| Use-Case | Activity Type (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Lateral Movement | endpoint-login:fail (authentication-failed) ↳mastersam-pam-kv-endpoint-authentication-fail-loginfail ↳mastersam-pam-kv-endpoint-authentication-fail-otpfailed endpoint-login:success (authentication-successful) ↳mastersam-pam-kv-endpoint-authentication-success-login ↳mastersam-pam-kv-endpoint-authentication-success-verifiedotp |
T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy |
|
| Ransomware | endpoint-login:fail (authentication-failed) ↳mastersam-pam-kv-endpoint-authentication-fail-loginfail ↳mastersam-pam-kv-endpoint-authentication-fail-otpfailed endpoint-login:success (authentication-successful) ↳mastersam-pam-kv-endpoint-authentication-success-login ↳mastersam-pam-kv-endpoint-authentication-success-verifiedotp |
T1078 - Valid Accounts |
|