Vendor: F5 Product: F5 BIG-IP Rules Models MITRE ATT&CK® TTPs Activity Types Parsers 231 103 38 7 9 Use-Case Activity Types/Parsers MITRE ATT&CK® TTP Content Abnormal Authentication & Access authentication-failed ↳f5-bigip-kv-endpoint-login-fail-accessdenied ↳f5-bigip-kv-http-response-success-httpresponse nac-logon ↳f5-bigip-str-app-activity-restserver remote-logon ↳f5-bigip-kv-configuration-modify-audit vpn-login ↳f5-bigip-str-vpn-success-sessionsslcert ↳f5-bigip-kv-vpn-login-success-started vpn-logout ↳f5-bigip-kv-vpn-logout-success-closed ↳f5-bigip-str-vpn-success-sessionsslcert web-activity-denied ↳f5-bigip-kv-app-notification-success-01490128 ↳f5-bigip-kv-app-notification-success-01490248 ↳f5-bigip-kv-app-notification-success-01490157 ↳f5-bigip-kv-app-notification-success-vpn ↳f5-bigip-kv-app-notification-success-01490517 ↳f5-bigip-kv-app-notification-success-01490008 ↳f5-bigip-kv-vpn-logout-success-01490115 T1021 - Remote ServicesT1071.001 - Application Layer Protocol: Web ProtocolsT1078 - Valid AccountsT1078.002 - T1078.002T1078.003 - Valid Accounts: Local AccountsT1133 - External Remote Services 59 Rules24 Models Account Manipulation vpn-logout ↳f5-bigip-kv-vpn-logout-success-closed ↳f5-bigip-str-vpn-success-sessionsslcert T1098.002 - Account Manipulation: Exchange Email Delegate PermissionsT1484 - Group Policy Modification 7 Rules7 Models Brute Force Attack vpn-logout ↳f5-bigip-kv-vpn-logout-success-closed ↳f5-bigip-str-vpn-success-sessionsslcert T1110 - Brute Force 1 Rules1 Models Data Access vpn-logout ↳f5-bigip-kv-vpn-logout-success-closed ↳f5-bigip-str-vpn-success-sessionsslcert T1078 - Valid AccountsT1110 - Brute Force 2 Rules2 Models Physical Security vpn-login ↳f5-bigip-str-vpn-success-sessionsslcert ↳f5-bigip-kv-vpn-login-success-started T1133 - External Remote Services 1 Rules1 Models Privilege Escalation remote-logon ↳f5-bigip-kv-configuration-modify-audit vpn-logout ↳f5-bigip-kv-vpn-logout-success-closed ↳f5-bigip-str-vpn-success-sessionsslcert T1078 - Valid AccountsT1098.002 - Account Manipulation: Exchange Email Delegate PermissionsT1555.005 - T1555.005 7 Rules6 Models Next Page -->> MITRE ATT&CK® Framework for Enterprise Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Phishing: Spearphishing LinkExternal Remote ServicesValid AccountsDrive-by CompromiseExploit Public Fasing ApplicationPhishing User Execution External Remote ServicesValid AccountsHijack Execution FlowAccount ManipulationBoot or Logon Autostart ExecutionAccount Manipulation: Exchange Email Delegate Permissions Valid AccountsExploitation for Privilege EscalationHijack Execution FlowGroup Policy ModificationBoot or Logon Autostart Execution Group Policy ModificationValid AccountsModify RegistryUse Alternate Authentication MaterialUse Alternate Authentication Material: Pass the HashUse Alternate Authentication Material: Pass the TicketHijack Execution FlowValid Accounts: Local Accounts Brute ForceSteal or Forge Kerberos TicketsCredentials from Password StoresSteal or Forge Kerberos Tickets: Kerberoasting Remote System Discovery Remote ServicesUse Alternate Authentication MaterialInternal Spearphishing Web ServiceApplication Layer Protocol: Web ProtocolsDynamic ResolutionDynamic Resolution: Domain Generation AlgorithmsProxy: Multi-hop ProxyApplication Layer ProtocolProxy Exfiltration Over Alternative ProtocolExfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolExfiltration Over Physical Medium: Exfiltration over USBExfiltration Over Physical MediumExfiltration Over Web Service: Exfiltration to Cloud StorageExfiltration Over Web Service Resource Hijacking