Vendor: Vormetric
June 14, 2023 · View on GitHub
Product: Vormetric
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 34 | 16 | 5 | 2 | 2 |
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | file-read ↳vormetric-file-operations | T1003.001 - T1003.001 T1003.003 - T1003.003 T1083 - File and Directory Discovery |
|
| Data Access | file-read ↳vormetric-file-operations | T1083 - File and Directory Discovery |
|
| Data Exfiltration | file-alert ↳vormetric-file-operations | TA0002 - TA0002 |
|
| Malware | file-alert ↳vormetric-file-operations | TA0002 - TA0002 |
|
| Privilege Abuse | file-alert ↳vormetric-file-operations file-read ↳vormetric-file-operations | T1078 - Valid Accounts |
|
| Privileged Activity | file-alert ↳vormetric-file-operations file-read ↳vormetric-file-operations | T1078 - Valid Accounts |
|
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Valid Accounts | Valid Accounts | Valid Accounts | OS Credential Dumping | File and Directory Discovery |