Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 6.86 KB

ds_wiz_wiz.md

File metadata and controls

22 lines (20 loc) · 6.86 KB
Raw

Vendor: Wiz

Product: Wiz

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
78 28 11 4 4
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access user-delete:success (account-deleted)
wiz-w-csv-user-delete-success-deleteuser

app-login:success (app-login)
wiz-w-json-app-login-success-federatedauth
wiz-w-json-app-login-success-fail-login

app-login:fail (failed-app-login)
wiz-w-json-app-login-success-fail-login
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulation user-delete:success (account-deleted)
wiz-w-csv-user-delete-success-deleteuser
 T1136 - Create Account
T1531 - Account Access Removal
  • 2 Rules
  • 1 Models
Data Access app-login:success (app-login)
wiz-w-json-app-login-success-federatedauth
wiz-w-json-app-login-success-fail-login

app-login:fail (failed-app-login)
wiz-w-json-app-login-success-fail-login
 T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
Privilege Abuse user-delete:success (account-deleted)
wiz-w-csv-user-delete-success-deleteuser

app-login:success (app-login)
wiz-w-json-app-login-success-federatedauth
wiz-w-json-app-login-success-fail-login

app-login:fail (failed-app-login)
wiz-w-json-app-login-success-fail-login
 T1078 - Valid Accounts
T1531 - Account Access Removal
  • 3 Rules
  • 1 Models
Ransomware app-login:success (app-login)
wiz-w-json-app-login-success-federatedauth
wiz-w-json-app-login-success-fail-login

app-login:fail (failed-app-login)
wiz-w-json-app-login-success-fail-login
 T1078 - Valid Accounts
  • 2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 Create Account

External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Proxy: Multi-hop Proxy

Proxy

 Account Access Removal