Vendor: Dell

June 14, 2023 · View on GitHub

Product: EMC Isilon

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
92	36	22	5	5

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	remote-access ↳dell-file-remote-access	T1021 - Remote Services T1078 - Valid Accounts	7 Rules 3 Models
Compromised Credentials	file-delete ↳dell-file-operations-2 ↳isilon-file-delete file-permission-change ↳isilon-file-permission-change file-read ↳dell-file-operations-1 ↳isilon-file-read ↳dell-file-operations-4 file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations remote-access ↳dell-file-remote-access	T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1083 - File and Directory Discovery T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	41 Rules 18 Models
Data Exfiltration	file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations	TA0002 - TA0002	2 Rules 1 Models
Data Leak	file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations	T1114.001 - T1114.001	1 Rules
Destruction of Data	file-delete ↳dell-file-operations-2 ↳isilon-file-delete	T1070.004 - Indicator Removal on Host: File Deletion T1485 - Data Destruction	1 Rules
Lateral Movement	remote-access ↳dell-file-remote-access	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	33 Rules 14 Models
Malware	file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations remote-access ↳dell-file-remote-access	T1003.002 - T1003.002 T1505.003 - Server Software Component: Web Shell T1547.001 - T1547.001 T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0002 - TA0002	14 Rules 5 Models
Privilege Escalation	remote-access ↳dell-file-remote-access	T1078 - Valid Accounts T1555.005 - T1555.005	2 Rules 1 Models
Ransomware	file-write ↳isilon-file-write ↳dell-file-operations-3 ↳json-dell-file-operations	T1486 - Data Encrypted for Impact	1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts		Valid Accounts Server Software Component: Web Shell Server Software Component Boot or Logon Autostart Execution	Valid Accounts Exploitation for Privilege Escalation Boot or Logon Autostart Execution	Indicator Removal on Host: File Deletion Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Indicator Removal on Host Use Alternate Authentication Material: Pass the Ticket	OS Credential Dumping Steal or Forge Kerberos Tickets Credentials from Password Stores Steal or Forge Kerberos Tickets: Kerberoasting	File and Directory Discovery Remote System Discovery	Remote Services Use Alternate Authentication Material	Email Collection			Data Destruction Data Encrypted for Impact