| Compromised Credentials | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1003.003 - T1003.003 T1083 - File and Directory Discovery
| |
| Data Access | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1083 - File and Directory Discovery
| |
| Data Exfiltration | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1204 - User Execution
| |
| Data Leak | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
| |
| Malware | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1003.002 - T1003.002 T1027 - Obfuscated Files or Information T1085 - Signed Binary Proxy Execution: Rundll32 T1204 - User Execution
| |
| Phishing | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |
| Privilege Abuse | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1078 - Valid Accounts
| |
| Privileged Activity | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1078 - Valid Accounts
| |
| Workforce Protection | dlp-email-alert-out ↳ code42-email-out-operations
file-delete ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
file-download ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-read ↳ code42-file-operations-4 ↳ code42-file-operations-3 ↳ code42-file-operations
file-upload ↳ code42-file-operations-2 ↳ code42-file-operations-3
file-write ↳ code42-file-operations-4 ↳ code42-file-operations-2 ↳ code42-file-operations-3 ↳ code42-file-operations
print-activity ↳ code42-print-operations
usb-activity ↳ code42-usb-removed
usb-insert ↳ code42-usb-insert
| T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |