Skip to content

Hide Navigation Hide TOC

Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374)

Collecting authentication events, creating a baseline user profile, and determining whether authentication events are consistent with the baseline profile.

Cluster A Galaxy A Cluster B Galaxy B Level
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern 1
External Remote Services - T1133 (10d51417-ee35-4589-b1ff-b6df1c334e8d) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2) Attack Pattern Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND 1
Authentication Event Thresholding (621e2d87-e082-5a7b-87b7-bfe28d1a3374) MITRE D3FEND Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 1
Password Guessing - T1110.001 (09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Ticket - T1550.003 (7b211ac6-c815-4189-93a9-ab415deca926) Attack Pattern 2
Credential Stuffing - T1110.004 (b2d03cea-aec1-45ca-9744-9ee583c1e1cc) Attack Pattern Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd) Attack Pattern 2
Use Alternate Authentication Material - T1550 (51a14c76-dd3b-440b-9c20-2bf91d25a814) Attack Pattern Pass the Hash - T1550.002 (e624264c-033a-424d-9fd7-fc9c3bbdb03e) Attack Pattern 2