Skip to content

Latest commit

 

History

History
14 lines (12 loc) · 1.29 KB

r_m_manageengine_adauditplus_Data_Leak.md

File metadata and controls

14 lines (12 loc) · 1.29 KB

Rules by Product and UseCase

Vendor: ManageEngine

Product: ADAuditPlus

Use-Case: Data Leak

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
3 0 2 1 1
Event Type Rules Models
app-activity T1114 - Email Collection
EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email
EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain
EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords

T1114.003 - Email Collection: Email Forwarding Rule
EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email
EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain
EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords