Product: AnyConnect
Use-Case: Data Exfiltration
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 4 | 4 | 2 | 1 | 2 |
| Event Type | Rules | Models |
|---|---|---|
| vpn-logout | T1133 - External Remote Services ↳ VPN-BSum: Abnormal amount of data uploaded during VPN Session TA0010 - TA0010 ↳ DLP-UPCOUNT: Abnormal number of DLP policy violations for user ↳ DLP-GPCOUNT: Abnormal number of DLP policy violations for peer group ↳ DLP-BSum: Abnormal amount of data written during DLP policy violation |
• VPN-BSum: Sum of bytes uploaded during VPN • DLP-BSum: Sum of bytes written during DLP policy violation • DLP-GPCOUNT: Count of DLP policy violations for peer group • DLP-UPCOUNT: Count of DLP policy violations for user |