| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 85 | 29 | 8 | 3 | 0 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Compromised Credentials | database-login ↳amd-p-csv-network-notification-success-flowdelete |
T1213 - Data from Information Repositories |
|
| Cryptomining | network-connection-failed ↳amd-p-csv-network-session-flowcreate network-connection-successful ↳amd-p-csv-network-session-flowcreate |
T1496 - Resource Hijacking |
|
| Data Access | database-login ↳amd-p-csv-network-notification-success-flowdelete |
T1213 - Data from Information Repositories |
|
| Lateral Movement | network-connection-failed ↳amd-p-csv-network-session-flowcreate network-connection-successful ↳amd-p-csv-network-session-flowcreate |
T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Malware | network-connection-failed ↳amd-p-csv-network-session-flowcreate network-connection-successful ↳amd-p-csv-network-session-flowcreate |
TA0011 - TA0011 |
|
| Ransomware | network-connection-failed ↳amd-p-csv-network-session-flowcreate network-connection-successful ↳amd-p-csv-network-session-flowcreate |
TA0011 - TA0011 |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Exploit Public Fasing Application |
Data from Information Repositories |
Proxy: Multi-hop Proxy Application Layer Protocol Proxy |
Exfiltration Over Alternative Protocol |
Resource Hijacking |