Rules by Product and UseCase

April 15, 2026 · View on GitHub

Vendor: OpenLDAP

Product: OpenLDAP

Use-Case: Malware

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
10113
Event TypeRulesModels
authentication-successfulT1078 - Valid Accounts
Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP