Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Pensando |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
APC |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Load Balancer |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Abnormal Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Absolute SIEM Connector |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kiteworks |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Adaxes |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Application Whitelisting |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Web Application Firewall |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Akamai Siem |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Cloud Akamai |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AWS Bastion |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
AWS CloudTrail |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
AWS CloudWatch |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
AWS GuardDuty |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
AWS WAF |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Anywhere365 |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Apache |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Apache Guacamole |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Apache Subversion |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
macOS |
|
T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Arbor |
|
T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Awake Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AssetView |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Atlassian BitBucket |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BOTsink |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Auth0 |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Avaya Ethernet Routing Switch |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Avaya VPN |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Axway SFTP |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Barracuda Firewall |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BeyondInsight |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
BeyondTrust PasswordSafe |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
BeyondTrust PowerBroker |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
BeyondTrust Privilege Management |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 |
|
BeyondTrust Privileged Identity |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
BeyondTrust Secure Remote Access |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Secure Remote Access |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GravityZone |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Bitglass CASB |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BlackBerry Protect |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Box Cloud Content Management |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Bromium Advanced Endpoint Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CA Privileged Access Manager Server Control |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CDS |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cato Cloud |
|
T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Adaptive Threat Intelligence |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Avanan |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Endpoint Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Identity Awareness |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
NGFW |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Security Gateway |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Security Gateway Virtual Edition (vSEC) |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Threat Prevention |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ACI |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
ACS |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
ADC |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Adaptive Security Appliance |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Advance Malware Protection (AMP) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
AnyConnect |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Call Manager |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Catalyst Wireless Controller |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Cisco |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Cloud Web Security |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Duo Access Security |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Firepower |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1046 - Network Service Scanning T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
ISE |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
IronPort Web Security |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Meraki MX appliances |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
NPE |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Netflow |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Proxy Umbrella |
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Secure Endpoint |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Secure Web Appliance |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
TACACS |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Umbrella |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Unified Computing System |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Citrix AppFW |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Citrix Endpoint Management |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Citrix Gateway ActiveSync Connector |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Citrix Netscaler |
|
T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Citrix Netscaler VPN |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Citrix ShareFile |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Citrix XenApp |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Citrix XenDesktop |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Netscaler WAF |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Web Logging |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Clearsense |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Passwordstate |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Application |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloudflare Insights |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Cloudflare WAF |
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Code42 Incydr |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Phishme |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cognitas CrossLink |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Contrast Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Falcon |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CyberArk Vault |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Privileged Session Manager |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Privileged Threat Analytics |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cybereason |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Failsafe |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Darktrace |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Darktrace Enterprise Immune System |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Centrify Authentication Service |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Centrify Infrastructure Services |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Centrify Zero Trust Privilege Services |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Secret Server |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EMC Isilon |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
One Identity Manager |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
RSA Authentication Manager |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
SonicWALL Aventail |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Arts i-FILTER for Business |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Guardian Endpoint Protection |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Dropbox |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
DTEX InTERCEPT |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EMP |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ESET Endpoint Security |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EdgeWave iPrism |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Egnyte |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EnSilo |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Endgame EDR |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IdentityGuard |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Epic SIEM |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Exabeam Advanced Analytics |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Exabeam DL |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Reveal(x) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zebra wireless LAN management |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
F-Secure Client Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
F5 Advanced Web Application Firewall (WAF) |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
F5 BIG-IP |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
F5 BIG-IP Access Policy Manager (APM) |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
F5 BIG-IP Advanced Firewall Module (AFM) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
F5 BIG-IP Application Security Manager (ASM) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
WebSafe |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FTP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Fast Enterprises GenTax |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Fidelis Network |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Fidelis XPS |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FireEye Email Gateway |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
FireEye Email Security (EX) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
FireEye Endpoint Security (CM) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
FireEye Endpoint Security (HX) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
FireEye Network Security (Helix) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
FireEye Network Security (NX) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Forcepoint CASB |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Forcepoint NGFW |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Websense Secure Gateway |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EyeInspect |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Forescout CounterACT |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FortiAuthenticator |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
FortiGate |
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Fortinet Enterprise Firewall |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Fortinet FortiWeb |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Fortinet UTM |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Fortinet VPN |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Gamma |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Gemalto MFA |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GitHub |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GoAnywhere MFT |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Platform |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Workspace |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Aruba ClearPass Access Control and Policy Management |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Aruba Mobility Master |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Aruba Wireless controller |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
HP Comware |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
HP Virtual Connect Enterprise Manager |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
HP iLO |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
HashiCorp Vault |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Terraform |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Powertech Identity Access Manager (BoKs) |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Hornet Email |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Enterprise Network Firewall |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Unified Security Gateway |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IBM |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
IBM DB2 |
|
T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
IBM Endpoint Manager |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
IBM Lotus Notes |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
IBM Mainframe |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
IBM Racf |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
IBM Sametime |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
IBM Security Access Manager |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
IBM Sense |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
IBM Sterling B2B Integrator |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Lotus Mobile Connect |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ICDB |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IMSS |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IPTables |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IXIA ThreatArmor |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Illumio |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Imperva SecureSphere |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Incapsula |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Imprivata |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
InfoWatch |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BloxOne |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Inky Anti-Phishing |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IPswitch MoveIt |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
MoveIt DMZ |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Juniper Networks |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Juniper Networks ATP |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Juniper Networks Pulse Secure |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Juniper OWA |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Juniper SRX |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Juniper VPN |
|
T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kaspersky AV |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Kaspersky Endpoint Security for Business |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kemp LoadMaster |
|
T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Load Balancer |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LEAP |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SharePoint |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LanScope Cat |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LastPass |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Linux CentOs |
|
T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
SSH |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LiquidFiles |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RemotelyAnywhere |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LogRhythm |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Malwarebytes Endpoint Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Malwarebytes Incident Response |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ADSSP |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
PAM360 |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Password Manager Pro |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
MasterSAM PAM |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
McAfee Endpoint Security |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.003 - T1021.003 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
McAfee NSM |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
McAfee Solidifier |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
McAfee Web Gateway |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Mcafee EPO |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Skyhigh Networks CASB |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Medigate |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
365 Defender |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Advanced Threat Analytics (ATA) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Advanced Threat Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
AppLocker |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Azure |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Azure AD Identity Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Azure Active Directory |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Azure Advanced Threat Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Azure MFA |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Azure Security Center |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Azure Sentinel |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Cloud App Security (MCAS) |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Defender ATP |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Defender Antivirus |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
DirectAccess |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Exchange |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
IIS |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Network Policy Server |
|
T1021 - Remote Services T1078 - Valid Accounts |
|
Office 365 |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
OneDrive |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Routing and Remote Access Service |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
SQL Server |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Sysmon |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Web Application Proxy |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Web Application Proxy-TLS Gateway |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Windows |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Windows Defender |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Windows Defender Application Control |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Email Security |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Targeted Threat Protection - URL |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
MobileIron |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Morphisec EPTP |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NCP |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NNT ChangeTracker |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetDocs |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetIQ |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetMotion Wireless |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Security Cloud |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Netwrix Auditor |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nexthink |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nortel Contivity VPN |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
eDirectory |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Guardian |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
OSSEC |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ObserveIT |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Okta Adaptive MFA |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Onapsis |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
OneLogin |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digipass |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
OneSpan |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
OneWelcome |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
OpenDJ LDAP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Access Manager |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Public Cloud |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Solaris |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Osirium |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cortex XDR |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
GlobalProtect |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Magnifier |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
NGFW |
|
T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Palo Alto Aperture |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Prisma Cloud |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Traps |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
WildFire |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Perforce |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Ping Identity |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
PingOne |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Portnox CLEAR |
|
T1021 - Remote Services T1078 - Valid Accounts |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
PowerSentry |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Pro.File DMS |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Progress Database |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ObserveIT |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Proofpoint CASB |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Proofpoint Enterprise Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ProxySG |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Reveal |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Qualys |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Change Auditor |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RSA |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
RSA Authentication Manager |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
RSA ECAT |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
RSA NetWitness |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
SecurID |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RUID |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Radius |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RangerAudit |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
InsightVM |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Nexpose |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Red Canary |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Rubrik CDM |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Ruckus |
|
T1021 - Remote Services T1078 - Valid Accounts |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SAP |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SFTP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SIGSCI |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SSL Open VPN |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IdentityNow |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
SailPoint IIQ |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Salesforce |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NGAF |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Secure Computing SafeWord |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Secure Envoy |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureAuth Login |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureLink |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureNet |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
iSensor IPS |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
DSP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Singularity |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Vigilance |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ServiceNow |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Shibboleth IdP |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Shibboleth SSO |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Silverfort |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SiteMinder |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ClientView |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Slack |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Snort |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sonicwall |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sophos Endpoint Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Sophos Firewall |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Sophos Invincea |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Sophos SafeGuard |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Sophos UTM |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Sophos XG Firewall |
|
T1021 - Remote Services T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Squid |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
StealthIntercept |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LDAP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Swift |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Swivel |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ICDx |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Advanced Threat Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Blue Coat Content Analysis System |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Blue Coat ProxySG Appliance |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Symantec CloudSOC |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Symantec Critical System Protection |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets |
|
Symantec DLP |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec EDR |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Symantec Email Security.cloud |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Endpoint Protection |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Symantec Endpoint Protection Mobile |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Fireglass |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Symantec Managed Security Services |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Symantec Secure Web Gateway |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Symantec VIP |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Symantec WSS |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Synology NAS |
|
T1021.002 - Remote Services: SMB/Windows Admin Shares |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Platform |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Endpoint Platform |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 |
|
Integrity Monitor |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Tenable.io |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ThreatBlockr |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
TitanFTP |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Apex One |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Cloud App Security |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Deep Discovery Inspector |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Deep Security Agent |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
InterScan Web Security |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
OfficeScan |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
ScanMail |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
TippingPoint NGIPS |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Trend Micro |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Vision One |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureTrack |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
CCURE Building Management System |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Auditbeat |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
Unix |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Unix Auditd |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
VBCorp |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
OpenVMS |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AirWatch |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Carbon Black App Control |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 |
|
Carbon Black Cloud Endpoint Standard |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Carbon Black Cloud Enterprise EDR |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011 |
|
Carbon Black EDR |
|
T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011 |
|
NSX Advanced Threat Prevention |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
NSX FW |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
VMWare ID Manager (VIDM) |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
VMware ESXi |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
VMware Horizon |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
VMware NSX |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
VMware VCenter |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
VMware View |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cognito Stream |
|
T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Vectra Cognito Detect |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Watchguard |
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Weblogin |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Wiz |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Workday |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Xceedium |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
XAMS |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zeek Network Security Monitor |
|
T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zendesk |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
MOBILE ENDPOINT SECURITY |
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zlock |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zscaler Internet Access |
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Zscaler Private Access |
|
T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
eDocs |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Secure Web Gateway |
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
iManage |
|
T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
oVirt |
|
T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
pfSense |
|
T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
xsuite |
|
T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting |
|