Vendor: LOGBinder
June 14, 2023 · View on GitHub
Product: SharePoint
Use-Case: Data Leak
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 0 | 2 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1114.003 - Email Collection: Email Forwarding Rule ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords | |
| file-write | T1114.001 - T1114.001 ↳ FA-Outlook-pst: A file ends with either pst or ost |