Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 4.2 KB

ds_beyondtrust_beyondtrust.md

File metadata and controls

21 lines (19 loc) · 4.2 KB
Raw

Vendor: BeyondTrust

Product: BeyondTrust

Rules Models MITRE ATT&CK® TTPs Event Types Parsers
31 21 3 2 2
Use-Case Event Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access account-switch
s-liebsoft-account-switch
syslog-liebsoft-account-switch-1

privileged-access
beyondtrust-privileged-access-1
 T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Malware account-switch
s-liebsoft-account-switch
syslog-liebsoft-account-switch-1

privileged-access
beyondtrust-privileged-access-1
 TA0002 - TA0002
  • 4 Rules
  • 2 Models
Privilege Abuse account-switch
s-liebsoft-account-switch
syslog-liebsoft-account-switch-1

privileged-access
beyondtrust-privileged-access-1
 T1078 - Valid Accounts
  • 7 Rules
  • 5 Models
Privilege Escalation account-switch
s-liebsoft-account-switch
syslog-liebsoft-account-switch-1
 T1078 - Valid Accounts
T1555.005 - T1555.005
  • 10 Rules
  • 6 Models
Privileged Activity account-switch
s-liebsoft-account-switch
syslog-liebsoft-account-switch-1

privileged-access
beyondtrust-privileged-access-1
 T1078 - Valid Accounts
TA0002 - TA0002
  • 11 Rules
  • 7 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Valid Accounts

 Valid Accounts

 Valid Accounts

 Valid Accounts

 Credentials from Password Stores