Product: AnyConnect
Use-Case: Data Exfiltration
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 4 | 4 | 2 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| vpn-logout | TA0010 - TA0010 ↳ DLP-UPCOUNT: Abnormal number of DLP policy violations for user ↳ DLP-GPCOUNT: Abnormal number of DLP policy violations for peer group ↳ DLP-BSum: Abnormal amount of data written during DLP policy violation T1133 - External Remote Services ↳ VPN-BSum: Abnormal amount of data uploaded during VPN Session |
• DLP-BSum: Sum of bytes written during DLP policy violation • DLP-GPCOUNT: Count of DLP policy violations for peer group • DLP-UPCOUNT: Count of DLP policy violations for user • VPN-BSum: Sum of bytes uploaded during VPN |