2_ds_ibm_ibm_mainframe.md

Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Data Access	app-login:success (app-login) ↳ibm-mainframe-json-app-login-success-loggedon app-login:fail (failed-app-login) ↳ibm-mainframe-json-app-login-fail-notauthorized ↳ibm-mainframe-json-app-login-fail-invalidsource ↳ibm-mainframe-json-app-login-fail-passwordmissing ↳ibm-mainframe-json-app-login-fail-incorrectpassword	T1078 - Valid Accounts	6 Rules 4 Models
Lateral Movement	app-login:success (app-login) ↳ibm-mainframe-json-app-login-success-loggedon app-login:fail (failed-app-login) ↳ibm-mainframe-json-app-login-fail-notauthorized ↳ibm-mainframe-json-app-login-fail-invalidsource ↳ibm-mainframe-json-app-login-fail-passwordmissing ↳ibm-mainframe-json-app-login-fail-incorrectpassword	T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Privilege Abuse	app-login:success (app-login) ↳ibm-mainframe-json-app-login-success-loggedon app-login:fail (failed-app-login) ↳ibm-mainframe-json-app-login-fail-notauthorized ↳ibm-mainframe-json-app-login-fail-invalidsource ↳ibm-mainframe-json-app-login-fail-passwordmissing ↳ibm-mainframe-json-app-login-fail-incorrectpassword	T1078 - Valid Accounts	2 Rules
Privileged Activity	app-login:success (app-login) ↳ibm-mainframe-json-app-login-success-loggedon app-login:fail (failed-app-login) ↳ibm-mainframe-json-app-login-fail-notauthorized ↳ibm-mainframe-json-app-login-fail-invalidsource ↳ibm-mainframe-json-app-login-fail-passwordmissing ↳ibm-mainframe-json-app-login-fail-incorrectpassword	T1078 - Valid Accounts	1 Rules
Ransomware	app-login:success (app-login) ↳ibm-mainframe-json-app-login-success-loggedon app-login:fail (failed-app-login) ↳ibm-mainframe-json-app-login-fail-notauthorized ↳ibm-mainframe-json-app-login-fail-invalidsource ↳ibm-mainframe-json-app-login-fail-passwordmissing ↳ibm-mainframe-json-app-login-fail-incorrectpassword	T1078 - Valid Accounts	2 Rules