Vendor: IBM

April 15, 2026 · View on GitHub

Product: IBM

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
5826820
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessapp-activity
ibm-i-str-app-activity-success-binddn

authentication-successful
ibm-i-str-app-authentication-success-indbinddn
T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulationapp-activity
ibm-i-str-app-activity-success-binddn
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Compromised Credentialsapp-activity
ibm-i-str-app-activity-success-binddn

authentication-successful
ibm-i-str-app-authentication-success-indbinddn
T1078 - Valid Accounts
T1133 - External Remote Services
  • 39 Rules
  • 24 Models
Data Accessapp-activity
ibm-i-str-app-activity-success-binddn
T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Leakapp-activity
ibm-i-str-app-activity-success-binddn
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Lateral Movementauthentication-successful
ibm-i-str-app-authentication-success-indbinddn
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Malwareauthentication-successful
ibm-i-str-app-authentication-success-indbinddn
T1078 - Valid Accounts
  • 1 Rules
Privilege Abuseapp-activity
ibm-i-str-app-activity-success-binddn
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Privilege Escalationapp-activity
ibm-i-str-app-activity-success-binddn
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Privileged Activityapp-activity
ibm-i-str-app-activity-success-binddn
T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Ransomwareauthentication-successful
ibm-i-str-app-authentication-success-indbinddn
T1078 - Valid Accounts
  • 1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Valid Accounts

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy