Vendor: SentinelOne

Product: Vigilance

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
125	51	16	6	6

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	account-creation ↳sentinelone-v-cef-user-create-success-newuseradded app-activity ↳sentinelone-v-cef-app-activity-success-usermodified ↳sentinelone-v-cef-app-activity-success-userdeleted ↳sentinelone-v-cef-app-activity-success-usercreatedrole app-login ↳sentinelone-v-cef-app-login-success-newconsole failed-app-login ↳sentinelone-v-cef-app-login-login-failedconsole	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Account Manipulation	account-creation ↳sentinelone-v-cef-user-create-success-newuseradded app-activity ↳sentinelone-v-cef-app-activity-success-usermodified ↳sentinelone-v-cef-app-activity-success-userdeleted ↳sentinelone-v-cef-app-activity-success-usercreatedrole	T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1136 - Create Account T1136.001 - Create Account: Create: Local Account T1136.002 - T1136.002	23 Rules 9 Models
Data Leak	app-activity ↳sentinelone-v-cef-app-activity-success-usermodified ↳sentinelone-v-cef-app-activity-success-userdeleted ↳sentinelone-v-cef-app-activity-success-usercreatedrole	T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Privilege Escalation	app-activity ↳sentinelone-v-cef-app-activity-success-usermodified ↳sentinelone-v-cef-app-activity-success-userdeleted ↳sentinelone-v-cef-app-activity-success-usercreatedrole	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Valid Accounts: Cloud Accounts Exploit Public Fasing Application	User Execution	Create Account External Remote Services Valid Accounts Account Manipulation Create Account: Create: Local Account Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information Unused/Unsupported Cloud Regions				Email Collection Email Collection: Email Forwarding Rule	Proxy: Multi-hop Proxy Proxy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_sentinelone_vigilance.md

ds_sentinelone_vigilance.md

Vendor: SentinelOne

Product: Vigilance

MITRE ATT&CK® Framework for Enterprise

Files

ds_sentinelone_vigilance.md

Latest commit

History

ds_sentinelone_vigilance.md

File metadata and controls

Vendor: SentinelOne

Product: Vigilance

MITRE ATT&CK® Framework for Enterprise