Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
---|---|---|---|---|
202 | 89 | 29 | 6 | 6 |
Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Abnormal Authentication & Access | authentication-failed ↳f5-vpn-auth-failed failed-logon ↳f5-ssh-failed-logon failed-vpn-login ↳f5-vpn-login-failed remote-logon ↳f5-ssh-login-successful vpn-login ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info ↳f5-vpn-assign-ip ↳f5-vpn-session-start ↳cef-f5-vpn-start-1 ↳f5-vpn-session-start vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services |
|
Account Manipulation | vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1484 - Group Policy Modification |
|
Brute Force Attack | failed-logon ↳f5-ssh-failed-logon vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1021.001 - Remote Services: Remote Desktop Protocol T1110 - Brute Force T1110.003 - T1110.003 |
|
Data Access | vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1110 - Brute Force |
|
Data Exfiltration | vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1133 - External Remote Services TA0010 - TA0010 |
|
Data Leak | vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010 |
|
Phishing | vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1566 - Phishing |
|
Physical Security | vpn-login ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info ↳f5-vpn-assign-ip ↳f5-vpn-session-start ↳cef-f5-vpn-start-1 ↳f5-vpn-session-start |
T1133 - External Remote Services |
|
Privilege Escalation | failed-logon ↳f5-ssh-failed-logon remote-logon ↳f5-ssh-login-successful vpn-logout ↳f5-vpn-user ↳f5-vpn-policy ↳f5-vpn-additional-info |
T1078 - Valid Accounts T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1210 - Exploitation of Remote Services T1555.005 - T1555.005 |
|
Privileged Activity | failed-logon ↳f5-ssh-failed-logon remote-logon ↳f5-ssh-login-successful |
T1021 - Remote Services T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts T1078.002 - T1078.002 |
|
Next Page -->> |