Vendor: Citrix

Product: Citrix XenApp

Rules	Models	MITRE TTPs	Event Types	Parsers
45	17	5	3	3

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal Authentication & Access	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts T1133 - External Remote Services	27 Rules 12 Models
Compromised Credentials	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 6 Models
Data Access	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts	5 Rules 4 Models
Evasion	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Malware	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts	1 Rules
Privilege Abuse	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts	2 Rules
Privileged Activity	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts	1 Rules
Ransomware	app-login ↳citrix-remote-logon-1 ↳citrix-remote-logon failed-app-login ↳citrix-app-login-3 failed-vpn-login ↳cef-citrix-xenapp-app-login ↳citrix-xenapp-login ↳s-xenapp-ica-login ↳citrix-app-login-4	T1078 - Valid Accounts	2 Rules

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts		External Remote Services Valid Accounts	Valid Accounts	Valid Accounts					Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Automated Exfiltration

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_citrix_citrix_xenapp.md

ds_citrix_citrix_xenapp.md

Vendor: Citrix

Product: Citrix XenApp

ATT&CK Matrix for Enterprise

Files

ds_citrix_citrix_xenapp.md

Latest commit

History

ds_citrix_citrix_xenapp.md

File metadata and controls

Vendor: Citrix

Product: Citrix XenApp

ATT&CK Matrix for Enterprise