Vendor: Airlock

Product: Airlock Allowlisting

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
61	28	5	1	1

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Account Manipulation	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Compromised Credentials	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts T1133 - External Remote Services	42 Rules 26 Models
Data Access	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts	22 Rules 13 Models
Data Leak	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Lateral Movement	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Malware	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts	1 Rules
Privilege Abuse	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	7 Rules 3 Models
Privilege Escalation	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts	3 Rules 2 Models
Ransomware	app-activity ↳airlock-allowlisting-str-app-activity-success-serveractivity ↳airlock-allowlisting-str-app-activity-success-fileactivity	T1078 - Valid Accounts	1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts		External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts	Valid Accounts				Email Collection Email Collection: Email Forwarding Rule	Proxy: Multi-hop Proxy Proxy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_airlock_airlock_allowlisting.md

ds_airlock_airlock_allowlisting.md

Vendor: Airlock

Product: Airlock Allowlisting

MITRE ATT&CK® Framework for Enterprise

Files

ds_airlock_airlock_allowlisting.md

Latest commit

History

ds_airlock_airlock_allowlisting.md

File metadata and controls

Vendor: Airlock

Product: Airlock Allowlisting

MITRE ATT&CK® Framework for Enterprise