2_ds_openai_chatgpt.md

May 13, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall	T1078 - Valid Accounts T1133 - External Remote Services	39 Rules 24 Models
Data Access	app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall	T1078 - Valid Accounts	19 Rules 11 Models
Data Leak	app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Privilege Abuse	account-deleted ↳openai-chatgpt-json-user-delete-clp ↳openai-chatgpt-json-user-delete-clp app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall app-activity-failed ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall member-added ↳openai-chatgpt-json-app-activity-clp-catchall member-removed ↳openai-chatgpt-json-app-activity-clp-catchall	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1136 - Create Account T1531 - Account Access Removal	31 Rules 14 Models
Privilege Escalation	app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳openai-chatgpt-json-ai-agent-request-response-clp ↳openai-chatgpt-json-ai-agent-request-response-compliance ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall ↳openai-chatgpt-json-app-activity-clp-catchall app-activity-failed ↳openai-chatgpt-json-ai-conversation-share-clp ↳openai-chatgpt-json-ai-conversation-delete-clp ↳openai-chatgpt-json-app-activity-clp-catchall	T1078 - Valid Accounts	2 Rules 1 Models