Skip to content

Latest commit

 

History

History
27 lines (25 loc) · 7.7 KB

ds_cloudflare_cloudflare_cdn.md

File metadata and controls

27 lines (25 loc) · 7.7 KB

Vendor: Cloudflare

Product: Cloudflare CDN

Rules Models MITRE TTPs Event Types Parsers
60 26 8 1 1
Use-Case Event Types/Parsers MITRE TTP Content
Abnormal Authentication & Access app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models
Account Manipulation app-activity
cloudflare-network-alert-2
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Compromised Credentials app-activity
cloudflare-network-alert-2
 T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1133 - External Remote Services
  • 20 Rules
  • 11 Models
Data Access app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
  • 14 Rules
  • 9 Models
Data Leak app-activity
cloudflare-network-alert-2
 T1048 - Exfiltration Over Alternative Protocol
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Evasion app-activity
cloudflare-network-alert-2
 T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Malware app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
  • 1 Rules
Privilege Abuse app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 6 Rules
  • 2 Models
Privilege Escalation app-activity
cloudflare-network-alert-2
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Privileged Activity app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 2 Rules
Ransomware app-activity
cloudflare-network-alert-2
 T1078 - Valid Accounts
  • 1 Rules

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

 Valid Accounts

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Automated Exfiltration