Vendor: Xiting
June 14, 2023 · View on GitHub
Product: XAMS
Use-Case: Data Access
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 6 | 4 | 1 | 2 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| app-login | T1078 - Valid Accounts ↳ APP-UApp-F: First login or activity within an application for user ↳ APP-UApp-A: Abnormal login or activity within an application for user ↳ APP-AppU-F: First login to an application for a user with no history ↳ APP-AppG-F: First login to an application for group ↳ APP-GApp-A: Abnormal login to an application for group | • APP-GApp: Group Logons to Applications • APP-AppG: Groups per Application • APP-AppU: User Logons to Applications • APP-UApp: Applications per User |
| failed-app-login | T1078 - Valid Accounts ↳ APP-F-FL: Failed login to application |