Product: Falcon
Use-Case: Phishing
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 2 | 0 | 1 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| process-created | T1566.001 - T1566.001 ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset. ↳ Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder. |