Vendor: Semperis
June 14, 2023 · View on GitHub
Product: DSP
Use-Case: Privilege Abuse
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 2 | 2 | 3 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| app-login | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account ↳ APP-F-SA-NC: New service account access to application | |
| ds-access | T1484 - Group Policy Modification ↳ DS-APRIV: Non-Privileged user accessing privileged directory service attribute ↳ DS-UA: First access to attribute for privileged user | • DS-UA: Attributes per privileged user • DS-APRIV: Privileged user attributes |
| failed-app-login | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account |