Skip to content

Latest commit

 

History

History
7 lines (7 loc) · 5.87 KB

2_ds_bitglass_bitglass_casb.md

File metadata and controls

7 lines (7 loc) · 5.87 KB
Use-Case Activity Type (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Data Access app-login:success (app-login)
bitglass-casb-mix-app-login-success-allowlogin
bitglass-casb-sk4-app-login-success-loginsuccess

app-login:fail (failed-app-login)
bitglass-casb-mix-app-login-fail-loginfailure
bitglass-casb-kv-app-login-fail-login

file-read:success (file-read)
bitglass-casb-json-file-read-success-download

file-write:success (file-write)
bitglass-casb-json-file-write-success-uploaded
 T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 30 Rules
  • 17 Models
Malware app-login:success (app-login)
bitglass-casb-mix-app-login-success-allowlogin
bitglass-casb-sk4-app-login-success-loginsuccess

alert-trigger:success (dlp-alert)
bitglass-casb-cef-alert-trigger-success-filelink

email-send:success (dlp-email-alert-out)
bitglass-casb-json-email-send-success-emailsend

file-write:success (file-write)
bitglass-casb-json-file-write-success-uploaded
 T1003 - OS Credential Dumping
T1003.002 - T1003.002
T1078 - Valid Accounts
T1190 - Exploit Public Fasing Application
T1505 - Server Software Component
T1505.003 - Server Software Component: Web Shell
T1547 - Boot or Logon Autostart Execution
T1547.001 - T1547.001
TA0002 - TA0002
  • 14 Rules
  • 5 Models
Privilege Abuse app-login:success (app-login)
bitglass-casb-mix-app-login-success-allowlogin
bitglass-casb-sk4-app-login-success-loginsuccess

email-send:success (dlp-email-alert-out)
bitglass-casb-json-email-send-success-emailsend

app-login:fail (failed-app-login)
bitglass-casb-mix-app-login-fail-loginfailure
bitglass-casb-kv-app-login-fail-login

file-download:success (file-download)
bitglass-casb-kv-file-download-success-cloudstorage
bitglass-casb-kv-file-download-success-downloaded

file-read:success (file-read)
bitglass-casb-json-file-read-success-download

file-write:success (file-write)
bitglass-casb-json-file-write-success-uploaded
 T1078 - Valid Accounts
  • 3 Rules
Privileged Activity app-login:success (app-login)
bitglass-casb-mix-app-login-success-allowlogin
bitglass-casb-sk4-app-login-success-loginsuccess

email-send:success (dlp-email-alert-out)
bitglass-casb-json-email-send-success-emailsend

app-login:fail (failed-app-login)
bitglass-casb-mix-app-login-fail-loginfailure
bitglass-casb-kv-app-login-fail-login

file-download:success (file-download)
bitglass-casb-kv-file-download-success-cloudstorage
bitglass-casb-kv-file-download-success-downloaded

file-read:success (file-read)
bitglass-casb-json-file-read-success-download

file-write:success (file-write)
bitglass-casb-json-file-write-success-uploaded
 T1078 - Valid Accounts
  • 2 Rules
Ransomware app-login:success (app-login)
bitglass-casb-mix-app-login-success-allowlogin
bitglass-casb-sk4-app-login-success-loginsuccess

app-login:fail (failed-app-login)
bitglass-casb-mix-app-login-fail-loginfailure
bitglass-casb-kv-app-login-fail-login

file-write:success (file-write)
bitglass-casb-json-file-write-success-uploaded
 T1078 - Valid Accounts
T1486 - Data Encrypted for Impact
  • 3 Rules