Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor: SecureLink
Product: SecureLink
Use-Case: Account Manipulation
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 4 | 1 | 2 | 3 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| account-password-change | T1098 - Account Manipulation ↳ AM-UA-APLocU-F: First account password change for local user | |
| account-password-reset | T1098 - Account Manipulation ↳ AM-UA-APLocU-F: First account password change for local user | |
| app-activity | T1098 - Account Manipulation ↳ EM-InB-Ex: A user has been given mailbox permissions for an executive user ↳ EM-InB-Perm-N-F: First time a user has given mailbox permissions on another mailbox that is not their own ↳ EM-InB-Perm-N-A: Abnormal for user to give mailbox permissions T1098.002 - Account Manipulation: Exchange Email Delegate Permissions ↳ EM-InB-Ex: A user has been given mailbox permissions for an executive user ↳ EM-InB-Perm-N-F: First time a user has given mailbox permissions on another mailbox that is not their own ↳ EM-InB-Perm-N-A: Abnormal for user to give mailbox permissions | • EM-InB-Perm-N: Models users who give mailbox permissions |