| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 102 | 41 | 11 | 4 | 4 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Compromised Credentials | network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert network-connection-failed ↳checkpoint-firewall-2 network-connection-successful ↳checkpoint-firewall-2 security-alert ↳syslog-checkpoint-network-alert ↳checkpoint-network-alert-2 ↳checkpoint-network-alert-4 ↳cef-checkpoint-network-alert |
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1133 - External Remote Services |
|
| Cryptomining | network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert network-connection-failed ↳checkpoint-firewall-2 network-connection-successful ↳checkpoint-firewall-2 security-alert ↳syslog-checkpoint-network-alert ↳checkpoint-network-alert-2 ↳checkpoint-network-alert-4 ↳cef-checkpoint-network-alert |
T1496 - Resource Hijacking |
|
| Next Page -->> |
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| External Remote Services Valid Accounts Exploit Public Fasing Application |
External Remote Services Valid Accounts |
Valid Accounts Exploitation for Privilege Escalation |
Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information |
Proxy: Multi-hop Proxy Application Layer Protocol Proxy |
Resource Hijacking |