Use-Case Activity Type (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content Lateral Movement alert-trigger:success (security-alert) ↳imss-i-str-alert-trigger-success-dlpalert ↳imss-i-str-alert-trigger-success-securityalert ↳imss-i-json-alert-trigger-success-spf ↳imss-i-str-alert-trigger-success-antispamrules ↳imss-i-str-alert-trigger-success-spoofedemailfilter T1027 - Obfuscated Files or InformationT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools 2 Rules Malware alert-trigger:success (dlp-alert) ↳imss-i-str-alert-trigger-success-capacityregulation alert-trigger:success (security-alert) ↳imss-i-str-alert-trigger-success-dlpalert ↳imss-i-str-alert-trigger-success-securityalert ↳imss-i-json-alert-trigger-success-spf ↳imss-i-str-alert-trigger-success-antispamrules ↳imss-i-str-alert-trigger-success-spoofedemailfilter TA0002 - TA0002 4 Rules2 Models Privileged Activity alert-trigger:success (security-alert) ↳imss-i-str-alert-trigger-success-dlpalert ↳imss-i-str-alert-trigger-success-securityalert ↳imss-i-json-alert-trigger-success-spf ↳imss-i-str-alert-trigger-success-antispamrules ↳imss-i-str-alert-trigger-success-spoofedemailfilter T1068 - Exploitation for Privilege Escalation 1 Rules