Product: Wazuh
Use-Case: Compromised Credentials
Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
---|---|---|---|---|
3 | 1 | 1 | 1 | 0 |
Event Type | Rules | Models |
---|---|---|
failed-logon | T1078 - Valid Accounts ↳ SEQ-UH-04: Failed logon by a service account ↳ SEQ-UH-05: Failed interactive logon by a service account ↳ SEQ-UH-07: Failed logon to an asset that user has not previously accessed |
• AE-UA: All activity for users |