| Compromised Credentials | app-activity
↳airwatch-admin-app-activity-1
↳airwatch-admin-app-activity-2
↳airwatch-admin-app-activity-3
↳airwatch-admin-app-activity
↳airwatch-admin-app-activity-4
authentication-successful
↳airwatch-authentication
↳airwatch-auth-successful
↳airwatch-admin-loggedin
↳airwatch-admin-loggedin-1
security-alert
↳airwatch-security-alerts
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
| |
| Lateral Movement | app-activity
↳airwatch-admin-app-activity-1
↳airwatch-admin-app-activity-2
↳airwatch-admin-app-activity-3
↳airwatch-admin-app-activity
↳airwatch-admin-app-activity-4
authentication-failed
↳airwatch-authentication
↳airwatch-admin-login-failed
authentication-successful
↳airwatch-authentication
↳airwatch-auth-successful
↳airwatch-admin-loggedin
↳airwatch-admin-loggedin-1
security-alert
↳airwatch-security-alerts
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
| |
| Malware | app-activity
↳airwatch-admin-app-activity-1
↳airwatch-admin-app-activity-2
↳airwatch-admin-app-activity-3
↳airwatch-admin-app-activity
↳airwatch-admin-app-activity-4
authentication-successful
↳airwatch-authentication
↳airwatch-auth-successful
↳airwatch-admin-loggedin
↳airwatch-admin-loggedin-1
security-alert
↳airwatch-security-alerts
| T1078 - Valid Accounts
TA0002 - TA0002
| |
| Ransomware | app-activity
↳airwatch-admin-app-activity-1
↳airwatch-admin-app-activity-2
↳airwatch-admin-app-activity-3
↳airwatch-admin-app-activity
↳airwatch-admin-app-activity-4
authentication-failed
↳airwatch-authentication
↳airwatch-admin-login-failed
authentication-successful
↳airwatch-authentication
↳airwatch-auth-successful
↳airwatch-admin-loggedin
↳airwatch-admin-loggedin-1
| T1078 - Valid Accounts
| |