| Use-Case | Activity Type (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Malware | dns-request:success (dns-query) ↳extrahop-revealx-json-dns-request-success-dnsquery alert-trigger:success (network-alert) ↳extrahop-revealx-json-alert-trigger-success-dnsnames alert-trigger:success (security-alert) ↳extrahop-revealx-json-alert-trigger-success-detection ↳extrahop-revealx-json-alert-trigger-success-sec-1 ↳extrahop-revealx-cef-alert-trigger-success-riskscore ↳extrahop-revealx-json-alert-trigger-success-sec |
T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0002 - TA0002 |
|