Skip to content

Latest commit

 

History

History
15 lines (13 loc) · 2.52 KB

r_m_logrhythm_logrhythm_Data_Access.md

File metadata and controls

15 lines (13 loc) · 2.52 KB

Rules by Product and UseCase

Vendor: LogRhythm

Product: LogRhythm

Use-Case: Data Access

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
20 11 2 2 0
Event Type Rules Models
app-activity T1078 - Valid Accounts
APP-UApp-F: First login or activity within an application for user
APP-UApp-A: Abnormal login or activity within an application for user
APP-AppU-F: First login to an application for a user with no history
APP-AppG-F: First login to an application for group
APP-GApp-A: Abnormal login to an application for group
APP-UOb-F: First access to application object for user
APP-UOb-A: Abnormal access to application object for user
APP-UappA-F: First application activity for user
APP-UappA-A: Abnormal application activity for user
APP-GappA-F: First application activity for peer group
APP-GappA-A: Abnormal application activity for peer group
APP-AA-F: First application activity in the organization
APP-AA-A: Abnormal activity in application for the organization
APP-UMime-F: First mime type for user
APP-UMime-A: Abnormal mime type for user
APP-GMime-F: First mime type for peer group
APP-GMime-A: Abnormal mime type for peer group
APP-OMime-F: First mime type for organization
APP-OMime-A: Abnormal mime type for organization
APP-OMime: Mime types for organization
APP-GMime: Mime types per peer group
APP-UMime: Mime types per user
APP-AA: Activity per application
APP-GappA: Application activity per peer group
APP-UappA: Application activity per user
APP-UOb: Application objects per user
APP-GApp: Group Logons to Applications
APP-AppG: Groups per Application
APP-AppU: User Logons to Applications
APP-UApp: Applications per User
process-created T1003 - OS Credential Dumping
A-CP-Sensitive-Files: Copying sensitive files with credential data on this asset