Vendor: SecureAuth

April 15, 2026 · View on GitHub

Product: SecureAuth Login

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
66269415
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessapp-activity
secureauth-login-cef-app-activity-appactivity
secureauth-login-leef-app-activity
secureauth-login-xml-app-activity-catchall-auditeventid

app-login
secureauth-login-kv-app-login-90010
secureauth-login-xml-app-login-success-priority

authentication-failed
secureauth-login-kv-endpoint-login-20990-1
secureauth-login-xml-endpoint-login-20990
secureauth-login-kv-app-authentication-fail-22610
secureauth-login-kv-app-authentication-fail-51150
secureauth-login-kv-app-authentication-fail-41501-1
secureauth-login-kv-app-authentication-fail-41501
secureauth-login-kv-app-authentication-fail-24220
secureauth-login-kv-app-authentication-fail-24210
secureauth-login-kv-app-authentication-fail-22910
secureauth-login-xml-app-activity-catchall-auditeventid

authentication-successful
secureauth-login-kv-endpoint-login-success-20000
secureauth-login-leef-endpoint-login-success-sessionstart
secureauth-login-kv-endpoint-login-20990-1
secureauth-login-xml-endpoint-login-20990
secureauth-login-kv-app-authentication-51170
secureauth-login-kv-app-authentication-24120
secureauth-login-kv-app-authentication-fail-22600
secureauth-login-xml-app-activity-catchall-auditeventid
secureauth-login-xml-app-activity-catchall-auditeventid
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Account Manipulationapp-activity
secureauth-login-cef-app-activity-appactivity
secureauth-login-leef-app-activity
secureauth-login-xml-app-activity-catchall-auditeventid
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Data Leakapp-activity
secureauth-login-cef-app-activity-appactivity
secureauth-login-leef-app-activity
secureauth-login-xml-app-activity-catchall-auditeventid
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Privilege Escalationapp-activity
secureauth-login-cef-app-activity-appactivity
secureauth-login-leef-app-activity
secureauth-login-xml-app-activity-catchall-auditeventid
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Valid Accounts

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy