Skip to content

Latest commit

 

History

History
13 lines (11 loc) · 2.78 KB

r_m_imperva_incapsula_Data_Exfiltration.md

File metadata and controls

13 lines (11 loc) · 2.78 KB
Raw

Vendor: Imperva

Product: Incapsula

Use-Case: Data Exfiltration

Rules Models MITRE ATT&CK® TTPs Event Types Parsers
8 2 6 2 2
Event Type Rules Models
web-activity-allowed T1071.001 - Application Layer Protocol: Web Protocols
A-WEB-DynamicDNS: Asset attempted access to a domain generated using Dynamic DNS service
WEB-New-File-20: User with no web activity history has uploaded 20MB or more

T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
WEB-FS: User has accessed a file sharing domain
WEB-OU-FS: One of the top file sharing users in the organization
WEB-OG-FS: One of the top file sharing users in the peer group

T1568.002 - Dynamic Resolution: Domain Generation Algorithms
WEB-UD-DynamicDNS: User attempted access to a domain generated using Dynamic DNS service

T1041 - Exfiltration Over C2 Channel
A-WEB-EXFIL-ASSET: Large amount of data exfiltrated from host

T1567 - Exfiltration Over Web Service
A-WEB-EXFIL-ASSET: Large amount of data exfiltrated from host

T1568 - Dynamic Resolution
A-WEB-DynamicDNS: Asset attempted access to a domain generated using Dynamic DNS service		 WEB-OG-FS: File sharing activities of users in the peer group
WEB-OU-FS: File sharing activities of users in the organization
web-activity-denied T1071.001 - Application Layer Protocol: Web Protocols
A-WEB-DynamicDNS: Asset attempted access to a domain generated using Dynamic DNS service
WEB-New-File-20-Block: User with no web activity history was blocked from uploading 20MB or more

T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
WEB-FS: User has accessed a file sharing domain
WEB-OU-FS: One of the top file sharing users in the organization
WEB-OG-FS: One of the top file sharing users in the peer group

T1568.002 - Dynamic Resolution: Domain Generation Algorithms
WEB-UD-DynamicDNS: User attempted access to a domain generated using Dynamic DNS service

T1568 - Dynamic Resolution
A-WEB-DynamicDNS: Asset attempted access to a domain generated using Dynamic DNS service		 WEB-OG-FS: File sharing activities of users in the peer group
WEB-OU-FS: File sharing activities of users in the organization