Vendor: AccessIT

Product: Universal.NET

Use-Case: Physical Security

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
7	3	1	1	1

Event Type	Rules	Models
physical-access	T1078 - Valid Accounts ↳ PA-UC-F: First physical access in this location for user ↳ PA-UC-A: Abnormal physical access in this location for user ↳ PA-UB-A: Abnormal physical access in this building for user ↳ PA-UTi-A: Badge access at abnormal time ↳ PA-MC: Badge access in multiple cities within a session ↳ PA-DU: Badge access by disabled user ↳ PA-WU: Badge access by watchlist user	• PA-UTi: Badge access time • PA-UB: Building level badge access by user • PA-UC: City level badge access by user