Skip to content

Latest commit

 

History

History
19 lines (17 loc) · 4.74 KB

ds_check_point_endpoint_security.md

File metadata and controls

19 lines (17 loc) · 4.74 KB

Vendor: Check Point

Product: Endpoint Security

Rules Models MITRE TTPs Event Types Parsers
29 12 5 1 1
Use-Case Event Types/Parsers MITRE TTP Content
Compromised Credentials security-alert
s-checkpoint-alert-2
s-checkpoint-alert-3
cef-checkpoint-alert
s-checkpoint-alert-1
leef-checkpoint-alert-1
cef-checkpoint-alert-3
leef-checkpoint-alert-2
q-checkpoint-alert
s-checkpoint-alert
s-checkpoint-alert-4
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
  • 22 Rules
  • 10 Models
Lateral Movement security-alert
s-checkpoint-alert-2
s-checkpoint-alert-3
cef-checkpoint-alert
s-checkpoint-alert-1
leef-checkpoint-alert-1
cef-checkpoint-alert-3
leef-checkpoint-alert-2
q-checkpoint-alert
s-checkpoint-alert
s-checkpoint-alert-4
 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Next Page -->>

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information