Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 9.94 KB

ds_secureauth_secureauth_idp.md

File metadata and controls

21 lines (19 loc) · 9.94 KB
Raw

Vendor: SecureAuth

Product: SecureAuth IDP

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
92 37 10 5 5
Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access account-password-change
secureauth-idp-kv-user-password-modify-success-41080

app-activity
secureauth-idp-kv-user-search-success-51010
secureauth-idp-kv-user-search-success-51000
secureauth-idp-kv-user-modify-success-41140
secureauth-idp-kv-user-password-expire-success-21061

app-login
secureauth-idp-kv-app-authentication-fail-41502
secureauth-idp-kv-app-authentication-fail-41503
secureauth-idp-kv-app-authentication-fail-41601
secureauth-idp-kv-app-authentication-fail-23812
secureauth-idp-kv-app-authentication-fail-40603
secureauth-idp-kv-app-authentication-fail-41505
secureauth-idp-kv-app-authentication-fail-41603
secureauth-idp-kv-app-authentication-fail-24240
secureauth-idp-kv-app-authentication-success-41590
secureauth-idp-kv-app-authentication-success-41890
secureauth-idp-kv-app-authentication-success-40601
secureauth-idp-kv-endpoint-authentication-success-51100
secureauth-idp-kv-endpoint-authentication-success-51110
secureauth-idp-kv-endpoint-authentication-fail-51101
secureauth-idp-kv-endpoint-authentication-fail-70050
secureauth-idp-kv-endpoint-authentication-fail-51160
secureauth-idp-kv-endpoint-authentication-fail-51140
secureauth-idp-kv-app-login-success-31020
secureauth-idp-kv-alert-trigger-success-92100

authentication-successful
secureauth-idp-kv-certificate-validate-success-23810
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulation account-password-change
secureauth-idp-kv-user-password-modify-success-41080

app-activity
secureauth-idp-kv-user-search-success-51010
secureauth-idp-kv-user-search-success-51000
secureauth-idp-kv-user-modify-success-41140
secureauth-idp-kv-user-password-expire-success-21061
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 4 Rules
  • 1 Models
Data Leak app-activity
secureauth-idp-kv-user-search-success-51010
secureauth-idp-kv-user-search-success-51000
secureauth-idp-kv-user-modify-success-41140
secureauth-idp-kv-user-password-expire-success-21061
 T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Privilege Escalation app-activity
secureauth-idp-kv-user-search-success-51010
secureauth-idp-kv-user-search-success-51000
secureauth-idp-kv-user-modify-success-41140
secureauth-idp-kv-user-password-expire-success-21061
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Proxy