Center for Threat-Informed Defense

Version 15.1 16.0

Data Sources : ICS ATT&CK Changelog

Modified Data Sources

Description

A profile representing a user, device, service, or application used to authenticate and access resources
Details
Values Changed
FIELD OLD VALUE NEW VALUE
modified 2022-12-07T19:50:43.993Z 2024-10-14T22:11:30.271Z
Iterable Item Added
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Office Suite
x_mitre_platforms Identity Provider
Iterable Item Removed
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Azure AD
x_mitre_platforms Google Workspace
x_mitre_platforms Office 365

Description

Events collected by third-party services such as mail servers, web applications, or other appliances (not by the native OS or platform)[1]

References:

  1. Confluence Support. (2021, April 22). Working with Confluence Logs. Retrieved September 23, 2021.
Details
Values Changed
FIELD OLD VALUE NEW VALUE
modified 2022-05-11T14:00:00.188Z 2024-10-14T22:11:30.271Z
Iterable Item Added
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Office Suite
Iterable Item Removed
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Google Workspace
x_mitre_platforms Office 365

Description

Logon occurring on a system or resource (local, domain, or cloud) to which a user/device is gaining access after successful authentication and authorization[1]

References:

  1. Microsoft. (2021, September 6). Audit logon events. Retrieved September 28, 2021.
Details
Values Changed
FIELD OLD VALUE NEW VALUE
modified 2022-12-07T19:45:09.019Z 2024-10-14T22:11:30.271Z
Iterable Item Added
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Office Suite
x_mitre_platforms Identity Provider
Iterable Item Removed
FIELD OLD VALUE NEW VALUE
x_mitre_platforms Azure AD
x_mitre_platforms Google Workspace
x_mitre_platforms Office 365