Vendor: Lumension

Product: Lumension

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
44	15	10	3	2

Use-Case	Activity Types (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	alert-trigger:success (security-alert) ↳malwarebytes-ep-cef-alert-trigger-success-detection-1	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	23 Rules 9 Models
Data Leak	peripheral_storage-insert:success (usb-insert) ↳lumension-l-kv-peripheral-storage-insert-success-deviceattached ↳lumension-l-kv-peripheral-storage-insert-success-mediuminserted ↳lumension-l-kv-peripheral-storage-insert-usb file-write:success (usb-write) ↳lumension-l-kv-file-write-success-writegranted	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media	14 Rules 4 Models
Lateral Movement	alert-trigger:success (security-alert) ↳malwarebytes-ep-cef-alert-trigger-success-detection-1	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	2 Rules
Malware	alert-trigger:success (security-alert) ↳malwarebytes-ep-cef-alert-trigger-success-detection-1 file-write:success (usb-write) ↳lumension-l-kv-file-write-success-writegranted	TA0002 - TA0002	4 Rules 2 Models
Privileged Activity	alert-trigger:success (security-alert) ↳malwarebytes-ep-cef-alert-trigger-success-detection-1	T1068 - Exploitation for Privilege Escalation	1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Exploit Public Fasing Application Replication Through Removable Media		External Remote Services Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information			Replication Through Removable Media			Exfiltration Over Physical Medium: Exfiltration over USB Exfiltration Over Physical Medium

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_lumension_lumension.md

ds_lumension_lumension.md

Vendor: Lumension

Product: Lumension

MITRE ATT&CK® Framework for Enterprise

Files

ds_lumension_lumension.md

Latest commit

History

ds_lumension_lumension.md

File metadata and controls

Vendor: Lumension

Product: Lumension

MITRE ATT&CK® Framework for Enterprise