Vendor: SecureAuth

November 29, 2023 · View on GitHub

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
113	48	24	4	4

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-login ↳secureauth-login-kv-app-authentication-fail-22610 ↳secureauth-login-kv-app-authentication-fail-51150 ↳secureauth-login-kv-app-authentication-fail-41501-1 ↳secureauth-login-kv-app-authentication-fail-41501 ↳secureauth-login-kv-app-authentication-fail-24220 ↳secureauth-login-kv-app-authentication-fail-24210 ↳secureauth-login-kv-app-authentication-fail-22910 ↳secureauth-login-xml-app-authentication-browserfingerprint ↳secureauth-login-kv-app-authentication-51170 ↳secureauth-login-kv-app-authentication-24120 ↳secureauth-login-kv-app-authentication-fail-22600 ↳secureauth-login-kv-user-read-fail-21070 ↳secureauth-login-xml-app-login-success-priority remote-logon ↳secureauth-login-kv-app-login-90010	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services	32 Rules 14 Models
Compromised Credentials	app-login ↳secureauth-login-kv-app-authentication-fail-22610 ↳secureauth-login-kv-app-authentication-fail-51150 ↳secureauth-login-kv-app-authentication-fail-41501-1 ↳secureauth-login-kv-app-authentication-fail-41501 ↳secureauth-login-kv-app-authentication-fail-24220 ↳secureauth-login-kv-app-authentication-fail-24210 ↳secureauth-login-kv-app-authentication-fail-22910 ↳secureauth-login-xml-app-authentication-browserfingerprint ↳secureauth-login-kv-app-authentication-51170 ↳secureauth-login-kv-app-authentication-24120 ↳secureauth-login-kv-app-authentication-fail-22600 ↳secureauth-login-kv-user-read-fail-21070 ↳secureauth-login-xml-app-login-success-priority remote-logon ↳secureauth-login-kv-app-login-90010	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	59 Rules 31 Models
Evasion	registry-write ↳secureauth-login-cef-app-activity-appactivity ↳secureauth-login-leef-app-activity	T1564.001 - T1564.001 T1564.002 - T1564.002	2 Rules
Privilege Escalation	remote-logon ↳secureauth-login-kv-app-login-90010	T1078 - Valid Accounts T1555.005 - T1555.005	2 Rules 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Exploit Public Fasing Application	Software Deployment Tools	External Remote Services Valid Accounts Hijack Execution Flow Event Triggered Execution Boot or Logon Autostart Execution	Valid Accounts Exploitation for Privilege Escalation Hijack Execution Flow Event Triggered Execution Boot or Logon Autostart Execution	Hide Artifacts Valid Accounts Modify Registry Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Use Alternate Authentication Material: Pass the Ticket Hijack Execution Flow Valid Accounts: Local Accounts	Steal or Forge Kerberos Tickets Credentials from Password Stores Steal or Forge Kerberos Tickets: Kerberoasting	Remote System Discovery	Remote Services Use Alternate Authentication Material Software Deployment Tools		Proxy: Multi-hop Proxy Proxy