Vendor: Adobe

April 15, 2026 · View on GitHub

Product: Adobe Experience Manager

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
130	53	26	3	0

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-activity ↳adobe-aem-json-http-request-success web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Account Manipulation	app-activity ↳adobe-aem-json-http-request-success	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Compromised Credentials	app-activity ↳adobe-aem-json-http-request-success web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	79 Rules 46 Models
Cryptomining	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	1 Rules
Data Access	app-activity ↳adobe-aem-json-http-request-success	T1078 - Valid Accounts	19 Rules 11 Models
Data Exfiltration	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	8 Rules 2 Models
Data Leak	app-activity ↳adobe-aem-json-http-request-success web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models
Lateral Movement	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application	9 Rules
Malware	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	25 Rules 7 Models
Phishing	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1189 - Drive-by Compromise T1204 - User Execution T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598 - T1598 T1598.003 - T1598.003	3 Rules
Privilege Abuse	app-activity ↳adobe-aem-json-http-request-success web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 2 Models
Privilege Escalation	app-activity ↳adobe-aem-json-http-request-success	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳adobe-aem-json-http-request-success web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service	4 Rules 1 Models
Ransomware	web-activity-allowed ↳adobe-aem-json-http-request-success web-activity-denied ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	1 Rules
Workforce Protection	web-activity-allowed ↳adobe-aem-json-http-request-success	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts	Valid Accounts			Internal Spearphishing	Email Collection Email Collection: Email Forwarding Rule	Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over C2 Channel Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking