Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kiteworks |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Web Application Firewall |
|
T1133 - External Remote Services TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Akamai |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AWS CloudWatch |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols |
|
AWS WAF |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Apache |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AssetView |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Barracuda Firewall |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BeyondTrust PowerBroker |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
BeyondTrust Privilege Management |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GravityZone |
|
T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Bitglass CASB |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BlackBerry Protect |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Box Cloud Content Management |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Bromium Secure Platform |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Carbon Black EDR |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cato Cloud |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Avanan |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Identity Awareness |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
NGFW |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Security Gateway |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cimtrak |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ADC |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Adaptive Security Appliance |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1133 - External Remote Services T1552.001 - T1552.001 T1560 - Archive Collected Data T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0010 - TA0010 |
|
AnyConnect |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Cloud Web Security |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
CloudLock |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Firepower |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1133 - External Remote Services T1552.001 - T1552.001 T1560 - Archive Collected Data T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0010 - TA0010 |
|
ISE |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
IronPort Web Security |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Meraki MX appliances |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
NPE |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Netflow |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols |
|
Proxy Umbrella |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Secure Web Appliance |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
TACACS |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Umbrella |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Citrix Netscaler |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1133 - External Remote Services T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0010 - TA0010 |
|
Citrix Netscaler VPN |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Web Logging |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloudflare WAF |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Code42 Incydr |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Falcon |
|
T1003 - OS Credential Dumping T1020 - Automated Exfiltration T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CyberArk Vault |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Centrify Audit and Monitoring Service |
|
TA0002 - TA0002 |
|
Centrify Infrastructure Services |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EMC Isilon |
|
TA0002 - TA0002 |
|
SonicWALL Aventail |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Arts i-FILTER for Business |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Guardian Endpoint Protection |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Digital Guardian Network DLP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Dropbox |
|
T1133 - External Remote Services TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
DTEX InTERCEPT |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ESET Endpoint Security |
|
T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ESector DEFESA |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EdgeWave iPrism |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Egnyte |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EndPoint |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
F5 Advanced Web Application Firewall (WAF) |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
F5 BIG-IP |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
F5 BIG-IP Access Policy Manager (APM) |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
F5 BIG-IP Application Security Manager (ASM) |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
WebSafe |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FTP |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FileAuditor |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FireEye Endpoint Security (HX) |
|
TA0002 - TA0002 |
|
FireEye Network Security (NX) |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Forcepoint DLP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Forcepoint Insider Threat |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Websense Secure Gateway |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FortiGate |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Fortinet Enterprise Firewall |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols |
|
Fortinet FortiWeb |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Fortinet UTM |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Fortinet VPN |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GTBInspector |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Platform |
|
T1041 - Exfiltration Over C2 Channel T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Workspace |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
HP Comware |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Terraform |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Powertech Identity Access Manager (BoKs) |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Unified Security Gateway |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IBM Security Access Manager |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Infosphere Guardium |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IMSS |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CounterBreach |
|
TA0002 - TA0002 |
|
Imperva File Activity Monitoring (FAM) |
|
TA0002 - TA0002 |
|
Imperva SecureSphere |
|
TA0002 - TA0002 |
|
Incapsula |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
InfoWatch |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BloxOne |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IPswitch MoveIt |
|
TA0002 - TA0002 |
|
MoveIt DMZ |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Juniper Networks |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Juniper Networks Pulse Secure |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Juniper SRX |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Juniper VPN |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kaspersky AV |
|
TA0002 - TA0002 |
|
Kaspersky Endpoint Security for Business |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SharePoint |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LanScope Cat |
|
T1003 - OS Credential Dumping T1020 - Automated Exfiltration T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LogRhythm |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Malwarebytes Endpoint Protection |
|
T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
MDAM |
|
TA0002 - TA0002 |
|
McAfee Advanced Threat Defense |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
McAfee DLP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
McAfee Endpoint Security |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
McAfee Web Gateway |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Skyhigh Networks CASB |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Azure |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Azure Security Center |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Cloud App Security (MCAS) |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Defender ATP |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Exchange |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
IIS |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Office 365 |
|
T1003 - OS Credential Dumping T1020 - Automated Exfiltration T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 TA0010 - TA0010 |
|
Routing and Remote Access Service |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Sysmon |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Web Application Proxy |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Web Application Proxy-TLS Gateway |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Windows |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1133 - External Remote Services T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 TA0010 - TA0010 |
|
Windows Defender |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Targeted Threat Protection - URL |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Mvision |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NCP |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nasuni |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetApp |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetDocs |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetMotion Wireless |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Security Cloud |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Netwrix Auditor |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nortel Contivity VPN |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nutanix Files |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ObserveIT |
|
T1003 - OS Credential Dumping T1020 - Automated Exfiltration T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Public Cloud |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols |
|
Solaris |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GlobalProtect |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
NGFW |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0010 - TA0010 |
|
Palo Alto Aperture |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
WildFire |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ObserveIT |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Proofpoint CASB |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Proofpoint Enterprise Protection |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Proofpoint TAP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Reveal |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Change Auditor |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RSA |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols |
|
RSA DLP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
SecurID |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RangerAudit |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SAP |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SFTP |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SIGSCI |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SSL Open VPN |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Data Protection Suite (DPS) |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FAM |
|
TA0002 - TA0002 |
|
SecurityIQ |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NGAF |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Seclore |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureNet |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Singularity |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ClientView |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sonicwall |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sophos Endpoint Protection |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Sophos UTM |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Sophos XG Firewall |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Squid |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
StealthIntercept |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Symantec Blue Coat ProxySG Appliance |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Symantec CloudSOC |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Symantec DLP |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Symantec EDR |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Symantec Fireglass |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Symantec Secure Web Gateway |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Symantec WSS |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Endpoint Platform |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Integrity Monitor |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
InterScan Web Security |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
OfficeScan |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Tripwire Enterprise |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Auditbeat |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Unix |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Unix Auditd |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Carbon Black App Control |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Carbon Black Cloud Endpoint Standard |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Carbon Black Cloud Enterprise EDR |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Carbon Black EDR |
|
T1003 - OS Credential Dumping T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1059 - Command and Scripting Interperter T1071.001 - Application Layer Protocol: Web Protocols T1071.002 - Application Layer Protocol: File Transfer Protocols T1071.004 - Application Layer Protocol: DNS T1552.001 - T1552.001 T1560 - Archive Collected Data T1572 - Protocol Tunneling TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Data Security Platform |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0002 - TA0002 TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cognito Stream |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Virtru |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Vormetric |
|
TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Watchguard |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Weblogin |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zeek Network Security Monitor |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zscaler Internet Access |
|
T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
Zscaler Private Access |
|
T1133 - External Remote Services TA0010 - TA0010 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Secure Web Gateway |
|
T1041 - Exfiltration Over C2 Channel T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
iManage |
|
T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010 |
|