Vendor: SecureAuth

April 15, 2026 · View on GitHub

Product: SecureAuth IDP

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
762810611
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-password-change
secureauth-idp-kv-user-password-modify-success-41080

account-password-reset
secureauth-idp-kv-user-password-reset-fail-passwordreset

app-login
secureauth-idp-kv-app-login-success-31020

authentication-failed
secureauth-idp-kv-app-authentication-fail-41502
secureauth-idp-kv-app-authentication-fail-41503
secureauth-idp-kv-app-authentication-fail-41601
secureauth-idp-kv-app-authentication-fail-23812
secureauth-idp-kv-app-authentication-fail-41505
secureauth-idp-kv-app-authentication-fail-41603
secureauth-idp-kv-app-authentication-fail-24240
secureauth-idp-kv-endpoint-authentication-fail-51101
secureauth-idp-kv-endpoint-authentication-fail-70050
secureauth-idp-kv-endpoint-authentication-fail-51160
secureauth-idp-kv-endpoint-authentication-fail-51140

authentication-successful
secureauth-idp-kv-app-authentication-success-41590
secureauth-idp-kv-app-authentication-success-41890
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulationaccount-password-change
secureauth-idp-kv-user-password-modify-success-41080

account-password-reset
secureauth-idp-kv-user-password-reset-fail-passwordreset
T1098 - Account Manipulation
  • 1 Rules
Compromised Credentialsapp-login
secureauth-idp-kv-app-login-success-31020

authentication-successful
secureauth-idp-kv-app-authentication-success-41590
secureauth-idp-kv-app-authentication-success-41890

security-alert
secureauth-idp-kv-alert-trigger-success-92100
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 50 Rules
  • 25 Models
Data Accessapp-login
secureauth-idp-kv-app-login-success-31020
T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Malwareapp-login
secureauth-idp-kv-app-login-success-31020

authentication-successful
secureauth-idp-kv-app-authentication-success-41590
secureauth-idp-kv-app-authentication-success-41890

security-alert
secureauth-idp-kv-alert-trigger-success-92100
T1078 - Valid Accounts
TA0002 - TA0002
  • 5 Rules
  • 2 Models
Privilege Abuseaccount-password-change
secureauth-idp-kv-user-password-modify-success-41080

account-password-reset
secureauth-idp-kv-user-password-reset-fail-passwordreset

app-login
secureauth-idp-kv-app-login-success-31020
T1078 - Valid Accounts
T1098 - Account Manipulation
  • 3 Rules
Privileged Activityapp-login
secureauth-idp-kv-app-login-success-31020

security-alert
secureauth-idp-kv-alert-trigger-success-92100
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Account Manipulation

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

Proxy: Multi-hop Proxy

Proxy