From 42dc23596b722a05f5eca28a86420c6d0f6a2a94 Mon Sep 17 00:00:00 2001
From: Anthony Mendonca <17821357+tmendonca28@users.noreply.github.com>
Date: Wed, 22 Nov 2023 22:20:39 +0000
Subject: [PATCH] Update ds_palo_alto_networks_cortex_xdr.md
Changes fasing to facing
---
.../Cortex_XDR/ds_palo_alto_networks_cortex_xdr.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/DataSources/Palo_Alto_Networks/Cortex_XDR/ds_palo_alto_networks_cortex_xdr.md b/DataSources/Palo_Alto_Networks/Cortex_XDR/ds_palo_alto_networks_cortex_xdr.md
index 5bfd2693cf..1e40b373b4 100644
--- a/DataSources/Palo_Alto_Networks/Cortex_XDR/ds_palo_alto_networks_cortex_xdr.md
+++ b/DataSources/Palo_Alto_Networks/Cortex_XDR/ds_palo_alto_networks_cortex_xdr.md
@@ -10,7 +10,7 @@ Product: Cortex XDR
|:----:| ---- | ---- | ---- |
| [Abnormal Authentication & Access](../../../UseCases/uc_abnormal_authentication_&_access.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
app-login
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
| T1078 - Valid Accounts
T1133 - External Remote Services
| [](RM/r_m_palo_alto_networks_cortex_xdr_Abnormal_Authentication_&_Access.md) |
| [Account Manipulation](../../../UseCases/uc_account_manipulation.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
| T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
| [](RM/r_m_palo_alto_networks_cortex_xdr_Account_Manipulation.md) |
-| [Compromised Credentials](../../../UseCases/uc_compromised_credentials.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
app-login
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
security-alert
↳[cef-cortex-xdr-alert-1](Ps/pC_cefcortexxdralert1.md)
↳[palo-alto-cortex-xdr-alert](Ps/pC_paloaltocortexxdralert.md)
↳[cef-cortex-xdr-alert](Ps/pC_cefcortexxdralert.md)
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
| [](RM/r_m_palo_alto_networks_cortex_xdr_Compromised_Credentials.md) |
+| [Compromised Credentials](../../../UseCases/uc_compromised_credentials.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
app-login
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
security-alert
↳[cef-cortex-xdr-alert-1](Ps/pC_cefcortexxdralert1.md)
↳[palo-alto-cortex-xdr-alert](Ps/pC_paloaltocortexxdralert.md)
↳[cef-cortex-xdr-alert](Ps/pC_cefcortexxdralert.md)
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Facing Application
| [](RM/r_m_palo_alto_networks_cortex_xdr_Compromised_Credentials.md) |
| [Data Access](../../../UseCases/uc_data_access.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
app-login
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
| T1078 - Valid Accounts
| [](RM/r_m_palo_alto_networks_cortex_xdr_Data_Access.md) |
| [Data Leak](../../../UseCases/uc_data_leak.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
| T1114.003 - Email Collection: Email Forwarding Rule
| [](RM/r_m_palo_alto_networks_cortex_xdr_Data_Leak.md) |
| [Lateral Movement](../../../UseCases/uc_lateral_movement.md) | app-activity
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
app-login
↳[cortex-xdr-app-activity](Ps/pC_cortexxdrappactivity.md)
security-alert
↳[cef-cortex-xdr-alert-1](Ps/pC_cefcortexxdralert1.md)
↳[palo-alto-cortex-xdr-alert](Ps/pC_paloaltocortexxdralert.md)
↳[cef-cortex-xdr-alert](Ps/pC_cefcortexxdralert.md)
| T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
| [](RM/r_m_palo_alto_networks_cortex_xdr_Lateral_Movement.md) |
@@ -24,4 +24,4 @@ MITRE ATT&CK® Framework for Enterprise
--------------------------------------
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------- | --------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------ | ------ |
-| [External Remote Services](https://attack.mitre.org/techniques/T1133)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Exploit Public Fasing Application](https://attack.mitre.org/techniques/T1190)
| | [External Remote Services](https://attack.mitre.org/techniques/T1133)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Account Manipulation](https://attack.mitre.org/techniques/T1098)
[Account Manipulation: Exchange Email Delegate Permissions](https://attack.mitre.org/techniques/T1098/002)
| [Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068)
| [Obfuscated Files or Information: Indicator Removal from Tools](https://attack.mitre.org/techniques/T1027/005)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027)
| | | | [Email Collection](https://attack.mitre.org/techniques/T1114)
[Email Collection: Email Forwarding Rule](https://attack.mitre.org/techniques/T1114/003)
| [Proxy: Multi-hop Proxy](https://attack.mitre.org/techniques/T1090/003)
[Proxy](https://attack.mitre.org/techniques/T1090)
| | |
\ No newline at end of file
+| [External Remote Services](https://attack.mitre.org/techniques/T1133)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Exploit Public Facing Application](https://attack.mitre.org/techniques/T1190)
| | [External Remote Services](https://attack.mitre.org/techniques/T1133)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Account Manipulation](https://attack.mitre.org/techniques/T1098)
[Account Manipulation: Exchange Email Delegate Permissions](https://attack.mitre.org/techniques/T1098/002)
| [Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Exploitation for Privilege Escalation](https://attack.mitre.org/techniques/T1068)
| [Obfuscated Files or Information: Indicator Removal from Tools](https://attack.mitre.org/techniques/T1027/005)
[Valid Accounts](https://attack.mitre.org/techniques/T1078)
[Obfuscated Files or Information](https://attack.mitre.org/techniques/T1027)
| | | | [Email Collection](https://attack.mitre.org/techniques/T1114)
[Email Collection: Email Forwarding Rule](https://attack.mitre.org/techniques/T1114/003)
| [Proxy: Multi-hop Proxy](https://attack.mitre.org/techniques/T1090/003)
[Proxy](https://attack.mitre.org/techniques/T1090)
| | |