2_ds_dell_emc_isilon.md

June 14, 2023 · View on GitHub

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Data Access	file-delete ↳dell-file-operations-2 ↳isilon-file-delete file-permission-change ↳isilon-file-permission-change file-read ↳dell-file-operations-1 ↳isilon-file-read ↳dell-file-operations-4 file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations	T1083 - File and Directory Discovery	24 Rules 13 Models
Privilege Abuse	file-delete ↳dell-file-operations-2 ↳isilon-file-delete file-permission-change ↳isilon-file-permission-change file-read ↳dell-file-operations-1 ↳isilon-file-read ↳dell-file-operations-4 file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations remote-access ↳dell-file-remote-access	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002	7 Rules 3 Models
Privileged Activity	file-delete ↳dell-file-operations-2 ↳isilon-file-delete file-permission-change ↳isilon-file-permission-change file-read ↳dell-file-operations-1 ↳isilon-file-read ↳dell-file-operations-4 file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations remote-access ↳dell-file-remote-access	T1021 - Remote Services T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	6 Rules 2 Models