Rules by Product and UseCase
September 3, 2025 · View on GitHub
Vendor: Unix
Product: Auditbeat
Use-Case: Data Leak
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 1 | 0 | 2 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| file-write | T1114 - Email Collection ↳ FA-Outlook-pst: A file ends with either pst or ost T1114.001 - T1114.001 ↳ FA-Outlook-pst: A file ends with either pst or ost |