| Abnormal Authentication & Access | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1078 - Valid Accounts
T1133 - External Remote Services
| |
| Account Manipulation | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Compromised Credentials | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1078 - Valid Accounts
T1133 - External Remote Services
| |
| Data Access | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1078 - Valid Accounts
| |
| Data Exfiltration | file-alert
↳halcyon-halcyon-json-alert-trigger-success-alert
↳halcyon-halcyon-json-alert-trigger-success-event
| TA0002 - TA0002
| |
| Data Leak | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
| |
| Malware | file-alert
↳halcyon-halcyon-json-alert-trigger-success-alert
↳halcyon-halcyon-json-alert-trigger-success-event
| TA0002 - TA0002
| |
| Privilege Abuse | app-activity
↳halcyon-halcyon-json-app-activity-success-action
file-alert
↳halcyon-halcyon-json-alert-trigger-success-alert
↳halcyon-halcyon-json-alert-trigger-success-event
| T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privilege Escalation | app-activity
↳halcyon-halcyon-json-app-activity-success-action
| T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privileged Activity | app-activity
↳halcyon-halcyon-json-app-activity-success-action
file-alert
↳halcyon-halcyon-json-alert-trigger-success-alert
↳halcyon-halcyon-json-alert-trigger-success-event
| T1078 - Valid Accounts
| |