| Abnormal Authentication & Access | account-deleted
↳auth0-a-json-user-delete-success-userdeletion
account-password-change
↳auth0-a-json-user-password-modify-success-changepassword
app-login
↳auth0-a-json-app-login-success-s
↳auth0-a-json-app-login-success-seacft
↳auth0-a-json-app-login-success-ss
↳auth0-a-json-app-login-success-ssa
↳auth0-a-json-app-login-success-seccft
↳auth0-a-json-app-login-success-changeemail
authentication-failed
↳auth0-a-json-app-authentication-fail-warning
↳sailpoint-identitynow-json-endpoint-authentication-auth
authentication-successful
↳auth0-a-json-app-authentication-success-startauth
↳auth0-a-json-endpoint-login-success-verification
↳auth0-a-json-endpoint-login-success-exchange
↳sailpoint-identitynow-json-endpoint-authentication-auth
failed-app-login
↳auth0-a-json-app-login-fail-limitwc
↳auth0-a-json-app-login-fail-apilimit
failed-logon
↳eset-ep-leef-endpoint-login-fail-auditevent
remote-logon
↳ca-pamsc-kv-rdp-traffic-success-connection
↳vectra-cs-kv-rdp-traffic-success-metadatardp
↳vectra-cs-kv-ssh-traffic-success-metadatassh
| T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
| |
| Account Manipulation | account-deleted
↳auth0-a-json-user-delete-success-userdeletion
account-password-change
↳auth0-a-json-user-password-modify-success-changepassword
| T1098 - Account Manipulation
T1136 - Create Account
T1531 - Account Access Removal
| |
| Brute Force Attack | failed-logon
↳eset-ep-leef-endpoint-login-fail-auditevent
| T1021.001 - Remote Services: Remote Desktop Protocol
T1110 - Brute Force
T1110.003 - T1110.003
| |
| Privilege Escalation | failed-logon
↳eset-ep-leef-endpoint-login-fail-auditevent
remote-logon
↳ca-pamsc-kv-rdp-traffic-success-connection
↳vectra-cs-kv-rdp-traffic-success-metadatardp
↳vectra-cs-kv-ssh-traffic-success-metadatassh
| T1078 - Valid Accounts
T1210 - Exploitation of Remote Services
T1555.005 - T1555.005
| |
| Next Page -->> | | | |