Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Abnormal Security |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Kiteworks |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Web Application Firewall |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Akamai |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
AWS WAF |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Apache |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Barracuda Email Security Gateway |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Barracuda Firewall |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
BeyondTrust PowerBroker |
|
T1566.001 - T1566.001 |
|
BeyondTrust Privilege Management |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GravityZone |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Bitglass CASB |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cato Cloud |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Avanan |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Identity Awareness |
|
T1566 - Phishing |
|
NGFW |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Security Gateway |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ADC |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Adaptive Security Appliance |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
AnyConnect |
|
T1566 - Phishing |
|
Cisco Secure Email |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Cloud Web Security |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Firepower |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
ISE |
|
T1566 - Phishing |
|
IronPort Email |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
IronPort Web Security |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Meraki MX appliances |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
NPE |
|
T1566.001 - T1566.001 |
|
Proxy Umbrella |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Secure Email |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Secure Web Appliance |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
TACACS |
|
T1566.001 - T1566.001 |
|
Umbrella |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Citrix Netscaler |
|
T1566 - Phishing T1566.001 - T1566.001 |
|
Citrix Netscaler VPN |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Web Logging |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Clearswift SEG |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloudflare WAF |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Code42 Incydr |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Falcon |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Centrify Infrastructure Services |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SonicWALL Aventail |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Arts i-FILTER for Business |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Digital Guardian Endpoint Protection |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1566.001 - T1566.001 |
|
Digital Guardian Network DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Dropbox |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
DTEX InTERCEPT |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ESET Endpoint Security |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
EdgeWave iPrism |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
F5 Advanced Web Application Firewall (WAF) |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1566.001 - T1566.001 |
|
F5 BIG-IP |
|
T1566 - Phishing |
|
F5 BIG-IP Access Policy Manager (APM) |
|
T1566 - Phishing |
|
F5 BIG-IP Application Security Manager (ASM) |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
WebSafe |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Fidelis XPS |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FireEye Network Security (NX) |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Forcepoint DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Forcepoint Email Security |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Websense Secure Gateway |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
FortiGate |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Fortinet FortiWeb |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Fortinet UTM |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Fortinet VPN |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cloud Platform |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Workspace |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
HP Comware |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Terraform |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Powertech Identity Access Manager (BoKs) |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Hornet Email |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Unified Security Gateway |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IBM Security Access Manager |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
IMSVA |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Incapsula |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
InfoWatch |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Juniper Networks |
|
T1566.001 - T1566.001 |
|
Juniper Networks Pulse Secure |
|
T1566 - Phishing |
|
Juniper SRX |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Juniper VPN |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LanScope Cat |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
LogRhythm |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Malwarebytes Endpoint Protection |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
McAfee DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
McAfee Email Protection |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
McAfee Web Gateway |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
365 Defender |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Azure |
|
T1566.001 - T1566.001 |
|
Defender ATP |
|
T1566.001 - T1566.001 |
|
Exchange |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
IIS |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Office 365 |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1566.001 - T1566.001 |
|
Routing and Remote Access Service |
|
T1566 - Phishing |
|
Sysmon |
|
T1566.001 - T1566.001 |
|
Web Application Proxy |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Web Application Proxy-TLS Gateway |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Windows |
|
T1566 - Phishing T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Email Security |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Targeted Threat Protection - URL |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NCP |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NetMotion Wireless |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Security Cloud |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Nortel Contivity VPN |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ObserveIT |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Solaris |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
GlobalProtect |
|
T1566 - Phishing |
|
NGFW |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Postfix |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Proofpoint DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Proofpoint Enterprise Protection |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Proofpoint TAP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Proofpoint TAP/POD |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Reveal |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
RSA DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
SecurID |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SIGSCI |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SSL Open VPN |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SafeSend |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Salesforce |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
NGAF |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
SecureNet |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Singularity |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
ClientView |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.001 - T1566.001 T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sonicwall |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Sophos UTM |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Sophos XG Firewall |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Squid |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Symantec Blue Coat ProxySG Appliance |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Symantec Brightmail |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Symantec DLP |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Symantec EDR |
|
T1566.001 - T1566.001 |
|
Symantec Email Security.cloud |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Symantec Fireglass |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Symantec Secure Web Gateway |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Symantec WSS |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Endpoint Platform |
|
T1566.001 - T1566.001 |
|
Integrity Monitor |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Apex One |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
InterScan Web Security |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
OfficeScan |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Auditbeat |
|
T1566.001 - T1566.001 |
|
Unix |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1566.001 - T1566.001 |
|
Unix Auditd |
|
T1566.001 - T1566.001 |
|
Unix Sendmail |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Carbon Black App Control |
|
T1566.001 - T1566.001 |
|
Carbon Black Cloud Endpoint Standard |
|
T1566.001 - T1566.001 |
|
Carbon Black Cloud Enterprise EDR |
|
T1566.001 - T1566.001 |
|
Carbon Black EDR |
|
T1566.001 - T1566.001 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Cognito Stream |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Watchguard |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Weblogin |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zeek Network Security Monitor |
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Zscaler Internet Access |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
Zscaler Private Access |
|
T1566 - Phishing |
|
Product | Event Types | MITRE ATT&CK® TTP | Content |
---|---|---|---|
Secure Web Gateway |
|
T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|