Vendor: ManageEngine

April 15, 2026 · View on GitHub

Product: ADManager Plus

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
100441131
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessapp-activity
microsoft-ad-kv-app-group-admp

member-removed
microsoft-ad-kv-app-group-admp
T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulationapp-activity
microsoft-ad-kv-app-group-admp

member-removed
microsoft-ad-kv-app-group-admp
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 18 Rules
  • 9 Models
Compromised Credentialsapp-activity
microsoft-ad-kv-app-group-admp

security-alert
microsoft-windows-kv-alert-trigger-success-adapalerts
microsoft-windows-kv-alert-trigger-success-adapalerts
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 62 Rules
  • 33 Models
Data Accessapp-activity
microsoft-ad-kv-app-group-admp
T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Leakapp-activity
microsoft-ad-kv-app-group-admp
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Lateral Movementsecurity-alert
microsoft-windows-kv-alert-trigger-success-adapalerts
microsoft-windows-kv-alert-trigger-success-adapalerts
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malwaresecurity-alert
microsoft-windows-kv-alert-trigger-success-adapalerts
microsoft-windows-kv-alert-trigger-success-adapalerts
TA0002 - TA0002
  • 4 Rules
  • 2 Models
Privilege Abuseapp-activity
microsoft-ad-kv-app-group-admp

member-removed
microsoft-ad-kv-app-group-admp
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 21 Rules
  • 10 Models
Privilege Escalationapp-activity
microsoft-ad-kv-app-group-admp
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Privileged Activityapp-activity
microsoft-ad-kv-app-group-admp

security-alert
microsoft-windows-kv-alert-trigger-success-adapalerts
microsoft-windows-kv-alert-trigger-success-adapalerts
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

Email Collection

Email Collection: Email Forwarding Rule