Use Case: Privilege Abuse

May 13, 2026 · View on GitHub

Use Case: Privilege Abuse

Vendor: 1password

ProductMITRE ATT&CK® TTPContent
1passwordT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: AIM Security

ProductMITRE ATT&CK® TTPContent
AI SecurityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1078 - Valid Accounts
T1078.002 - T1078.002
  • 10 Rules
  • 6 Models

Vendor: Abnormal Security

ProductMITRE ATT&CK® TTPContent
Abnormal SecurityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 32 Rules
  • 14 Models

Vendor: Adaxes

ProductMITRE ATT&CK® TTPContent
AdaxesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Admin By Request

ProductMITRE ATT&CK® TTPContent
Admin By RequestT1078 - Valid Accounts
  • 5 Rules
  • 5 Models

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 23 Rules
  • 9 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai GuardicoreT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Akamai SIEMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Cloud AkamaiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS BastionT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
AWS CloudTrailT1078 - Valid Accounts
T1087 - Account Discovery
T1087.004 - T1087.004
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
TA0003 - TA0003
TA0004 - TA0004
  • 11 Rules
  • 7 Models
AWS CloudWatchT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
AWS Elastic Load BalancerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
AWS Simple Email ServiceT1078 - Valid Accounts
  • 1 Rules
AWS WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Amazon EKST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Amazon QT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Amazon S3T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Apache SubversionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Apple

ProductMITRE ATT&CK® TTPContent
macOST1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models

Vendor: Arctic Wolf

ProductMITRE ATT&CK® TTPContent
Cylance PROTECTT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1078 - Valid Accounts
  • 1 Rules

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewT1078 - Valid Accounts
  • 1 Rules

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
AtlassianT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Atlassian BitBucketT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1531 - Account Access Removal
  • 22 Rules
  • 9 Models

Vendor: Axway

ProductMITRE ATT&CK® TTPContent
Axway GatewayT1078 - Valid Accounts
  • 1 Rules

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 15 Rules
  • 9 Models
Barracuda Email Security GatewayT1078 - Valid Accounts
  • 1 Rules

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 12 Rules
  • 7 Models
BeyondTrustT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 25 Rules
  • 14 Models
BeyondTrust Privileged IdentityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
BeyondTrust Secure Remote AccessT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: BlackBerry

ProductMITRE ATT&CK® TTPContent
BlackBerry ProtectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: CDS

ProductMITRE ATT&CK® TTPContent
CDST1078 - Valid Accounts
T1078.002 - T1078.002
  • 12 Rules
  • 7 Models

Vendor: Canon

ProductMITRE ATT&CK® TTPContent
imageRUNNER ADVANCET1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 18 Rules
  • 9 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 4 Rules
  • 2 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1078 - Valid Accounts
  • 1 Rules
Check Point Endpoint SecurityT1078 - Valid Accounts
T1133 - External Remote Services
  • 1 Rules
Check Point Identity AwarenessT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 3 Rules
  • 2 Models
Check Point NGFWT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 10 Rules
  • 3 Models
Check Point Security GatewayT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 9 Rules
  • 3 Models
SmartDefenseT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Checkmarx

ProductMITRE ATT&CK® TTPContent
CheckmarxT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 39 Rules
  • 15 Models

Vendor: Cimcor

ProductMITRE ATT&CK® TTPContent
CimTrakT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 31 Rules
  • 14 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Cisco CollaborationT1078 - Valid Accounts
T1098 - Account Manipulation
T1133 - External Remote Services
T1136 - Create Account
  • 25 Rules
  • 12 Models
Cisco Cyber VisionT1078 - Valid Accounts
  • 2 Rules
Cisco Email SecurityT1078 - Valid Accounts
  • 1 Rules
Cisco IOST1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 19 Rules
  • 12 Models
Cisco Identity IntelligenceT1098 - Account Manipulation
  • 1 Rules
Cisco Identity and Access ManagementT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 38 Rules
  • 15 Models
Cisco Network Infrastructure and ManagementT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 15 Rules
  • 8 Models
Cisco Network SecurityT1047 - Windows Management Instrumentation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 51 Rules
  • 22 Models
Cisco Remote Access SecurityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 3 Rules
  • 2 Models
Cisco Secure EndpointT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Cisco Secure Firewall Management CenterT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Cisco Web SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1021 - Remote Services
T1047 - Windows Management Instrumentation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 33 Rules
  • 15 Models
Citrix Virtual AppsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 5 Rules
  • 2 Models

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 9 Rules
  • 3 Models

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 22 Rules
  • 10 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare AuditT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Cloudflare InsightsT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 31 Rules
  • 14 Models
Cloudflare WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Commvault

ProductMITRE ATT&CK® TTPContent
CommvaultT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 23 Rules
  • 9 Models

Vendor: Corelight

ProductMITRE ATT&CK® TTPContent
Corelight IDST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Cribl

ProductMITRE ATT&CK® TTPContent
CriblT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1021 - Remote Services
T1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1531 - Account Access Removal
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 34 Rules
  • 15 Models
Identity Threat Detection & ResponseT1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Privilege Access ManagerT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 22 Rules
  • 9 Models

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICST1078 - Valid Accounts
  • 1 Rules

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Audit and Monitoring ServiceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Centrify Authentication ServiceT1078 - Valid Accounts
T1078.002 - T1078.002
  • 12 Rules
  • 7 Models
Centrify Infrastructure ServicesT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 10 Rules
  • 6 Models
Centrify Zero Trust Privilege ServicesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 8 Rules
  • 2 Models
Secret ServerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 32 Rules
  • 14 Models

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1078 - Valid Accounts
  • 1 Rules
PowerMaxT1078 - Valid Accounts
  • 1 Rules
PowerProtectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
PowerProtect Data ManagerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
PowerStoreT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
SonicwallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 10 Rules
  • 3 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 20 Rules
  • 12 Models
Digital Guardian Network DLPT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 17 Rules
  • 8 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 33 Rules
  • 15 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 11 Rules
  • 6 Models

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Egnyte

ProductMITRE ATT&CK® TTPContent
EgnyteT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Entrust

ProductMITRE ATT&CK® TTPContent
Entrust Identity EnterpriseT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 8 Rules
  • 2 Models

Vendor: Ermes

ProductMITRE ATT&CK® TTPContent
Ermes Browser Security PlatformT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Phishing DetectionT1078 - Valid Accounts
  • 1 Rules
SearchT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Extrahop

ProductMITRE ATT&CK® TTPContent
Extrahop Reveal(x)T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
Platform ONET1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 24 Rules
  • 9 Models
Universal ZTNAT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Zebra WLAN ManagementT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: F-Secure

ProductMITRE ATT&CK® TTPContent
F-Secure Policy ManagerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
F5 BIG-IPT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 18 Rules
  • 9 Models
F5 Distributed CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
F5 WebSafeT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1078 - Valid Accounts
  • 1 Rules
Forcepoint Email SecurityT1078 - Valid Accounts
  • 1 Rules
Forcepoint Next-Gen FirewallT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Websense Security GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Forescout

ProductMITRE ATT&CK® TTPContent
Forescout CounterACTT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 8 Rules
  • 2 Models
FortiGateT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 10 Rules
  • 3 Models
FortiNACT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 15 Rules
  • 8 Models
FortiSIEMT1078 - Valid Accounts
  • 1 Rules
Fortinet Enterprise FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 2 Rules
Fortinet UTMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Fortiweb Web Application FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: FreeBSD

ProductMITRE ATT&CK® TTPContent
FreeBSDT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 34 Rules
  • 18 Models

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 47 Rules
  • 21 Models

Vendor: GitLab

ProductMITRE ATT&CK® TTPContent
GitLabT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: GoAnywhere

ProductMITRE ATT&CK® TTPContent
GoAnywhere MFTT1078 - Valid Accounts
T1078.002 - T1078.002
  • 10 Rules
  • 6 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Gemini EnterpriseT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Google Cloud PlatformT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.003 - Create Account: Create: Cloud Account
  • 9 Rules
  • 3 Models
Google WorkspaceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 8 Rules
  • 2 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Aruba Mobility MasterT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 19 Rules
  • 9 Models
ArubaOST1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models
HP iLOT1078 - Valid Accounts
  • 2 Rules
HPE 3PAR StoreServT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
NonStopT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Halcyon

ProductMITRE ATT&CK® TTPContent
HalcyonT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 22 Rules
  • 12 Models

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1078 - Valid Accounts
  • 1 Rules

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 16 Rules
  • 8 Models

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
HCL NotesT1078 - Valid Accounts
  • 1 Rules
IBMT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
IBM DatapowerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
IBM MainframeT1078 - Valid Accounts
  • 2 Rules
Security Access ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Sterling B2B IntegratorT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1078 - Valid Accounts
  • 1 Rules

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Imperva SecureSphereT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 6 Models
Infoblox NetMRIT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Informatica

ProductMITRE ATT&CK® TTPContent
Informatica CloudT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Int64 Software

ProductMITRE ATT&CK® TTPContent
OVERLAPST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
  • 31 Rules
  • 12 Models

Vendor: Ironscales

ProductMITRE ATT&CK® TTPContent
IronscalesT1078 - Valid Accounts
  • 2 Rules

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
T1531 - Account Access Removal
  • 11 Rules
  • 4 Models

Vendor: Jamf

ProductMITRE ATT&CK® TTPContent
Jamf ProtectT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 16 Rules
  • 8 Models

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 31 Rules
  • 14 Models

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper SRX SeriesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Junos OST1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 11 Rules
  • 6 Models

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky Endpoint Security for BusinessT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: KnowBe4

ProductMITRE ATT&CK® TTPContent
Security Awareness TrainingT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Libraesva

ProductMITRE ATT&CK® TTPContent
Libraesva Email SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1531 - Account Access Removal
  • 9 Rules
  • 3 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 41 Rules
  • 20 Models

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
ADManager PlusT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 21 Rules
  • 10 Models
ADSSPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
PAM360T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 15 Rules
  • 8 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 2 Rules
AzureT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Azure AD Activity LogsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1484 - Group Policy Modification
T1531 - Account Access Removal
  • 34 Rules
  • 16 Models
Azure AD Sign-In LogsT1078 - Valid Accounts
  • 2 Rules
Azure Container RegistryT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Azure DevOpsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Azure Key VaultT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Azure Kubernetes ServiceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Azure MFAT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1531 - Account Access Removal
  • 7 Rules
  • 3 Models
Azure MonitorT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 33 Rules
  • 16 Models
Azure Monitor - VM InsightsT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 10 Rules
  • 6 Models
CopilotT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - ADFST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 8 Rules
  • 2 Models
Event Viewer - ADWST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - ApplicationT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 26 Rules
  • 14 Models
Event Viewer - ApplockerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - AzureADPasswordProtection-DCAgentT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Event Viewer - AzureADPasswordProtection-ProxyServiceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - BFE Resorce FlowsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - BITS-ClientT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - CAPI2T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - CodeIntegrityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - DFS-ReplicationT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1484 - Group Policy Modification
  • 8 Rules
  • 4 Models
Event Viewer - DNSServerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Directory-ServiceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - File Replication ServiceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - FileShareShadowCopyProviderT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Kerberos-Key-Distribution-CenterT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Kernel-IOT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Kernel-PnPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - KnownFoldersT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - LSAT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Licensing-PlatformT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - LiveIdT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - NTLMT1078 - Valid Accounts
  • 3 Rules
  • 2 Models
Event Viewer - NetworkProfileT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - OpenSSHT1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models
Event Viewer - PowerShellT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 16 Rules
  • 8 Models
Event Viewer - RemoteDesktopServicesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - SMBT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - SecurityT1021 - Remote Services
T1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1484 - Group Policy Modification
T1531 - Account Access Removal
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 86 Rules
  • 38 Models
Event Viewer - SetupT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - SystemT1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 17 Rules
  • 9 Models
Event Viewer - TaskSchedulerT1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 7 Rules
  • 3 Models
Event Viewer - TerminalServicesT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - TerminalServices-GatewayT1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models
Event Viewer - TerminalServices-RemoteConnectionManagerT1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models
Event Viewer - WinNatT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 3 Rules
  • 2 Models
Event Viewer - WinRMT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Event Viewer - Windows FirewallT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
M365 Audit LogsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
MSSQLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 31 Rules
  • 14 Models
Microsoft 365T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 49 Rules
  • 19 Models
Microsoft Advanced Threat AnalyticsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Microsoft CAST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 32 Rules
  • 14 Models
Microsoft DHCP LogT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Microsoft DefenderT1021 - Remote Services
T1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1484 - Group Policy Modification
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 77 Rules
  • 33 Models
Microsoft Defender for CloudT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Microsoft ExchangeT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Microsoft IIST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Microsoft IntuneT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Microsoft RRAST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 9 Rules
  • 3 Models
Microsoft SentinelT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 40 Rules
  • 20 Models
Microsoft WMI LogT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 16 Rules
  • 8 Models
NetLogonT1078 - Valid Accounts
T1078.002 - T1078.002
  • 9 Rules
  • 6 Models
SysmonT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 17 Rules
  • 8 Models
WindowsT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Windows Defender Application ControlT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Windows Device registration serviceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Mimecast Secure Email GatewayT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Mimecast Targeted Threat Protection - URLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Monday.com

ProductMITRE ATT&CK® TTPContent
Monday.comT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Mvision

ProductMITRE ATT&CK® TTPContent
MvisionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppT1078 - Valid Accounts
  • 1 Rules
NetApp OntapT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope CASBT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Netskope Security CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 25 Rules
  • 9 Models
Netskope WebtxT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1078 - Valid Accounts
  • 6 Rules
  • 1 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 6 Models

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 46 Rules
  • 19 Models

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1078 - Valid Accounts
T1098 - Account Manipulation
  • 3 Rules

Vendor: Open Shift

ProductMITRE ATT&CK® TTPContent
OpenShiftT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 9 Rules
  • 3 Models

Vendor: OpenAI

ProductMITRE ATT&CK® TTPContent
ChatGPTT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1531 - Account Access Removal
  • 31 Rules
  • 14 Models

Vendor: OpenLDAP

ProductMITRE ATT&CK® TTPContent
OpenLDAPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 25 Rules
  • 9 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Cloud InfrastructureT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Oracle DatabaseT1078 - Valid Accounts
  • 1 Rules
Oracle Public CloudT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 45 Rules
  • 19 Models
SolarisT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 10 Rules
  • 6 Models

Vendor: Ordr

ProductMITRE ATT&CK® TTPContent
Ordr SCET1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: PagerDuty

ProductMITRE ATT&CK® TTPContent
PagerDutyT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XDRT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
GlobalProtectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 10 Rules
  • 3 Models
Palo Alto ApertureT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Palo Alto NGFWT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 18 Rules
  • 8 Models
Palo Alto WildFireT1078 - Valid Accounts
  • 1 Rules
Prisma AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 8 Rules
  • 2 Models
Prisma CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1531 - Account Access Removal
  • 35 Rules
  • 14 Models

Vendor: Perforce

ProductMITRE ATT&CK® TTPContent
PerforceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Ping AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Ping IdentityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
PingOneT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 24 Rules
  • 9 Models

Vendor: Portkey

ProductMITRE ATT&CK® TTPContent
PortkeyT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Portnox

ProductMITRE ATT&CK® TTPContent
Portnox CloudT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1078 - Valid Accounts
  • 1 Rules

Vendor: PowerSentry

ProductMITRE ATT&CK® TTPContent
PowerSentryT1078 - Valid Accounts
  • 1 Rules

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress ShareFileT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Proofpoint Email ProtectionT1078 - Valid Accounts
  • 1 Rules
Proofpoint Enterprise ProtectionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Targeted Attack PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: Qualys

ProductMITRE ATT&CK® TTPContent
Qualys AssetViewT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
  • 31 Rules
  • 14 Models

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Authentication ManagerT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Radware

ProductMITRE ATT&CK® TTPContent
AlteonT1078 - Valid Accounts
  • 1 Rules

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 25 Rules
  • 9 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
SecurityIQT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 10 Rules
  • 2 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: Saviynt

ProductMITRE ATT&CK® TTPContent
SaviyntT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Secomea

ProductMITRE ATT&CK® TTPContent
SecomeaT1078 - Valid Accounts
  • 2 Rules

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth IDPT1078 - Valid Accounts
T1098 - Account Manipulation
  • 3 Rules
SecureAuth LoginT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
ProductMITRE ATT&CK® TTPContent
SecureLinkT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 3 Rules
  • 2 Models

Vendor: Semperis

ProductMITRE ATT&CK® TTPContent
Semperis DSPT1078 - Valid Accounts
T1484 - Group Policy Modification
  • 4 Rules
  • 2 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 34 Rules
  • 15 Models
VigilanceT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 11 Rules
  • 3 Models

Vendor: Shibboleth

ProductMITRE ATT&CK® TTPContent
ShibbolethT1078 - Valid Accounts
T1098 - Account Manipulation
  • 3 Rules

Vendor: Silverfort

ProductMITRE ATT&CK® TTPContent
Silverfort Authentication PlatformT1078 - Valid Accounts
  • 2 Rules

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1047 - Windows Management Instrumentation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 18 Rules
  • 8 Models

Vendor: Skyformation

ProductMITRE ATT&CK® TTPContent
SkyformationT1078 - Valid Accounts
  • 2 Rules

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 4 Rules
Skyhigh CASBT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Skyhigh Security CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Slack

ProductMITRE ATT&CK® TTPContent
SlackT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: SmartSuite

ProductMITRE ATT&CK® TTPContent
SmartSuiteT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 46 Rules
  • 19 Models

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 18 Rules
  • 7 Models
Sophos UTMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Sophos XG FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 3 Rules
Sophos XGS FirewallT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 4 Rules
  • 2 Models

Vendor: Splunk

ProductMITRE ATT&CK® TTPContent
Splunk EST1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: StealthBits

ProductMITRE ATT&CK® TTPContent
StealthInterceptT1484 - Group Policy Modification
  • 2 Rules
  • 2 Models

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Swimlane

ProductMITRE ATT&CK® TTPContent
Swimlane TurbineT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
  • 23 Rules
  • 9 Models

Vendor: Swivel

ProductMITRE ATT&CK® TTPContent
SwivelT1078 - Valid Accounts
  • 1 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Symantec CloudSOCT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Symantec DLPT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Symantec Email SecurityT1078 - Valid Accounts
  • 1 Rules
Symantec Endpoint ProtectionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Symantec Web Security ServiceT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 6 Models

Vendor: TXOne Networks

ProductMITRE ATT&CK® TTPContent
StellarOneT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
StellarProtectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Cloud PlatformT1078 - Valid Accounts
  • 2 Rules
Tanium Core PlatformT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Tanium Integrity MonitorT1078 - Valid Accounts
  • 1 Rules

Vendor: Tenable

ProductMITRE ATT&CK® TTPContent
Tenable Cloud SecurityT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Tenable Vulnerability ManagementT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: ThoughtSpot

ProductMITRE ATT&CK® TTPContent
ThoughtSpotT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 25 Rules
  • 9 Models

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix Endpoint SecurityT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 16 Rules
  • 8 Models
Trellix Network Security (NX)T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 6 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep Discovery InspectorT1078 - Valid Accounts
  • 2 Rules
Deep SecurityT1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 20 Rules
  • 10 Models
Vision OneT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 25 Rules
  • 9 Models

Vendor: Tripwire Enterprise

ProductMITRE ATT&CK® TTPContent
Tripwire EnterpriseT1078 - Valid Accounts
  • 1 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 11 Rules
  • 6 Models
UnixT1021 - Remote Services
T1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 76 Rules
  • 31 Models
Unix AuditdT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 71 Rules
  • 31 Models
Unix NamedT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Unix SendmailT1078 - Valid Accounts
  • 1 Rules

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 17 Rules
  • 8 Models
Carbon Black CEST1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 17 Rules
  • 8 Models
Carbon Black EDRT1047 - Windows Management Instrumentation
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
  • 22 Rules
  • 13 Models
VMware AirWatchT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1531 - Account Access Removal
  • 7 Rules
  • 3 Models
VMware ESXiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 17 Rules
  • 8 Models
VMware HorizonT1078 - Valid Accounts
T1078.002 - T1078.002
  • 14 Rules
  • 7 Models
VMware NSXT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
VMware ViewT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 16 Rules
  • 8 Models
vCenterT1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 19 Rules
  • 9 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Veeam

ProductMITRE ATT&CK® TTPContent
VeeamT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Venafi

ProductMITRE ATT&CK® TTPContent
TLS ProtectT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Vormetric

ProductMITRE ATT&CK® TTPContent
VormetricT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Wallix

ProductMITRE ATT&CK® TTPContent
Wallix BastionT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1136 - Create Account
T1136.001 - Create Account: Create: Local Account
T1136.002 - T1136.002
T1531 - Account Access Removal
  • 24 Rules
  • 9 Models

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 20 Rules
  • 9 Models

Vendor: Zero Networks

ProductMITRE ATT&CK® TTPContent
Zero NetworksT1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules
Zscaler Internet AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 8 Rules
  • 2 Models
Zscaler Private AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1133 - External Remote Services
  • 10 Rules
  • 3 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 1 Rules

Vendor: oVirt

ProductMITRE ATT&CK® TTPContent
oVirtT1078 - Valid Accounts
  • 1 Rules