2_ds_semperis_semperis_dsp.md

Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-login:success (app-login) ↳semperis-dsp-kv-app-login-logintodsp ↳semperis-dsp-str-app-login-success-logindsp ds_object-activity:success (ds-access) ↳semperis-dsp-str-ds-object-create-success-createobject ↳semperis-dsp-str-ds-object-delete-success-deleteobject ↳semperis-dsp-str-ds-object-modify-success-modifyobject ↳semperis-dsp-str-ds-object-move-success-moveobject app-login:fail (failed-app-login) ↳semperis-dsp-kv-app-login-logintodsp	T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1207 - Rogue Domain Controller T1558 - Steal or Forge Kerberos Tickets	35 Rules 17 Models
Privilege Abuse	app-login:success (app-login) ↳semperis-dsp-kv-app-login-logintodsp ↳semperis-dsp-str-app-login-success-logindsp ds_object-activity:success (ds-access) ↳semperis-dsp-str-ds-object-create-success-createobject ↳semperis-dsp-str-ds-object-delete-success-deleteobject ↳semperis-dsp-str-ds-object-modify-success-modifyobject ↳semperis-dsp-str-ds-object-move-success-moveobject app-login:fail (failed-app-login) ↳semperis-dsp-kv-app-login-logintodsp	T1078 - Valid Accounts T1484 - Group Policy Modification	4 Rules 2 Models
Privileged Activity	app-login:success (app-login) ↳semperis-dsp-kv-app-login-logintodsp ↳semperis-dsp-str-app-login-success-logindsp ds_object-activity:success (ds-access) ↳semperis-dsp-str-ds-object-create-success-createobject ↳semperis-dsp-str-ds-object-delete-success-deleteobject ↳semperis-dsp-str-ds-object-modify-success-modifyobject ↳semperis-dsp-str-ds-object-move-success-moveobject app-login:fail (failed-app-login) ↳semperis-dsp-kv-app-login-logintodsp	T1003 - OS Credential Dumping T1003.006 - OS Credential Dumping: DCSync T1078 - Valid Accounts T1207 - Rogue Domain Controller T1484 - Group Policy Modification	8 Rules 2 Models