Vendor: Accellion

June 14, 2023 · View on GitHub

Product: Kiteworks

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
18580231515
Use-CaseEvent Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-lockout
kiteworks-account-lockout-1

account-password-change
accelion-kite-app-password-change
q-kiteworks-password-change
kiteworks-password-change-1

account-password-reset
accelion-kite-app-reset-password

account-unlocked
kiteworks-account-unlocked-1
kiteworks-account-unlocked-2

app-activity
accelion-kite-app-activity-5
q-kiteworks-app-activity
accelion-kite-app-activity-2
accelion-kite-app-activity-4
accelion-kite-app-activity-3
accelion-kite-app-delete-draft
accelion-kite-app-setting
accelion-kite-app-user-delete
q-kiteworks-app-activity-4
q-kiteworks-app-activity-5
accelion-kite-app-network-setting
accelion-kite-app-file-withdraw
q-kiteworks-app-activity-1
q-kiteworks-app-activity-2
q-kiteworks-app-activity-3
accelion-kite-app-system
accelion-kite-app-3

app-login
accelion-kite-app-login-1
q-kiteworks-app-login-1
accelion-kite-app-admin-login
q-kiteworks-app-login

failed-app-login
accelion-kite-failed-app-login
kiteworks-failed-app-login-1
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 16 Rules
  • 4 Models
Account Manipulationaccount-password-change
accelion-kite-app-password-change
q-kiteworks-password-change
kiteworks-password-change-1

account-password-reset
accelion-kite-app-reset-password

app-activity
accelion-kite-app-activity-5
q-kiteworks-app-activity
accelion-kite-app-activity-2
accelion-kite-app-activity-4
accelion-kite-app-activity-3
accelion-kite-app-delete-draft
accelion-kite-app-setting
accelion-kite-app-user-delete
q-kiteworks-app-activity-4
q-kiteworks-app-activity-5
accelion-kite-app-network-setting
accelion-kite-app-file-withdraw
q-kiteworks-app-activity-1
q-kiteworks-app-activity-2
q-kiteworks-app-activity-3
accelion-kite-app-system
accelion-kite-app-3
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 4 Rules
  • 1 Models
Brute Force Attackaccount-lockout
kiteworks-account-lockout-1
T1110 - Brute Force
  • 1 Rules
Data Exfiltrationdlp-alert
accelion-dlp-alert

file-write
q-kiteworks-file-write
T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 19 Models
Destruction of Datafile-delete
q-kiteworks-file-delete
accelion-kite-app-file-delete
accelion-kite-app-file-delete-1
T1070.004 - Indicator Removal on Host: File Deletion
T1485 - Data Destruction
  • 1 Rules
Phishingdlp-email-alert-out
q-kiteworks-email-out
accelion-kite-app-activity-email-alert
q-kiteworks-email-out-1
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Workforce Protectiondlp-email-alert-out
q-kiteworks-email-out
accelion-kite-app-activity-email-alert
q-kiteworks-email-out-1
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Server Software Component: Web Shell

Account Manipulation

Server Software Component

Boot or Logon Autostart Execution

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Boot or Logon Autostart Execution

Indicator Removal on Host: File Deletion

Valid Accounts

Indicator Removal on Host

OS Credential Dumping

Brute Force

File and Directory Discovery

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Automated Exfiltration

Data Destruction

Data Encrypted for Impact