Skip to content

Latest commit

 

History

History
23 lines (21 loc) · 6.01 KB

ds_clearsense_clearsense.md

File metadata and controls

23 lines (21 loc) · 6.01 KB

Vendor: Clearsense

Product: Clearsense

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
45 17 5 3 1
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful

endpoint-login:fail (authentication-failed)
novell-ed-cef-endpoint-authentication-authenticate

endpoint-login:success (authentication-successful)
novell-ed-cef-endpoint-authentication-authenticate
oracle-am-kv-endpoint-authentication-success-auth
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Compromised Credentials app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful

endpoint-login:success (authentication-successful)
novell-ed-cef-endpoint-authentication-authenticate
oracle-am-kv-endpoint-authentication-success-auth
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 27 Rules
  • 16 Models
Data Access app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful
T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Malware app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful

endpoint-login:success (authentication-successful)
novell-ed-cef-endpoint-authentication-authenticate
oracle-am-kv-endpoint-authentication-success-auth
T1078 - Valid Accounts
  • 1 Rules
Privilege Abuse app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful
T1078 - Valid Accounts
  • 2 Rules
Privileged Activity app-login:success (app-login)
clearsense-cs-sk4-app-login-success-loginsuccessful
T1078 - Valid Accounts
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Valid Accounts

Valid Accounts

Proxy: Multi-hop Proxy

Proxy