Skip to content

Latest commit

 

History

History
14 lines (12 loc) · 1.15 KB

r_m_cisco_anyconnect_Data_Exfiltration.md

File metadata and controls

14 lines (12 loc) · 1.15 KB

Rules by Product and UseCase

Vendor: Cisco

Product: AnyConnect

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
4 4 2 1 3
Event Type Rules Models
vpn-logout T1133 - External Remote Services
VPN-BSum: Abnormal amount of data uploaded during VPN Session

TA0010 - TA0010
DLP-UPCOUNT: Abnormal number of DLP policy violations for user
DLP-GPCOUNT: Abnormal number of DLP policy violations for peer group
DLP-BSum: Abnormal amount of data written during DLP policy violation
VPN-BSum: Sum of bytes uploaded during VPN
DLP-BSum: Sum of bytes written during DLP policy violation
DLP-GPCOUNT: Count of DLP policy violations for peer group
DLP-UPCOUNT: Count of DLP policy violations for user