Skip to content

Latest commit

 

History

History
1059 lines (1057 loc) · 516 KB

uc_lateral_movement.md

File metadata and controls

1059 lines (1057 loc) · 516 KB

Use Case: Lateral Movement

Vendor: AMD

Product MITRE ATT&CK® TTP Content
Pensando T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: APC

Product MITRE ATT&CK® TTP Content
APC T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: AVI Networks

Product MITRE ATT&CK® TTP Content
AVI Networks Software Load Balancer T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Absolute

Product MITRE ATT&CK® TTP Content
Absolute DDS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Accellion

Product MITRE ATT&CK® TTP Content
Kiteworks T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Airlock

Product MITRE ATT&CK® TTP Content
Airlock Security Access Hub T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 20 Models

Vendor: Akamai

Product MITRE ATT&CK® TTP Content
Akamai Guardicore T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 40 Rules
  • 17 Models
Akamai SIEM T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Cloud Akamai T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Amazon

Product MITRE ATT&CK® TTP Content
AWS Bastion T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models
AWS CloudTrail T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
AWS CloudWatch T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 21 Models
AWS GuardDuty T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
AWS WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Apache

Product MITRE ATT&CK® TTP Content
Apache T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Apache Guacamole T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Apple

Product MITRE ATT&CK® TTP Content
macOS T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 1 Rules

Vendor: Arbor

Product MITRE ATT&CK® TTP Content
Arbor Cloud T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 18 Rules
  • 7 Models

Vendor: Arista Networks

Product MITRE ATT&CK® TTP Content
Awake Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: AssetView

Product MITRE ATT&CK® TTP Content
AssetView T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Atlassian

Product MITRE ATT&CK® TTP Content
Atlassian BitBucket T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Attivo

Product MITRE ATT&CK® TTP Content
BOTsink T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 41 Rules
  • 17 Models

Vendor: Auth0

Product MITRE ATT&CK® TTP Content
Auth0 T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 13 Models

Vendor: Avaya

Product MITRE ATT&CK® TTP Content
Avaya Ethernet Routing Switch T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Avaya VPN T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Axway

Product MITRE ATT&CK® TTP Content
Axway Gateway T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Banyan Security

Product MITRE ATT&CK® TTP Content
Banyan Security T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Barracuda

Product MITRE ATT&CK® TTP Content
Barracuda Cloudgen Firewall T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 103 Rules
  • 36 Models
Barracuda WAF T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models

Vendor: BeyondTrust

Product MITRE ATT&CK® TTP Content
BeyondInsight T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
BeyondTrust T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models
BeyondTrust Privileged Identity T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
BeyondTrust Remote Support T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
BeyondTrust Secure Remote Access T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 20 Rules
  • 7 Models

Vendor: Bitdefender

Product MITRE ATT&CK® TTP Content
GravityZone T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 24 Rules
  • 1 Models

Vendor: Bitglass

Product MITRE ATT&CK® TTP Content
Bitglass CASB T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: BlackBerry

Product MITRE ATT&CK® TTP Content
BlackBerry Protect T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Box

Product MITRE ATT&CK® TTP Content
Box Cloud Content Management T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Bromium

Product MITRE ATT&CK® TTP Content
Bromium Secure Platform T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: CA Technologies

Product MITRE ATT&CK® TTP Content
CA Privileged Access Manager Server Control T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: CDS

Product MITRE ATT&CK® TTP Content
CDS T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models

Vendor: CatoNetworks

Product MITRE ATT&CK® TTP Content
Cato Cloud T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 16 Rules
  • 3 Models

Vendor: CenturyLink

Product MITRE ATT&CK® TTP Content
CenturyLink Managed Security Service T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Check Point

Product MITRE ATT&CK® TTP Content
Check Point Anti-Malware T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Check Point Avanan T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Check Point Endpoint Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Check Point Identity Awareness T1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 23 Models
Check Point NGFW T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 71 Rules
  • 23 Models
Check Point Security Gateway T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models
Check Point vSEC Virtual Edition T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Cisco

Product MITRE ATT&CK® TTP Content
AnyConnect T1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 50 Rules
  • 22 Models
Cisco ACI T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Cisco ACS T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models
Cisco ADC T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules
Cisco Adaptive Security Appliance T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 117 Rules
  • 36 Models
Cisco Cloud Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Cisco Cognitive Threat Analytics T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Cisco Firepower T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 98 Rules
  • 26 Models
Cisco IOS T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 50 Rules
  • 13 Models
Cisco ISE T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 51 Rules
  • 18 Models
Cisco Meraki MX appliance T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 69 Rules
  • 23 Models
Cisco Netflow T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 51 Rules
  • 21 Models
Cisco Secure Cloud Analytics T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 51 Rules
  • 21 Models
Cisco Secure Endpoint T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Cisco Secure Web Appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Cisco Umbrella T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 46 Rules
  • 17 Models
Cisco Unified Communications Manager T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Duo Access T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
IronPort Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Citrix

Product MITRE ATT&CK® TTP Content
Citrix Endpoint Management T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Citrix Gateway T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 77 Rules
  • 19 Models
Citrix ShareFile T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Citrix Virtual Apps T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Citrix Virtual Desktop T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Citrix Web App Firewall T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Claroty

Product MITRE ATT&CK® TTP Content
CTD T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 15 Rules
  • 1 Models
Claroty T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Clearsense

Product MITRE ATT&CK® TTP Content
Clearsense T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Click Studios

Product MITRE ATT&CK® TTP Content
Passwordstate T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Cloudflare

Product MITRE ATT&CK® TTP Content
Cloudflare Insights T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Cloudflare WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 61 Rules
  • 20 Models

Vendor: Code42

Product MITRE ATT&CK® TTP Content
Code42 Incydr T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Cofense

Product MITRE ATT&CK® TTP Content
Cofense Phishme T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Cognitas CrossLink

Product MITRE ATT&CK® TTP Content
Cognitas CrossLink T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Cohesity

Product MITRE ATT&CK® TTP Content
Cohesity DataPlatform T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Contrast Security

Product MITRE ATT&CK® TTP Content
Contrast Agent T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: CrowdStrike

Product MITRE ATT&CK® TTP Content
Falcon T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 123 Rules
  • 38 Models

Vendor: CyberArk

Product MITRE ATT&CK® TTP Content
CyberArk Privilege Access Manager T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 43 Rules
  • 13 Models

Vendor: Cybereason

Product MITRE ATT&CK® TTP Content
Cybereason T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Cylance

Product MITRE ATT&CK® TTP Content
Cylance OPTICS T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 42 Rules
  • 19 Models

Vendor: Cynet

Product MITRE ATT&CK® TTP Content
Cynet EDR T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Damballa

Product MITRE ATT&CK® TTP Content
Damballa Failsafe T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Darktrace

Product MITRE ATT&CK® TTP Content
Darktrace T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Delinea

Product MITRE ATT&CK® TTP Content
Centrify Authentication Service T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models
Centrify Infrastructure Services T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Centrify Zero Trust Privilege Services T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Thycotic Software Secret Server T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Dell

Product MITRE ATT&CK® TTP Content
EMC Isilon T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 30 Rules
  • 12 Models
Sonicwall T1018 - Remote System Discovery
T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 44 Rules
  • 15 Models

Vendor: Digital Arts

Product MITRE ATT&CK® TTP Content
Digital Arts i-FILTER for Business T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Digital Guardian

Product MITRE ATT&CK® TTP Content
Digital Guardian Endpoint Protection T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 63 Rules
  • 18 Models

Vendor: Dropbox

Product MITRE ATT&CK® TTP Content
Dropbox T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: Dtex Systems

Product MITRE ATT&CK® TTP Content
DTEX InTERCEPT T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 57 Rules
  • 13 Models

Vendor: EMP

Product MITRE ATT&CK® TTP Content
EMP T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: ESET

Product MITRE ATT&CK® TTP Content
ESET Endpoint Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: EdgeWave

Product MITRE ATT&CK® TTP Content
EdgeWave iPrism T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Egnyte

Product MITRE ATT&CK® TTP Content
Egnyte T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Endgame

Product MITRE ATT&CK® TTP Content
Endgame EDR T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Entrust

Product MITRE ATT&CK® TTP Content
Entrust Identity Enterprise T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Epic

Product MITRE ATT&CK® TTP Content
Epic SIEM T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Exabeam

Product MITRE ATT&CK® TTP Content
Correlation Rule T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Search T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Extrahop

Product MITRE ATT&CK® TTP Content
Extrahop Reveal(x) T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Extreme Networks

Product MITRE ATT&CK® TTP Content
Zebra WLAN Management T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models

Vendor: F-Secure

Product MITRE ATT&CK® TTP Content
F-Secure Client Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: F5

Product MITRE ATT&CK® TTP Content
F5 Access Policy Manager T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 20 Rules
  • 4 Models
F5 Advanced Firewall Manager T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 20 Models
F5 Advanced Web Application Firewall T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 78 Rules
  • 21 Models
F5 Application Security Manager T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 11 Rules
F5 BIG-IP T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 53 Rules
  • 22 Models
F5 Local Traffic Manager T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
F5 WebSafe T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: FTP

Product MITRE ATT&CK® TTP Content
FTP T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Fast Enterprises

Product MITRE ATT&CK® TTP Content
Fast Enterprises GenTax T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Fidelis

Product MITRE ATT&CK® TTP Content
Fidelis Network T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Fidelis XPS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: FireEye

Product MITRE ATT&CK® TTP Content
FireEye CMS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 11 Rules
FireEye ETP T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye Email MPS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye Endpoint Security (HX) T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye Network Security (NX) T1018 - Remote System Discovery
T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 78 Rules
  • 31 Models
FireEye Web MPS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: FireMon

Product MITRE ATT&CK® TTP Content
FireMon T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Forcepoint

Product MITRE ATT&CK® TTP Content
Forcepoint CASB T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 12 Rules
Forcepoint Next-Gen Firewall T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
Websense Security Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Forescout

Product MITRE ATT&CK® TTP Content
EyeInspect T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models
Forescout CounterACT T1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 60 Rules
  • 22 Models

Vendor: Fortinet

Product MITRE ATT&CK® TTP Content
EnSilo T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FortiAuthenticator T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
FortiGate T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 55 Rules
  • 20 Models
Fortinet Enterprise Firewall T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 74 Rules
  • 27 Models
Fortinet UTM T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 12 Rules
Fortinet VPN T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
Fortiweb Web Application Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: FreeBSD

Product MITRE ATT&CK® TTP Content
FreeBSD T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Gamma

Product MITRE ATT&CK® TTP Content
Gamma T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: GitHub

Product MITRE ATT&CK® TTP Content
GitHub T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: GoAnywhere

Product MITRE ATT&CK® TTP Content
GoAnywhere MFT T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 44 Rules
  • 15 Models

Vendor: Google

Product MITRE ATT&CK® TTP Content
Google Cloud Platform T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 21 Models
Google Workspace T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: HP

Product MITRE ATT&CK® TTP Content
Aruba ClearPass Policy Manager T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 33 Rules
  • 14 Models
Aruba Mobility Master T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Aruba Wireless controller T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 5 Rules
  • 2 Models
HP Virtual Connect Enterprise Manager T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
HP iLO T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
HPE Comware T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: HashiCorp

Product MITRE ATT&CK® TTP Content
HashiCorp Vault T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Terraform T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: HelpSystems

Product MITRE ATT&CK® TTP Content
Powertech Identity and Access Manager T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 50 Rules
  • 13 Models

Vendor: Hornet

Product MITRE ATT&CK® TTP Content
Hornetsecurity Cloud Email Security Services T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Huawei

Product MITRE ATT&CK® TTP Content
Huawei Enterprise Network Firewall T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
Huawei Unified Security Gateway T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 50 Rules
  • 13 Models

Vendor: IBM

Product MITRE ATT&CK® TTP Content
DB2 T1018 - Remote System Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 30 Rules
  • 12 Models
HCL Notes T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
IBM T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
IBM Mainframe T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
IBM Mobile Connect T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
IBM Resource Access Control Facility T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
IBM Security Trusteer Apex Advanced Malware Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
IBM Sense T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Sametime T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Security Access Manager T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Sterling B2B Integrator T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models

Vendor: IMSS

Product MITRE ATT&CK® TTP Content
IMSS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: IPTables

Product MITRE ATT&CK® TTP Content
IPTables FW T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Illumio

Product MITRE ATT&CK® TTP Content
Illumio Core T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Imperva

Product MITRE ATT&CK® TTP Content
Imperva Incapsula T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Imperva SecureSphere T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Imprivata

Product MITRE ATT&CK® TTP Content
Imprivata T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: InfoWatch

Product MITRE ATT&CK® TTP Content
InfoWatch DLP T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules

Vendor: Infoblox

Product MITRE ATT&CK® TTP Content
BloxOne DDI T1018 - Remote System Discovery
T1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 84 Rules
  • 32 Models

Vendor: Inky

Product MITRE ATT&CK® TTP Content
Inky Anti-Phishing T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Ipswitch

Product MITRE ATT&CK® TTP Content
MoveIt Transfer T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 14 Rules
  • 1 Models

Vendor: Ivanti

Product MITRE ATT&CK® TTP Content
Ivanti Pulse Secure T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 34 Rules
  • 10 Models

Vendor: Jumpcloud

Product MITRE ATT&CK® TTP Content
Jumpcloud T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Juniper Networks

Product MITRE ATT&CK® TTP Content
Juniper Advanced Threat Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Juniper SRX Series T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 65 Rules
  • 20 Models
Junos OS T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: Kasada

Product MITRE ATT&CK® TTP Content
Kasada T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Kaspersky

Product MITRE ATT&CK® TTP Content
Kaspersky Endpoint Security for Business T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Kemp

Product MITRE ATT&CK® TTP Content
Kemp LoadMaster T1018 - Remote System Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 30 Rules
  • 12 Models

Vendor: LEAP

Product MITRE ATT&CK® TTP Content
LEAP T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Lacework

Product MITRE ATT&CK® TTP Content
Lacework T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: LanScope

Product MITRE ATT&CK® TTP Content
LanScope Cat T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 70 Rules
  • 20 Models

Vendor: LastPass

Product MITRE ATT&CK® TTP Content
LastPass T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: LiquidFiles

Product MITRE ATT&CK® TTP Content
LiquidFiles T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: LogMeIn

Product MITRE ATT&CK® TTP Content
RemotelyAnywhere T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: LogRhythm

Product MITRE ATT&CK® TTP Content
LogRhythm T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: Lookout

Product MITRE ATT&CK® TTP Content
Lookout T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Lumension

Product MITRE ATT&CK® TTP Content
Lumension T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Malwarebytes

Product MITRE ATT&CK® TTP Content
Malwarebytes Endpoint Detection and Response T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Malwarebytes Endpoint Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malwarebytes Incident Response T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: ManageEngine

Product MITRE ATT&CK® TTP Content
ADManager Plus T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
ADSSP T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
PAM360 T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: MasterSAM

Product MITRE ATT&CK® TTP Content
MasterSAM PAM T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: McAfee

Product MITRE ATT&CK® TTP Content
McAfee Application Control T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
McAfee Endpoint Security T1018 - Remote System Discovery
T1021 - Remote Services
T1021.003 - T1021.003
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 33 Rules
  • 13 Models
McAfee Enterprise Security Manager T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 23 Rules
  • 5 Models
McAfee Network Security Platform T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
McAfee Web Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
McAfee ePolicy Orchestrator T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Skyhigh Networks CASB T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Menlo Security

Product MITRE ATT&CK® TTP Content
Menlo Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Microsoft

Product MITRE ATT&CK® TTP Content
Active Directory Federation Services T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Azure AD Activity Logs T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure AD Identity Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Azure AD Sign-In Logs T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure ATP T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
Azure MFA T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure Monitor T1021 - Remote Services
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 72 Rules
  • 24 Models
Azure Monitor - VM Insights T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Event Viewer - ADFS T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 44 Rules
  • 15 Models
Event Viewer - Applocker T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Event Viewer - NPS T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 5 Rules
  • 2 Models
Event Viewer - NTLM T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 21 Rules
  • 5 Models
Event Viewer - PowerShell T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Event Viewer - Security T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 140 Rules
  • 45 Models
Event Viewer - System T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 31 Rules
  • 5 Models
Event Viewer - TerminalServices-Gateway T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Event Viewer - WinNat T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models
M365 Audit Logs T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
MSSQL T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 45 Rules
  • 19 Models
Microsoft 365 T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 26 Rules
  • 1 Models
Microsoft Advanced Threat Analytics T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Microsoft CAS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
Microsoft Defender for Cloud T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Microsoft Defender for Endpoint T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 135 Rules
  • 37 Models
Microsoft Defender for Office 365 T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Microsoft Exchange T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Microsoft IIS T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Microsoft Network Policy Server T1021 - Remote Services
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
Microsoft RRAS T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models
Microsoft Sentinel T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 26 Rules
  • 1 Models
Microsoft WMI Log T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Microsoft Web Application Proxy T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Network Security Group Flow Logs T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
Sysmon T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 65 Rules
  • 20 Models
Web Application Proxy-TLS Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Windows Defender Application Control T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Mimecast

Product MITRE ATT&CK® TTP Content
Mimecast Secure Email Gateway T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Mimecast Targeted Threat Protection - URL T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: MobileIron

Product MITRE ATT&CK® TTP Content
MobileIron T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Morphisec

Product MITRE ATT&CK® TTP Content
Morphisec T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Mvision

Product MITRE ATT&CK® TTP Content
Mvision T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: NCP

Product MITRE ATT&CK® TTP Content
NCP T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: NNT

Product MITRE ATT&CK® TTP Content
NNT ChangeTracker T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: NetApp

Product MITRE ATT&CK® TTP Content
NetApp Ontap T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: NetIQ

Product MITRE ATT&CK® TTP Content
Micro Focus NetIQ Identity Manager T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: NetMotion Wireless

Product MITRE ATT&CK® TTP Content
NetMotion Wireless T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: Netskope

Product MITRE ATT&CK® TTP Content
Netskope Security Cloud T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 65 Rules
  • 20 Models
Netskope Webtx T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 46 Rules
  • 17 Models

Vendor: Netwrix

Product MITRE ATT&CK® TTP Content
Netwrix Auditor T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 14 Rules
  • 1 Models

Vendor: NextDLP

Product MITRE ATT&CK® TTP Content
Reveal T1018 - Remote System Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 14 Models

Vendor: Nexthink

Product MITRE ATT&CK® TTP Content
Nexthink Infinity T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Nortel Contivity

Product MITRE ATT&CK® TTP Content
Nortel Contivity VPN T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: Novell

Product MITRE ATT&CK® TTP Content
eDirectory T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Nozomi Networks

Product MITRE ATT&CK® TTP Content
Nozomi Networks Guardian T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: OSSEC

Product MITRE ATT&CK® TTP Content
OSSEC T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Okta

Product MITRE ATT&CK® TTP Content
Okta Adaptive MFA T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Onapsis

Product MITRE ATT&CK® TTP Content
Onapsis T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: OneLogin

Product MITRE ATT&CK® TTP Content
OneLogin T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: OneSpan

Product MITRE ATT&CK® TTP Content
Digipass for Apps T1021 - Remote Services
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
OneSpan Sign T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models

Vendor: OneWelcome

Product MITRE ATT&CK® TTP Content
OneWelcome Cloud Identity Platform T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Open VPN

Product MITRE ATT&CK® TTP Content
Open VPN T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: OpenDJ

Product MITRE ATT&CK® TTP Content
OpenDJ T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: OpenLDAP

Product MITRE ATT&CK® TTP Content
OpenLDAP T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Oracle

Product MITRE ATT&CK® TTP Content
Oracle Access Management T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Oracle Public Cloud T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 53 Rules
  • 21 Models
Solaris T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: Osirium

Product MITRE ATT&CK® TTP Content
Osirium T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Palo Alto Networks

Product MITRE ATT&CK® TTP Content
Cortex XDR T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
GlobalProtect T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 86 Rules
  • 33 Models
Palo Alto Aperture T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Palo Alto NGFW T1018 - Remote System Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 91 Rules
  • 32 Models
Palo Alto WildFire T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Prisma Access T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
Prisma Cloud T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 11 Rules
Traps Endpoint Security Manager T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Password Manager Pro

Product MITRE ATT&CK® TTP Content
Password Manager Pro T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Ping Identity

Product MITRE ATT&CK® TTP Content
Ping Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Ping Identity T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
PingOne T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: PowerSentry

Product MITRE ATT&CK® TTP Content
PowerSentry T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Progress

Product MITRE ATT&CK® TTP Content
Progress Database T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Proofpoint

Product MITRE ATT&CK® TTP Content
ObserveIT T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 53 Rules
  • 13 Models
Proofpoint CASB T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Qualys

Product MITRE ATT&CK® TTP Content
Qualys AssetView T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Quest Software

Product MITRE ATT&CK® TTP Content
Quest Change Auditor for Active Directory T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 13 Models

Vendor: RSA

Product MITRE ATT&CK® TTP Content
RSA Authentication Manager T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
RSA ECAT T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
RSA NetWitness Platform T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 52 Rules
  • 21 Models
SecurID T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: RUID

Product MITRE ATT&CK® TTP Content
RUID T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: RangerAudit

Product MITRE ATT&CK® TTP Content
RangerAudit T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Rapid7

Product MITRE ATT&CK® TTP Content
Rapid7 InsightVM T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Red Canary

Product MITRE ATT&CK® TTP Content
Red Canary Managed Detection and Response T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Rubrik

Product MITRE ATT&CK® TTP Content
Rubrik Cloud Data Management T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SAP

Product MITRE ATT&CK® TTP Content
SAP T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 29 Rules
  • 12 Models

Vendor: SIGSCI

Product MITRE ATT&CK® TTP Content
SIGSCI T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Sailpoint

Product MITRE ATT&CK® TTP Content
IdentityNow T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Salesforce

Product MITRE ATT&CK® TTP Content
Salesforce T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Sangfor

Product MITRE ATT&CK® TTP Content
Sangfor NGAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Secomea

Product MITRE ATT&CK® TTP Content
Secomea T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecurEnvoy

Product MITRE ATT&CK® TTP Content
SecurEnvoy Multi-Factor Authentication T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Secure Computing

Product MITRE ATT&CK® TTP Content
Secure Computing SafeWord T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecureAuth

Product MITRE ATT&CK® TTP Content
SecureAuth IDP T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
SecureAuth Login T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: SecureLink

Product MITRE ATT&CK® TTP Content
SecureLink T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecureNet

Product MITRE ATT&CK® TTP Content
SecureNet T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: SecureWorks

Product MITRE ATT&CK® TTP Content
Managed iSensor IPS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Semperis

Product MITRE ATT&CK® TTP Content
Semperis DSP T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: SentinelOne

Product MITRE ATT&CK® TTP Content
Singularity Platform T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 117 Rules
  • 35 Models
Vigilance T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: ServiceNow

Product MITRE ATT&CK® TTP Content
ServiceNow T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Shibboleth

Product MITRE ATT&CK® TTP Content
Shibboleth T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Silverfort

Product MITRE ATT&CK® TTP Content
Silverfort Authentication Platform T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: SiteMinder

Product MITRE ATT&CK® TTP Content
Symantec SiteMinder T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SkySea

Product MITRE ATT&CK® TTP Content
SkySea ClientView T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 41 Rules
  • 5 Models

Vendor: Skyformation

Product MITRE ATT&CK® TTP Content
Skyformation T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Skyhigh Security

Product MITRE ATT&CK® TTP Content
Skyhigh Security Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: Snort

Product MITRE ATT&CK® TTP Content
Snort T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Sophos

Product MITRE ATT&CK® TTP Content
Sophos Endpoint Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 25 Rules
  • 7 Models
Sophos UTM T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 61 Rules
  • 20 Models
Sophos XG Firewall T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 70 Rules
  • 23 Models

Vendor: Splunk

Product MITRE ATT&CK® TTP Content
Splunk ES T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models

Vendor: Squid

Product MITRE ATT&CK® TTP Content
Squid T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: SunOne

Product MITRE ATT&CK® TTP Content
SunOne T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Swift

Product MITRE ATT&CK® TTP Content
Swift T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Swivel

Product MITRE ATT&CK® TTP Content
Swivel T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Symantec

Product MITRE ATT&CK® TTP Content
Blue Coat ProxySG T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Symantec Advanced Threat Protection T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 18 Models
Symantec CloudSOC T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Symantec Content Analysis System T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec Critical System Protection T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models
Symantec DLP T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec Email Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec Endpoint Protection T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 20 Models
Symantec Fireglass T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Symantec Managed Security Services T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec VIP T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Symantec Web Security Service T1018 - Remote System Discovery
T1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 89 Rules
  • 32 Models

Vendor: Synology NAS

Product MITRE ATT&CK® TTP Content
Synology NAS T1021 - Remote Services
T1021.002 - Remote Services: SMB/Windows Admin Shares
  • 8 Rules
  • 4 Models

Vendor: Tanium

Product MITRE ATT&CK® TTP Content
Tanium Cloud Platform T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Tanium Core Platform T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 25 Rules
  • 1 Models
Tanium Integrity Monitor T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 78 Rules
  • 21 Models

Vendor: Tenable

Product MITRE ATT&CK® TTP Content
Tenable Vulnerability Management T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Tenable Web App Scanning T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Thales Group

Product MITRE ATT&CK® TTP Content
Gemalto MFA T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: ThreatBlockr

Product MITRE ATT&CK® TTP Content
ThreatBlockr T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Trend Micro

Product MITRE ATT&CK® TTP Content
Apex One T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Deep Discovery Inspector T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Deep Security T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 93 Rules
  • 22 Models
OfficeScan T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
TippingPoint NGIPS T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Trend Micro Cloud App Security T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Trend Micro ScanMail T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Vision One T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Tufin

Product MITRE ATT&CK® TTP Content
Tufin SecureTrack T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Tyco

Product MITRE ATT&CK® TTP Content
CCURE Building Management System T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Unix

Product MITRE ATT&CK® TTP Content
Auditbeat T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 67 Rules
  • 20 Models
Unix T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 100 Rules
  • 28 Models
Unix Auditd T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 64 Rules
  • 14 Models
rsyslog T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 18 Rules
  • 7 Models

Vendor: VBCorp

Product MITRE ATT&CK® TTP Content
VBCorp T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: VMS Software

Product MITRE ATT&CK® TTP Content
OpenVMS T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models

Vendor: VMware

Product MITRE ATT&CK® TTP Content
Carbon Black App Control T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
  • 26 Rules
  • 1 Models
Carbon Black CES T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 65 Rules
  • 18 Models
Carbon Black EDR T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059 - Command and Scripting Interperter
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563 - Remote Service Session Hijacking
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 84 Rules
  • 23 Models
Lastline T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
NSX Distributed Firewall T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
VMware AirWatch T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
VMware ESXi T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
VMware Horizon T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
VMware NSX T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
VMware View T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 29 Rules
  • 12 Models
vCenter T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 13 Models

Vendor: Vectra

Product MITRE ATT&CK® TTP Content
Vectra Cognito Detect T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Vectra Cognito Stream T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 18 Rules
  • 4 Models

Vendor: Verizon

Product MITRE ATT&CK® TTP Content
Verizon NDR T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Vicarius

Product MITRE ATT&CK® TTP Content
Vicarius vRx T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Watchguard

Product MITRE ATT&CK® TTP Content
Watchguard T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 61 Rules
  • 20 Models

Vendor: Wazuh

Product MITRE ATT&CK® TTP Content
Wazuh T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models

Vendor: Weblogin

Product MITRE ATT&CK® TTP Content
Weblogin T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: Wiz

Product MITRE ATT&CK® TTP Content
Wiz T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Workday

Product MITRE ATT&CK® TTP Content
Workday T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Xceedium

Product MITRE ATT&CK® TTP Content
Xceedium T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Xiting

Product MITRE ATT&CK® TTP Content
XAMS T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Zeek

Product MITRE ATT&CK® TTP Content
Zeek T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 128 Rules
  • 44 Models

Vendor: Zimperium

Product MITRE ATT&CK® TTP Content
Zimperium MTD T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Zscaler

Product MITRE ATT&CK® TTP Content
Zscaler Internet Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 62 Rules
  • 20 Models
Zscaler Private Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 63 Rules
  • 20 Models

Vendor:

Vendor: iBoss

Product MITRE ATT&CK® TTP Content
Iboss Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: oVirt

Product MITRE ATT&CK® TTP Content
oVirt T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: pfSense

Product MITRE ATT&CK® TTP Content
pfSense T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: xsuite

Product MITRE ATT&CK® TTP Content
xsuite T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models