Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 13.5 KB

ds_catonetworks_cato_cloud.md

File metadata and controls

22 lines (20 loc) · 13.5 KB

Vendor: CatoNetworks

Product: Cato Cloud

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
144 70 39 4 7
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access vpn-logout:success (vpn-logout)
catonetwork-cc-json-vpn-logout-success-disconnected
catonetwork-cc-cef-vpn-logout-success-disconnect

http-traffic:success (web-activity-allowed)
catonetwork-cc-cef-vpn-http-success-security
catonetworks-cc-json-vpn-http-success-sdp
catonetworks-cc-json-vpn-http-success-security
catonetworks-cc-json-vpn-http-success-monitor
catonetworks-cc-json-vpn-http-success-rbi

http-session:fail (web-activity-denied)
catonetwork-cc-cef-vpn-http-success-security
 T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 19 Rules
  • 8 Models
Account Manipulation vpn-logout:success (vpn-logout)
catonetwork-cc-json-vpn-logout-success-disconnected
catonetwork-cc-cef-vpn-logout-success-disconnect
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1484 - Group Policy Modification
  • 7 Rules
  • 7 Models
Brute Force Attack vpn-logout:success (vpn-logout)
catonetwork-cc-json-vpn-logout-success-disconnected
catonetwork-cc-cef-vpn-logout-success-disconnect
 T1110 - Brute Force
  • 1 Rules
  • 1 Models
Data Access vpn-logout:success (vpn-logout)
catonetwork-cc-json-vpn-logout-success-disconnected
catonetwork-cc-cef-vpn-logout-success-disconnect
 T1110 - Brute Force
  • 1 Rules
  • 1 Models
Privilege Escalation vpn-logout:success (vpn-logout)
catonetwork-cc-json-vpn-logout-success-disconnected
catonetwork-cc-cef-vpn-logout-success-disconnect
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
T1555 - Credentials from Password Stores
T1555.005 - T1555.005
  • 5 Rules
  • 5 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Exploit Public Fasing Application

Phishing

 User Execution

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

Group Policy Modification

 Group Policy Modification

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Brute Force

Steal or Forge Kerberos Tickets

Credentials from Password Stores

Steal or Forge Kerberos Tickets: Kerberoasting

 Remote Services

Internal Spearphishing

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium: Exfiltration over USB

Exfiltration Over C2 Channel

Exfiltration Over Physical Medium

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking