Vendor: FireEye

Product: FireEye Helix

Rules	Models	MITRE TTPs	Event Types	Parsers
9	6	2	1	1

Use-Case	Event Types/Parsers	MITRE TTP	Content
Compromised Credentials	network-alert ↳ json-fireeye-alert-network	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	5 Rules 4 Models
Malware	network-alert ↳ json-fireeye-alert-network	T1204 - User Execution	4 Rules 2 Models

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
	User Execution			Obfuscated Files or Information: Indicator Removal from Tools Obfuscated Files or Information