Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	scheduled_task-trigger:success (app-activity) ↳egnyte-e-cef-file-success-fileactivity app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin app-login:fail (failed-app-login) ↳egnyte-egnyte-sk4-app-login-fail-username file-delete:success (file-delete) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem file-permission-modify:success (file-permission-change) ↳egnyte-e-cef-file-permission-modify-success-assigner ↳egnyte-e-cef-file-success-fileactivity file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1003 - OS Credential Dumping T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application	74 Rules 38 Models
Data Access	scheduled_task-trigger:success (app-activity) ↳egnyte-e-cef-file-success-fileactivity app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin app-login:fail (failed-app-login) ↳egnyte-egnyte-sk4-app-login-fail-username file-delete:success (file-delete) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem file-permission-modify:success (file-permission-change) ↳egnyte-e-cef-file-permission-modify-success-assigner ↳egnyte-e-cef-file-success-fileactivity file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models
Data Exfiltration	file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	TA0002 - TA0002	2 Rules 1 Models
Data Leak	scheduled_task-trigger:success (app-activity) ↳egnyte-e-cef-file-success-fileactivity file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules
Malware	app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1003 - OS Credential Dumping T1003.002 - T1003.002 T1078 - Valid Accounts T1505 - Server Software Component T1505.003 - Server Software Component: Web Shell T1547 - Boot or Logon Autostart Execution T1547.001 - T1547.001 TA0002 - TA0002	11 Rules 4 Models
Privilege Abuse	scheduled_task-trigger:success (app-activity) ↳egnyte-e-cef-file-success-fileactivity app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin app-login:fail (failed-app-login) ↳egnyte-egnyte-sk4-app-login-fail-username file-delete:success (file-delete) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem file-download:success (file-download) ↳egnyte-e-cef-file-success-fileactivity file-permission-modify:success (file-permission-change) ↳egnyte-e-cef-file-permission-modify-success-assigner ↳egnyte-e-cef-file-success-fileactivity file-upload:success (file-upload) ↳egnyte-e-cef-file-success-fileactivity file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 2 Models
Privileged Activity	scheduled_task-trigger:success (app-activity) ↳egnyte-e-cef-file-success-fileactivity app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin app-login:fail (failed-app-login) ↳egnyte-egnyte-sk4-app-login-fail-username file-delete:success (file-delete) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem file-download:success (file-download) ↳egnyte-e-cef-file-success-fileactivity file-permission-modify:success (file-permission-change) ↳egnyte-e-cef-file-permission-modify-success-assigner ↳egnyte-e-cef-file-success-fileactivity file-upload:success (file-upload) ↳egnyte-e-cef-file-success-fileactivity file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1078 - Valid Accounts	3 Rules 1 Models
Ransomware	app-login:success (app-login) ↳egnyte-e-cef-app-login-success-eventlogin app-login:fail (failed-app-login) ↳egnyte-egnyte-sk4-app-login-fail-username file-write:success (file-write) ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-cef-file-success-fileactivity ↳egnyte-e-sk4-file-create-success-filesystem ↳egnyte-e-sk4-file-create-success-filesystem	T1078 - Valid Accounts T1486 - Data Encrypted for Impact	3 Rules

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2_ds_egnyte_egnyte.md

2_ds_egnyte_egnyte.md

Files

2_ds_egnyte_egnyte.md

Latest commit

History

2_ds_egnyte_egnyte.md

File metadata and controls