| Compromised Credentials | app-activity
↳code42-app-activity
file-delete
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
file-read
↳code42-file-operations-4
↳code42-file-operations-3
↳code42-file-read
↳code42-file-operations
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
security-alert
↳code42-alert-1
↳code42-alert-2
↳code42-alert-3
| T1003.001 - T1003.001
T1003.002 - T1003.002
T1003.003 - T1003.003
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1083 - File and Directory Discovery
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
| |
| Data Access | app-activity
↳code42-app-activity
file-delete
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
file-read
↳code42-file-operations-4
↳code42-file-operations-3
↳code42-file-read
↳code42-file-operations
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
| T1078 - Valid Accounts
T1083 - File and Directory Discovery
| |
| Data Leak | app-activity
↳code42-app-activity
dlp-email-alert-out
↳code42-email-out-operations
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
print-activity
↳code42-print-operations
usb-insert
↳code42-usb-insert
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
| |
| Malware | app-activity
↳code42-app-activity
dlp-email-alert-out
↳code42-email-out-operations
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
security-alert
↳code42-alert-1
↳code42-alert-2
↳code42-alert-3
| T1003.002 - T1003.002
T1078 - Valid Accounts
T1190 - Exploit Public Fasing Application
T1505.003 - Server Software Component: Web Shell
T1547.001 - T1547.001
TA0002 - TA0002
| |
| Privilege Abuse | app-activity
↳code42-app-activity
dlp-email-alert-out
↳code42-email-out-operations
file-delete
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
file-download
↳code42-file-operations-2
↳code42-file-operations-3
file-read
↳code42-file-operations-4
↳code42-file-operations-3
↳code42-file-read
↳code42-file-operations
file-upload
↳code42-file-operations-2
↳code42-file-operations-3
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
| T1078 - Valid Accounts
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privileged Activity | app-activity
↳code42-app-activity
dlp-email-alert-out
↳code42-email-out-operations
file-delete
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
file-download
↳code42-file-operations-2
↳code42-file-operations-3
file-read
↳code42-file-operations-4
↳code42-file-operations-3
↳code42-file-read
↳code42-file-operations
file-upload
↳code42-file-operations-2
↳code42-file-operations-3
file-write
↳code42-file-operations-4
↳code42-file-operations-2
↳code42-file-operations-3
↳code42-file-operations
security-alert
↳code42-alert-1
↳code42-alert-2
↳code42-alert-3
| T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
| |