Product: Egnyte
Use-Case: Data Exfiltration
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 2 | 1 | 1 | 1 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| file-write | TA0002 - TA0002 ↳ FA-TEMP-DIRECTORY-F: First time process has been executed from a temporary directory by this user during file activity ↳ FA-TEMP-DIRECTORY-A: Abnormal process has been executed from a temporary directory by this user during file activity |
• FA-UP-TEMP: Process executable TEMP directories for this user during file activity |