Skip to content

Latest commit

 

History

History
14 lines (12 loc) · 1.12 KB

r_m_sailpoint_identitynow_Malware.md

File metadata and controls

14 lines (12 loc) · 1.12 KB

Vendor: Sailpoint

Product: IdentityNow

Use-Case: Malware

Rules Models MITRE TTPs Event Types Parsers
1 0 1 6 6
Event Type Rules Models
app-activity T1078 - Valid Accounts
Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP
app-login T1078 - Valid Accounts
Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP
authentication-successful T1078 - Valid Accounts
Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP