Use Case: Data Leak

Vendor: ASUPIM

Product	MITRE ATT&CK® TTP	Content
ASUPIM	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: Absolute

Product	MITRE ATT&CK® TTP	Content
Absolute DDS	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Accellion

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	65 Rules 32 Models

Vendor: Adaxes

Product	MITRE ATT&CK® TTP	Content
Adaxes	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Airlock

Product	MITRE ATT&CK® TTP	Content
Airlock Allowlisting	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Airlock Security Access Hub	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Akamai

Product	MITRE ATT&CK® TTP	Content
Akamai Guardicore	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Cloud Akamai	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS CloudTrail	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
AWS CloudWatch	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
AWS WAF	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Anywhere365

Product	MITRE ATT&CK® TTP	Content
Anywhere365	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Apache Subversion	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Armorblox

Product	MITRE ATT&CK® TTP	Content
Armorblox	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: AssetView

Product	MITRE ATT&CK® TTP	Content
AssetView	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001	18 Rules 6 Models

Vendor: Atlassian

Product	MITRE ATT&CK® TTP	Content
Atlassian BitBucket	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Cloudgen Firewall	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
Barracuda Email Security Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondInsight	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
BeyondTrust	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
BeyondTrust Privileged Identity	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
BeyondTrust Secure Remote Access	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Bitdefender

Product	MITRE ATT&CK® TTP	Content
GravityZone	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	4 Rules 2 Models

Vendor: Bitglass

Product	MITRE ATT&CK® TTP	Content
Bitglass CASB	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 TA0010 - TA0010	62 Rules 32 Models

Vendor: BlackBerry

Product	MITRE ATT&CK® TTP	Content
BlackBerry Protect	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	32 Rules 17 Models

Vendor: Box

Product	MITRE ATT&CK® TTP	Content
Box Cloud Content Management	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Bromium

Product	MITRE ATT&CK® TTP	Content
Bromium Secure Platform	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: CatoNetworks

Product	MITRE ATT&CK® TTP	Content
Cato Cloud	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Avanan	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol TA0010 - TA0010	63 Rules 33 Models
Check Point Identity Awareness	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
Check Point NGFW	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	51 Rules 26 Models
Check Point Security Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
AnyConnect	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
Cisco	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Cisco ACS	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Cisco ADC	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	5 Rules 2 Models
Cisco Adaptive Security Appliance	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	16 Rules 13 Models
Cisco Cloud Web Security	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Cisco CloudLock	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
Cisco Firepower	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models
Cisco ISE	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services TA0010 - TA0010	14 Rules 11 Models
Cisco Meraki MX appliance	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models
Cisco Secure Email	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
Cisco Secure Network Analytics	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
Cisco Secure Web Appliance	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Cisco Umbrella	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models
Duo Access	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
IronPort Email	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
IronPort Web Security	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Endpoint Management	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Citrix Gateway	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	20 Rules 13 Models
Citrix Gateway Connector For Exchange ActiveSync	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Citrix ShareFile	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Clearswift

Product	MITRE ATT&CK® TTP	Content
Clearswift Secure Email Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models

Vendor: Click Studios

Product	MITRE ATT&CK® TTP	Content
Passwordstate	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare Insights	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Cloudflare WAF	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Code42

Product	MITRE ATT&CK® TTP	Content
Code42 Incydr	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	53 Rules 21 Models

Vendor: CrowdStrike

Product	MITRE ATT&CK® TTP	Content
Falcon	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	18 Rules 4 Models

Vendor: CyberArk

Product	MITRE ATT&CK® TTP	Content
CyberArk Privilege Access Manager	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Darktrace

Product	MITRE ATT&CK® TTP	Content
Darktrace	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: Delinea

Product	MITRE ATT&CK® TTP	Content
Centrify Audit and Monitoring Service	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
Centrify Zero Trust Privilege Services	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Thycotic Software Secret Server	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
EMC Isilon	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
One Identity Manager	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Sonicwall	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models

Vendor: Digital Arts

Product	MITRE ATT&CK® TTP	Content
Digital Arts i-FILTER for Business	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	54 Rules 21 Models
Digital Guardian Network DLP	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol TA0010 - TA0010	61 Rules 32 Models

Vendor: Dropbox

Product	MITRE ATT&CK® TTP	Content
Dropbox	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services TA0010 - TA0010	15 Rules 11 Models

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1041 - Exfiltration Over C2 Channel T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	24 Rules 8 Models

Vendor: EMP

Product	MITRE ATT&CK® TTP	Content
EMP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: ESET

Product	MITRE ATT&CK® TTP	Content
ESET Endpoint Security	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: ESector

Product	MITRE ATT&CK® TTP	Content
ESector DEFESA Logger	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: EdgeWave

Product	MITRE ATT&CK® TTP	Content
EdgeWave iPrism	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Egnyte

Product	MITRE ATT&CK® TTP	Content
Egnyte	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Epic

Product	MITRE ATT&CK® TTP	Content
Epic SIEM	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Exabeam

Product	MITRE ATT&CK® TTP	Content
Search	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
F5 Access Policy Manager	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
F5 Advanced Web Application Firewall	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models
F5 Application Security Manager	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
F5 BIG-IP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
F5 WebSafe	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: FTP

Product	MITRE ATT&CK® TTP	Content
FTP	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Fidelis

Product	MITRE ATT&CK® TTP	Content
Fidelis XPS	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: FileAuditor

Product	MITRE ATT&CK® TTP	Content
FileAuditor	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: FireEye

Product	MITRE ATT&CK® TTP	Content
FireEye CMS	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
FireEye Endpoint Security (HX)	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
FireEye Network Security (NX)	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	7 Rules 2 Models

Vendor: FireMon

Product	MITRE ATT&CK® TTP	Content
FireMon	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint CASB	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models
Forcepoint DLP	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	76 Rules 37 Models
Forcepoint Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models
Forcepoint Insider Threat	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
Websense Security Gateway	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
FortiGate	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models
Fortinet Enterprise Firewall	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Fortinet UTM	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	72 Rules 35 Models
Fortiweb Web Application Firewall	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: GTB

Product	MITRE ATT&CK® TTP	Content
GTB Technologies DLP	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models

Vendor: GitHub

Product	MITRE ATT&CK® TTP	Content
GitHub	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
Google Cloud Platform	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models
Google Workspace	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	67 Rules 33 Models

Vendor: HP

Product	MITRE ATT&CK® TTP	Content
Aruba ClearPass Policy Manager	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
HP LaserJet Printer	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models
HP Print Server	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models
HP SafeCom	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: HashiCorp

Product	MITRE ATT&CK® TTP	Content
Terraform	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: HelpSystems

Product	MITRE ATT&CK® TTP	Content
Powertech Identity and Access Manager	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Hornet

Product	MITRE ATT&CK® TTP	Content
Hornetsecurity Cloud Email Security Services	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models

Vendor: Huawei

Product	MITRE ATT&CK® TTP	Content
Huawei Unified Security Gateway	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
IBM Resource Access Control Facility	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Security Access Manager	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: ICDB

Product	MITRE ATT&CK® TTP	Content
ICDB	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: IMSS

Product	MITRE ATT&CK® TTP	Content
IMSS	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models

Vendor: IMSVA

Product	MITRE ATT&CK® TTP	Content
IMSVA	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva File Activity Monitoring	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
Imperva Incapsula	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Imprivata

Product	MITRE ATT&CK® TTP	Content
Imprivata	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	55 Rules 23 Models

Vendor: Infoblox

Product	MITRE ATT&CK® TTP	Content
BloxOne DDI	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Ipswitch

Product	MITRE ATT&CK® TTP	Content
MoveIt Transfer	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Ivanti Pulse Secure	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	19 Rules 13 Models

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper SRX Series	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Kasada

Product	MITRE ATT&CK® TTP	Content
Kasada	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Kaspersky

Product	MITRE ATT&CK® TTP	Content
Kaspersky Endpoint Security for Business	T1020 - Automated Exfiltration T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	42 Rules 21 Models

Vendor: Kemp

Product	MITRE ATT&CK® TTP	Content
Kemp LoadMaster	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: LEAP

Product	MITRE ATT&CK® TTP	Content
LEAP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: LOGBinder

Product	MITRE ATT&CK® TTP	Content
LOGBinder for SharePoint	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	56 Rules 25 Models

Vendor: LastPass

Product	MITRE ATT&CK® TTP	Content
LastPass	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Lenel

Product	MITRE ATT&CK® TTP	Content
OnGuard	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Lexmark

Product	MITRE ATT&CK® TTP	Content
Lexmark	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: LogRhythm

Product	MITRE ATT&CK® TTP	Content
LogRhythm	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Lumension

Product	MITRE ATT&CK® TTP	Content
Lumension	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media	14 Rules 4 Models

Vendor: Malwarebytes

Product	MITRE ATT&CK® TTP	Content
Malwarebytes Endpoint Detection and Response	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	4 Rules 2 Models

Vendor: ManageEngine

Product	MITRE ATT&CK® TTP	Content
ADAuditPlus	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
ADSSP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
PAM360	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
Advanced Threat Defense	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
McAfee DLP Endpoint	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	81 Rules 39 Models
McAfee DLP Prevent	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
McAfee Email Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
McAfee Endpoint Security	T1020 - Automated Exfiltration T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 TA0010 - TA0010	44 Rules 21 Models
McAfee Enterprise Security Manager	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
McAfee Network Security Platform	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
McAfee SiteAdvisor	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
McAfee Web Gateway	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
McAfee ePolicy Orchestrator	T1020 - Automated Exfiltration T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	43 Rules 21 Models
Skyhigh Networks CASB	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	32 Rules 17 Models

Vendor: Menlo Security

Product	MITRE ATT&CK® TTP	Content
Menlo Security	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Azure	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Azure AD Activity Logs	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Azure AD Sign-In Logs	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Azure ATP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Azure MFA	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Azure Monitor	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	10 Rules 2 Models
Event Viewer - PrintService	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models
Event Viewer - Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services TA0010 - TA0010	28 Rules 15 Models
Event Viewer - System	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Event Viewer - WinNat	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
Microsoft 365	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	80 Rules 37 Models
Microsoft CAS	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	65 Rules 32 Models
Microsoft Defender for Cloud	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
Microsoft Defender for Endpoint	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	82 Rules 39 Models
Microsoft Exchange	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	37 Rules 16 Models
Microsoft IIS	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Microsoft Intune	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Microsoft RRAS	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models
Microsoft Sentinel	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Microsoft Web Application Proxy	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Sysmon	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules
Web Application Proxy-TLS Gateway	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Secure Email Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	37 Rules 16 Models
Mimecast Targeted Threat Protection - URL	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Mvision

Product	MITRE ATT&CK® TTP	Content
Mvision	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	32 Rules 17 Models

Vendor: NCP

Product	MITRE ATT&CK® TTP	Content
NCP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: Nasuni

Product	MITRE ATT&CK® TTP	Content
Nasuni	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: NetApp

Product	MITRE ATT&CK® TTP	Content
NetApp	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: NetDocs

Product	MITRE ATT&CK® TTP	Content
NetDocs	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: NetMotion Wireless

Product	MITRE ATT&CK® TTP	Content
NetMotion Wireless	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	71 Rules 34 Models
Netskope Webtx	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Netwrix

Product	MITRE ATT&CK® TTP	Content
Netwrix Auditor	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: NextDLP

Product	MITRE ATT&CK® TTP	Content
Reveal	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	52 Rules 25 Models

Vendor: Nightfall

Product	MITRE ATT&CK® TTP	Content
Nightfall AI	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models

Vendor: Nortel Contivity

Product	MITRE ATT&CK® TTP	Content
Nortel Contivity VPN	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: Nutanix

Product	MITRE ATT&CK® TTP	Content
Nutanix Unified Storage	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Okta

Product	MITRE ATT&CK® TTP	Content
Okta Adaptive MFA	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: OneLogin

Product	MITRE ATT&CK® TTP	Content
OneLogin	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Open VPN

Product	MITRE ATT&CK® TTP	Content
Open VPN	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services TA0010 - TA0010	14 Rules 11 Models

Vendor: OpenText

Product	MITRE ATT&CK® TTP	Content
eDOCS	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Oracle

Product	MITRE ATT&CK® TTP	Content
Oracle Access Management	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules
Oracle Public Cloud	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Osquery

Product	MITRE ATT&CK® TTP	Content
Osquery	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
Cortex XDR	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
GlobalProtect	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1133 - External Remote Services TA0010 - TA0010	14 Rules 11 Models
Palo Alto Aperture	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	33 Rules 17 Models
Palo Alto NGFW	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	35 Rules 19 Models
Prisma Cloud	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Perforce

Product	MITRE ATT&CK® TTP	Content
Perforce	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Pharos

Product	MITRE ATT&CK® TTP	Content
Pharos	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: Ping Identity

Product	MITRE ATT&CK® TTP	Content
Ping Access	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Ping Identity	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: PostScript

Product	MITRE ATT&CK® TTP	Content
PostScript	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: Postfix

Product	MITRE ATT&CK® TTP	Content
Postfix	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: PowerSentry

Product	MITRE ATT&CK® TTP	Content
PowerSentry	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Procad

Product	MITRE ATT&CK® TTP	Content
Pro.File DMS	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	66 Rules 33 Models
Proofpoint Email Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
Proofpoint Enterprise Protection	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models
Targeted Attack Platform	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol TA0010 - TA0010	63 Rules 33 Models

Vendor: Qualys

Product	MITRE ATT&CK® TTP	Content
Qualys AssetView	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Quest Software

Product	MITRE ATT&CK® TTP	Content
Quest Change Auditor for Active Directory	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: RSA

Product	MITRE ATT&CK® TTP	Content
RSA DLP	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol TA0010 - TA0010	61 Rules 32 Models
SecurID	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: RangerAudit

Product	MITRE ATT&CK® TTP	Content
RangerAudit	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: Ricoh

Product	MITRE ATT&CK® TTP	Content
Ricoh Printer	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: SAP

Product	MITRE ATT&CK® TTP	Content
SAP	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules

Vendor: SIGSCI

Product	MITRE ATT&CK® TTP	Content
SIGSCI	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: SafeSend

Product	MITRE ATT&CK® TTP	Content
SafeSend	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: Safend

Product	MITRE ATT&CK® TTP	Content
Data Protection Suite (DPS)	T1020 - Automated Exfiltration T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	43 Rules 21 Models

Vendor: Sailpoint

Product	MITRE ATT&CK® TTP	Content
IdentityNow	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules
SecurityIQ	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Salesforce

Product	MITRE ATT&CK® TTP	Content
Salesforce	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	35 Rules 15 Models

Vendor: Sangfor

Product	MITRE ATT&CK® TTP	Content
Sangfor NGAF	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: SecureLink

Product	MITRE ATT&CK® TTP	Content
SecureLink	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: SecureNet

Product	MITRE ATT&CK® TTP	Content
SecureNet	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1133 - External Remote Services TA0010 - TA0010	11 Rules 11 Models

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Singularity Platform	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models
Vigilance	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: ServiceNow

Product	MITRE ATT&CK® TTP	Content
ServiceNow	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	46 Rules 19 Models

Vendor: Skyhigh Security

Product	MITRE ATT&CK® TTP	Content
Skyhigh Security Cloud	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	4 Rules 2 Models

Vendor: Slack

Product	MITRE ATT&CK® TTP	Content
Slack	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos Endpoint Protection	T1020 - Automated Exfiltration T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	47 Rules 23 Models
Sophos SafeGuard	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Sophos UTM	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Sophos XG Firewall	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1133 - External Remote Services T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	17 Rules 13 Models

Vendor: Squid

Product	MITRE ATT&CK® TTP	Content
Squid	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: StealthBits

Product	MITRE ATT&CK® TTP	Content
StealthIntercept	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Swivel

Product	MITRE ATT&CK® TTP	Content
Swivel	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec Advanced Threat Protection	T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	4 Rules
Symantec CloudSOC	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	32 Rules 17 Models
Symantec DLP	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1091 - Replication Through Removable Media TA0010 - TA0010	81 Rules 39 Models
Symantec Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models
Symantec Endpoint Protection	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	18 Rules 4 Models
Symantec Fireglass	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models
Symantec VIP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Symantec Web Security Service	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: Tanium

Product	MITRE ATT&CK® TTP	Content
Tanium Cloud Platform	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Tanium Integrity Monitor	T1114 - Email Collection T1114.001 - T1114.001	1 Rules

Vendor: Tessian

Product	MITRE ATT&CK® TTP	Content
Tessian Cloud Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	32 Rules 15 Models

Vendor: TitanFTP

Product	MITRE ATT&CK® TTP	Content
TitanFTP	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
OfficeScan	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	80 Rules 38 Models

Vendor: Tyco

Product	MITRE ATT&CK® TTP	Content
CCURE Building Management System	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Auditbeat	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Unix	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule	38 Rules 16 Models
Unix Auditd	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
Unix Sendmail	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	34 Rules 16 Models

Vendor: VMware

Product	MITRE ATT&CK® TTP	Content
Carbon Black App Control	T1052 - Exfiltration Over Physical Medium T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1091 - Replication Through Removable Media T1114 - Email Collection T1114.001 - T1114.001	14 Rules 4 Models
Carbon Black CES	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
Carbon Black EDR	T1114 - Email Collection T1114.001 - T1114.001	1 Rules
VMware Identity Manager	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
VMware View	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Varonis

Product	MITRE ATT&CK® TTP	Content
Varonis Data Security Platform	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.001 - T1114.001 TA0010 - TA0010	30 Rules 17 Models

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Detect	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules
Vectra Cognito Stream	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	39 Rules 17 Models

Vendor: Virtru

Product	MITRE ATT&CK® TTP	Content
Virtru	T1020 - Automated Exfiltration T1071 - Application Layer Protocol TA0010 - TA0010	29 Rules 17 Models

Vendor: Watchguard

Product	MITRE ATT&CK® TTP	Content
Watchguard	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	9 Rules 2 Models

Vendor: Weblogin

Product	MITRE ATT&CK® TTP	Content
Weblogin	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	5 Rules 2 Models

Vendor: Workday

Product	MITRE ATT&CK® TTP	Content
Workday	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: XPS

Product	MITRE ATT&CK® TTP	Content
XPS	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: Xerox

Product	MITRE ATT&CK® TTP	Content
Xerox	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: YSoft

Product	MITRE ATT&CK® TTP	Content
YSoft	T1052 - Exfiltration Over Physical Medium	4 Rules 2 Models

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1041 - Exfiltration Over C2 Channel T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.001 - T1114.001 T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	42 Rules 17 Models

Vendor: Zendesk

Product	MITRE ATT&CK® TTP	Content
Zendesk	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Zlock

Product	MITRE ATT&CK® TTP	Content
Zlock	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Vendor: Zscaler

Product	MITRE ATT&CK® TTP	Content
Zscaler Internet Access	T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010	38 Rules 19 Models
Zscaler Private Access	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor:

Vendor: iBoss

Product	MITRE ATT&CK® TTP	Content
Iboss Cloud	T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	6 Rules 2 Models

Vendor: iManage

Product	MITRE ATT&CK® TTP	Content
iManage	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule TA0010 - TA0010	32 Rules 17 Models

Vendor: oVirt

Product	MITRE ATT&CK® TTP	Content
oVirt	T1114 - Email Collection T1114.003 - Email Collection: Email Forwarding Rule	3 Rules

Files

uc_data_leak.md

Latest commit

History

uc_data_leak.md

File metadata and controls

Use Case: Data Leak

Vendor: ASUPIM

Vendor: Absolute

Vendor: Accellion

Vendor: Adaxes

Vendor: Airlock

Vendor: Akamai

Vendor: Amazon

Vendor: Anywhere365

Vendor: Apache

Vendor: Armorblox

Vendor: AssetView

Vendor: Atlassian

Vendor: Barracuda

Vendor: BeyondTrust

Vendor: Bitdefender

Vendor: Bitglass

Vendor: BlackBerry

Vendor: Box

Vendor: Bromium

Vendor: CatoNetworks

Vendor: Check Point

Vendor: Cisco

Vendor: Citrix

Vendor: Clearswift

Vendor: Click Studios

Vendor: Cloudflare

Vendor: Code42

Vendor: CrowdStrike

Vendor: CyberArk

Vendor: Darktrace

Vendor: Delinea

Vendor: Dell

Vendor: Digital Arts

Vendor: Digital Guardian

Vendor: Dropbox

Vendor: Dtex Systems

Vendor: EMP

Vendor: ESET

Vendor: ESector

Vendor: EdgeWave

Vendor: Egnyte

Vendor: Epic

Vendor: Exabeam

Vendor: F5

Vendor: FTP

Vendor: Fidelis

Vendor: FileAuditor

Vendor: FireEye

Vendor: FireMon

Vendor: Forcepoint

Vendor: Fortinet

Vendor: GTB

Vendor: GitHub

Vendor: Google

Vendor: HP

Vendor: HashiCorp

Vendor: HelpSystems

Vendor: Hornet

Vendor: Huawei

Vendor: IBM

Vendor: ICDB

Vendor: IMSS

Vendor: IMSVA

Vendor: Imperva

Vendor: Imprivata

Vendor: InfoWatch

Vendor: Infoblox

Vendor: Ipswitch

Vendor: Ivanti

Vendor: Juniper Networks

Vendor: Kasada

Vendor: Kaspersky

Vendor: Kemp