2_ds_secureauth_secureauth_idp.md

April 15, 2026 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Lateral Movement	app-login ↳secureauth-idp-kv-app-login-success-31020 authentication-failed ↳secureauth-idp-kv-app-authentication-fail-41502 ↳secureauth-idp-kv-app-authentication-fail-41503 ↳secureauth-idp-kv-app-authentication-fail-41601 ↳secureauth-idp-kv-app-authentication-fail-23812 ↳secureauth-idp-kv-app-authentication-fail-41505 ↳secureauth-idp-kv-app-authentication-fail-41603 ↳secureauth-idp-kv-app-authentication-fail-24240 ↳secureauth-idp-kv-endpoint-authentication-fail-51101 ↳secureauth-idp-kv-endpoint-authentication-fail-70050 ↳secureauth-idp-kv-endpoint-authentication-fail-51160 ↳secureauth-idp-kv-endpoint-authentication-fail-51140 authentication-successful ↳secureauth-idp-kv-app-authentication-success-41590 ↳secureauth-idp-kv-app-authentication-success-41890 security-alert ↳secureauth-idp-kv-alert-trigger-success-92100	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy	4 Rules
Ransomware	app-login ↳secureauth-idp-kv-app-login-success-31020 authentication-failed ↳secureauth-idp-kv-app-authentication-fail-41502 ↳secureauth-idp-kv-app-authentication-fail-41503 ↳secureauth-idp-kv-app-authentication-fail-41601 ↳secureauth-idp-kv-app-authentication-fail-23812 ↳secureauth-idp-kv-app-authentication-fail-41505 ↳secureauth-idp-kv-app-authentication-fail-41603 ↳secureauth-idp-kv-app-authentication-fail-24240 ↳secureauth-idp-kv-endpoint-authentication-fail-51101 ↳secureauth-idp-kv-endpoint-authentication-fail-70050 ↳secureauth-idp-kv-endpoint-authentication-fail-51160 ↳secureauth-idp-kv-endpoint-authentication-fail-51140 authentication-successful ↳secureauth-idp-kv-app-authentication-success-41590 ↳secureauth-idp-kv-app-authentication-success-41890	T1078 - Valid Accounts	2 Rules