Vendor: VMware

April 15, 2026 · View on GitHub

Product: VMware View

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
131542394
Use-CaseActivity Types/ParsersMITRE ATT&CK® TTPContent
Abnormal Authentication & Accessaccount-password-change
vmware-view-kv-user-password-modify-success-pwdchanged

app-activity
vmware-view-kv-app-activity-success-desktopid
vmware-view-str-app-activity-success-application

app-login
vmware-view-str-app-login-success-viewuser
vmware-view-kv-app-login-success-viewuserloggedin

authentication-failed
vmware-view-str-app-authentication-fail-denied

authentication-successful
vmware-view-str-endpoint-authentication-success-application

failed-app-login
vmware-view-kv-app-login-fail-viewuserauthfailed

remote-logon
vmware-view-kv-endpoint-login-success-agentconnected
vmware-view-str-endpoint-login-fail-viewuser
vmware-view-str-endpoint-login-success-reconnected
T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 35 Rules
  • 14 Models
Account Manipulationaccount-password-change
vmware-view-kv-user-password-modify-success-pwdchanged

app-activity
vmware-view-kv-app-activity-success-desktopid
vmware-view-str-app-activity-success-application
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 4 Rules
  • 1 Models
Data Leakapp-activity
vmware-view-kv-app-activity-success-desktopid
vmware-view-str-app-activity-success-application
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

Valid Accounts

Exploitation for Privilege Escalation

Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Valid Accounts: Local Accounts

Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

Remote System Discovery

Exploitation of Remote Services

Remote Services

Use Alternate Authentication Material

Email Collection

Email Collection: Email Forwarding Rule

Proxy: Multi-hop Proxy

Proxy