| Lateral Movement | app-login
↳ibm-datapower-str-app-activity-fail-auditerror
authentication-failed
↳ibm-datapower-str-app-activity-fail-auditerror
failed-app-login
↳ibm-datapower-str-app-activity-fail-auditerror
network-connection-failed
↳microsoft-evsecurity-xml-dns-dnsclient
network-connection-successful
↳microsoft-evsecurity-xml-dns-dnsclient
| T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
| |
| Malware | app-login
↳ibm-datapower-str-app-activity-fail-auditerror
dns-query
↳microsoft-evsecurity-xml-dns-dnsclient
↳microsoft-evsecurity-xml-dns-dnsclient
dns-response
↳microsoft-evsecurity-xml-dns-dnsclient
↳microsoft-evsecurity-xml-dns-dnsclient
network-connection-failed
↳microsoft-evsecurity-xml-dns-dnsclient
network-connection-successful
↳microsoft-evsecurity-xml-dns-dnsclient
| T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1583 - T1583
T1583.001 - T1583.001
TA0011 - TA0011
| |
| Privilege Abuse | app-activity
↳ibm-datapower-str-app-activity-fail-auditerror
app-activity-failed
↳ibm-datapower-str-app-activity-fail-auditerror
app-login
↳ibm-datapower-str-app-activity-fail-auditerror
failed-app-login
↳ibm-datapower-str-app-activity-fail-auditerror
| T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| |
| Privileged Activity | app-activity
↳ibm-datapower-str-app-activity-fail-auditerror
app-activity-failed
↳ibm-datapower-str-app-activity-fail-auditerror
app-login
↳ibm-datapower-str-app-activity-fail-auditerror
failed-app-login
↳ibm-datapower-str-app-activity-fail-auditerror
| T1078 - Valid Accounts
| |