Product: SecurID
Use-Case: Privilege Abuse
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 2 | 2 | 3 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| vpn-logout | T1078 - Valid Accounts ↳ WPA-UACount: Abnormal number of privilege access events for user T1098 - Account Manipulation ↳ EM-InB-Perm-A: Abnormal number of mailbox permission given by user. T1098.002 - Account Manipulation: Exchange Email Delegate Permissions ↳ EM-InB-Perm-A: Abnormal number of mailbox permission given by user. |
• WPA-UACount: Count of admin privilege events for user • EM-InB-Perm: Models the number of mailbox permissions given by this user. |