Rules by Product and UseCase

May 15, 2023 · View on GitHub

Vendor: Osquery

Product: Osquery

Use-Case: Malware

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
10111
Event TypeRulesModels
app-activityT1078 - Valid Accounts
↳ Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP

Contents

  1. 1Vendor: Osquery
  2. 1.1Product: Osquery
  3. 1.2Use-Case: Malware