Vendor: Extrahop

Product: Reveal(x)

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
53	21	9	3	3

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	network-alert ↳extrahop-network-perf security-alert ↳extrahop-network-sec ↳cef-extrahop-network-sec	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services T1190 - Exploit Public Fasing Application	43 Rules 19 Models
Lateral Movement	security-alert ↳extrahop-network-sec ↳cef-extrahop-network-sec	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	2 Rules
Malware	dns-query ↳extrahop-dns-query network-alert ↳extrahop-network-perf security-alert ↳extrahop-network-sec ↳cef-extrahop-network-sec	T1071 - Application Layer Protocol T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583.001 - T1583.001 TA0002 - TA0002	7 Rules 2 Models
Privileged Activity	security-alert ↳extrahop-network-sec ↳cef-extrahop-network-sec	T1068 - Exploitation for Privilege Escalation	1 Rules

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Exploit Public Fasing Application		External Remote Services Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information					Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Application Layer Protocol