| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 22 | 10 | 4 | 1 | 1 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Compromised Credentials | network-alert ↳cef-hp-print-activity ↳s-hp-print-activity |
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
| Malware | network-alert ↳cef-hp-print-activity ↳s-hp-print-activity |
T1204 - User Execution |
|
| Privilege Escalation | network-alert ↳cef-hp-print-activity ↳s-hp-print-activity |
T1021.002 - Remote Services: SMB/Windows Admin Shares T1087 - Account Discovery |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| User Execution |
Obfuscated Files or Information: Indicator Removal from Tools Obfuscated Files or Information |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |