Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 5.39 KB

ds_fireeye_fireeye_helix.md

File metadata and controls

21 lines (19 loc) · 5.39 KB

Vendor: FireEye

Product: FireEye Helix

Rules Models MITRE TTPs Event Types Parsers
27 11 7 1 1
Use-Case Event Types/Parsers MITRE TTP Content
Compromised Credentials security-alert
json-fireeye-alert-network
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
  • 20 Rules
  • 9 Models
Lateral Movement security-alert
json-fireeye-alert-network
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 1 Rules
Malware security-alert
json-fireeye-alert-network
 T1078 - Valid Accounts
T1204 - User Execution
  • 4 Rules
  • 4 Models
Privilege Escalation security-alert
json-fireeye-alert-network
 T1021.002 - Remote Services: SMB/Windows Admin Shares
T1087 - Account Discovery
  • 1 Rules
  • 1 Models
Privileged Activity security-alert
json-fireeye-alert-network
 T1068 - Exploitation for Privilege Escalation
  • 1 Rules

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 User Execution

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Account Discovery

 Remote Services

Remote Services: SMB/Windows Admin Shares