Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor: Jumpcloud
Product: Jumpcloud
Use-Case: Privileged Activity
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 13 | 8 | 2 | 6 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account ↳ APP-AT-PRIV: Non-privileged user performing privileged application activity | • APP-AT-PRIV: Privileged application activities |
| app-activity-failed | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account | |
| app-login | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account | |
| failed-app-login | T1078 - Valid Accounts ↳ APP-Account-deactivated: Activity from a de-activated user account | |
| file-download | T1078 - Valid Accounts ↳ FA-Account-deactivated: File Activity from a de-activated user account | |
| privileged-access | TA0002 - TA0002 ↳ WPA-UP-F: First privileged process for user ↳ WPA-UP-A: Abnormal privileged process for user ↳ WPA-GP-F: First privileged process for peer group ↳ WPA-GP-A: Abnormal privileged process for peer group ↳ WPA-PD-F: First directory for privileged process ↳ WPA-PD-A: Abnormal directory for privileged process ↳ WPA-HP-F: First privileged process for host ↳ WPA-HP-A: Abnormal privileged process for host ↳ WPA-OP-F: First privileged process for organization ↳ WPA-OP-A: Abnormal privileged process for organization | • WPA-OP: Processes for organization • WPA-HP: Processes for host • WPA-PD: Directories per process • WPA-GP: Privileged processes for peer group • WPA-GP-All: Processes for peer group • WPA-UP: Privileged processes for user • WPA-UP-All: Processes for user |