Skip to content

Commit

Permalink
legacy-activity
Browse files Browse the repository at this point in the history
  • Loading branch information
@chana-manhaimer-exa
chana-manhaimer-exa committed Oct 8, 2024
1 parent 7180fbf commit a2a9b43
Show file tree
Hide file tree
Showing 8,107 changed files with 36,369 additions and 80,517 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 2 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@

.DS_Store
38 changes: 19 additions & 19 deletions DS/2_ds__.md
View file

Large diffs are not rendered by default.

4 changes: 2 additions & 2 deletions DS/AMAG/symmetry_access_control/2_ds_amag_symmetry_access_control.md
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,3 @@
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
| Use-Case | Activity Type(Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|:----:| ---- | ---- | ---- |
| [Privileged Activity](../../../UseCases/uc_privileged_activity.md) | failed-physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>1 Rules</li></ul>](RM/r_m_amag_symmetry_access_control_Privileged_Activity.md) |
| [Privileged Activity](../../../UseCases/uc_privileged_activity.md) | physical_location-access:fail(failed-physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical_location-access:success(physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>1 Rules</li></ul>](RM/r_m_amag_symmetry_access_control_Privileged_Activity.md) |
12 changes: 12 additions & 0 deletions DS/AMAG/symmetry_access_control/RM/r_m_amag_symmetry_access_control_Enrichment.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Rules by Product and UseCase
============================
Vendor: AMAG
------------
### Product: [Symmetry Access Control](../ds_amag_symmetry_access_control.md)
### Use-Case: [Enrichment](../../../../UseCases/uc_enrichment.md)

| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|:-----:|:------:|:------------------:|:--------------:|:-------:|
| 0 | 0 | 0 | 0 | 0 |

| Event Type | Rules | Models || ---------- | ----- | ------ |
6 changes: 3 additions & 3 deletions DS/AMAG/symmetry_access_control/ds_amag_symmetry_access_control.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@ Product: Symmetry Access Control
|:-----:|:------:|:------------------:|:--------------:|:-------:|
| 12 | 6 | 1 | 1 | 8 |

| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
| Use-Case | Activity Types(Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|:----:| ---- | ---- | ---- |
| [Abnormal Authentication & Access](../../../UseCases/uc_abnormal_authentication_&_access.md) | failed-physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>3 Rules</li></ul><ul><li>2 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Abnormal_Authentication_&_Access.md) |
| [Physical Security](../../../UseCases/uc_physical_security.md) | failed-physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical-access<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>9 Rules</li></ul><ul><li>4 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Physical_Security.md) |
| [Abnormal Authentication & Access](../../../UseCases/uc_abnormal_authentication_&_access.md) | physical_location-access:fail(failed-physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical_location-access:success(physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>3 Rules</li></ul><ul><li>2 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Abnormal_Authentication_&_Access.md) |
| [Physical Security](../../../UseCases/uc_physical_security.md) | physical_location-access:fail(failed-physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-fail-wronghandtemplate](Ps/pC_amagsaccefphysicallocationaccessfailwronghandtemplate.md)<br> ↳[amag-sac-cef-physical-location-access-fail-inactive](Ps/pC_amagsaccefphysicallocationaccessfailinactive.md)<br> ↳[amag-sac-cef-physical-location-access-fail-atwrongdoor](Ps/pC_amagsaccefphysicallocationaccessfailatwrongdoor.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br><br> physical_location-access:success(physical-access)<br> ↳[amag-sac-json-physical-location-access-accessbadge](Ps/pC_amagsacjsonphysicallocationaccessaccessbadge.md)<br> ↳[amag-sac-kv-physical-location-access-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccessdatetimeoftxn.md)<br> ↳[amag-sac-kv-physical-location-access-eventcode](Ps/pC_amagsackvphysicallocationaccesseventcode.md)<br> ↳[amag-sac-cef-physical-location-access-success-badge-flooraccess](Ps/pC_amagsaccefphysicallocationaccesssuccessbadgeflooraccess.md)<br> ↳[amag-sac-cef-physical-location-access-success-grantedaccess](Ps/pC_amagsaccefphysicallocationaccesssuccessgrantedaccess.md)<br> ↳[amag-sac-kv-physical-location-access-success-datetimeoftxn](Ps/pC_amagsackvphysicallocationaccesssuccessdatetimeoftxn.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>9 Rules</li></ul><ul><li>4 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Physical_Security.md) |
[Next Page -->>](2_ds_amag_symmetry_access_control.md)

MITRE ATT&CK® Framework for Enterprise
Expand Down
14 changes: 0 additions & 14 deletions DS/AMD/pensando/RM/r_m_amd_pensando_Compromised_Credentials.md
View file

This file was deleted.

15 changes: 0 additions & 15 deletions DS/AMD/pensando/RM/r_m_amd_pensando_Cryptomining.md
View file

This file was deleted.

14 changes: 0 additions & 14 deletions DS/AMD/pensando/RM/r_m_amd_pensando_Data_Access.md
View file

This file was deleted.

12 changes: 12 additions & 0 deletions DS/AMD/pensando/RM/r_m_amd_pensando_Enrichment.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
Rules by Product and UseCase
============================
Vendor: AMD
-----------
### Product: [Pensando](../ds_amd_pensando.md)
### Use-Case: [Enrichment](../../../../UseCases/uc_enrichment.md)

| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|:-----:|:------:|:------------------:|:--------------:|:-------:|
| 0 | 0 | 0 | 0 | 0 |

| Event Type | Rules | Models || ---------- | ----- | ------ |
Loading

0 comments on commit a2a9b43

Please sign in to comment.