Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
---|---|---|---|---|
81 | 28 | 15 | 2 | 2 |
Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Abnormal Authentication & Access | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols |
|
Compromised Credentials | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Cryptomining | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking |
|
Data Exfiltration | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Data Leak | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage |
|
Lateral Movement | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Malware | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Phishing | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Privilege Abuse | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts |
|
Privileged Activity | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service |
|
Ransomware | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols |
|
Workforce Protection | web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity |
T1071.001 - Application Layer Protocol: Web Protocols |
|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|
Phishing: Spearphishing Link Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing |
User Execution |
Valid Accounts |
Valid Accounts |
Valid Accounts |
Internal Spearphishing |
Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy |
Exfiltration Over C2 Channel Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service |
Resource Hijacking |