ds_nutanix_nutanix_files.md

Vendor: Nutanix

Product: Nutanix Files

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
48	19	12	3	3

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	file-delete ↳nutanix-file-delete file-read ↳nutanix-file-read file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1083 - File and Directory Discovery	33 Rules 14 Models
Data Access	file-delete ↳nutanix-file-delete file-read ↳nutanix-file-read file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1083 - File and Directory Discovery	24 Rules 13 Models
Data Exfiltration	file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	TA0002 - TA0002	2 Rules 1 Models
Data Leak	file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1114.001 - T1114.001	1 Rules
Destruction of Data	file-delete ↳nutanix-file-delete	T1070.004 - Indicator Removal on Host: File Deletion T1485 - Data Destruction	1 Rules
Malware	file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1003.002 - T1003.002 T1505.003 - Server Software Component: Web Shell T1547.001 - T1547.001 TA0002 - TA0002	11 Rules 4 Models
Privilege Abuse	file-delete ↳nutanix-file-delete file-read ↳nutanix-file-read file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1078 - Valid Accounts	1 Rules
Privileged Activity	file-delete ↳nutanix-file-delete file-read ↳nutanix-file-read file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1078 - Valid Accounts	1 Rules
Ransomware	file-write ↳nutanix-file-write-3 ↳nutanix-file-write ↳nutanix-file-write-1 ↳nutanix-file-write-2	T1486 - Data Encrypted for Impact	1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Valid Accounts		Valid Accounts Server Software Component: Web Shell Server Software Component Boot or Logon Autostart Execution	Valid Accounts Boot or Logon Autostart Execution	Indicator Removal on Host: File Deletion Valid Accounts Indicator Removal on Host	OS Credential Dumping	File and Directory Discovery		Email Collection			Data Destruction Data Encrypted for Impact