| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 68 | 35 | 8 | 4 | 4 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Data Exfiltration | dlp-alert ↳s-brightmail-email dlp-email-alert-in ↳s-brightmail-email ↳syslog-brightmail-email-accept ↳syslog-brightmail-email-accept dlp-email-alert-in-failed ↳syslog-brightmail-email-accept dlp-email-alert-out ↳syslog-brightmail-email-in ↳syslog-brightmail-email-accept |
T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1204 - User Execution |
|
| Data Leak | dlp-alert ↳s-brightmail-email dlp-email-alert-in ↳s-brightmail-email ↳syslog-brightmail-email-accept ↳syslog-brightmail-email-accept dlp-email-alert-in-failed ↳syslog-brightmail-email-accept dlp-email-alert-out ↳syslog-brightmail-email-in ↳syslog-brightmail-email-accept |
T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1204 - User Execution |
|
| Next Page -->> |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts |
User Execution |
Valid Accounts |
Valid Accounts |
Valid Accounts |
Account Discovery |
Remote Services Remote Services: SMB/Windows Admin Shares |
Application Layer Protocol |
Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Automated Exfiltration |