Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 8.6 KB

ds_egnyte_egnyte.md

File metadata and controls

22 lines (20 loc) · 8.6 KB
Raw

Vendor: Egnyte

Product: Egnyte

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
112 45 23 8 2
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access scheduled_task-trigger:success (app-activity)
egnyte-e-cef-file-success-fileactivity

app-login:success (app-login)
egnyte-e-cef-app-login-success-eventlogin

app-login:fail (failed-app-login)
egnyte-egnyte-sk4-app-login-fail-username
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulation scheduled_task-trigger:success (app-activity)
egnyte-e-cef-file-success-fileactivity
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Destruction of Data file-delete:success (file-delete)
egnyte-e-cef-file-success-fileactivity
egnyte-e-sk4-file-create-success-filesystem
 T1070 - Indicator Removal on Host
T1070.004 - Indicator Removal on Host: File Deletion
T1485 - Data Destruction
  • 1 Rules
Lateral Movement app-login:success (app-login)
egnyte-e-cef-app-login-success-eventlogin

app-login:fail (failed-app-login)
egnyte-egnyte-sk4-app-login-fail-username
 T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Privilege Escalation scheduled_task-trigger:success (app-activity)
egnyte-e-cef-file-success-fileactivity
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

Server Software Component: Web Shell

Account Manipulation

Server Software Component

Boot or Logon Autostart Execution

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Boot or Logon Autostart Execution

 Indicator Removal on Host: File Deletion

Valid Accounts

Indicator Removal on Host

 OS Credential Dumping

 File and Directory Discovery

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Proxy

 Data Destruction

Data Encrypted for Impact