Skip to content

Latest commit

 

History

History
21 lines (19 loc) · 12.8 KB

ds_zscaler_zscaler_internet_access.md

File metadata and controls

21 lines (19 loc) · 12.8 KB

Vendor: Zscaler

Product: Zscaler Internet Access

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
223 90 32 9 33
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access app-activity:success (app-activity)
zscaler-ia-csv-app-activity-success-nssupdate
zscaler-ia-csv-app-activity-success-policyupdate
zscaler-ia-csv-app-activity-success-nssdelete

vpn-authentication:success (authentication-successful)
zscaler-ia-csv-endpoint-login-success-signin

http-traffic:success (web-activity-allowed)
zscaler-ia-str-http-session-dlpengine
zscaler-ia-kv-http-session-zscaler
zscaler-ia-kv-http-session-zscalerclient
zscaler-ia-leef-http-session-nss
zscaler-ia-json-http-session-transactionsize
zscaler-ia-str-http-session-dlpengine-2
zscaler-ia-cef-http-session-recordid
zscaler-ia-kv-http-session-url
zscaler-ia-str-http-session-department
zscaler-ia-cef-http-session-spriv
zscaler-ia-kv-http-session-login
zscaler-ia-cef-http-session-mcafeeesm
zscaler-ia-kv-http-session-cleantransaction
zscaler-ia-kv-http-session-https
zscaler-ia-json-http-session-https
zscaler-ia-json-http-session-allowed

http-session:fail (web-activity-denied)
zscaler-ia-str-http-session-dlpengine
zscaler-ia-kv-http-session-zscaler
zscaler-ia-kv-http-session-zscalerclient
zscaler-ia-leef-http-session-nss
zscaler-ia-json-http-session-transactionsize
zscaler-ia-str-http-session-dlpengine-2
zscaler-ia-cef-http-session-recordid
zscaler-ia-kv-http-session-url
zscaler-ia-str-http-session-department
zscaler-ia-cef-http-session-spriv
zscaler-ia-kv-http-session-login
zscaler-ia-cef-http-session-mcafeeesm
zscaler-ia-kv-http-session-cleantransaction
zscaler-ia-kv-http-session-https
zscaler-ia-json-http-session-https
zscaler-ia-json-http-session-allowed
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models
Account Manipulation app-activity:success (app-activity)
zscaler-ia-csv-app-activity-success-nssupdate
zscaler-ia-csv-app-activity-success-policyupdate
zscaler-ia-csv-app-activity-success-nssdelete
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Data Access app-activity:success (app-activity)
zscaler-ia-csv-app-activity-success-nssupdate
zscaler-ia-csv-app-activity-success-policyupdate
zscaler-ia-csv-app-activity-success-nssdelete
 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Privilege Escalation app-activity:success (app-activity)
zscaler-ia-csv-app-activity-success-nssupdate
zscaler-ia-csv-app-activity-success-policyupdate
zscaler-ia-csv-app-activity-success-nssdelete
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 3 Rules
  • 1 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Exploit Public Fasing Application

Phishing

 User Execution

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

 Valid Accounts

 Internal Spearphishing

 Email Collection

Email Collection: Email Forwarding Rule

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over C2 Channel

Automated Exfiltration

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking