uc_lateral_movement.md

Use Case: Lateral Movement

Vendor: AMD

Product	MITRE ATT&CK® TTP	Content
Pensando	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models

Vendor: APC

Product	MITRE ATT&CK® TTP	Content
APC	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules

Vendor: AVI Networks

Product	MITRE ATT&CK® TTP	Content
Avi Networks Software Load Balancer	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Absolute

Product	MITRE ATT&CK® TTP	Content
Absolute SIEM Connector	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Accellion

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Airlock

Product	MITRE ATT&CK® TTP	Content
Airlock Allowlisting	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Airlock Security Access Hub	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	74 Rules 24 Models

Vendor: Akamai

Product	MITRE ATT&CK® TTP	Content
Akamai SIEM	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Cloud Akamai	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: AlgoSec

Product	MITRE ATT&CK® TTP	Content
AlgoSec Firewall Analyzer	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS CloudTrail	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
AWS CloudWatch	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	60 Rules 24 Models
AWS GuardDuty	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules
AWS WAF	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	12 Rules

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Apache Guacamole	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Apache Subversion	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Apache Tomcat	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Arista Networks

Product	MITRE ATT&CK® TTP	Content
Awake Security	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: AssetView

Product	MITRE ATT&CK® TTP	Content
AssetView	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Attivo

Product	MITRE ATT&CK® TTP	Content
BOTsink	T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	48 Rules 21 Models

Vendor: Auth0

Product	MITRE ATT&CK® TTP	Content
Auth0	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	59 Rules 21 Models

Vendor: Avaya

Product	MITRE ATT&CK® TTP	Content
Avaya Ethernet Routing Switch	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Axway

Product	MITRE ATT&CK® TTP	Content
Axway Gateway	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Cloudgen Firewall	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	131 Rules 45 Models
Barracuda Email Security Gateway	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Barracuda WAF	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondInsight	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	24 Rules 1 Models
BeyondTrust	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002	24 Rules 1 Models
BeyondTrust Privileged Identity	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
BeyondTrust Secure Remote Access	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Bitdefender

Product	MITRE ATT&CK® TTP	Content
GravityZone	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules

Vendor: Bitglass

Product	MITRE ATT&CK® TTP	Content
Bitglass CASB	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Box

Product	MITRE ATT&CK® TTP	Content
Box Cloud Content Management	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Broadcom

Product	MITRE ATT&CK® TTP	Content
z/OS	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: CA Technologies

Product	MITRE ATT&CK® TTP	Content
CA Privileged Access Manager Server Control	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	47 Rules 20 Models

Vendor: CDS

Product	MITRE ATT&CK® TTP	Content
CDS	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	58 Rules 21 Models

Vendor: CHCOM

Product	MITRE ATT&CK® TTP	Content
CHCOM	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Anti-Malware	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Check Point Avanan	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Check Point Identity Awareness	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	73 Rules 24 Models
Check Point NGFW	T1018 - Remote System Discovery T1021 - Remote Services T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	135 Rules 49 Models
Check Point Security Gateway	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	12 Rules 5 Models
Check Point Threat Emulation	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
AnyConnect	T1021 - Remote Services T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	83 Rules 29 Models
Cisco	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Cisco ACI	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Cisco ACS	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	23 Rules 1 Models
Cisco Adaptive Security Appliance	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	134 Rules 47 Models
Cisco Cloud Web Security	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Cisco Cognitive Threat Analytics	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Cisco Firepower	T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	113 Rules 30 Models
Cisco IOS	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0011 - TA0011	76 Rules 21 Models
Cisco ISE	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	63 Rules 23 Models
Cisco Meraki MX appliance	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	12 Rules
Cisco Netflow	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	59 Rules 24 Models
Cisco PIX	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Cisco Secure Cloud Analytics	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	59 Rules 24 Models
Cisco Secure Endpoint	T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	7 Rules 2 Models
Cisco Secure Web Appliance	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Cisco SourceFire	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Cisco Umbrella	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Cisco Unified Communications Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Duo Access	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	10 Rules
IronPort Email	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Gateway	T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002	31 Rules 4 Models
Citrix ShareFile	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Citrix Virtual Apps	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	47 Rules 20 Models
Citrix Web App Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	78 Rules 24 Models

Vendor: Claroty

Product	MITRE ATT&CK® TTP	Content
CTD	T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	14 Rules 1 Models
Claroty	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Clearsense

Product	MITRE ATT&CK® TTP	Content
Clearsense	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Click Studios

Product	MITRE ATT&CK® TTP	Content
Passwordstate	T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	54 Rules 20 Models

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare Insights	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Cloudflare WAF	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	78 Rules 24 Models

Vendor: Code42

Product	MITRE ATT&CK® TTP	Content
Code42 Incydr	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Cofense

Product	MITRE ATT&CK® TTP	Content
Cofense Phishme	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: CrowdStrike

Product	MITRE ATT&CK® TTP	Content
Falcon	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	131 Rules 47 Models

Vendor: CyberArk

Product	MITRE ATT&CK® TTP	Content
Cyberark Endpoint Protection Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Cyberark Privilege Access Management	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	67 Rules 21 Models

Vendor: Cybereason

Product	MITRE ATT&CK® TTP	Content
Cybereason	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Cylance

Product	MITRE ATT&CK® TTP	Content
Cylance PROTECT	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: DXC

Product	MITRE ATT&CK® TTP	Content
DXC Technology	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Damballa

Product	MITRE ATT&CK® TTP	Content
Damballa Failsafe	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Darktrace

Product	MITRE ATT&CK® TTP	Content
Darktrace	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Delinea

Product	MITRE ATT&CK® TTP	Content
Centrify Authentication Service	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Centrify Infrastructure Services	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	22 Rules 1 Models
Centrify Zero Trust Privilege Services	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
EMC Isilon	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
RSA Authentication Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Sonicwall	T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	65 Rules 23 Models

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	73 Rules 22 Models

Vendor: Dropbox

Product	MITRE ATT&CK® TTP	Content
Dropbox	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	8 Rules 3 Models

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0011 - TA0011	31 Rules 1 Models

Vendor: ESET

Product	MITRE ATT&CK® TTP	Content
ESET Endpoint Security	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules

Vendor: Entrust

Product	MITRE ATT&CK® TTP	Content
Entrust Identity Enterprise	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Epic

Product	MITRE ATT&CK® TTP	Content
Epic SIEM	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Exabeam

Product	MITRE ATT&CK® TTP	Content
Advanced Analytics	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Audit Log	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Correlation Rule	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Search	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Extrahop

Product	MITRE ATT&CK® TTP	Content
Extrahop Reveal(x)	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Extreme Networks

Product	MITRE ATT&CK® TTP	Content
ExtremeCloud IQ	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	8 Rules
Zebra WLAN Management	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: F-Secure

Product	MITRE ATT&CK® TTP	Content
F-Secure Policy Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
BIG-IP F5 LBR	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
F5	T1021 - Remote Services T1078 - Valid Accounts	4 Rules 2 Models
F5 Access Policy Manager	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	9 Rules 3 Models
F5 Advanced Firewall Manager	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	50 Rules 21 Models
F5 Advanced Web Application Firewall	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	95 Rules 25 Models
F5 Application Security Manager	T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	6 Rules 2 Models
F5 BIG-IP	T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	65 Rules 25 Models
F5 BIG-IP DNS	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules
F5 Local Traffic Manager	T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	48 Rules 21 Models
F5 Silverline	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: FTP

Product	MITRE ATT&CK® TTP	Content
FTP	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Fast Enterprises

Product	MITRE ATT&CK® TTP	Content
Fast Enterprises GenTax	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: FileAuditor

Product	MITRE ATT&CK® TTP	Content
FileAuditor	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: FireEye

Product	MITRE ATT&CK® TTP	Content
FireEye CMS	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
FireEye ETP	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
FireEye Endpoint Security (HX)	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
FireEye Web MPS	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint CASB	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Forcepoint Next-Gen Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	73 Rules 24 Models
Websense Security Gateway	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: Forescout

Product	MITRE ATT&CK® TTP	Content
EyeInspect	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Forescout CounterACT	T1021 - Remote Services T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	53 Rules 23 Models

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
EnSilo	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
FortiGate	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	56 Rules 21 Models
Fortinet Enterprise Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
Fortinet UTM	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	13 Rules
Fortinet VPN	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	8 Rules 3 Models
Fortiweb Web Application Firewall	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: GTB

Product	MITRE ATT&CK® TTP	Content
GTB Technologies DLP	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Gamma

Product	MITRE ATT&CK® TTP	Content
Gamma	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Gigamon

Product	MITRE ATT&CK® TTP	Content
GigaVUE-HC2	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	8 Rules

Vendor: GitHub

Product	MITRE ATT&CK® TTP	Content
GitHub	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: GoAnywhere

Product	MITRE ATT&CK® TTP	Content
GoAnywhere MFT	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	58 Rules 21 Models

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
Google Cloud Platform	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Google Workspace	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	10 Rules

Vendor: HP

Product	MITRE ATT&CK® TTP	Content
Aruba ClearPass Policy Manager	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	6 Rules 2 Models
Aruba Mobility Master	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Aruba Wireless controller	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	5 Rules 2 Models
HP Virtual Connect Enterprise Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
HP iLO	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules
HPE 3PAR StoreServ	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
HPE Comware	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	23 Rules 1 Models

Vendor: HashiCorp

Product	MITRE ATT&CK® TTP	Content
HashiCorp Vault	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: HelpSystems

Product	MITRE ATT&CK® TTP	Content
Powertech Identity and Access Manager	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	22 Rules 1 Models

Vendor: Hornet

Product	MITRE ATT&CK® TTP	Content
Hornetsecurity Cloud Email Security Services	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Huawei

Product	MITRE ATT&CK® TTP	Content
Huawei Enterprise Network Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
Huawei Unified Security Gateway	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	23 Rules 1 Models

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
DB2	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
HCL Notes	T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	49 Rules 21 Models
IBM Datapower	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
IBM Mainframe	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	24 Rules 1 Models
IBM Resource Access Control Facility	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
IBM Sense	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Sterling B2B Integrator	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: IMSS

Product	MITRE ATT&CK® TTP	Content
IMSS	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: IPTables

Product	MITRE ATT&CK® TTP	Content
IPTables FW	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models

Vendor: Illumio

Product	MITRE ATT&CK® TTP	Content
Illumio Core	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva Incapsula	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	12 Rules
Imperva SecureSphere	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Imprivata

Product	MITRE ATT&CK® TTP	Content
Imprivata	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules

Vendor: Infoblox

Product	MITRE ATT&CK® TTP	Content
BloxOne DDI	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models
Infoblox NIOS	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Ipswitch

Product	MITRE ATT&CK® TTP	Content
MoveIt Transfer	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Pulse Secure	T1021 - Remote Services T1048 - Exfiltration Over Alternative Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	42 Rules 13 Models

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper Advanced Threat Protection	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Juniper SRX Series	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	74 Rules 24 Models
Junos OS	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0011 - TA0011	31 Rules 1 Models

Vendor: Kaspersky

Product	MITRE ATT&CK® TTP	Content
Kaspersky Endpoint Security for Business	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Kemp

Product	MITRE ATT&CK® TTP	Content
Kemp LoadMaster	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	80 Rules 24 Models

Vendor: LastPass

Product	MITRE ATT&CK® TTP	Content
LastPass	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: LiquidFiles

Product	MITRE ATT&CK® TTP	Content
LiquidFiles	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: LogRhythm

Product	MITRE ATT&CK® TTP	Content
LogRhythm	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Magento

Product	MITRE ATT&CK® TTP	Content
Magento WAF	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Malwarebytes

Product	MITRE ATT&CK® TTP	Content
Malwarebytes Endpoint Detection and Response	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Malwarebytes Endpoint Protection	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Malwarebytes Incident Response	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: ManageEngine

Product	MITRE ATT&CK® TTP	Content
ADAuditPlus	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
PAM360	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: MariaDB

Product	MITRE ATT&CK® TTP	Content
MariaDB	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: MasterSAM

Product	MITRE ATT&CK® TTP	Content
MasterSAM PAM	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
McAfee Application Control	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
McAfee Endpoint Security	T1018 - Remote System Discovery T1021 - Remote Services T1021.003 - T1021.003 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	50 Rules 21 Models
McAfee Network Security Platform	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
McAfee Web Gateway	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
McAfee ePolicy Orchestrator	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Skyhigh Networks CASB	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Active Directory Federation Services	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	9 Rules
Azure	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Azure AD Activity Logs	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules
Azure AD Identity Protection	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Azure AD Sign-In Logs	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Azure ATP	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Azure MFA	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Azure Monitor	T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	79 Rules 26 Models
Azure Monitor - VM Insights	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	22 Rules 1 Models
Azure Sentinel	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Event Viewer - ADFS	T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	55 Rules 20 Models
Event Viewer - Application	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	6 Rules 2 Models
Event Viewer - Applocker	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - AzureADPasswordProtection-DCAgent	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Event Viewer - CertificateServicesClient	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - DFS-Replication	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - DHCP-Server	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Event Viewer - DNSServer	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	23 Rules 1 Models
Event Viewer - Directory-Service	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - Kernel-IO	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - KnownFolders	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - Licensing-Platform	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - LiveId	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Event Viewer - NPS	T1021 - Remote Services T1078 - Valid Accounts	4 Rules 2 Models
Event Viewer - NTLM	T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	13 Rules 1 Models
Event Viewer - PowerShell	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	24 Rules 1 Models
Event Viewer - Security	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	171 Rules 57 Models
Event Viewer - System	T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0011 - TA0011	36 Rules 3 Models
Event Viewer - TerminalServices-Gateway	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
M365 Audit Logs	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
MSSQL	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	5 Rules
Microsoft 365	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	25 Rules 1 Models
Microsoft Advanced Threat Analytics	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Microsoft CAS	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Microsoft Defender for Cloud	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Microsoft Defender for Endpoint	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	140 Rules 46 Models
Microsoft Exchange	T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	15 Rules 2 Models
Microsoft IIS	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Microsoft Network Policy Server	T1021 - Remote Services T1078 - Valid Accounts	4 Rules 2 Models
Microsoft RRAS	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Network Security Group Flow Logs	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
Sysmon	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	119 Rules 44 Models
Windows	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	84 Rules 23 Models
Windows Defender Application Control	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Secure Email Gateway	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Mimecast Targeted Threat Protection - URL	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: MobileIron

Product	MITRE ATT&CK® TTP	Content
MobileIron	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: MuleSoft

Product	MITRE ATT&CK® TTP	Content
MuleSoft	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: NCP

Product	MITRE ATT&CK® TTP	Content
NCP	T1021 - Remote Services T1078 - Valid Accounts T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	7 Rules 3 Models

Vendor: NNT

Product	MITRE ATT&CK® TTP	Content
NNT ChangeTracker	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Nagios

Product	MITRE ATT&CK® TTP	Content
Nagios	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: NetApp

Product	MITRE ATT&CK® TTP	Content
NetApp	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: NetIQ

Product	MITRE ATT&CK® TTP	Content
Micro Focus NetIQ Identity Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	125 Rules 44 Models

Vendor: Netwrix

Product	MITRE ATT&CK® TTP	Content
Netwrix Auditor	T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	14 Rules 1 Models

Vendor: Nortel Contivity

Product	MITRE ATT&CK® TTP	Content
Nortel Contivity VPN	T1021 - Remote Services T1078 - Valid Accounts T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	7 Rules 3 Models

Vendor: Novell

Product	MITRE ATT&CK® TTP	Content
eDirectory	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Nozomi Networks

Product	MITRE ATT&CK® TTP	Content
Nozomi Networks Guardian	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: OSSEC

Product	MITRE ATT&CK® TTP	Content
OSSEC	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Okta

Product	MITRE ATT&CK® TTP	Content
Okta Adaptive MFA	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules

Vendor: Onapsis

Product	MITRE ATT&CK® TTP	Content
Onapsis	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: OneLogin

Product	MITRE ATT&CK® TTP	Content
OneLogin	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: OneSpan

Product	MITRE ATT&CK® TTP	Content
Digipass for Apps	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	5 Rules 2 Models

Vendor: OneWelcome

Product	MITRE ATT&CK® TTP	Content
OneWelcome Cloud Identity Platform	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Open VPN

Product	MITRE ATT&CK® TTP	Content
Open VPN	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	8 Rules 3 Models

Vendor: OpenDJ

Product	MITRE ATT&CK® TTP	Content
OpenDJ	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Oracle

Product	MITRE ATT&CK® TTP	Content
Oracle Access Management	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Oracle Database	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models
Oracle Public Cloud	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	61 Rules 24 Models

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
GlobalProtect	T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	20 Rules 3 Models
Palo Alto Aperture	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Palo Alto NGFW	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	144 Rules 48 Models
Palo Alto WildFire	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Prisma Cloud	T1021.001 - Remote Services: Remote Desktop Protocol T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	14 Rules 1 Models
Traps Endpoint Security Manager	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Password Manager Pro

Product	MITRE ATT&CK® TTP	Content
Password Manager Pro	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Ping Identity

Product	MITRE ATT&CK® TTP	Content
Ping Identity	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
PingOne	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Progress

Product	MITRE ATT&CK® TTP	Content
Progress Database	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	23 Rules 1 Models
Proofpoint Email Protection	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models
Proofpoint Enterprise Protection	T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	47 Rules 20 Models

Vendor: QUSH

Product	MITRE ATT&CK® TTP	Content
Reveal	T1018 - Remote System Discovery T1021 - Remote Services T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0011 - TA0011	58 Rules 22 Models

Vendor: Quest Software

Product	MITRE ATT&CK® TTP	Content
Quest Change Auditor for Active Directory	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: RSA

Product	MITRE ATT&CK® TTP	Content
RSA Adaptive Authentication	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
RSA ECAT	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
RSA NetWitness Platform	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	59 Rules 24 Models
SecurID	T1021 - Remote Services T1078 - Valid Accounts T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	7 Rules 3 Models

Vendor: RStudio

Product	MITRE ATT&CK® TTP	Content
RStudio Server	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Radware

Product	MITRE ATT&CK® TTP	Content
Alteon	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: RangerAudit

Product	MITRE ATT&CK® TTP	Content
RangerAudit	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Rapid7

Product	MITRE ATT&CK® TTP	Content
Rapid7 InsightVM	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Riverbed Steelhead

Product	MITRE ATT&CK® TTP	Content
Riverbed Steelhead	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Rsyslogd-Pstats

Product	MITRE ATT&CK® TTP	Content
Rsyslogd-Pstats	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Rubrik

Product	MITRE ATT&CK® TTP	Content
Rubrik Cloud Data Management	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Ruckus

Product	MITRE ATT&CK® TTP	Content
Ruckus	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Rundeck

Product	MITRE ATT&CK® TTP	Content
Rundeck	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: SAP

Product	MITRE ATT&CK® TTP	Content
SAP	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	47 Rules 20 Models
SuccessFactors	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: SIGSCI

Product	MITRE ATT&CK® TTP	Content
SIGSCI	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: Safenet

Product	MITRE ATT&CK® TTP	Content
Thales	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Sailpoint

Product	MITRE ATT&CK® TTP	Content
IdentityNow	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Salesforce

Product	MITRE ATT&CK® TTP	Content
Salesforce	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: SecurEnvoy

Product	MITRE ATT&CK® TTP	Content
SecureEnvoy Multi-Factor Authentication	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: SecureAuth

Product	MITRE ATT&CK® TTP	Content
SecureAuth IDP	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules
SecureAuth Login	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: SecureLink

Product	MITRE ATT&CK® TTP	Content
SecureLink	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: SecureNet

Product	MITRE ATT&CK® TTP	Content
SecureNet	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	8 Rules 3 Models

Vendor: Semperis

Product	MITRE ATT&CK® TTP	Content
Semperis DSP	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Event Viewer - Sentinelone	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Singularity Platform	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	149 Rules 47 Models

Vendor: ServiceNow

Product	MITRE ATT&CK® TTP	Content
ServiceNow	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Shibboleth

Product	MITRE ATT&CK® TTP	Content
Shibboleth	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Silverfort

Product	MITRE ATT&CK® TTP	Content
Silverfort Authentication Platform	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: SiteMinder

Product	MITRE ATT&CK® TTP	Content
Symantec SiteMinder	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0011 - TA0011	40 Rules 5 Models

Vendor: Skyformation

Product	MITRE ATT&CK® TTP	Content
Skyformation	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos Endpoint Protection	T1018 - Remote System Discovery T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	72 Rules 30 Models
Sophos UTM	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules
Sophos XG Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	73 Rules 24 Models

Vendor: Squid

Product	MITRE ATT&CK® TTP	Content
Squid	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	11 Rules

Vendor: StealthBits

Product	MITRE ATT&CK® TTP	Content
StealthBits Stealth Defend	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: SunOne

Product	MITRE ATT&CK® TTP	Content
SunOne	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Swift

Product	MITRE ATT&CK® TTP	Content
Swift	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Swivel

Product	MITRE ATT&CK® TTP	Content
Swivel	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Sybase

Product	MITRE ATT&CK® TTP	Content
Sybase	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec Advanced Threat Protection	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	24 Rules 1 Models
Symantec Content Analysis System	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Symantec Critical System Protection	T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	13 Rules 1 Models
Symantec DLP	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Symantec Email Security	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Symantec Endpoint Protection	T1021 - Remote Services T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	78 Rules 26 Models
Symantec Managed Security Services	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Symantec VIP	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Symantec Web Security Service	T1048 - Exfiltration Over Alternative Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	33 Rules 10 Models

Vendor: Tanium

Product	MITRE ATT&CK® TTP	Content
Tanium Cloud Platform	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Tanium Core Platform	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002	25 Rules 1 Models
Tanium Integrity Monitor	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	94 Rules 25 Models
Tanium Threat Response	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models

Vendor: Tenable.io

Product	MITRE ATT&CK® TTP	Content
Tenable.io	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Thales Group

Product	MITRE ATT&CK® TTP	Content
Gemalto MFA	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: ThreatBlockr

Product	MITRE ATT&CK® TTP	Content
ThreatBlockr	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
Deep Discovery Inspector	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules
Deep Security	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	74 Rules 24 Models
OfficeScan	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	10 Rules
Trend Micro ScanMail	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1090.003 - Proxy: Multi-hop Proxy	2 Rules
Vision One	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Tufin

Product	MITRE ATT&CK® TTP	Content
Tufin SecureTrack	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Tyco

Product	MITRE ATT&CK® TTP	Content
CCURE Building Management System	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Auditbeat	T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	81 Rules 26 Models
Unix	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	116 Rules 34 Models
Unix Auditd	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1078 - Valid Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting T1563.002 - T1563.002	86 Rules 24 Models
Unix Named	T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	6 Rules 2 Models
Unix dhcpd	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
rsyslog	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: VBCorp

Product	MITRE ATT&CK® TTP	Content
VBCorp	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: VMware

Product	MITRE ATT&CK® TTP	Content
Carbon Black App Control	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1563.002 - T1563.002	25 Rules 1 Models
Carbon Black CES	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1047 - Windows Management Instrumentation T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0010 - TA0010 TA0011 - TA0011	72 Rules 22 Models
Carbon Black EDR	T1021.001 - Remote Services: Remote Desktop Protocol T1021.003 - T1021.003 T1021.006 - T1021.006 T1047 - Windows Management Instrumentation T1048 - Exfiltration Over Alternative Protocol T1059.001 - Command and Scripting Interperter: PowerShell T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services T1219 - Remote Access Software T1563.002 - T1563.002 TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	103 Rules 27 Models
Lastline	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
NSX Distributed Firewall	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
VMware AirWatch	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	3 Rules
VMware ESXi	T1018 - Remote System Discovery T1021 - Remote Services T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	46 Rules 20 Models
VMware Horizon	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
VMware Identity Manager	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules
VMware NSX	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models
VMware View	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Varonis

Product	MITRE ATT&CK® TTP	Content
Varonis Data Security Platform	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0011 - TA0011	8 Rules

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Detect	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules
Vectra Cognito Stream	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets TA0011 - TA0011	21 Rules 4 Models

Vendor: Verizon

Product	MITRE ATT&CK® TTP	Content
Verizon NDR	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: ViaScope

Product	MITRE ATT&CK® TTP	Content
ViaScope IPScan	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Watchguard

Product	MITRE ATT&CK® TTP	Content
Watchguard	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Wazuh

Product	MITRE ATT&CK® TTP	Content
Wazuh	T1021.001 - Remote Services: Remote Desktop Protocol T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets	13 Rules 1 Models

Vendor: Weblogin

Product	MITRE ATT&CK® TTP	Content
Weblogin	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Wiz

Product	MITRE ATT&CK® TTP	Content
Wiz	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Workday

Product	MITRE ATT&CK® TTP	Content
Workday	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Xceedium

Product	MITRE ATT&CK® TTP	Content
Xceedium	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Xiting

Product	MITRE ATT&CK® TTP	Content
XAMS	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	2 Rules

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1021.002 - Remote Services: SMB/Windows Admin Shares T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1110 - Brute Force T1110.003 - T1110.003 T1190 - Exploit Public Fasing Application T1550 - Use Alternate Authentication Material T1550.002 - Use Alternate Authentication Material: Pass the Hash T1550.003 - Use Alternate Authentication Material: Pass the Ticket T1558 - Steal or Forge Kerberos Tickets T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting TA0010 - TA0010 TA0011 - TA0011	159 Rules 54 Models

Vendor: Zendesk

Product	MITRE ATT&CK® TTP	Content
Zendesk	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: Zimperium

Product	MITRE ATT&CK® TTP	Content
Zimperium MTD	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	1 Rules

Vendor: Zscaler

Product	MITRE ATT&CK® TTP	Content
Zscaler Internet Access	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	78 Rules 24 Models
Zscaler Private Access	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor:

Vendor: hMail

Product	MITRE ATT&CK® TTP	Content
hMailServer	T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: iManage

Product	MITRE ATT&CK® TTP	Content
iManage	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: oVirt

Product	MITRE ATT&CK® TTP	Content
oVirt	T1090.003 - Proxy: Multi-hop Proxy	1 Rules

Vendor: pfSense

Product	MITRE ATT&CK® TTP	Content
pfSense	T1048 - Exfiltration Over Alternative Protocol T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	72 Rules 24 Models