Product: MSSQL
Use-Case: Lateral Movement
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 5 | 0 | 4 | 4 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| app-login | T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost: User authentication or login from a known TOR IP |
|
| authentication-failed | T1078 - Valid Accounts ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP |
|
| failed-app-login | T1078 - Valid Accounts ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP |
|
| process-network-failed | T1190 - Exploit Public Fasing Application ↳ A-NETF-Log4j-IP: There was a failed attempt to access this asset by an external IP associated with Log4j exploit T1090.003 - Proxy: Multi-hop Proxy ↳ A-NETF-TOR-Outbound: Outbound failed connection to a known TOR IP TA0011 - TA0011 ↳ A-NETF-TI-IP-Outbound: Outbound failed connection to a known malicious IP |