Vendor: Kemp

April 15, 2026 · View on GitHub

Product: Kemp LoadMaster

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
90371331
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d

authentication-failed
kemp-loadmaster-str-app-authentication-fail-loginfailed
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulationapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Compromised Credentialsapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d

security-alert
kemp-loadbalancer-kv-alert-trigger-success-requestcookies
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 62 Rules
  • 33 Models
Data Accessapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d
T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Leakapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Lateral Movementauthentication-failed
kemp-loadmaster-str-app-authentication-fail-loginfailed

security-alert
kemp-loadbalancer-kv-alert-trigger-success-requestcookies
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Malwaresecurity-alert
kemp-loadbalancer-kv-alert-trigger-success-requestcookies
TA0002 - TA0002
  • 4 Rules
  • 2 Models
Privilege Abuseapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Privilege Escalationapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Privileged Activityapp-activity
kemp-loadbalancer-kv-app-activity-success-rule
kemp-loadmaster-str-app-activity-l4d

security-alert
kemp-loadbalancer-kv-alert-trigger-success-requestcookies
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Ransomwareauthentication-failed
kemp-loadmaster-str-app-authentication-fail-loginfailed
T1078 - Valid Accounts
  • 1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy