Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
---|---|---|---|---|
74 | 24 | 14 | 3 | 3 |
Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Abnormal Authentication & Access | failed-logon ↳claroty-ctd-cef-app-notification-evetprotocol ↳claroty-ctd-cef-app-notification-baselinedeviation ↳claroty-ctd-cef-app-notification-informationchange ↳claroty-ctd-cef-alert-trigger-success-network-entityconfict ↳claroty-ctd-cef-endpoint-login-fail |
T1078 - Valid Accounts T1110 - Brute Force |
|
Brute Force Attack | failed-logon ↳claroty-ctd-cef-app-notification-evetprotocol ↳claroty-ctd-cef-app-notification-baselinedeviation ↳claroty-ctd-cef-app-notification-informationchange ↳claroty-ctd-cef-alert-trigger-success-network-entityconfict ↳claroty-ctd-cef-endpoint-login-fail |
T1021.001 - Remote Services: Remote Desktop Protocol T1110 - Brute Force T1110.003 - T1110.003 |
|
Next Page -->> |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|
External Remote Services Valid Accounts Exploit Public Fasing Application |
External Remote Services Valid Accounts |
Valid Accounts Exploitation for Privilege Escalation |
Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Use Alternate Authentication Material: Pass the Ticket Obfuscated Files or Information |
Brute Force Steal or Forge Kerberos Tickets |
Exploitation of Remote Services Remote Services Use Alternate Authentication Material Remote Services: Remote Desktop Protocol |
Proxy: Multi-hop Proxy Proxy |