Product: WebSafe
Use-Case: Phishing
Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
---|---|---|---|---|
4 | 0 | 5 | 2 | 2 |
Event Type | Rules | Models |
---|---|---|
web-activity-allowed | T1534 - Internal Spearphishing ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1566.002 - Phishing: Spearphishing Link ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-URank-Binary: Executable download from first low ranked web domain ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1598.003 - T1598.003 ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1189 - Drive-by Compromise ↳ WEB-URank-Binary: Executable download from first low ranked web domain T1204.001 - T1204.001 ↳ WEB-URank-Binary: Executable download from first low ranked web domain |
|
web-activity-denied | T1534 - Internal Spearphishing ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1566.002 - Phishing: Spearphishing Link ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-URank-Binary: Executable download from first low ranked web domain ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1598.003 - T1598.003 ↳ A-WEB-Phishing: Asset has accessed a domain suspected to be a phishing domain. ↳ WEB-UD-Phishing: User attempted to access a domain which is associated to Phishing ↳ WEB-Phishing: Web activity to a phishing domain. T1189 - Drive-by Compromise ↳ WEB-URank-Binary: Executable download from first low ranked web domain T1204.001 - T1204.001 ↳ WEB-URank-Binary: Executable download from first low ranked web domain |