Skip to content

Latest commit

 

History

History
26 lines (24 loc) · 14.8 KB

ds_infowatch_infowatch_dlp.md

File metadata and controls

26 lines (24 loc) · 14.8 KB
Raw

Vendor: InfoWatch

Product: InfoWatch DLP

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
165 68 28 6 1
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access app-login:success (app-login)
infowatch-dlp-cef-app-login-success-login

printer-activity:success (print-activity)
infowatch-dlp-cef-printer-activity-success-print

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models
Compromised Credentials app-login:success (app-login)
infowatch-dlp-cef-app-login-success-login

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1133 - External Remote Services
T1189 - Drive-by Compromise
T1190 - Exploit Public Fasing Application
T1204 - User Execution
T1204.001 - T1204.001
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 62 Rules
  • 38 Models
Cryptomining http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Data Access app-login:success (app-login)
infowatch-dlp-cef-app-login-success-login
 T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Data Exfiltration http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Lateral Movement app-login:success (app-login)
infowatch-dlp-cef-app-login-success-login

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules
Phishing email-send:success (dlp-email-alert-out)
infowatch-dlp-cef-email-receive-send-success-mailonclient

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 4 Rules
  • 1 Models
Ransomware app-login:success (app-login)
infowatch-dlp-cef-app-login-success-login

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
  • 2 Rules
Workforce Protection email-send:success (dlp-email-alert-out)
infowatch-dlp-cef-email-receive-send-success-mailonclient

http-traffic:success (web-activity-allowed)
infowatch-iwdlp-cef-http-session-success-webmessage
infowatch-dlp-cef-http-session-success-mailinbrowser
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Exploit Public Fasing Application

Replication Through Removable Media

Phishing

 User Execution

 External Remote Services

Valid Accounts

 Valid Accounts

 Valid Accounts

 Replication Through Removable Media

Internal Spearphishing

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium: Exfiltration over USB

Exfiltration Over C2 Channel

Exfiltration Over Physical Medium

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking