Skip to content

Latest commit

 

History

History
24 lines (22 loc) · 7.61 KB

ds_vectra_vectra_cognito_detect.md

File metadata and controls

24 lines (22 loc) · 7.61 KB

Vendor: Vectra

Product: Vectra Cognito Detect

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
89 37 10 3 3
Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access account-password-change
vectra-cd-kv-app-notification-account

app-activity
vectra-cd-json-app-activity-success-appactivity
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Account Manipulation account-password-change
vectra-cd-kv-app-notification-account

app-activity
vectra-cd-json-app-activity-success-appactivity
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 4 Rules
  • 1 Models
Data Access app-activity
vectra-cd-json-app-activity-success-appactivity
 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Data Leak app-activity
vectra-cd-json-app-activity-success-appactivity
 T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Privilege Abuse account-password-change
vectra-cd-kv-app-notification-account

app-activity
vectra-cd-json-app-activity-success-appactivity
 T1078 - Valid Accounts
T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 7 Rules
  • 2 Models
Privilege Escalation app-activity
vectra-cd-json-app-activity-success-appactivity
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Ransomware app-activity
vectra-cd-json-app-activity-success-appactivity
 T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Email Collection

Email Collection: Email Forwarding Rule

 Proxy: Multi-hop Proxy

Proxy