Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 10.7 KB

ds_imperva_imperva_securesphere.md

File metadata and controls

21 lines (19 loc) · 10.7 KB

Vendor: Imperva

Product: Imperva SecureSphere

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
132 57 10 7 23
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access app-login:success (app-login)
imperva-securesphere-cef-app-login-success-userloggedin
imperva-securesphere-cef-database-auditdam

app-login:fail (failed-app-login)
imperva-securesphere-cef-app-login-fail-loginfailed
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Compromised Credentials app-login:success (app-login)
imperva-securesphere-cef-app-login-success-userloggedin
imperva-securesphere-cef-database-auditdam

alert-trigger:success (database-alert)
imperva-securesphere-cef-alert-trigger-success-servergroup
imperva-securesphere-kv-alert-trigger-success-sql
imperva-securesphere-cef-alert-trigger-success-alert
imperva-securesphere-kv-alert-trigger-success-alert
imperva-securesphere-leef-alert-trigger-success-description
imperva-securesphere-kv-alert-trigger-success-violateditem
imperva-securesphere-kv-alert-trigger-success-servergroup
imperva-securesphere-leef-alert-trigger-success-alertdescription

database-login:success (database-login)
imperva-securesphere-cef-database-login-success-login-2
imperva-securesphere-kv-database-login-success-login
imperva-securesphere-kv-database-login-success-login-1
imperva-securesphere-kv-database-login-success-userauth
imperva-securesphere-leef-database-login-success-valid
imperva-securesphere-cef-database-login-success-logged-in
imperva-securesphere-kv-database-login-success-sqlerror
imperva-securesphere-json-database-query-success-sqlerror
imperva-securesphere-kv-database-login-fail-login

database-query:success (database-query)
imperva-securesphere-kv-database-query-success-databasequery
imperva-securesphere-kv-database-query-success-query-1
imperva-securesphere-kv-database-query-success-query
imperva-securesphere-json-database-query-success-parsedquery
imperva-securesphere-cef-database-query-success-true
imperva-securesphere-leef-database-query-success-query
imperva-securesphere-cef-database-query-success-informative
imperva-securesphere-kv-database-login-success-sqlerror
imperva-securesphere-cef-database-query-success-securesphere
imperva-securesphere-cef-database-auditdam
imperva-securesphere-json-database-query-success-sqlerror

app-login:fail (failed-app-login)
imperva-securesphere-cef-app-login-fail-loginfailed

alert-trigger:success (network-alert)
imperva-securesphere-cef-alert-trigger-success-servergroup

alert-trigger:success (security-alert)
imperva-securesphere-kv-alert-trigger-success-alertinfo
imperva-securesphere-kv-alert-trigger-success-securespherealert
 T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
T1213 - Data from Information Repositories
  • 105 Rules
  • 53 Models
Privilege Abuse app-login:success (app-login)
imperva-securesphere-cef-app-login-success-userloggedin
imperva-securesphere-cef-database-auditdam

app-login:fail (failed-app-login)
imperva-securesphere-cef-app-login-fail-loginfailed
 T1078 - Valid Accounts
  • 2 Rules
Ransomware app-login:success (app-login)
imperva-securesphere-cef-app-login-success-userloggedin
imperva-securesphere-cef-database-auditdam

app-login:fail (failed-app-login)
imperva-securesphere-cef-app-login-fail-loginfailed
 T1078 - Valid Accounts
  • 2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Data from Information Repositories

 Proxy: Multi-hop Proxy

Proxy