Use Case: Brute Force Attack

Vendor: ASUPIM

Product	Event Types	MITRE TTP	Content
ASUPIM	failed-logon	T1110 - Brute Force	4 Rules

Vendor: AVI Networks

Product	Event Types	MITRE TTP	Content
Load Balancer	account-switch	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: AirWatch

Product	Event Types	MITRE TTP	Content
AirWatch	authentication-failed authentication-successful failed-logon	T1110 - Brute Force	4 Rules

Vendor: Amazon

Product	Event Types	MITRE TTP	Content
AWS Bastion	app-activity remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: AppSense Application Manager

Product	Event Types	MITRE TTP	Content
AppSense Application Manager	local-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Armis

Product	Event Types	MITRE TTP	Content
Armis	failed-logon	T1110 - Brute Force	4 Rules

Vendor: Attivo

Product	Event Types	MITRE TTP	Content
BOTsink	database-login remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Auth0

Product	Event Types	MITRE TTP	Content
Auth0	account-password-change-failed app-login failed-logon network-connection-successful	T1110 - Brute Force	4 Rules

Vendor: Barracuda

Product	Event Types	MITRE TTP	Content
Barracuda Firewall	account-lockout database-query failed-vpn-login network-connection-failed network-connection-successful vpn-login	T1078 - Valid Accounts	1 Rules

Vendor: BeyondTrust

Product	Event Types	MITRE TTP	Content
BeyondTrust PowerBroker	account-enabled dlp-email-alert-out-failed remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
BeyondTrust Privileged Identity	account-switch app-activity app-login authentication-successful dlp-alert failed-app-login failed-physical-access	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: BlackBerry

Product	Event Types	MITRE TTP	Content
BlackBerry Protect	app-activity file-delete security-alert vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: BlueCat Networks

Product	Event Types	MITRE TTP	Content
BlueCat Networks DHCP	failed-logon	T1110 - Brute Force	4 Rules

Vendor: CA Technologies

Product	Event Types	MITRE TTP	Content
CA Privileged Access Manager Server Control	app-login authentication-failed authentication-successful failed-app-login remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: CDS

Product	Event Types	MITRE TTP	Content
CDS	failed-ds-access failed-logon	T1110 - Brute Force	4 Rules

Vendor: CatoNetworks

Product	Event Types	MITRE TTP	Content
Cato Cloud	failed-logon network-alert vpn-login web-activity-allowed web-activity-denied workstation-unlocked	T1110 - Brute Force	4 Rules

Vendor: Centrify

Product	Event Types	MITRE TTP	Content
Centrify Authentication Service	account-switch authentication-failed local-logon process-created remote-logon	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	7 Rules 6 Models
Centrify Infrastructure Services	authentication-failed failed-logon	T1110 - Brute Force	4 Rules

Vendor: Check Point Software

Product	Event Types	MITRE TTP	Content
Check Point NGFW	authentication-successful database-update dlp-email-alert-in failed-vpn-login file-permission-change network-alert network-connection-failed network-connection-successful security-alert vpn-connection vpn-login vpn-logout web-activity-allowed web-activity-denied	T1003 - OS Credential Dumping	4 Rules 4 Models
Check Point Security Gateway	failed-vpn-login network-connection-failed vpn-login vpn-logout web-activity-allowed web-activity-denied	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Cisco

Product	Event Types	MITRE TTP	Content
Cisco ACS	account-lockout app-activity authentication-failed	T1078 - Valid Accounts	1 Rules
Cisco Adaptive Security Appliance	authentication-successful dlp-email-alert-out file-download print-activity process-created remote-logon security-alert vpn-login vpn-logout web-activity-allowed	T1003 - OS Credential Dumping T1078 - Valid Accounts	5 Rules 5 Models
Cisco ISE	account-lockout app-activity authentication-failed computer-logon nac-failed-logon nac-logon network-alert print-activity remote-logon security-alert vpn-login vpn-logout	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 5 Models
Cisco Meraki MX appliances	network-alert network-connection-failed network-connection-successful vpn-login vpn-logout web-activity-denied	T1003 - OS Credential Dumping	4 Rules 4 Models
Cisco Secure Network Analytics	vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
Cisco TACACS	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
Duo Access Security	app-login authentication-failed authentication-successful failed-logon file-delete vpn-login vpn-logout	T1003 - OS Credential Dumping T1110 - Brute Force	8 Rules 4 Models

Vendor: Citrix

Product	Event Types	MITRE TTP	Content
Citrix Endpoint Management	privileged-access remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
Citrix Netscaler	app-login authentication-successful database-access remote-logon vpn-login vpn-logout web-activity-allowed	T1003 - OS Credential Dumping T1078 - Valid Accounts	5 Rules 5 Models

Vendor: Cognitas CrossLink

Product	Event Types	MITRE TTP	Content
Cognitas CrossLink	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: CrowdStrike

Product	Event Types	MITRE TTP	Content
Falcon	app-activity app-activity-failed app-login authentication-failed batch-logon computer-logon dlp-alert dlp-email-alert-out-failed failed-app-login file-alert file-delete file-download file-read file-write local-logon network-connection-failed network-connection-successful process-alert process-created process-network remote-access remote-logon security-alert service-logon usb-activity usb-insert	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: CyberArk

Product	Event Types	MITRE TTP	Content
CyberArk Vault	account-password-change account-password-change-failed account-password-reset account-switch app-activity app-activity-failed app-login computer-logon failed-app-login failed-logon file-delete file-read file-write process-created remote-logon	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation T1110 - Brute Force	11 Rules 6 Models
Privileged Threat Analytics	failed-logon	T1110 - Brute Force	4 Rules

Vendor: Dell

Product	Event Types	MITRE TTP	Content
One Identity Manager	account-password-change account-switch security-alert	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: Digital Guardian

Product	Event Types	MITRE TTP	Content
Digital Guardian Endpoint Protection	app-login dlp-email-alert-out failed-app-login file-delete file-download file-read file-upload file-write local-logon network-connection-failed network-connection-successful print-activity usb-insert vpn-connection	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Dtex Systems

Product	Event Types	MITRE TTP	Content
DTEX InTERCEPT	file-delete file-read file-write local-logon print-activity process-created remote-logon usb-write workstation-locked	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: ESET

Product	Event Types	MITRE TTP	Content
ESET Endpoint Security	app-login authentication-successful failed-ds-access failed-logon network-alert security-alert web-activity-denied	T1110 - Brute Force	4 Rules

Vendor: Egnyte

Product	Event Types	MITRE TTP	Content
Egnyte	account-password-reset app-login file-delete file-download file-permission-change file-upload file-write remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: EnSilo

Product	Event Types	MITRE TTP	Content
EnSilo	remote-access	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Extreme Networks

Product	Event Types	MITRE TTP	Content
Zebra wireless LAN management	account-lockout	T1078 - Valid Accounts	1 Rules

Vendor: F5

Product	Event Types	MITRE TTP	Content
BIG-IP DNS	dns-query vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
F5 BIG-IP	app-activity failed-vpn-login print-activity process-alert remote-logon vpn-login	T1078 - Valid Accounts	1 Rules 1 Models
F5 BIG-IP Access Policy Manager (APM)	app-activity authentication-failed authentication-successful process-alert vpn-login vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Fidelis

Product	Event Types	MITRE TTP	Content
Fidelis Network	failed-logon failed-physical-access	T1110 - Brute Force	4 Rules

Vendor: Fortinet

Product	Event Types	MITRE TTP	Content
FortiAuthenticator	authentication-successful vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
Fortinet VPN	failed-vpn-login vpn-login vpn-logout web-activity-denied	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: GTB

Product	Event Types	MITRE TTP	Content
GTBInspector	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: GoAnywhere

Product	Event Types	MITRE TTP	Content
GoAnywhere MFT	dlp-email-alert-out-failed failed-logon file-delete file-download remote-logon	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models

Vendor: HP

Product	Event Types	MITRE TTP	Content
Aruba Mobility Master	local-logon nac-failed-logon nac-logon remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
HP Comware	failed-logon	T1110 - Brute Force	4 Rules

Vendor: HelpSystems

Product	Event Types	MITRE TTP	Content
Powertech Identity Access Manager (BoKs)	account-switch file-delete file-read file-write local-logon remote-logon	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	7 Rules 6 Models

Vendor: Honeywell

Product	Event Types	MITRE TTP	Content
Honeywell Pro-Watch	account-creation physical-access	T1110 - Brute Force	1 Rules
honeywell siama	account-creation	T1110 - Brute Force	1 Rules

Vendor: IBM

Product	Event Types	MITRE TTP	Content
IBM DB2	authentication-failed failed-physical-access file-read remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
IBM Sterling B2B Integrator	app-activity failed-logon member-added member-removed remote-logon	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models

Vendor: Illumio

Product	Event Types	MITRE TTP	Content
Illumio	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Ipswitch

Product	Event Types	MITRE TTP	Content
MoveIt DMZ	account-password-change authentication-failed failed-logon file-delete file-download file-upload file-write member-added process-created-failed	T1110 - Brute Force	4 Rules

Vendor: Juniper Networks

Product	Event Types	MITRE TTP	Content
Juniper Networks	account-deleted network-connection-successful	T1110 - Brute Force	1 Rules
Juniper Networks Pulse Secure	app-activity authentication-failed authentication-successful failed-app-login failed-vpn-login network-connection-successful vpn-login vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
Juniper VPN	app-activity authentication-failed authentication-successful failed-vpn-login security-alert vpn-login vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Kemp

Product	Event Types	MITRE TTP	Content
Kemp LoadMaster	app-activity remote-logon security-alert	T1078 - Valid Accounts	1 Rules 1 Models
Load Balancer	failed-app-login remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: LanScope

Product	Event Types	MITRE TTP	Content
LanScope Cat	app-activity dlp-alert failed-usb-activity file-write local-logon print-activity process-created process-created-failed process-network usb-activity usb-write web-activity-allowed workstation-locked workstation-unlocked	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Linux

Product	Event Types	MITRE TTP	Content
SSH	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: MasterSAM

Product	Event Types	MITRE TTP	Content
MasterSAM PAM	authentication-failed authentication-successful failed-physical-access remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: McAfee

Product	Event Types	MITRE TTP	Content
McAfee Endpoint Security	dlp-alert dlp-email-alert-in-failed file-write local-logon network-alert process-alert security-alert usb-insert usb-write	T1078 - Valid Accounts	1 Rules 1 Models
McAfee IDPS	vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
McAfee Solidifier	local-logon	T1078 - Valid Accounts	1 Rules 1 Models
Skyhigh Networks CASB	account-creation app-activity app-login dlp-alert failed-app-login security-alert	T1110 - Brute Force	1 Rules

Vendor: Microsoft

Product	Event Types	MITRE TTP	Content
Microsoft Azure	account-password-change account-password-reset app-activity app-activity-failed app-login authentication-failed authentication-successful cloud-admin-activity cloud-admin-activity-failed database-query dlp-email-alert-in-failed dns-response failed-app-login failed-logon failed-usb-activity file-delete file-download file-read file-write member-added member-removed network-connection-failed network-connection-successful privileged-access process-created security-alert storage-activity storage-activity-failed usb-activity usb-insert	T1110 - Brute Force	4 Rules
Microsoft Azure AD Identity Protection	remote-access	T1078 - Valid Accounts	1 Rules 1 Models
Microsoft Defender ATP	app-login batch-logon file-delete file-write local-logon member-removed network-alert process-alert process-created process-network process-network-failed remote-access remote-logon security-alert usb-write web-activity-denied	T1078 - Valid Accounts	1 Rules 1 Models
Microsoft Office 365	account-disabled app-activity app-activity-failed app-login dlp-email-alert-in dlp-email-alert-in-failed dlp-email-alert-out dlp-email-alert-out-failed failed-app-login failed-logon file-delete file-download file-permission-change file-read file-upload file-write ntlm-logon process-created remote-logon security-alert	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models
Microsoft Windows	account-creation account-deleted account-disabled account-enabled account-lockout account-password-change account-password-reset account-switch account-unlocked app-activity app-login audit-log-clear audit-policy-change authentication-failed authentication-successful computer-logon database-query dcom-activation-failed dlp-alert dlp-email-alert-out-failed dns-query dns-response ds-access failed-app-login failed-logon failed-vpn-login file-close file-delete file-read file-write kerberos-logon local-logon logout-remote member-added member-removed nac-logon netflow-connection network-alert network-connection-failed privileged-access privileged-object-access process-created process-network process-network-failed remote-access remote-logon security-alert service-created service-logon share-access task-created usb-activity usb-write vpn-login vpn-logout web-activity-denied winsession-disconnect workstation-locked workstation-unlocked	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation T1110 - Brute Force	17 Rules 10 Models
Web Application Proxy	failed-logon network-connection-failed web-activity-allowed	T1110 - Brute Force	4 Rules

Vendor: NCP

Product	Event Types	MITRE TTP	Content
NCP	authentication-successful vpn-login vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Namespace rDirectory

Product	Event Types	MITRE TTP	Content
Namespace rDirectory	account-deleted account-disabled account-enabled account-password-change-failed app-login member-added security-alert	T1110 - Brute Force	1 Rules

Vendor: Netwrix

Product	Event Types	MITRE TTP	Content
Netwrix Auditor	account-disabled account-lockout account-password-reset account-unlocked app-activity app-login database-access database-failed-login dns-query ds-access file-write member-added member-removed nac-logon security-alert	T1078 - Valid Accounts	1 Rules

Vendor: OSSEC

Product	Event Types	MITRE TTP	Content
OSSEC	account-lockout file-permission-change	T1078 - Valid Accounts	1 Rules

Vendor: ObserveIT

Product	Event Types	MITRE TTP	Content
ObserveIT	app-activity app-login dlp-alert failed-app-login member-added process-created remote-logon security-alert	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Okta

Product	Event Types	MITRE TTP	Content
Okta Adaptive MFA	account-creation account-enabled account-lockout app-activity app-activity-failed app-login authentication-failed failed-app-login failed-logon nac-logon network-alert security-alert	T1078 - Valid Accounts T1110 - Brute Force	6 Rules

Vendor: Onapsis

Product	Event Types	MITRE TTP	Content
Onapsis	app-login dns-query security-alert vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Oracle

Product	Event Types	MITRE TTP	Content
Oracle DB	database-access database-failed-login database-login database-query database-update failed-physical-access local-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Palo Alto Networks

Product	Event Types	MITRE TTP	Content
GlobalProtect	authentication-failed authentication-successful failed-vpn-login network-alert physical-access remote-logon security-alert vpn-login	T1078 - Valid Accounts	1 Rules 1 Models
Magnifier	remote-access	T1078 - Valid Accounts	1 Rules 1 Models
NGFW	account-password-change app-activity authentication-successful config-change dlp-email-alert-out file-alert local-logon network-connection-successful security-alert vpn-login web-activity-allowed web-activity-denied	T1078 - Valid Accounts	1 Rules 1 Models
Traps	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Password Manager Pro

Product	Event Types	MITRE TTP	Content
Password Manager Pro	account-switch failed-app-login	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: Proofpoint

Product	Event Types	MITRE TTP	Content
ObserveIT	app-activity remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Quest Software

Product	Event Types	MITRE TTP	Content
Change Auditor	account-lockout account-unlocked ds-access failed-app-login file-delete file-write local-logon member-added member-removed nac-failed-logon physical-access remote-logon security-alert	T1078 - Valid Accounts	2 Rules 1 Models

Vendor: SAP

Product	Event Types	MITRE TTP	Content
SAP	account-creation account-deleted account-lockout account-unlocked app-login authentication-failed authentication-successful failed-app-login file-download remote-logon	T1078 - Valid Accounts T1110 - Brute Force	3 Rules 1 Models

Vendor: SSL Open VPN

Product	Event Types	MITRE TTP	Content
SSL Open VPN	app-activity authentication-failed authentication-successful failed-app-login failed-vpn-login network-alert vpn-login vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Sailpoint

Product	Event Types	MITRE TTP	Content
FAM	account-lockout file-delete file-read file-write	T1078 - Valid Accounts	1 Rules
IdentityNow	account-password-change account-password-change-failed app-activity app-login authentication-successful vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models
SecurityIQ	account-creation account-deleted account-lockout account-password-reset dlp-email-alert-in-failed file-delete file-download file-permission-change file-read file-upload file-write member-added member-removed	T1078 - Valid Accounts T1110 - Brute Force	2 Rules

Vendor: Secure Computing

Product	Event Types	MITRE TTP	Content
Secure Computing SafeWord	remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: ServiceNow

Product	Event Types	MITRE TTP	Content
ServiceNow	account-switch app-login file-delete file-download file-read file-upload file-write security-alert storage-access	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: Sonicwall

Product	Event Types	MITRE TTP	Content
Sonicwall	failed-logon failed-vpn-login network-alert vpn-login vpn-logout web-activity-allowed	T1003 - OS Credential Dumping T1110 - Brute Force	8 Rules 4 Models

Vendor: Swipes

Product	Event Types	MITRE TTP	Content
Swipes	vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Swivel

Product	Event Types	MITRE TTP	Content
Swivel	app-login file-upload vpn-logout	T1003 - OS Credential Dumping	4 Rules 4 Models

Vendor: Symantec

Product	Event Types	MITRE TTP	Content
Symantec Critical System Protection	account-switch config-change dlp-alert failed-logon local-logon member-added	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation T1110 - Brute Force	11 Rules 6 Models
Symantec DLP	dlp-alert dlp-email-alert-in dlp-email-alert-out dlp-email-alert-out-failed ds-access failed-logon security-alert usb-activity usb-read usb-write	T1110 - Brute Force	4 Rules
Symantec EDR	failed-logon file-alert file-delete file-write remote-logon web-activity-denied	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models
Symantec Endpoint Protection	authentication-successful config-change failed-logon network-connection-failed network-connection-successful process-alert remote-logon security-alert	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models

Vendor: Thycotic Secret Server

Product	Event Types	MITRE TTP	Content
Thycotic Secret Server	account-switch app-login failed-app-login file-alert	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: TrapX

Product	Event Types	MITRE TTP	Content
TrapX	remote-access	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Unix

Product	Event Types	MITRE TTP	Content
Unix	account-creation account-deleted account-password-reset app-activity-failed authentication-failed authentication-successful batch-logon config-change database-access database-query dlp-alert dlp-email-alert-in dlp-email-alert-in-failed dlp-email-alert-out dlp-email-alert-out-failed failed-app-login failed-logon file-permission-change file-read kerberos-logon local-logon member-added member-removed netflow-connection network-alert process-created process-created-failed remote-logon security-alert	T1078 - Valid Accounts T1110 - Brute Force	6 Rules 1 Models
Unix Auditd	account-creation account-deleted app-activity app-activity-failed authentication-failed authentication-successful config-change database-login dlp-alert failed-logon local-logon member-added member-removed process-created process-created-failed remote-logon	T1078 - Valid Accounts T1110 - Brute Force	6 Rules 1 Models

Vendor: VMware

Product	Event Types	MITRE TTP	Content
VMWare ID Manager (VIDM)	app-activity app-login remote-logon security-alert	T1078 - Valid Accounts	1 Rules 1 Models
VMware Carbon Black App Control	app-activity batch-logon dlp-email-alert-out-failed failed-physical-access file-alert file-delete file-write local-logon process-alert process-created security-alert usb-write workstation-locked workstation-unlocked	T1078 - Valid Accounts	1 Rules 1 Models
VMware ESXi	computer-logon remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
VMware VCenter	account-password-change app-activity-failed ds-access remote-logon	T1078 - Valid Accounts	1 Rules 1 Models
VMware View	account-password-change app-login authentication-failed failed-app-login remote-logon	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Vormetric

Product	Event Types	MITRE TTP	Content
Vormetric	account-switch file-read	T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation	6 Rules 5 Models

Vendor: Zeek

Product	Event Types	MITRE TTP	Content
Zeek Network Security Monitor	app-activity app-login authentication-failed authentication-successful computer-logon dlp-alert dlp-email-alert-in dns-query dns-response failed-logon file-delete file-read file-write kerberos-logon nac-failed-logon nac-logon network-alert network-connection-successful ntlm-logon remote-logon share-access web-activity-allowed web-activity-denied	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 1 Models

Vendor: jSONAR

Product	Event Types	MITRE TTP	Content
SonarG	local-logon	T1078 - Valid Accounts	1 Rules 1 Models

Files

uc_brute_force_attack.md

Latest commit

History

uc_brute_force_attack.md

File metadata and controls

Use Case: Brute Force Attack

Vendor: ASUPIM

Vendor: AVI Networks

Vendor: AirWatch

Vendor: Amazon

Vendor: AppSense Application Manager

Vendor: Armis

Vendor: Attivo

Vendor: Auth0

Vendor: Barracuda

Vendor: BeyondTrust

Vendor: BlackBerry

Vendor: BlueCat Networks

Vendor: CA Technologies

Vendor: CDS

Vendor: CatoNetworks

Vendor: Centrify

Vendor: Check Point Software

Vendor: Cisco

Vendor: Citrix

Vendor: Cognitas CrossLink

Vendor: CrowdStrike

Vendor: CyberArk

Vendor: Dell

Vendor: Digital Guardian

Vendor: Dtex Systems

Vendor: ESET

Vendor: Egnyte

Vendor: EnSilo

Vendor: Extreme Networks

Vendor: F5

Vendor: Fidelis

Vendor: Fortinet

Vendor: GTB

Vendor: GoAnywhere

Vendor: HP

Vendor: HelpSystems

Vendor: Honeywell

Vendor: IBM

Vendor: Illumio

Vendor: Ipswitch

Vendor: Juniper Networks

Vendor: Kemp

Vendor: LanScope

Vendor: Linux

Vendor: MasterSAM

Vendor: McAfee

Vendor: Microsoft

Vendor: NCP

Vendor: Namespace rDirectory

Vendor: Netwrix

Vendor: OSSEC

Vendor: ObserveIT

Vendor: Okta

Vendor: Onapsis

Vendor: Oracle

Vendor: Palo Alto Networks

Vendor: Password Manager Pro

Vendor: Proofpoint

Vendor: Quest Software

Vendor: SAP

Vendor: SSL Open VPN

Vendor: Sailpoint

Vendor: Secure Computing

Vendor: ServiceNow

Vendor: Sonicwall

Vendor: Swipes

Vendor: Swivel

Vendor: Symantec

Vendor: Thycotic Secret Server

Vendor: TrapX

Vendor: Unix

Vendor: VMware

Vendor: Vormetric