| Abnormal Authentication & Access | account-password-change
↳google-workspace-sk4-user-password-success-changepassword
account-password-reset
↳google-workspace-sk4-user-password-success-changepassword
app-activity
↳google-workspace-json-app-activity-eventinfo
↳google-workspace-cef-file-success-drive
↳google-workspace-mix-app-activity-success-tokenlog
↳google-workspace-sk4-app-success-activity
↳google-workspace-sk4-app-success-token
↳google-workspace-json-app-activity-success-groupsenterprise
↳google-workspace-sk4-app-activity-success-groups
↳google-workspace-cef-app-activity-success-audit
↳google-workspace-sk4-app-activity-success-admin
↳google-workspace-sk4-app-activity-success-mobile
↳google-workspace-sk4-app-activity-success-calendar
↳google-workspace-cef-app-login-uniquequalifier
↳google-workspace-sk4-app-activity-success-drive
↳google-workspace-json-app-activity-success-reportsactivity
↳google-workspace-json-app-activity-success-alertcenterview
app-login
↳google-workspace-mix-app-activity-success-tokenlog
↳google-workspace-sk4-app-success-activity
↳google-workspace-sk4-app-success-token
↳google-workspace-cef-app-login-success-loginsuccess
↳google-workspace-json-app-login-success-authorize
↳google-workspace-cef-app-login-uniquequalifier
failed-app-login
↳google-workspace-cef-app-login-uniquequalifier
↳google-workspace-cef-app-login-fail-failure
| T1078 - Valid Accounts
T1133 - External Remote Services
| |
| Account Manipulation | account-password-change
↳google-workspace-sk4-user-password-success-changepassword
account-password-reset
↳google-workspace-sk4-user-password-success-changepassword
app-activity
↳google-workspace-json-app-activity-eventinfo
↳google-workspace-cef-file-success-drive
↳google-workspace-mix-app-activity-success-tokenlog
↳google-workspace-sk4-app-success-activity
↳google-workspace-sk4-app-success-token
↳google-workspace-json-app-activity-success-groupsenterprise
↳google-workspace-sk4-app-activity-success-groups
↳google-workspace-cef-app-activity-success-audit
↳google-workspace-sk4-app-activity-success-admin
↳google-workspace-sk4-app-activity-success-mobile
↳google-workspace-sk4-app-activity-success-calendar
↳google-workspace-cef-app-login-uniquequalifier
↳google-workspace-sk4-app-activity-success-drive
↳google-workspace-json-app-activity-success-reportsactivity
↳google-workspace-json-app-activity-success-alertcenterview
| T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Data Exfiltration | dlp-alert
↳google-workspace-json-rule-trigger-success-ruletrigger
↳google-workspace-json-rule-trigger-success-dlp
file-write
↳google-workspace-cef-file-success-drive
| T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
| |
| Destruction of Data | file-delete
↳google-workspace-cef-file-success-drive
| T1070 - Indicator Removal on Host
T1070.004 - Indicator Removal on Host: File Deletion
T1485 - Data Destruction
| |
| Phishing | dlp-email-alert-out
↳google-workspace-cef-email-send
↳google-workspace-sk4-email-send-gmaillogs
| T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |
| Workforce Protection | dlp-email-alert-out
↳google-workspace-cef-email-send
↳google-workspace-sk4-email-send-gmaillogs
| T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
| |
| Next Page -->> | | | |