Vendor: pfSense

Product: pfSense

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
75	24	7	2	1

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Cryptomining	network-connection-failed ↳pfsense-p-csv-network-traffic-fail-block-1 ↳pfsense-p-csv-network-traffic-fail-block network-connection-successful ↳pfsense-p-csv-network-traffic-success-match	T1496 - Resource Hijacking	1 Rules
Lateral Movement	network-connection-failed ↳pfsense-p-csv-network-traffic-fail-block-1 ↳pfsense-p-csv-network-traffic-fail-block network-connection-successful ↳pfsense-p-csv-network-traffic-success-match	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
Malware	network-connection-failed ↳pfsense-p-csv-network-traffic-fail-block-1 ↳pfsense-p-csv-network-traffic-fail-block network-connection-successful ↳pfsense-p-csv-network-traffic-success-match	TA0011 - TA0011	6 Rules
Ransomware	network-connection-failed ↳pfsense-p-csv-network-traffic-fail-block-1 ↳pfsense-p-csv-network-traffic-fail-block network-connection-successful ↳pfsense-p-csv-network-traffic-success-match	TA0011 - TA0011	2 Rules

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Exploit Public Fasing Application									Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol	Resource Hijacking