Vendor: Microsoft

Product: Office 365

Rules	Models	MITRE TTPs	Event Types	Parsers
716	154	118	20	20

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal Authentication & Access	account-disabled ↳logrhythm-0365-app-login ↳json-o365-app-login app-activity ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-activity ↳cef-o365-app-activity-3 ↳json-o365-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳o365-activity-3 ↳o365-activity-1 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 app-activity-failed ↳o365-activity ↳cef-microsoft-graph-activity-3 ↳cef-microsoft-graph-activity app-login ↳cef-o365-app-login ↳cef-o365-app-login-1 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳o365-sharepoint-app-activity ↳logrhythm-0365-failed-app-login ↳json-o365-failed-app-login dlp-email-alert-in ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email dlp-email-alert-in-failed ↳o365-inbox-activity ↳json-microsoft-app-activity-31 ↳microsoft-app-activity-12 ↳cef-microsoft-app-activity-29 ↳cef-microsoft-app-activity-28 ↳microsoft-app-activity-11 ↳microsoft-app-activity-10 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳cef-microsoft-app-activity-24 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳microsoft-app-activity-4 ↳microsoft-app-activity-6 ↳cef-microsoft-app-activity-39 ↳microsoft-app-activity-5 ↳microsoft-app-activity-8 ↳microsoft-app-activity-7 ↳microsoft-app-activity-9 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 dlp-email-alert-out ↳json-email-saas-o365-alert ↳cef-O365-dlp-email-out ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳s-O365-email ↳o365-dlp-email-out-1 ↳o365-dlp-email-out-2 ↳xml-email-saas-o365-alert ↳o365-phishing-alert ↳cef-o365-dlp-email dlp-email-alert-out-failed ↳O365-email-alert-in ↳cef-O365-dlp-email-in ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳cef-o365-file-read-7 ↳cef-o365-file-read-8 ↳logrhythm-o365-file-read-4 ↳logrhythm-o365-file-read-3 ↳logrhythm-o365-file-read-2 ↳cef-o365-file-read-3 ↳cef-o365-file-read-4 ↳cef-o365-file-read-5 ↳logrhythm-o365-file-activity ↳cef-o365-file-read-6 ↳logrhythm-o365-file-read-7 ↳cef-o365-file-read-1 ↳logrhythm-o365-file-read-6 ↳cef-o365-file-read-2 ↳logrhythm-o365-file-read ↳logrhythm-o365-file-read-5 failed-app-login ↳o365-activity ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-microsoft-graph-activity-1 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-graph-activity-4 ↳cef-microsoft-graph-activity-6 ↳o365-teams-app-login ↳cef-o365-app-login ↳cef-o365-app-login-1 ↳o365-phishing-alert ↳cef-o365-dlp-email failed-logon ↳o365-dlp-policy-alert ↳o365-dlp-alert file-delete ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity ↳azure-process-created file-download ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳microsoft-app-activity-2 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳microsoft-app-activity-1 ↳o365-sharepoint-app-activity file-permission-change ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity file-read ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity ↳logrhythm-o365-file-write-4 ↳logrhythm-o365-file-write-5 ↳json-o365-file-write-7 ↳logrhythm-o365-file-write-6 ↳logrhythm-o365-file-write ↳logrhythm-o365-file-write-7 ↳logrhythm-o365-file-write-2 ↳logrhythm-o365-file-write-3 ↳cef-o365-file-write-9 ↳cef-o365-file-write-8 ↳cef-o365-file-write-7 ↳cef-o365-file-write-6 ↳cef-o365-file-write-1 ↳cef-o365-file-write-5 ↳logrhythm-o365-file-write-8 ↳cef-o365-file-write-4 ↳cef-o365-file-write-11 ↳cef-o365-file-write-3 ↳cef-o365-file-write-10 ↳cef-o365-file-write-2 ↳json-microsoft-app-activity-17 file-upload ↳o365-activity ↳cef-o365-app-activity-3 ↳json-o365-activity-3 ↳o365-mip-label-activity ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳o365-activity-3 ↳o365-activity-1 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳o365-powerbi-activity ↳o365-teams-activity-1 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity file-write ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳o365-sharepoint-app-activity ↳logrhythm-o365-file-upload ↳cef-o365-file-delete-1 ↳logrhythm-o365-file-delete-3 ↳logrhythm-o365-file-delete-2 ↳json-microsoft-app-activity-19 ↳logrhythm-o365-file-delete ↳cef-o365-file-delete-2 ntlm-logon ↳json-email-saas-o365-alert ↳cef-O365-dlp-email-out ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳s-O365-email ↳o365-dlp-email-out-1 ↳o365-dlp-email-out-2 ↳xml-email-saas-o365-alert ↳cef-O365-dlp-email-out-1 ↳O365-email-alert-out process-created ↳cef-o365-dlp-alert ↳logrhythm-0365-account-password-change remote-logon ↳o365-inbox-rules-move-to-folder ↳o365-inbox-rules-all-2 ↳o365-inbox-rules ↳o365-inbox-rules-all ↳o365-inbox-rules-forward-to-1 ↳o365-inbox-rules-forward-to ↳o365-inbox-rules-2 ↳cef-microsoft-app-activity-inbox-rule security-alert ↳o365-security-alert ↳o365-url-click-alert ↳o365-malware-alert ↳o365-security-alert-1 ↳o365-signin-alert ↳o365-security-alert-3 ↳o365-security-alert-2 ↳o365-mal-url-click ↳cef-o365-security-alert	T1021 - Remote Services T1078 - Valid Accounts T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	65 Rules 28 Models
Account Manipulation	account-disabled ↳logrhythm-0365-app-login ↳json-o365-app-login app-activity ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-activity ↳cef-o365-app-activity-3 ↳json-o365-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳o365-activity-3 ↳o365-activity-1 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 app-activity-failed ↳o365-activity ↳cef-microsoft-graph-activity-3 ↳cef-microsoft-graph-activity app-login ↳cef-o365-app-login ↳cef-o365-app-login-1 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳o365-sharepoint-app-activity ↳logrhythm-0365-failed-app-login ↳json-o365-failed-app-login dlp-email-alert-in ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email dlp-email-alert-in-failed ↳o365-inbox-activity ↳json-microsoft-app-activity-31 ↳microsoft-app-activity-12 ↳cef-microsoft-app-activity-29 ↳cef-microsoft-app-activity-28 ↳microsoft-app-activity-11 ↳microsoft-app-activity-10 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳cef-microsoft-app-activity-24 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳microsoft-app-activity-4 ↳microsoft-app-activity-6 ↳cef-microsoft-app-activity-39 ↳microsoft-app-activity-5 ↳microsoft-app-activity-8 ↳microsoft-app-activity-7 ↳microsoft-app-activity-9 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 dlp-email-alert-out ↳json-email-saas-o365-alert ↳cef-O365-dlp-email-out ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳s-O365-email ↳o365-dlp-email-out-1 ↳o365-dlp-email-out-2 ↳xml-email-saas-o365-alert ↳o365-phishing-alert ↳cef-o365-dlp-email dlp-email-alert-out-failed ↳O365-email-alert-in ↳cef-O365-dlp-email-in ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳cef-o365-file-read-7 ↳cef-o365-file-read-8 ↳logrhythm-o365-file-read-4 ↳logrhythm-o365-file-read-3 ↳logrhythm-o365-file-read-2 ↳cef-o365-file-read-3 ↳cef-o365-file-read-4 ↳cef-o365-file-read-5 ↳logrhythm-o365-file-activity ↳cef-o365-file-read-6 ↳logrhythm-o365-file-read-7 ↳cef-o365-file-read-1 ↳logrhythm-o365-file-read-6 ↳cef-o365-file-read-2 ↳logrhythm-o365-file-read ↳logrhythm-o365-file-read-5 failed-app-login ↳o365-activity ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-microsoft-graph-activity-1 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-graph-activity-4 ↳cef-microsoft-graph-activity-6 ↳o365-teams-app-login ↳cef-o365-app-login ↳cef-o365-app-login-1 ↳o365-phishing-alert ↳cef-o365-dlp-email failed-logon ↳o365-dlp-policy-alert ↳o365-dlp-alert file-delete ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity ↳azure-process-created file-download ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳microsoft-app-activity-2 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳microsoft-app-activity-1 ↳o365-sharepoint-app-activity file-permission-change ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity file-read ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity ↳logrhythm-o365-file-write-4 ↳logrhythm-o365-file-write-5 ↳json-o365-file-write-7 ↳logrhythm-o365-file-write-6 ↳logrhythm-o365-file-write ↳logrhythm-o365-file-write-7 ↳logrhythm-o365-file-write-2 ↳logrhythm-o365-file-write-3 ↳cef-o365-file-write-9 ↳cef-o365-file-write-8 ↳cef-o365-file-write-7 ↳cef-o365-file-write-6 ↳cef-o365-file-write-1 ↳cef-o365-file-write-5 ↳logrhythm-o365-file-write-8 ↳cef-o365-file-write-4 ↳cef-o365-file-write-11 ↳cef-o365-file-write-3 ↳cef-o365-file-write-10 ↳cef-o365-file-write-2 ↳json-microsoft-app-activity-17 file-upload ↳o365-activity ↳cef-o365-app-activity-3 ↳json-o365-activity-3 ↳o365-mip-label-activity ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳cef-o365-app-activity-6 ↳cef-o365-app-activity-9 ↳o365-activity-3 ↳o365-activity-1 ↳cef-o365-app-activity-20 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳o365-powerbi-activity ↳o365-teams-activity-1 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳cef-syslog-sharepoint-activity ↳o365-sharepoint-app-activity file-write ↳cef-o365-app-activity-3 ↳cef-o365-app-activity-4 ↳cef-o365-app-activity-1 ↳cef-o365-app-activity-2 ↳cef-o365-app-activity-7 ↳cef-o365-app-activity-21 ↳cef-o365-app-activity-8 ↳cef-o365-app-activity-22 ↳cef-o365-app-activity-5 ↳cef-o365-app-activity-23 ↳json-microsoft-app-activity-31 ↳cef-o365-app-activity-6 ↳cef-microsoft-app-activity-29 ↳cef-o365-app-activity-9 ↳cef-microsoft-app-activity-28 ↳cef-microsoft-app-activity-23 ↳cef-microsoft-app-activity-22 ↳cef-microsoft-app-activity-21 ↳cef-microsoft-app-activity-20 ↳cef-microsoft-app-activity-27 ↳o365-activity-3 ↳cef-microsoft-app-activity-26 ↳cef-microsoft-app-activity-25 ↳o365-activity-1 ↳cef-microsoft-app-activity-24 ↳cef-o365-app-activity-20 ↳cef-microsoft-app-activity-9 ↳cef-microsoft-app-activity-8 ↳json-microsoft-app-activity-6 ↳cef-microsoft-app-activity-7 ↳json-microsoft-app-activity-9 ↳cef-microsoft-app-activity-6 ↳json-microsoft-app-activity-8 ↳cef-microsoft-app-activity-5 ↳cef-microsoft-app-activity-4 ↳cef-microsoft-app-activity-3 ↳cef-microsoft-app-activity-2 ↳cef-microsoft-app-activity-1 ↳cef-microsoft-app-activity-19 ↳cef-microsoft-app-activity-18 ↳json-microsoft-app-activity-1 ↳cef-microsoft-app-activity-17 ↳json-microsoft-app-activity-2 ↳json-microsoft-app-activity-5 ↳cef-microsoft-app-activity-12 ↳cef-microsoft-app-activity-11 ↳cef-microsoft-app-activity-10 ↳cef-microsoft-app-activity-52 ↳cef-microsoft-app-activity-51 ↳o365-activity ↳json-o365-activity-3 ↳json-microsoft-app-activity-12 ↳json-microsoft-app-activity-11 ↳json-microsoft-app-activity-10 ↳cef-microsoft-app-activity-42 ↳cef-microsoft-app-activity-41 ↳cef-microsoft-app-activity-40 ↳cef-o365-app-activity-14 ↳cef-o365-app-activity-15 ↳cef-o365-app-activity-16 ↳cef-o365-app-activity-17 ↳cef-o365-app-activity-10 ↳cef-o365-app-activity-11 ↳cef-o365-app-activity-12 ↳cef-o365-app-activity-13 ↳cef-o365-app-activity-18 ↳cef-o365-app-activity-19 ↳cef-microsoft-app-activity-34 ↳cef-microsoft-app-activity-33 ↳cef-microsoft-app-activity-32 ↳cef-microsoft-app-activity-31 ↳cef-microsoft-app-activity-37 ↳cef-microsoft-app-activity-36 ↳cef-microsoft-app-activity-35 ↳cef-microsoft-app-activity-30 ↳o365-sharepoint-activity ↳o365-onedrive-app-activity ↳o365-sharepoint-app-activity ↳logrhythm-o365-file-upload ↳cef-o365-file-delete-1 ↳logrhythm-o365-file-delete-3 ↳logrhythm-o365-file-delete-2 ↳json-microsoft-app-activity-19 ↳logrhythm-o365-file-delete ↳cef-o365-file-delete-2 ntlm-logon ↳json-email-saas-o365-alert ↳cef-O365-dlp-email-out ↳o365-email-alert ↳s-O365-dlp-email ↳json-o365-dlp-email ↳q-o365-dlp-email ↳s-O365-email ↳o365-dlp-email-out-1 ↳o365-dlp-email-out-2 ↳xml-email-saas-o365-alert ↳cef-O365-dlp-email-out-1 ↳O365-email-alert-out process-created ↳cef-o365-dlp-alert ↳logrhythm-0365-account-password-change remote-logon ↳o365-inbox-rules-move-to-folder ↳o365-inbox-rules-all-2 ↳o365-inbox-rules ↳o365-inbox-rules-all ↳o365-inbox-rules-forward-to-1 ↳o365-inbox-rules-forward-to ↳o365-inbox-rules-2 ↳cef-microsoft-app-activity-inbox-rule security-alert ↳o365-security-alert ↳o365-url-click-alert ↳o365-malware-alert ↳o365-security-alert-1 ↳o365-signin-alert ↳o365-security-alert-3 ↳o365-security-alert-2 ↳o365-mal-url-click ↳cef-o365-security-alert	T1003 - OS Credential Dumping T1047 - Windows Management Instrumentation T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1136 - Create Account T1136.001 - Create Account: Create: Local Account T1175 - T1175 T1531 - Account Access Removal	22 Rules 9 Models
Next Page -->>

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Exploit Public Fasing Application Phishing	Windows Management Instrumentation Command and Scripting Interperter Scheduled Task/Job Scripting System Services Exploitation for Client Execution User Execution Scheduled Task/Job: Scheduled Task Command and Scripting Interperter: PowerShell Scheduled Task/Job: At (Windows)	Pre-OS Boot Create Account Create or Modify System Process External Remote Services Valid Accounts Hijack Execution Flow Server Software Component: Web Shell Account Manipulation BITS Jobs Create or Modify System Process: Windows Service Scheduled Task/Job Server Software Component Event Triggered Execution Boot or Logon Autostart Execution Create Account: Create: Local Account Account Manipulation: Exchange Email Delegate Permissions	Access Token Manipulation: Token Impersonation/Theft Create or Modify System Process Valid Accounts Access Token Manipulation Exploitation for Privilege Escalation Hijack Execution Flow Process Injection Scheduled Task/Job Abuse Elevation Control Mechanism Event Triggered Execution Boot or Logon Autostart Execution Process Injection: Dynamic-link Library Injection Abuse Elevation Control Mechanism: Bypass User Account Control	Hide Artifacts Indirect Command Execution Impair Defenses Indicator Removal on Host: Clear Windows Event Logs Trusted Developer Utilities Proxy Execution Masquerading: Match Legitimate Name or Location Masquerading: Rename System Utilities File and Directory Permissions Modification: Windows File and Directory Permissions Modification Obfuscated Files or Information: Compile After Delivery Obfuscated Files or Information: Indicator Removal from Tools Hijack Execution Flow: DLL Side-Loading Indicator Removal on Host: File Deletion Masquerading Valid Accounts Modify Registry BITS Jobs Use Alternate Authentication Material Hide Artifacts: NTFS File Attributes Use Alternate Authentication Material: Pass the Hash Indicator Removal on Host Use Alternate Authentication Material: Web Session Cookie Use Alternate Authentication Material: Pass the Ticket Pre-OS Boot File and Directory Permissions Modification XSL Script Processing Deobfuscate/Decode Files or Information Abuse Elevation Control Mechanism Impair Defenses: Disable or Modify System Firewall Obfuscated Files or Information Signed Binary Proxy Execution: Compiled HTML File Access Token Manipulation Exploitation for Defense Evasion Hijack Execution Flow Process Injection Valid Accounts: Local Accounts Signed Binary Proxy Execution: Msiexec Signed Binary Proxy Execution Signed Binary Proxy Execution: Regsvcs/Regasm Signed Binary Proxy Execution: CMSTP Signed Binary Proxy Execution: Control Panel Signed Binary Proxy Execution: InstallUtil Signed Binary Proxy Execution: Regsvr32 Trusted Developer Utilities Proxy Execution: MSBuild Signed Binary Proxy Execution: Rundll32	OS Credential Dumping Input Capture Unsecured Credentials Brute Force Man-in-the-Middle Steal or Forge Kerberos Tickets Steal or Forge Kerberos Tickets: Kerberoasting Network Sniffing	Network Service Scanning Account Discovery Domain Trust Discovery Account Discovery: Local Account Account Discovery: Domain Account File and Directory Discovery Network Sniffing System Information Discovery Network Share Discovery Query Registry Process Discovery System Owner/User Discovery System Network Configuration Discovery	Exploitation of Remote Services Remote Services Remote Services: SMB/Windows Admin Shares Use Alternate Authentication Material Remote Services: Remote Desktop Protocol	Email Collection Input Capture Audio Capture Archive Collected Data Man-in-the-Middle Email Collection: Email Forwarding Rule	Data Encoding Data Encoding: Standard Encoding Remote Access Software Ingress Tool Transfer Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Automated Exfiltration	Account Access Removal Resource Hijacking Data Encrypted for Impact Inhibit System Recovery

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_microsoft_office_365.md

ds_microsoft_office_365.md

Vendor: Microsoft

Product: Office 365

ATT&CK Matrix for Enterprise

Files

ds_microsoft_office_365.md

Latest commit

History

ds_microsoft_office_365.md

File metadata and controls

Vendor: Microsoft

Product: Office 365

ATT&CK Matrix for Enterprise