centrifyas-kv-endpoint-login-fail-trustedpath
delinea-centrifyas-cef-endpoint-login-fail-pam

endpoint-login:success (local-logon)
delinea-centrifyas-kv-endpoint-login-success-trustedpath

endpoint-login:success (remote-logon)
delinea-centrifyas-kv-ssh-traffic-success-sshd
delinea-centrifyas-kv-endpoint-login-success-6048
delinea-centrifyas-kv-endpoint-login-success-6033
 T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 45 Rules
  • 19 Models
Account Manipulation user-password-reset:success (account-password-reset)
delinea-centrifyas-kv-user-password-reset-success-6041
 T1098 - Account Manipulation
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 External Remote Services

Valid Accounts

Account Manipulation

 Valid Accounts

Exploitation for Privilege Escalation

 Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Valid Accounts: Local Accounts

 Brute Force

Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

 Remote System Discovery

 Exploitation of Remote Services

Remote Services

Use Alternate Authentication Material

Remote Services: Remote Desktop Protocol

 Proxy: Multi-hop Proxy

Proxy