Vendor: Delinea

June 14, 2023 · View on GitHub

Product: Centrify Authentication Service

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
118402066
Use-CaseEvent Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-password-reset
centrify-account-password-change-failed-1

authentication-failed
centrify-authentication-failed-1
centrify-authentication-failed-2

authentication-successful
centrify-authentication-success-1
centrify-auth-success

failed-logon
centrify-auth-denied
centrify-failed-logon-2
centrify-failed-logon-1
centrify-ssh-login-failed
centrify-failed-logon

local-logon
centrify-local-logon

remote-logon
centrify-remote-logon-2
centrify-remote-logon-1
centrify-ssh-login
T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 45 Rules
  • 19 Models
Account Manipulationaccount-password-reset
centrify-account-password-change-failed-1
T1098 - Account Manipulation
  • 1 Rules
Brute Force Attackfailed-logon
centrify-auth-denied
centrify-failed-logon-2
centrify-failed-logon-1
centrify-ssh-login-failed
centrify-failed-logon
T1021.001 - Remote Services: Remote Desktop Protocol
T1110 - Brute Force
T1110.003 - T1110.003
  • 9 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

External Remote Services

Valid Accounts

Account Manipulation

Valid Accounts

Exploitation for Privilege Escalation

Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Valid Accounts: Local Accounts

Brute Force

Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

Remote System Discovery

Exploitation of Remote Services

Remote Services

Use Alternate Authentication Material

Remote Services: Remote Desktop Protocol

Proxy: Multi-hop Proxy

Proxy