2_ds_beyondtrust_beyondinsight.md

April 15, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps	T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	43 Rules 24 Models
Data Access	app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps	T1078 - Valid Accounts	20 Rules 11 Models
Data Leak	app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Lateral Movement	app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps	T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Malware	app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps privileged-access ↳beyondtrust-powerbroker-kv-user-privilege-use-success-elevation	T1078 - Valid Accounts TA0002 - TA0002	5 Rules 2 Models
Privilege Abuse	account-password-reset ↳beyondtrust-bi-leef-user-password-reset-success app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-activity-failed ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps privileged-access ↳beyondtrust-powerbroker-kv-user-privilege-use-success-elevation	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	12 Rules 7 Models
Privilege Escalation	app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳beyondtrust-bi-cef-app-activity-success-approve ↳beyondtrust-bi-cef-app-activity-success-appauditdelete ↳beyondtrust-bi-cef-app-activity-success-appauditadd ↳beyondtrust-bi-leef-app-activity-success-system ↳beyondtrust-bi-leef-app-activity-success-managed ↳beyondtrust-bi-leef-app-activity-success-managedaccount ↳beyondtrust-bi-leef-app-activity-success-releasepasswordreset ↳beyondtrust-bi-leef-app-activity-success-turnedoff ↳beyondtrust-bi-leef-app-activity-success-passwordreset ↳beyondtrust-bi-leef-app-activity-success-passwordchange ↳beyondtrust-bi-leef-app-activity-success-updated ↳beyondtrust-bi-cef-user-create-success-add ↳beyondtrust-bi-leef-app-activity-success-change ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-activity-failed ↳beyondtrust-bi-json-app-activity-pbps ↳beyondtrust-bi-json-app-activity-appaudit ↳beyondtrust-bi-leef-app-activity-success-fail-bi app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps privileged-access ↳beyondtrust-powerbroker-kv-user-privilege-use-success-elevation	T1078 - Valid Accounts TA0002 - TA0002	12 Rules 8 Models
Ransomware	app-login ↳beyondtrust-bi-leef-app-login-success-login ↳beyondtrust-bi-leef-app-login-success-pmmlogin ↳beyondtrust-bi-cef-app-login-success-login ↳beyondtrust-bi-json-app-login-pbps failed-app-login ↳beyondtrust-bi-cef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-loginfailure ↳beyondtrust-bi-leef-app-login-fail-connectfailure ↳beyondtrust-bi-json-app-login-pbps	T1078 - Valid Accounts	2 Rules