| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 15 | 4 | 7 | 1 | 1 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | share-access:success (share-access) ↳synologynas-s-kv-share-access-success-fileevent ↳synologynas-s-str-share-access-success-connection |
T1187 - Forced Authentication |
|
| Lateral Movement | share-access:success (share-access) ↳synologynas-s-kv-share-access-success-fileevent ↳synologynas-s-str-share-access-success-connection |
T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares |
|
| Malware | share-access:success (share-access) ↳synologynas-s-kv-share-access-success-fileevent ↳synologynas-s-str-share-access-success-connection |
T1569 - System Services T1569.002 - T1569.002 |
|
| Privilege Escalation | share-access:success (share-access) ↳synologynas-s-kv-share-access-success-fileevent ↳synologynas-s-str-share-access-success-connection |
T1021 - Remote Services T1021.002 - Remote Services: SMB/Windows Admin Shares T1087 - Account Discovery T1484 - Group Policy Modification |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| System Services |
Group Policy Modification |
Group Policy Modification |
Forced Authentication |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |