Skip to content

Latest commit

 

History

History
29 lines (27 loc) · 13.3 KB

ds_google_gcp_squid_proxy.md

File metadata and controls

29 lines (27 loc) · 13.3 KB

Vendor: Google

Product: GCP Squid Proxy

Rules Models MITRE TTPs Event Types Parsers
98 36 16 2 2
Use-Case Event Types/Parsers MITRE TTP Content
Abnormal Authentication & Access security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Compromised Credentials security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1133 - External Remote Services
T1189 - Drive-by Compromise
T1204.001 - T1204.001
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 53 Rules
  • 24 Models
Cryptomining security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 3 Rules
Data Exfiltration security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1030 - Data Transfer Size Limits
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
  • 6 Rules
  • 2 Models
Data Leak security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1030 - Data Transfer Size Limits
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 3 Models
Evasion security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
  • 6 Rules
  • 1 Models
Lateral Movement security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malware security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 32 Rules
  • 12 Models
Phishing security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071.001 - Application Layer Protocol: Web Protocols
T1566.002 - Phishing: Spearphishing Link
  • 3 Rules
Privilege Escalation security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1021.002 - Remote Services: SMB/Windows Admin Shares
T1087 - Account Discovery
  • 1 Rules
  • 1 Models
Privileged Activity security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1102 - Web Service
  • 3 Rules
Ransomware security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 2 Rules
Workforce Protection security-alert
googlecloud-web-activity

web-activity-allowed
googlecloud-web-activity
 T1071.001 - Application Layer Protocol: Web Protocols
  • 5 Rules
  • 2 Models

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Phishing

 User Execution

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Account Discovery

 Remote Services

Remote Services: SMB/Windows Admin Shares

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Data Transfer Size Limits

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking