Skip to content

Latest commit

 

History

History
26 lines (24 loc) · 15 KB

ds_f5_f5_big-ip.md

File metadata and controls

26 lines (24 loc) · 15 KB

Vendor: F5

Product: F5 BIG-IP

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
153 75 29 5 5
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access endpoint-login:fail (authentication-failed)
f5-bigip-kv-endpoint-login-fail-accessdenied

vpn-login:fail (failed-vpn-login)
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform

endpoint-login:success (remote-logon)
f5-bigip-kv-ssh-traffic-success-sshd

vpn-login:success (vpn-login)
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
f5-bigip-kv-vpn-login-success-started

vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 49 Rules
  • 17 Models
Account Manipulation vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1484 - Group Policy Modification
  • 7 Rules
  • 7 Models
Brute Force Attack vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1110 - Brute Force
  • 1 Rules
  • 1 Models
Data Access vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1110 - Brute Force
  • 1 Rules
  • 1 Models
Data Exfiltration vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Data Leak vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
Phishing vpn-logout:success (vpn-logout)
f5-bigip-kv-vpn-logout-success-closed
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
 T1566 - Phishing
  • 2 Rules
  • 2 Models
Physical Security vpn-login:success (vpn-login)
f5-bigip-str-vpn-success-sessionsslcert
f5-bigip-str-vpn-login-success-hostname
f5-bigip-str-vpn-login-success-platform
f5-bigip-kv-vpn-login-success-started
 T1133 - External Remote Services
  • 1 Rules
  • 1 Models
Privileged Activity endpoint-login:success (remote-logon)
f5-bigip-kv-ssh-traffic-success-sshd
 T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

Phishing

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

Group Policy Modification

 Group Policy Modification

Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

Valid Accounts: Local Accounts

 Brute Force

Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

 Remote System Discovery

 Remote Services

Use Alternate Authentication Material

 Proxy: Multi-hop Proxy

Proxy

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium: Exfiltration over USB

Exfiltration Over Physical Medium