Vendor: Cloudflare

Product: Cloudflare WAF

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
152	56	26	5	5

Use-Case	Activity Types (Legacy Event Type)/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	http-traffic:success (web-activity-allowed) ↳cloudflare-waf-cef-http-session-success-securityactions-1 ↳cloudflare-waf-cef-http-session-firewall ↳cloudflare-waf-json-http-session-firewallmatchesactions ↳cloudflare-waf-sk4-http-session-firewallmatchesactions ↳cloudflare-waf-cef-http-session-success-securityactions ↳cloudflare-waf-cef-http-session-clientip http-session:fail (web-activity-denied) ↳cloudflare-waf-cef-http-session-firewall ↳cloudflare-waf-json-http-session-firewallmatchesactions ↳cloudflare-waf-sk4-http-session-firewallmatchesactions ↳cloudflare-waf-cef-http-session-clientip	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Compromised Credentials	alert-trigger:success (network-alert) ↳cloudfare-waf-sk4-alert-trigger-success-firewall http-traffic:success (web-activity-allowed) ↳cloudflare-waf-cef-http-session-success-securityactions-1 ↳cloudflare-waf-cef-http-session-firewall ↳cloudflare-waf-json-http-session-firewallmatchesactions ↳cloudflare-waf-sk4-http-session-firewallmatchesactions ↳cloudflare-waf-cef-http-session-success-securityactions ↳cloudflare-waf-cef-http-session-clientip http-session:fail (web-activity-denied) ↳cloudflare-waf-cef-http-session-firewall ↳cloudflare-waf-json-http-session-firewallmatchesactions ↳cloudflare-waf-sk4-http-session-firewallmatchesactions ↳cloudflare-waf-cef-http-session-clientip	T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	61 Rules 31 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	Valid Accounts	Valid Accounts	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information			Internal Spearphishing		Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over C2 Channel Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_cloudflare_cloudflare_waf.md

ds_cloudflare_cloudflare_waf.md

Vendor: Cloudflare

Product: Cloudflare WAF

MITRE ATT&CK® Framework for Enterprise

Files

ds_cloudflare_cloudflare_waf.md

Latest commit

History

ds_cloudflare_cloudflare_waf.md

File metadata and controls

Vendor: Cloudflare

Product: Cloudflare WAF

MITRE ATT&CK® Framework for Enterprise