Vendor: Medigate
June 14, 2023 · View on GitHub
Product: Medigate
Use-Case: Compromised Credentials
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 27 | 9 | 4 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| alert-iot | T1078 - Valid Accounts ↳ A-SA-AN-ALERT-IOT-F: First security alert name on the IOT/OT device ↳ A-SA-AN-ALERT-IOT-A: Abnormal security alert name on IOT/OT Devices ↳ A-SA-OA-ALERT-IOT-A: Abnormal IOT/OT device triggering security alert for organization | • A-SA-OA-ALERT-IOT: IOT/OT devices triggering security alerts in the organization • A-SA-AN-ALERT-IOT: Security alert names on IOT/OT devices |
| security-alert | T1078 - Valid Accounts ↳ A-SA-AN-ALERT-F: First security alert name on the asset ↳ A-SA-AN-ALERT-A: Abnormal security alert name on the asset ↳ A-SA-ON-ALERT-F: First security alert (by name) in the organization ↳ A-SA-ON-ALERT-A: Abnormal security alert (by name) in the organization ↳ A-SA-ZN-ALERT-F: First security alert (by name) in the zone ↳ A-SA-ZN-ALERT-A: Abnormal security alert (by name) in the zone ↳ A-SA-HN-ALERT-F: First security alert (by name) in the asset ↳ A-SA-HN-ALERT-A: Abnormal security alert (by name) in the asset ↳ A-SA-OA-ALERT-F: First security alert for this asset for organization ↳ A-SA-OA-ALERT-A: Abnormal asset triggering security alert for organization ↳ SA-OU-ALERT-F: First security alert triggered for this user in the organization ↳ SA-OU-ALERT-A: Abnormal user triggering security alert in the organization ↳ SA-OG-ALERT-F: First security alert triggered for peer group in the organization ↳ SA-OG-ALERT-A: Abnormal peer group triggering security alert in the organization ↳ SA-UA-F: First security alert name for user ↳ SA-UA-A: Abnormal security alert name for user ↳ SA-GA-F: First security alert name in the peer group ↳ SA-GA-A: Abnormal security alert name in the peer group ↳ SA-OA-F: First security alert name in the organization ↳ SA-OA-A: Abnormal security alert name in the organization T1190 - Exploit Public Fasing Application ↳ A-Log4j-Vul-Alert: Alert for the CVE-2021-44228 vulnerability on the asset. ↳ Log4j-Vul-Alert: Alert for the CVE-2021-44228 vulnerability T1133 - External Remote Services ↳ ALERT-VPN: Security Alert on asset accessed by this user during VPN session T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools ↳ A-ALERT-Critical: Security Alert on a critical asset ↳ A-ALERT-Log4j: Alert associated with an exploitation or post exploitation as seen with Log4j Vulnerability was detected. | • SA-OA: Security alert names in the organization • SA-GA: Security alert names in the peer group • SA-UA: Security alert names for user • SA-OG-ALERT: Peer groups triggering security alerts in the organization • SA-OU-ALERT: Users triggering security alerts in the organization • A-SA-OA-ALERT: Assets triggering security alerts in the organization • A-SA-HN-ALERT: Security alert names triggered by the asset • A-SA-ZN-ALERT: Security alert names triggered in the zone • A-SA-ON-ALERT: Security alert names triggered in the organization • A-SA-AN-ALERT: Security alert names on asset |