Use-Case	Activity Type (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	scheduled_task-trigger:success (app-activity) ↳rangeraudit-ra-json-app-activity-success-enforcer app-login:success (app-login) ↳rangeraudit-ra-kv-app-login-success-ranger database-query:success (database-query) ↳rangeraudit-ra-json-database-access ↳rangeraudit-ra-cef-database-query-fail-create ↳rangeraudit-ra-cef-database-query-fail-alter ↳rangeraudit-ra-cef-database-query-fail-masknull ↳rangeraudit-ra-cef-database-query-fail-drop ↳rangeraudit-ra-cef-database-query-fail-use ↳rangeraudit-ra-cef-database-query-fail-update app-login:fail (failed-app-login) ↳rangeraudit-ra-str-app-login-fail-loginunsuccess file-read:success (file-read) ↳rangeraudit-ra-json-file-success-path file-write:success (file-write) ↳rangeraudit-ra-json-file-success-path	T1003 - OS Credential Dumping T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application T1213 - Data from Information Repositories	93 Rules 48 Models
Data Access	scheduled_task-trigger:success (app-activity) ↳rangeraudit-ra-json-app-activity-success-enforcer app-login:success (app-login) ↳rangeraudit-ra-kv-app-login-success-ranger database-query:success (database-query) ↳rangeraudit-ra-json-database-access ↳rangeraudit-ra-cef-database-query-fail-create ↳rangeraudit-ra-cef-database-query-fail-alter ↳rangeraudit-ra-cef-database-query-fail-masknull ↳rangeraudit-ra-cef-database-query-fail-drop ↳rangeraudit-ra-cef-database-query-fail-use ↳rangeraudit-ra-cef-database-query-fail-update app-login:fail (failed-app-login) ↳rangeraudit-ra-str-app-login-fail-loginunsuccess file-read:success (file-read) ↳rangeraudit-ra-json-file-success-path file-write:success (file-write) ↳rangeraudit-ra-json-file-success-path	T1078 - Valid Accounts T1083 - File and Directory Discovery T1213 - Data from Information Repositories	62 Rules 34 Models
Privilege Abuse	scheduled_task-trigger:success (app-activity) ↳rangeraudit-ra-json-app-activity-success-enforcer app-login:success (app-login) ↳rangeraudit-ra-kv-app-login-success-ranger app-login:fail (failed-app-login) ↳rangeraudit-ra-str-app-login-fail-loginunsuccess file-read:success (file-read) ↳rangeraudit-ra-json-file-success-path file-write:success (file-write) ↳rangeraudit-ra-json-file-success-path	T1078 - Valid Accounts T1098 - Account Manipulation T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 2 Models
Privileged Activity	scheduled_task-trigger:success (app-activity) ↳rangeraudit-ra-json-app-activity-success-enforcer app-login:success (app-login) ↳rangeraudit-ra-kv-app-login-success-ranger app-login:fail (failed-app-login) ↳rangeraudit-ra-str-app-login-fail-loginunsuccess file-read:success (file-read) ↳rangeraudit-ra-json-file-success-path file-write:success (file-write) ↳rangeraudit-ra-json-file-success-path	T1078 - Valid Accounts	3 Rules 1 Models

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2_ds_rangeraudit_rangeraudit.md

2_ds_rangeraudit_rangeraudit.md

Files

2_ds_rangeraudit_rangeraudit.md

Latest commit

History

2_ds_rangeraudit_rangeraudit.md

File metadata and controls