Vendor: NextDLP Product: Reveal Rules Models MITRE ATT&CK® TTPs Activity Types Parsers 293 125 43 11 11 Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content Abnormal Authentication & Access authentication-failed ↳nextdlp-r-json-endpoint-authentication-fail-unauthorizedaccount member-added ↳nextdlp-r-json-group-member-add-success-useradded nac-logon ↳qush-r-json-radius-traffic-success-wifi print-activity ↳qush-r-json-printer-activity-success-riskybehavior remote-logon ↳qush-r-json-endpoint-login-success-insiderrisk ↳nextdlp-r-json-ssh-traffic-success-sshconnection web-activity-allowed ↳qush-r-json-http-session-success-riskybehavior ↳qush-r-json-http-session-success-flightrisk ↳nextdlp-r-json-http-session-success-websitevisited T1021 - Remote ServicesT1071.001 - Application Layer Protocol: Web ProtocolsT1078 - Valid AccountsT1078.002 - T1078.002T1078.003 - Valid Accounts: Local AccountsT1133 - External Remote Services 44 Rules23 Models Account Manipulation member-added ↳nextdlp-r-json-group-member-add-success-useradded T1098 - Account ManipulationT1136 - Create Account 24 Rules12 Models Cryptomining web-activity-allowed ↳qush-r-json-http-session-success-riskybehavior ↳qush-r-json-http-session-success-flightrisk ↳nextdlp-r-json-http-session-success-websitevisited T1071.001 - Application Layer Protocol: Web ProtocolsT1496 - Resource Hijacking 1 Rules Data Access file-write ↳qush-r-json-file-write-success-datacompression ↳qush-r-json-file-write-success-filecopy T1083 - File and Directory Discovery 24 Rules13 Models Phishing web-activity-allowed ↳qush-r-json-http-session-success-riskybehavior ↳qush-r-json-http-session-success-flightrisk ↳nextdlp-r-json-http-session-success-websitevisited T1189 - Drive-by CompromiseT1204.001 - T1204.001T1534 - Internal SpearphishingT1566.002 - Phishing: Spearphishing LinkT1598.003 - T1598.003 3 Rules Privilege Escalation remote-logon ↳qush-r-json-endpoint-login-success-insiderrisk ↳nextdlp-r-json-ssh-traffic-success-sshconnection T1078 - Valid AccountsT1555.005 - T1555.005 2 Rules1 Models Workforce Protection web-activity-allowed ↳qush-r-json-http-session-success-riskybehavior ↳qush-r-json-http-session-success-flightrisk ↳nextdlp-r-json-http-session-success-websitevisited T1071.001 - Application Layer Protocol: Web Protocols 4 Rules2 Models Next Page -->> MITRE ATT&CK® Framework for Enterprise Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Phishing: Spearphishing LinkExternal Remote ServicesValid AccountsDrive-by CompromiseExploit Public Fasing ApplicationReplication Through Removable MediaPhishing User Execution Create AccountExternal Remote ServicesValid AccountsServer Software Component: Web ShellAccount ManipulationServer Software ComponentBoot or Logon Autostart Execution Valid AccountsExploitation for Privilege EscalationBoot or Logon Autostart Execution Obfuscated Files or Information: Indicator Removal from ToolsValid AccountsUse Alternate Authentication MaterialUse Alternate Authentication Material: Pass the HashUse Alternate Authentication Material: Pass the TicketObfuscated Files or InformationValid Accounts: Local Accounts OS Credential DumpingSteal or Forge Kerberos TicketsCredentials from Password StoresSteal or Forge Kerberos Tickets: Kerberoasting File and Directory DiscoveryRemote System Discovery Remote ServicesUse Alternate Authentication MaterialReplication Through Removable MediaInternal Spearphishing Email Collection Web ServiceApplication Layer Protocol: Web ProtocolsDynamic ResolutionDynamic Resolution: Domain Generation AlgorithmsProxy: Multi-hop ProxyApplication Layer ProtocolProxy Exfiltration Over Physical Medium: Exfiltration over USBExfiltration Over C2 ChannelExfiltration Over Physical MediumAutomated ExfiltrationExfiltration Over Web Service: Exfiltration to Cloud StorageExfiltration Over Web Service Resource HijackingData Encrypted for Impact