Skip to content

Latest commit

 

History

History
25 lines (23 loc) · 9.45 KB

ds_blackberry_blackberry_protect.md

File metadata and controls

25 lines (23 loc) · 9.45 KB

Vendor: BlackBerry

Product: BlackBerry Protect

Rules Models MITRE ATT&CK® TTPs Event Types Parsers
158 66 14 6 6
Use-Case Event Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access app-activity
s-cylance-app-activity

app-login
s-cylance-app-activity
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulation app-activity
s-cylance-app-activity
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Data Access app-activity
s-cylance-app-activity

app-login
s-cylance-app-activity
 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Exfiltration dlp-alert
cylance-dlp-alert

file-alert
cylance-protect-file-alert
 T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 19 Models
Data Leak app-activity
s-cylance-app-activity

dlp-alert
cylance-dlp-alert
 T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 18 Models
Privilege Abuse app-activity
s-cylance-app-activity

app-login
s-cylance-app-activity

file-alert
cylance-protect-file-alert
 T1078 - Valid Accounts
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Privilege Escalation app-activity
s-cylance-app-activity
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Ransomware app-activity
s-cylance-app-activity

app-login
s-cylance-app-activity
 T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 Scheduled Task/Job

 External Remote Services

Valid Accounts

Account Manipulation

Scheduled Task/Job

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

Scheduled Task/Job

 Impair Defenses

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Impair Defenses: Disable or Modify System Firewall

Obfuscated Files or Information

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Automated Exfiltration