Vendor: Imperva

Product: Incapsula

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
81	28	15	2	2

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Compromised Credentials	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	42 Rules 23 Models
Cryptomining	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	2 Rules
Data Exfiltration	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	8 Rules 2 Models
Data Leak	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Lateral Movement	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application	10 Rules
Malware	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	26 Rules 7 Models
Phishing	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003	4 Rules
Privilege Abuse	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts	1 Rules
Privileged Activity	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service	2 Rules
Ransomware	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity web-activity-denied ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	1 Rules
Workforce Protection	web-activity-allowed ↳cef-incapsula-web-activity-2 ↳cef-incapsula-web-activity ↳leef-incapsula-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	Valid Accounts	Valid Accounts	Valid Accounts			Internal Spearphishing		Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over C2 Channel Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_imperva_incapsula.md

ds_imperva_incapsula.md

Vendor: Imperva

Product: Incapsula

MITRE ATT&CK® Framework for Enterprise

Files

ds_imperva_incapsula.md

Latest commit

History

ds_imperva_incapsula.md

File metadata and controls

Vendor: Imperva

Product: Incapsula

MITRE ATT&CK® Framework for Enterprise