Skip to content

Latest commit

 

History

History
18 lines (16 loc) · 2.59 KB

ds_ibm_qradar_siem.md

File metadata and controls

18 lines (16 loc) · 2.59 KB

Vendor: IBM

Product: QRadar SIEM

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
25 11 4 1 0
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Compromised Credentials alert-trigger:success (network-alert)
ibm-qns-leef-alert-trigger-success-isnp
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1190 - Exploit Public Fasing Application
  • 21 Rules
  • 9 Models
Malware alert-trigger:success (network-alert)
ibm-qns-leef-alert-trigger-success-isnp
TA0002 - TA0002
  • 4 Rules
  • 2 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Exploit Public Fasing Application

Obfuscated Files or Information: Indicator Removal from Tools

Obfuscated Files or Information