Product: OnGuard
Use-Case: Privileged Activity
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 4 | 1 | 1 | 3 | 21 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account ↳ APP-AT-PRIV: Non-privileged user performing privileged application activity |
• APP-AT-PRIV: Privileged application activities |
| failed-physical-access | T1078 - Valid Accounts ↳ FPA-DU: Failed badge access by disabled user |
|
| file-write | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account |
|
| physical-access | T1078 - Valid Accounts ↳ PA-DU: Badge access by disabled user |