Vendor: BeyondTrust
July 25, 2023 · View on GitHub
Product: BeyondTrust PasswordSafe
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 10 | 7 | 4 | 2 | 2 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Brute Force Attack | account-switch ↳ beyondtrust-passwordsafe privileged-access ↳ beyondtrust-passwordsafe | T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
| Compromised Credentials | account-switch ↳ beyondtrust-passwordsafe privileged-access ↳ beyondtrust-passwordsafe | T1078 - Valid Accounts |
|
| Malware | account-switch ↳ beyondtrust-passwordsafe privileged-access ↳ beyondtrust-passwordsafe | T1204 - User Execution |
|
| Privilege Escalation | account-switch ↳ beyondtrust-passwordsafe privileged-access ↳ beyondtrust-passwordsafe | T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
ATT&CK Matrix for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | User Execution | Valid Accounts Account Manipulation | Valid Accounts | Valid Accounts | OS Credential Dumping |