r_m_beyondtrust_beyondtrust_Phishing.md

Rules by Product and UseCase

Vendor: BeyondTrust

Product: BeyondTrust

Use-Case: Phishing

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
1	0	2	1	2

Event Type	Rules	Models
process-created	T1566 - Phishing ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset. T1566.001 - T1566.001 ↳ A-Exec-Outlook-Temp: A suspicious program was executed in the Outlook temp folder on this asset.