| Compromised Credentials | app-activity
↳sentinelone-v-cef-app-activity-success-mgmt
app-login
↳sentinelone-v-cef-app-login-success-newconsole
failed-app-login
↳sentinelone-v-cef-app-login-login-failedconsole
security-alert
↳sentinelone-v-cef-alert-trigger-success-threatdetected
↳sentinelone-v-cef-alert-trigger-success-activethreat
| T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
| |
| Lateral Movement | app-login
↳sentinelone-v-cef-app-login-success-newconsole
failed-app-login
↳sentinelone-v-cef-app-login-login-failedconsole
security-alert
↳sentinelone-v-cef-alert-trigger-success-threatdetected
↳sentinelone-v-cef-alert-trigger-success-activethreat
| T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
| |
| Privileged Activity | app-activity
↳sentinelone-v-cef-app-activity-success-mgmt
app-login
↳sentinelone-v-cef-app-login-success-newconsole
failed-app-login
↳sentinelone-v-cef-app-login-login-failedconsole
security-alert
↳sentinelone-v-cef-alert-trigger-success-threatdetected
↳sentinelone-v-cef-alert-trigger-success-activethreat
| T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
| |