Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login authentication-successful ↳leef-epic-app-activity ↳cef-epic-auth-successful failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	43 Rules 24 Models
Data Access	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts	20 Rules 11 Models
Data Leak	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2	T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Lateral Movement	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login authentication-successful ↳leef-epic-app-activity ↳cef-epic-auth-successful failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Malware	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login authentication-successful ↳leef-epic-app-activity ↳cef-epic-auth-successful	T1078 - Valid Accounts	1 Rules
Privilege Abuse	account-password-change ↳leef-epic-app-activity app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 2 Models
Privilege Escalation	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts	2 Rules 1 Models
Ransomware	app-activity ↳cef-epic-app-activity-11 ↳cef-epic-app-activity-10 ↳cef-epic-app-activity-12 ↳cef-epic-app-activity-5 ↳leef-epic-app-activity ↳cef-epic-app-activity-6 ↳cef-epic-app-activity-3 ↳cef-epic-app-activity-4 ↳cef-epic-app-activity-9 ↳cef-epic-app-activity-7 ↳cef-epic-app-activity-8 ↳cef-epic-app-activity-1 ↳cef-epic-app-activity-2 app-login ↳leef-epic-app-activity ↳cef-epic-app-login authentication-successful ↳leef-epic-app-activity ↳cef-epic-auth-successful failed-app-login ↳cef-epic-failed-app-login ↳leef-epic-app-activity	T1078 - Valid Accounts	2 Rules

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2_ds_epic_epic_siem.md

2_ds_epic_epic_siem.md

Files

2_ds_epic_epic_siem.md

Latest commit

History

2_ds_epic_epic_siem.md

File metadata and controls