2_ds_jumpcloud_jumpcloud.md

April 15, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events app-login ↳jumpcloud-jc-str-app-login-success ↳jumpcloud-jc-json-directoryinsights-events failed-app-login ↳jumpcloud-jc-str-app-login-fail ↳jumpcloud-jc-json-directoryinsights-events	T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	43 Rules 24 Models
Data Access	app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events app-login ↳jumpcloud-jc-str-app-login-success ↳jumpcloud-jc-json-directoryinsights-events failed-app-login ↳jumpcloud-jc-str-app-login-fail ↳jumpcloud-jc-json-directoryinsights-events	T1078 - Valid Accounts	20 Rules 11 Models
Data Leak	app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Privilege Abuse	account-creation ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events account-deleted ↳jumpcloud-jc-json-directoryinsights-events account-password-change ↳jumpcloud-jc-json-directoryinsights-events account-password-reset ↳jumpcloud-jc-json-directoryinsights-events app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events app-activity-failed ↳jumpcloud-jc-json-directoryinsights-events app-login ↳jumpcloud-jc-str-app-login-success ↳jumpcloud-jc-json-directoryinsights-events failed-app-login ↳jumpcloud-jc-str-app-login-fail ↳jumpcloud-jc-json-directoryinsights-events file-download ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events privileged-access ↳jumpcloud-jc-json-directoryinsights-events	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1136 - Create Account T1136.001 - Create Account: Create: Local Account T1136.002 - T1136.002 T1531 - Account Access Removal	31 Rules 14 Models
Privilege Escalation	app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events app-activity-failed ↳jumpcloud-jc-json-directoryinsights-events app-login ↳jumpcloud-jc-str-app-login-success ↳jumpcloud-jc-json-directoryinsights-events failed-app-login ↳jumpcloud-jc-str-app-login-fail ↳jumpcloud-jc-json-directoryinsights-events file-download ↳jumpcloud-jc-json-directoryinsights-events ↳jumpcloud-jc-json-directoryinsights-events privileged-access ↳jumpcloud-jc-json-directoryinsights-events	T1078 - Valid Accounts TA0002 - TA0002	13 Rules 8 Models