Product: Sonicwall
Use-Case: Account Manipulation
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 7 | 7 | 3 | 1 | 4 |
| Event Type | Rules | Models |
|---|---|---|
| vpn-logout | T1484 - Group Policy Modification ↳ FDS-Count: Abnormal number of failed directory service events in the organization ↳ FDS-GCount: Abnormal number of failed directory service events in the peer group ↳ FDS-UCount: Abnormal number of failed directory service events in the user ↳ DS-Count: Abnormal number of directory service events in the organization ↳ DS-GCount: Abnormal number of directory service events in the peer group ↳ DS-UCount: Abnormal number of directory service events in the user T1098 - Account Manipulation ↳ EM-InB-Perm-A: Abnormal number of mailbox permission given by user. T1098.002 - Account Manipulation: Exchange Email Delegate Permissions ↳ EM-InB-Perm-A: Abnormal number of mailbox permission given by user. |
• DS-UCount: Count of directory service activity events in the user • DS-GCount: Count of directory service activity events in the peer group • DS-Count: Count of directory service activity events in the organization • FDS-UCount: Count of failed directory service activity events in the user • FDS-GCount: Count of failed directory service activity events in the peer group • FDS-Count: Count of failed directory service activity events in the organization • EM-InB-Perm: Models the number of mailbox permissions given by this user. |