Vendor: Linux
June 14, 2023 · View on GitHub
Product: SSH
Use-Case: Privilege Escalation
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 3 | 1 | 3 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| failed-logon | T1210 - Exploitation of Remote Services ↳ A-Suspicious-Zerologon: Failed authentication attempt on this asset. | |
| remote-logon | T1078 - Valid Accounts ↳ AS-PV-UHWoPC: Access to Password Vault managed asset with no password checkout for user ↳ DC18-new: Account switch by new user T1555.005 - T1555.005 ↳ AS-PV-UHWoPC: Access to Password Vault managed asset with no password checkout for user | • AS-PV-OA: Password retrieval based accounts |