Use Case: Abnormal Authentication & Access

Vendor: APC

Product	MITRE ATT&CK® TTP	Content
APC	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	8 Rules 5 Models

Vendor: AVI Networks

Product	MITRE ATT&CK® TTP	Content
Avi Networks Software Load Balancer	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Absolute

Product	MITRE ATT&CK® TTP	Content
Absolute DDS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Accellion

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 4 Models

Vendor: Admin By Request

Product	MITRE ATT&CK® TTP	Content
Admin By Request	T1078 - Valid Accounts	1 Rules 1 Models

Vendor: Airlock

Product	MITRE ATT&CK® TTP	Content
Airlock Allowlisting	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Airlock Security Access Hub	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Akamai

Product	MITRE ATT&CK® TTP	Content
Cloud Akamai	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS CloudTrail	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	20 Rules 6 Models
AWS CloudWatch	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
AWS WAF	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Apache Guacamole	T1133 - External Remote Services	3 Rules 3 Models
Apache Subversion	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Atlassian

Product	MITRE ATT&CK® TTP	Content
Atlassian BitBucket	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Auth0

Product	MITRE ATT&CK® TTP	Content
Auth0	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	40 Rules 16 Models

Vendor: Avaya

Product	MITRE ATT&CK® TTP	Content
Avaya Ethernet Routing Switch	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 2 Models

Vendor: Axway

Product	MITRE ATT&CK® TTP	Content
Axway Gateway	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: Azure Monitor

Product	MITRE ATT&CK® TTP	Content
Azure Monitor	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Badge

Product	MITRE ATT&CK® TTP	Content
Badge	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Banyan Security

Product	MITRE ATT&CK® TTP	Content
Banyan Security	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Cloudgen Firewall	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	18 Rules 7 Models
Barracuda Email Security Gateway	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Barracuda WAF	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondInsight	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
BeyondTrust	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
BeyondTrust Privileged Identity	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
BeyondTrust Secure Remote Access	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Bitdefender

Product	MITRE ATT&CK® TTP	Content
GravityZone	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Bitglass

Product	MITRE ATT&CK® TTP	Content
Bitglass CASB	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Box

Product	MITRE ATT&CK® TTP	Content
Box Cloud Content Management	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: CA Technologies

Product	MITRE ATT&CK® TTP	Content
CA Privileged Access Manager Server Control	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models

Vendor: CDS

Product	MITRE ATT&CK® TTP	Content
CDS	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
Unix	T1078 - Valid Accounts	2 Rules 1 Models

Vendor: CHCOM

Product	MITRE ATT&CK® TTP	Content
CHCOM	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Anti-Malware	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Check Point Endpoint Security	T1078 - Valid Accounts T1133 - External Remote Services	13 Rules 5 Models
Check Point Identity Awareness	T1078 - Valid Accounts T1133 - External Remote Services	13 Rules 5 Models
Check Point NGFW	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	32 Rules 13 Models
Check Point Security Gateway	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	29 Rules 7 Models
Check Point Threat Emulation	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Cisco ACS

Product	MITRE ATT&CK® TTP	Content
Cisco ACS	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: Cisco Unified Communications Manager

Product	MITRE ATT&CK® TTP	Content
Cisco Unified Communications Manager	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
AnyConnect	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	26 Rules 7 Models
Cisco	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Cisco ACI	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 6 Models
Cisco ACS	T1133 - External Remote Services	3 Rules 3 Models
Cisco Adaptive Security Appliance	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	46 Rules 18 Models
Cisco Cloud Web Security	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Cisco DHCP	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Cisco Firepower	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	38 Rules 16 Models
Cisco IOS	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
Cisco ISE	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	47 Rules 20 Models
Cisco Meraki MX appliance	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	19 Rules 11 Models
Cisco Secure Endpoint	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Cisco Secure Web Appliance	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Cisco SourceFire	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Cisco Umbrella	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Cisco Unified Communications Manager	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Duo Access	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 4 Models

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Gateway	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	29 Rules 7 Models
Citrix ShareFile	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Citrix Virtual Apps	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Citrix Web App Firewall	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Claroty

Product	MITRE ATT&CK® TTP	Content
CTD	T1078 - Valid Accounts T1110 - Brute Force	5 Rules 2 Models

Vendor: Clearsense

Product	MITRE ATT&CK® TTP	Content
Clearsense	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Click Studios

Product	MITRE ATT&CK® TTP	Content
Passwordstate	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare Insights	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Cloudflare WAF	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: Code42

Product	MITRE ATT&CK® TTP	Content
Code42 Incydr	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Cohesity

Product	MITRE ATT&CK® TTP	Content
Cohesity DataPlatform	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: CrowdStrike

Product	MITRE ATT&CK® TTP	Content
Falcon	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	40 Rules 16 Models

Vendor: CyberArk

Product	MITRE ATT&CK® TTP	Content
Cyberark Endpoint Protection Manager	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Cyberark Privilege Access Management	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	40 Rules 16 Models

Vendor: Cylance

Product	MITRE ATT&CK® TTP	Content
Cylance PROTECT	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Darktrace

Product	MITRE ATT&CK® TTP	Content
Darktrace	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: DataWatch Systems

Product	MITRE ATT&CK® TTP	Content
DataWatch	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Delinea

Product	MITRE ATT&CK® TTP	Content
Centrify Authentication Service	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Centrify Zero Trust Privilege Services	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Thycotic Software Secret Server	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
One Identity Manager	T1078 - Valid Accounts	2 Rules 1 Models
RSA Authentication Manager	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 4 Models
Sonicwall	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services	55 Rules 23 Models

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models

Vendor: Dropbox

Product	MITRE ATT&CK® TTP	Content
Dropbox	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	25 Rules 6 Models

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	17 Rules 10 Models

Vendor: Duo Access

Product	MITRE ATT&CK® TTP	Content
Duo Access	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: ESET

Product	MITRE ATT&CK® TTP	Content
ESET Endpoint Security	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: ESector

Product	MITRE ATT&CK® TTP	Content
ESector DEFESA Logger	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Entrust

Product	MITRE ATT&CK® TTP	Content
Entrust Identity Enterprise	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Envoy

Product	MITRE ATT&CK® TTP	Content
Envoy	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Epic

Product	MITRE ATT&CK® TTP	Content
Epic SIEM	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Event Viewer - Security

Product	MITRE ATT&CK® TTP	Content
Event Viewer - Security	T1078 - Valid Accounts	2 Rules 1 Models

Vendor: Exabeam

Product	MITRE ATT&CK® TTP	Content
Audit Log	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Search	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Extreme Networks

Product	MITRE ATT&CK® TTP	Content
ExtremeCloud IQ	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Zebra WLAN Management	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: F-Secure

Product	MITRE ATT&CK® TTP	Content
F-Secure Policy Manager	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
F5 Access Policy Manager	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	29 Rules 7 Models
F5 Advanced Web Application Firewall	T1078 - Valid Accounts	2 Rules 1 Models
F5 BIG-IP	T1021 - Remote Services T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	31 Rules 9 Models
F5 BIG-IP DNS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: FTP

Product	MITRE ATT&CK® TTP	Content
FTP	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint CASB	T1133 - External Remote Services	3 Rules 3 Models
Forcepoint Next-Gen Firewall	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Websense Security Gateway	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Forescout

Product	MITRE ATT&CK® TTP	Content
Forescout CounterACT	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
FortiGate	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	19 Rules 11 Models
Fortinet UTM	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Fortinet VPN	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	29 Rules 7 Models
Fortiweb Web Application Firewall	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Generic Badge Access

Product	MITRE ATT&CK® TTP	Content
Generic Badge Access	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: GitHub

Product	MITRE ATT&CK® TTP	Content
GitHub	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: GoAnywhere

Product	MITRE ATT&CK® TTP	Content
GoAnywhere MFT	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 6 Models

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
GCP CloudAudit	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Google Cloud Platform	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Google Plus	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Google Workspace	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: HP

Product	MITRE ATT&CK® TTP	Content
Aruba ClearPass Policy Manager	T1021 - Remote Services T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	23 Rules 9 Models
Aruba Mobility Master	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	25 Rules 6 Models
Aruba Wireless controller	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	17 Rules 7 Models
ArubaOS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
HP Print Server	T1078 - Valid Accounts	1 Rules
HP SafeCom	T1078 - Valid Accounts	1 Rules
HP iLO	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
HPE 3PAR StoreServ	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
NonStop	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: HashiCorp

Product	MITRE ATT&CK® TTP	Content
HashiCorp Vault	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: HelpSystems

Product	MITRE ATT&CK® TTP	Content
Powertech Identity and Access Manager	T1078 - Valid Accounts	2 Rules 1 Models

Vendor: Honeywell

Product	MITRE ATT&CK® TTP	Content
Honeywell Pro-Watch	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Huawei

Product	MITRE ATT&CK® TTP	Content
Huawei Unified Security Gateway	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	25 Rules 6 Models

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
IBM Mainframe	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
IBM Resource Access Control Facility	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Proventia Network IPS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Sterling B2B Integrator	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Identiv

Product	MITRE ATT&CK® TTP	Content
Identiv	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva Incapsula	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Imperva SecureSphere	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Imprivata

Product	MITRE ATT&CK® TTP	Content
Imprivata	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: Infoblox

Product	MITRE ATT&CK® TTP	Content
BloxOne DDI	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Infoblox NIOS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Ipswitch

Product	MITRE ATT&CK® TTP	Content
MoveIt Transfer	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	20 Rules 6 Models

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Ivanti Pulse Secure	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	35 Rules 13 Models

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper SRX Series	T1078 - Valid Accounts T1133 - External Remote Services	16 Rules 5 Models
Junos OS	T1133 - External Remote Services	3 Rules 3 Models

Vendor: Kasada

Product	MITRE ATT&CK® TTP	Content
Kasada	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Kaspersky

Product	MITRE ATT&CK® TTP	Content
Kaspersky Endpoint Security for Business	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Kemp

Product	MITRE ATT&CK® TTP	Content
Kemp LoadMaster	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Kiteworks

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: LastPass

Product	MITRE ATT&CK® TTP	Content
LastPass	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Lenel

Product	MITRE ATT&CK® TTP	Content
OnGuard	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: LiquidFiles

Product	MITRE ATT&CK® TTP	Content
LiquidFiles	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: LogRhythm

Product	MITRE ATT&CK® TTP	Content
LogRhythm	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Magento

Product	MITRE ATT&CK® TTP	Content
Magento WAF	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: ManageEngine

Product	MITRE ATT&CK® TTP	Content
ADAuditPlus	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
ADManager Plus	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
ADSSP	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
PAM360	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: MasterSAM

Product	MITRE ATT&CK® TTP	Content
CA Privileged Access Manager Server Control	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
MasterSAM PAM	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
McAfee DLP Endpoint	T1078 - Valid Accounts	1 Rules
McAfee Endpoint Security	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
McAfee Network Security Platform	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
McAfee Web Gateway	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
McAfee ePolicy Orchestrator	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Skyhigh Networks CASB	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Active Directory Federation Services	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 4 Models
Azure	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Azure AD Activity Logs	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Azure AD Sign-In Logs	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
Azure MFA	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	19 Rules 6 Models
Azure Monitor	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Event Viewer - ADFS	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	37 Rules 16 Models
Event Viewer - Application	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - Applocker	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - AzureADPasswordProtection-DCAgent	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - DFS-Replication	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - NPS	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Event Viewer - NTLM	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	19 Rules 6 Models
Event Viewer - PowerShell	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - Security	T1021 - Remote Services T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	34 Rules 8 Models
Event Viewer - System	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - TaskScheduler	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Event Viewer - TerminalServices-Gateway	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Event Viewer - TerminalServices-LocalSessionManager	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
M365 Audit Logs	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
MSSQL	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Microsoft	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Microsoft 365	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Microsoft Advanced Threat Analytics	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Microsoft CAS	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Microsoft DHCP Log	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Microsoft Defender for Endpoint	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	37 Rules 16 Models
Microsoft Exchange	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Microsoft IIS	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Microsoft Network Policy Server	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	17 Rules 7 Models
Microsoft RRAS	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models
Sysmon	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Windows	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Windows Defender Application Control	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Secure Email Gateway	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Mimecast Targeted Threat Protection - URL	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: MuleSoft

Product	MITRE ATT&CK® TTP	Content
MuleSoft Anypoint Platform	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: NCP

Product	MITRE ATT&CK® TTP	Content
NCP	T1021 - Remote Services T1078 - Valid Accounts	13 Rules 2 Models

Vendor: NNT

Product	MITRE ATT&CK® TTP	Content
NNT ChangeTracker	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Nagios

Product	MITRE ATT&CK® TTP	Content
Nagios	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Namespace rDirectory

Product	MITRE ATT&CK® TTP	Content
Namespace rDirectory	T1078 - Valid Accounts	3 Rules 1 Models

Vendor: NetIQ

Product	MITRE ATT&CK® TTP	Content
Micro Focus NetIQ Identity Manager	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	21 Rules 10 Models

Vendor: Netwrix

Product	MITRE ATT&CK® TTP	Content
Netwrix Auditor	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	21 Rules 6 Models

Vendor: NextDLP

Product	MITRE ATT&CK® TTP	Content
NextDLP	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1133 - External Remote Services	29 Rules 14 Models
Reveal	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	24 Rules 13 Models

Vendor: Nortel Contivity

Product	MITRE ATT&CK® TTP	Content
Nortel Contivity VPN	T1021 - Remote Services T1078 - Valid Accounts	13 Rules 2 Models

Vendor: OSSEC

Product	MITRE ATT&CK® TTP	Content
OSSEC	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Okta

Product	MITRE ATT&CK® TTP	Content
Okta Adaptive MFA	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	21 Rules 6 Models

Vendor: OneLogin

Product	MITRE ATT&CK® TTP	Content
OneLogin	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: OneSpan

Product	MITRE ATT&CK® TTP	Content
Digipass for Apps	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: OneWelcome

Product	MITRE ATT&CK® TTP	Content
OneWelcome Cloud Identity Platform	T1078 - Valid Accounts T1133 - External Remote Services	14 Rules 4 Models

Vendor: Open Shift

Product	MITRE ATT&CK® TTP	Content
OpenShift	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Open VPN

Product	MITRE ATT&CK® TTP	Content
Open VPN	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	26 Rules 7 Models

Vendor: OpenDJ

Product	MITRE ATT&CK® TTP	Content
OpenDJ	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 6 Models

Vendor: Oracle

Product	MITRE ATT&CK® TTP	Content
Oracle Access Management	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Oracle Database	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Oracle Public Cloud	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Osquery

Product	MITRE ATT&CK® TTP	Content
Osquery	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
Cortex XDR	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
GlobalProtect	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	29 Rules 7 Models
Palo Alto NGFW	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	36 Rules 14 Models
Palo Alto WildFire	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Panorama	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Prisma Cloud	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Password Manager Pro

Product	MITRE ATT&CK® TTP	Content
Password Manager Pro	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Ping Identity

Product	MITRE ATT&CK® TTP	Content
Ping Identity	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	20 Rules 6 Models
PingOne	T1078 - Valid Accounts T1133 - External Remote Services	16 Rules 5 Models

Vendor: Progress

Product	MITRE ATT&CK® TTP	Content
Progress Database	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Proofpoint Enterprise Protection	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: QUSH

Product	MITRE ATT&CK® TTP	Content
Reveal	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	23 Rules 13 Models

Vendor: Quest Software

Product	MITRE ATT&CK® TTP	Content
Quest Change Auditor for Active Directory	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	13 Rules 4 Models

Vendor: RS2

Product	MITRE ATT&CK® TTP	Content
RS2 Technologies	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: RSA

Product	MITRE ATT&CK® TTP	Content
RSA Adaptive Authentication	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 4 Models
RSA Authentication Manager	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
RSA NetWitness Platform	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
SecurID	T1021 - Remote Services T1078 - Valid Accounts	13 Rules 2 Models

Vendor: RStudio

Product	MITRE ATT&CK® TTP	Content
RStudio Server	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Radware

Product	MITRE ATT&CK® TTP	Content
Alteon	T1133 - External Remote Services	3 Rules 3 Models

Vendor: RangerAudit

Product	MITRE ATT&CK® TTP	Content
RangerAudit	T1133 - External Remote Services	3 Rules 3 Models

Vendor: RightCrowd

Product	MITRE ATT&CK® TTP	Content
RightCrowd	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Rubrik

Product	MITRE ATT&CK® TTP	Content
Rubrik Cloud Data Management	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Ruckus

Product	MITRE ATT&CK® TTP	Content
Ruckus	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: SAP

Product	MITRE ATT&CK® TTP	Content
SAP	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	21 Rules 6 Models
SuccessFactors	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: SIGSCI

Product	MITRE ATT&CK® TTP	Content
SIGSCI	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: Safenet

Product	MITRE ATT&CK® TTP	Content
Thales	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: Sailpoint

Product	MITRE ATT&CK® TTP	Content
IdentityNow	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Salesforce

Product	MITRE ATT&CK® TTP	Content
Salesforce	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Seclore

Product	MITRE ATT&CK® TTP	Content
Seclore	T1078 - Valid Accounts	1 Rules

Vendor: SecurEnvoy

Product	MITRE ATT&CK® TTP	Content
SecureEnvoy Multi-Factor Authentication	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: SecureAuth IDP

Product	MITRE ATT&CK® TTP	Content
SecureAuth IDP	T1133 - External Remote Services	3 Rules 3 Models

Vendor: SecureAuth

Product	MITRE ATT&CK® TTP	Content
SecureAuth IDP	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
SecureAuth Login	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: SecureLink

Product	MITRE ATT&CK® TTP	Content
SecureLink	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: SecureNet

Product	MITRE ATT&CK® TTP	Content
SecureNet	T1021 - Remote Services T1078 - Valid Accounts T1133 - External Remote Services	26 Rules 7 Models

Vendor: SecurityExpert

Product	MITRE ATT&CK® TTP	Content
SecurityExpert	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Semperis

Product	MITRE ATT&CK® TTP	Content
Semperis DSP	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Sensormatik

Product	MITRE ATT&CK® TTP	Content
Sensormatik	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Singularity Platform	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models
Vigilance	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: ServiceNow

Product	MITRE ATT&CK® TTP	Content
ServiceNow	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Shibboleth

Product	MITRE ATT&CK® TTP	Content
Shibboleth	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Silverfort

Product	MITRE ATT&CK® TTP	Content
Silverfort Authentication Platform	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: SiteMinder

Product	MITRE ATT&CK® TTP	Content
Symantec SiteMinder	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: SiteSpect

Product	MITRE ATT&CK® TTP	Content
SiteSpect	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 10 Models

Vendor: Skyformation

Product	MITRE ATT&CK® TTP	Content
Skyformation	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos Endpoint Protection	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	21 Rules 10 Models
Sophos UTM	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts	6 Rules 5 Models
Sophos XG Firewall	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Specops

Product	MITRE ATT&CK® TTP	Content
Specops Password	T1078 - Valid Accounts	2 Rules 1 Models

Vendor: Splunk

Product	MITRE ATT&CK® TTP	Content
Splunk ES	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Squid

Product	MITRE ATT&CK® TTP	Content
Squid	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: SunOne

Product	MITRE ATT&CK® TTP	Content
SunOne	T1078 - Valid Accounts T1133 - External Remote Services	11 Rules 4 Models

Vendor: Swift

Product	MITRE ATT&CK® TTP	Content
Swift	T1133 - External Remote Services	3 Rules 3 Models

Vendor: Swipes

Product	MITRE ATT&CK® TTP	Content
Swipes	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Swivel

Product	MITRE ATT&CK® TTP	Content
Swivel	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec Advanced Threat Protection	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Symantec Critical System Protection	T1078 - Valid Accounts T1110 - Brute Force	8 Rules 3 Models
Symantec DLP	T1078 - Valid Accounts	1 Rules
Symantec Endpoint Protection	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Symantec VIP	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 6 Models
Symantec Web Security Service	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models

Vendor: Tanium Core Platform

Product	MITRE ATT&CK® TTP	Content
Tanium Core Platform	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Tanium

Product	MITRE ATT&CK® TTP	Content
Tanium Cloud Platform	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models
Tanium Core Platform	T1078 - Valid Accounts T1133 - External Remote Services	14 Rules 4 Models

Vendor: Thales Group

Product	MITRE ATT&CK® TTP	Content
Gemalto MFA	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	16 Rules 6 Models

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
Deep Discovery Inspector	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Deep Security	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
OfficeScan	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Trend Micro	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Trend Micro InterScan Web Security	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Tyco

Product	MITRE ATT&CK® TTP	Content
CCURE Building Management System	T1078 - Valid Accounts T1133 - External Remote Services	13 Rules 5 Models

Vendor: Ubiquiti

Product	MITRE ATT&CK® TTP	Content
Unifi Access Point	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Unix	T1021 - Remote Services T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	37 Rules 16 Models
Unix Auditd	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
Unix Named	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Unix Privilege Management	T1078 - Valid Accounts	2 Rules 1 Models
Unix dhcpd	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: VMware

Product	MITRE ATT&CK® TTP	Content
Carbon Black App Control	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Carbon Black CES	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Carbon Black EDR	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
VMware AirWatch	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
VMware ESXi	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	18 Rules 7 Models
VMware Horizon	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models
VMware NSX	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
VMware View	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Stream	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	20 Rules 10 Models

Vendor: ViaScope

Product	MITRE ATT&CK® TTP	Content
ViaScope IPScan	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Visma

Product	MITRE ATT&CK® TTP	Content
Megaflex	T1078 - Valid Accounts	3 Rules 2 Models

Vendor: Vormetric

Product	MITRE ATT&CK® TTP	Content
Vormetric	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Wazuh

Product	MITRE ATT&CK® TTP	Content
Wazuh	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 6 Models

Vendor: Wiz

Product	MITRE ATT&CK® TTP	Content
Wiz	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Workday

Product	MITRE ATT&CK® TTP	Content
Workday	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: XPS

Product	MITRE ATT&CK® TTP	Content
XPS	T1078 - Valid Accounts	1 Rules

Vendor: Xceedium

Product	MITRE ATT&CK® TTP	Content
Xceedium	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: Xiting

Product	MITRE ATT&CK® TTP	Content
XAMS	T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 4 Models

Vendor: YSoft

Product	MITRE ATT&CK® TTP	Content
YSoft	T1078 - Valid Accounts	1 Rules

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1078.002 - T1078.002 T1078.003 - Valid Accounts: Local Accounts T1110 - Brute Force T1133 - External Remote Services	43 Rules 22 Models

Vendor: Zendesk

Product	MITRE ATT&CK® TTP	Content
Zendesk	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: Zscaler

Product	MITRE ATT&CK® TTP	Content
Zscaler Internet Access	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	17 Rules 10 Models
Zscaler Private Access	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	17 Rules 5 Models

Vendor: hMail

Product	MITRE ATT&CK® TTP	Content
hMailServer	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: iManage

Product	MITRE ATT&CK® TTP	Content
iManage	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: oVirt

Product	MITRE ATT&CK® TTP	Content
oVirt	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models

Vendor: xPLAN

Product	MITRE ATT&CK® TTP	Content
xPLAN	T1078 - Valid Accounts	3 Rules 2 Models

Files

uc_abnormal_authentication_&_access.md

Latest commit

History

uc_abnormal_authentication_&_access.md

File metadata and controls

Use Case: Abnormal Authentication & Access

Vendor: APC

Vendor: AVI Networks

Vendor: Absolute

Vendor: Accellion

Vendor: Admin By Request

Vendor: Airlock

Vendor: Akamai

Vendor: Amazon

Vendor: Apache

Vendor: Atlassian

Vendor: Auth0

Vendor: Avaya

Vendor: Axway

Vendor: Azure Monitor

Vendor: Badge

Vendor: Banyan Security

Vendor: Barracuda

Vendor: BeyondTrust

Vendor: Bitdefender

Vendor: Bitglass

Vendor: Box

Vendor: CA Technologies

Vendor: CDS

Vendor: CHCOM

Vendor: Check Point

Vendor: Cisco ACS

Vendor: Cisco Unified Communications Manager

Vendor: Cisco

Vendor: Citrix

Vendor: Claroty

Vendor: Clearsense

Vendor: Click Studios

Vendor: Cloudflare

Vendor: Code42

Vendor: Cohesity

Vendor: CrowdStrike

Vendor: CyberArk

Vendor: Cylance

Vendor: Darktrace

Vendor: DataWatch Systems

Vendor: Delinea

Vendor: Dell

Vendor: Digital Guardian

Vendor: Dropbox

Vendor: Dtex Systems

Vendor: Duo Access

Vendor: ESET

Vendor: ESector

Vendor: Entrust

Vendor: Envoy

Vendor: Epic

Vendor: Event Viewer - Security

Vendor: Exabeam

Vendor: Extreme Networks

Vendor: F-Secure

Vendor: F5

Vendor: FTP

Vendor: Forcepoint

Vendor: Forescout

Vendor: Fortinet

Vendor: Generic Badge Access

Vendor: GitHub

Vendor: GoAnywhere

Vendor: Google

Vendor: HP

Vendor: HashiCorp

Vendor: HelpSystems

Vendor: Honeywell

Vendor: Huawei

Vendor: IBM

Vendor: Identiv

Vendor: Imperva

Vendor: Imprivata