Product: OnGuard
Use-Case: Physical Security
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 9 | 4 | 1 | 1 | 11 |
| Event Type | Rules | Models |
|---|---|---|
| failed-physical-access | T1078 - Valid Accounts ↳ FPA-UC-F: Failed physical access in new location for user ↳ FPA-UB-F: Failed physical access in new building for user ↳ FPA-UD-F: Failed physical access to a door user has never successfully accessed ↳ FPA-UTi-A: Failed badge access at abnormal time ↳ FPA-DU: Failed badge access by disabled user |
• PA-UTi: Badge access time • PA-UD: Door level badge access by user • PA-UB: Building level badge access by user • PA-UC: City level badge access by user |
| physical-access | T1078 - Valid Accounts ↳ PA-UC-F: First physical access in this location for user ↳ PA-UC-A: Abnormal physical access in this location for user ↳ PA-UB-A: Abnormal physical access in this building for user ↳ PA-UTi-A: Badge access at abnormal time ↳ PA-MC: Badge access in multiple cities within a session ↳ PA-DU: Badge access by disabled user ↳ PA-WU: Badge access by watchlist user |
• PA-UTi: Badge access time • PA-UB: Building level badge access by user • PA-UC: City level badge access by user |