Skip to content

Latest commit

 

History

History
19 lines (17 loc) · 9.21 KB

ds_sailpoint_identitynow.md

File metadata and controls

19 lines (17 loc) · 9.21 KB

Vendor: Sailpoint

Product: IdentityNow

Rules Models MITRE TTPs Event Types Parsers
111 64 18 6 6
Use-Case Event Types/Parsers MITRE TTP Content
Abnormal Authentication & Access account-password-change
s-sailpoint-pwd
sailpoint-password-change

account-password-change-failed
s-sailpoint-auth
sailpoint-auth

app-activity
s-sailpoint-pwd
sailpoint-password-change

app-login
s-sailpoint-app-activity
s-sailpoint-pwd
sailpoint-app-activity-2

authentication-successful
s-sailpoint-auth
sailpoint-auth

vpn-logout
sailpoint-app-activity-1
s-sailpoint-launch
s-sailpoint-sso
s-sailpoint-app-activity
 T1021 - Remote Services
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 50 Rules
  • 24 Models
Account Manipulation account-password-change
s-sailpoint-pwd
sailpoint-password-change

account-password-change-failed
s-sailpoint-auth
sailpoint-auth

app-activity
s-sailpoint-pwd
sailpoint-password-change

app-login
s-sailpoint-app-activity
s-sailpoint-pwd
sailpoint-app-activity-2

authentication-successful
s-sailpoint-auth
sailpoint-auth

vpn-logout
sailpoint-app-activity-1
s-sailpoint-launch
s-sailpoint-sso
s-sailpoint-app-activity
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 11 Rules
  • 7 Models
Next Page -->>

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Phishing

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

 Valid Accounts

 OS Credential Dumping

Brute Force

Steal or Forge Kerberos Tickets

Steal or Forge Kerberos Tickets: Kerberoasting

 Remote Services

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium: Exfiltration over USB

Data Transfer Size Limits

Exfiltration Over Physical Medium

Automated Exfiltration