- Threat Detection, Investigation, and Response (TDIR) Use Case Categories
- Threat Detection, Investigation, and Response (TDIR) Use Case Categories Hierarchy
- Compromised Insiders Use Case Category
- External Threats Use Case Category
- Malicious Insiders Use Case Category
Threat Detection, Investigation, and Response (TDIR) Use Case Categories Hierarchy
Understand the overall structure of the TDIR Use Case Categories framework: use case categories, use cases, and scenarios.
The TDIR Use Case Categories framework organizes threats in a hierarchy, from a broad category down to specific detection insights:
 |
Use Case Category – A collection of related use cases; for example, Compromised Insiders.
Use Case – A specific problem that Exabeam functionalities protect against; for example, Lateral Movement.
Scenario – A high-value detection insight within a use case; for example, Pass the Hash.
In most cases, you tackle a specific use case, but you may find it helpful to break down use cases into scenarios.
Use cases and scenarios in the Exabeam TDIR Use Case Categories framework are similar to tactics and techniques in the MITRE ATT&CK® framework. Like ATT&CK tactics, Exabeam use cases represent an adversary’s tactical objective or the high-level activities an adversary does during an operation. Like ATT&CK techniques, Exabeam scenarios represent what an adversary does to achieve their tactical objective or what an adversary gains from achieving their tactical objective.[1]
[1] MITRE ATT&CK and ATT&CK are trademarks of The MITRE Corporation ("MITRE"). Exabeam is not affiliated with or sponsored or endorsed by MITRE. Nothing herein is a representation of the views or opinions of MITRE or its personnel.