Vendor: Splunk

Product: Splunk Stream

Rules	Models	MITRE TTPs	Event Types	Parsers
34	19	8	2	2

Use-Case	Event Types/Parsers	MITRE TTP	Content
Data Exfiltration	dlp-alert ↳s-stream-dhcp dns-response ↳s-splunkstream-dns-response ↳s-splunkstream-dns-query	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1204 - User Execution	29 Rules 17 Models
Data Leak	dlp-alert ↳s-stream-dhcp dns-response ↳s-splunkstream-dns-response ↳s-splunkstream-dns-query	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1204 - User Execution	29 Rules 17 Models
Malware	dlp-alert ↳s-stream-dhcp dns-response ↳s-splunkstream-dns-response ↳s-splunkstream-dns-query	T1071.004 - Application Layer Protocol: DNS T1204 - User Execution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	4 Rules 2 Models
Privilege Escalation	dlp-alert ↳s-stream-dhcp dns-response ↳s-splunkstream-dns-response ↳s-splunkstream-dns-query	T1021.002 - Remote Services: SMB/Windows Admin Shares T1087 - Account Discovery	1 Rules 1 Models

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
	User Execution					Account Discovery	Remote Services Remote Services: SMB/Windows Admin Shares		Application Layer Protocol: DNS Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Application Layer Protocol	Exfiltration Over Alternative Protocol Automated Exfiltration