Vendor: Commvault

April 15, 2026 · View on GitHub

Product: Commvault

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
87331240
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-creation
commvault-commvault-kv-app-activity-success-audittrail

app-activity
commvault-commvault-kv-app-activity-success-audittrail

app-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulationaccount-creation
commvault-commvault-kv-app-activity-success-audittrail

app-activity
commvault-commvault-kv-app-activity-success-audittrail
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 23 Rules
  • 9 Models
Compromised Credentialsapp-activity
commvault-commvault-kv-app-activity-success-audittrail

app-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 43 Rules
  • 24 Models
Data Accessapp-activity
commvault-commvault-kv-app-activity-success-audittrail

app-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Data Leakapp-activity
commvault-commvault-kv-app-activity-success-audittrail
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Lateral Movementapp-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Malwareapp-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
  • 1 Rules
Privilege Escalationapp-activity
commvault-commvault-kv-app-activity-success-audittrail
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Privileged Activityapp-activity
commvault-commvault-kv-app-activity-success-audittrail

app-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Ransomwareapp-login
commvault-commvault-kv-app-activity-success-audittrail

failed-app-login
commvault-commvault-kv-app-activity-success-audittrail
T1078 - Valid Accounts
  • 2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

Create Account

External Remote Services

Valid Accounts

Account Manipulation

Create Account: Create: Local Account

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Valid Accounts

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy