Vendor: Microsoft
June 14, 2023 · View on GitHub
Product: DirectAccess
Use-Case: Privilege Abuse
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 1 | 0 | 2 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| vpn-login | T1078 - Valid Accounts ↳ SL-UA-F-VPN: First VPN connection for service account T1133 - External Remote Services ↳ SL-UA-F-VPN: First VPN connection for service account |