Vendor: Ivanti Product: Ivanti Pulse Secure Rules Models MITRE ATT&CK® TTPs Activity Types Parsers 204 94 41 9 141 Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content Abnormal Authentication & Access user-delete:success (account-deleted) ↳juniper-ps-str-user-delete-success-modified ↳juniper-ps-sk4-user-delete-success-accountmodified ↳juniper-ps-cef-user-delete-fail-juniper ↳juniper-ps-str-user-delete-fail-firewall scheduled_task-trigger:success (app-activity) ↳juniper-ps-kv-app-activity-success-webrequestcomplect ↳juniper-ps-cef-app-activity-success-requestcompleted app-login:success (app-login) ↳juniper-ps-kv-app-login-success-loginsuccess endpoint-login:fail (authentication-failed) ↳juniper-ps-sk4-vpn-login-fail-checkfailed ↳juniper-ps-sk4-vpn-login-fail-authenticationfailed ↳juniper-ps-sk4-vpn-login-fail-testingpasswordfailed ↳juniper-ps-kv-vpn-login-fail-authenticationfailed-aut31829 ↳juniper-ps-mix-vpn-login-fail-authenticationfailed ↳juniper-ps-sk4-vpn-login-fail-testingcertificate ↳ivanti-ps-kv-vpn-authentication-fail-aut31262 ↳ivanti-ps-kv-vpn-authentication-fail-eam24460 ↳ivanti-ps-kv-vpn-authentication-fail-aut31487 ↳ivanti-ps-str-vpn-authentication-fail-lockedout ↳ivanti-ps-kv-vpn-authentication-fail-aut30544 ↳ivanti-ps-kv-vpn-authentication-fail-jav20022 ↳ivanti-ps-kv-vpn-authentication-sml31064 ↳juniper-ps-cef-endpoint-authentication-fail-authfailed endpoint-login:success (authentication-successful) ↳juniper-ps-str-vpn-login-success-fullycompliant ↳juniper-ps-kv-vpn-login-success-firewall-3 ↳juniper-ps-mix-vpn-login-success-authenticationsuccessful ↳juniper-ps-kv-vpn-login-success-sso ↳juniper-ps-cef-vpn-login-success-passed ↳juniper-ps-str-vpn-login-success-passed ↳juniper-ps-mix-vpn-login-success-authenticationsuccessful-aut24326 ↳juniper-ps-sk4-vpn-authentication-success-authsuccess ↳juniper-ps-sk4-vpn-authentication-success-restrictionspassed ↳ivanti-ps-kv-vpn-authentication-success-sml31067 ↳ivanti-ps-kv-vpn-authentication-success-jav32168 ↳juniper-ps-sk4-vpn-authentication-success-authsuccess-1 ↳ivanti-ps-kv-vpn-authentication-success-aut31263 ↳ivanti-ps-kv-vpn-authentication-success-aut31266 ↳ivanti-ps-kv-vpn-authentication-success-aut30544 ↳ivanti-ps-kv-vpn-authentication-sml31064 vpn-login:fail (failed-vpn-login) ↳juniper-ps-sk4-vpn-login-fail-loginfailed ↳juniper-ps-cef-vpn-login-fail-loginfail ↳ivanti-ps-kv-vpn-login-fail-err23467 ↳juniper-ps-str-vpn-login-fail-hostfailed ↳juniper-ps-str-vpn-login-fail-loginfailed ↳juniper-ps-str-vpn-login-fail-loginfailed-1 ↳ivanti-ps-kv-vpn-login-fail-fullynoncompliant ↳juniper-ps-cef-vpn-login-fail-loginfailed ↳ivanti-ps-kv-vpn-login-fail-aut24804 ↳juniper-ps-cef-vpn-login-fail-secureaccess-1 ↳juniper-ps-str-vpn-login-fail-partiallycompliant ↳juniper-ps-sk4-vpn-login-fail-authloginfailed ↳ivanti-ps-kv-vpn-login-fail-web31809 ↳juniper-ps-str-vpn-login-fail-partiallycompliant-aut31984 ↳juniper-ps-mix-vpn-login-fail-hostchecker vpn-login:success (vpn-login) ↳juniper-ps-cef-vpn-login-success-openedconnection ↳juniper-ps-sk4-vpn-login-success-agentlogin ↳juniper-ps-str-vpn-login-success-login-1 ↳ivanti-ps-kv-vpn-login-success-aut31504 ↳juniper-ps-str-vpn-login-success-started-1 ↳juniper-ps-cef-vpn-login-success-sessionstartedforuser ↳juniper-ps-cef-vpn-login-success-userconnected ↳juniper-ps-str-vpn-login-success-resume ↳juniper-ps-str-vpn-login-success-pulsesecure ↳ivanti-ps-kv-vpn-login-success-aut32033 ↳juniper-ps-sk4-vpn-login-success-connectedwithip ↳juniper-ps-str-vpn-login-success-pulsesecure-adm22668 ↳juniper-ps-sk4-vpn-login-success-sessionresumed ↳juniper-ps-cef-vpn-login-success-secureaccess-3 ↳juniper-ps-cef-vpn-login-success-secureaccess-2 ↳ivanti-ps-kv-vpn-login-success-sessionstartedforuser ↳juniper-ps-sk4-vpn-login-success-sessionstarted ↳juniper-ps-cef-vpn-login-success-connected-1 ↳juniper-ps-cef-vpn-login-success-connected-2 ↳juniper-ps-str-vpn-login-success-login ↳ivanti-ps-kv-vpn-login-success-eam30446 ↳juniper-ps-cef-vpn-login-success-loginsucceeded ↳juniper-ps-kv-vpn-login-success-connectionwith ↳juniper-ps-kv-vpn-login-success-firewall ↳juniper-ps-str-vpn-login-success-succeeded ↳juniper-ps-str-vpn-login-success-startedaovpn ↳juniper-ps-cef-vpn-login-success-userlogin ↳juniper-ps-kv-vpn-login-success-23464 ↳juniper-ps-str-vpn-login-success-connected ↳ivanti-ps-str-vpn-login-success-sessionstarted ↳juniper-ps-str-vpn-login-success-started ↳juniper-ps-cef-vpn-login-success-login-1 ↳juniper-ps-cef-vpn-login-success-sessionresumed ↳juniper-ps-json-vpn-login-success-started ↳juniper-ps-cef-vpn-login-success-vpntunnelingstarted ↳ivanti-ps-str-vpn-login-success-connectionwith ↳juniper-ps-str-vpn-login-success-sessionstarted ↳juniper-ps-str-vpn-login-success-connected-2 ↳juniper-ps-cef-vpn-login-success-agentloginsucceededfor ↳juniper-ps-str-vpn-login-success-connected-1 ↳juniper-ps-cef-vpn-login-success-hostcheckerpolicy ↳juniper-ps-kv-vpn-login-success-firewall-1 ↳juniper-ps-kv-vpn-login-success-firewall-2 ↳juniper-ps-kv-vpn-login-success-secureaccess ↳juniper-ps-cef-vpn-login-success-connected ↳ivanti-ps-kv-vpn-login-success-sessioncreated vpn-logout:success (vpn-logout) ↳juniper-ps-str-vpn-logout-success-ended ↳juniper-ps-cef-vpn-logout-success-secureaccess ↳ivanti-ps-kv-vpn-logout-success-aut20914 ↳ivanti-ps-kv-vpn-logout-success-aut22818 ↳juniper-ps-cef-vpn-logout-success-closedconnection ↳juniper-ps-str-vpn-logout-success-closed ↳juniper-ps-kv-vpn-logout-success-mcafee ↳juniper-ps-kv-vpn-logout-success-firewall-1 ↳juniper-ps-kv-vpn-logout-success-closed ↳ivanti-ps-str-vpn-logout-success-sessionended-1 ↳juniper-ps-cef-vpn-logout-success-closed ↳juniper-ps-str-vpn-logout-success-loggedout-adm23573 ↳juniper-ps-cef-vpn-logout-success-timedout ↳juniper-ps-json-vpn-logout-success-closed ↳juniper-ps-sk4-vpn-logout-success-sessionended ↳juniper-ps-cef-vpn-logout-success-juniper ↳juniper-ps-cef-vpn-logout-success-sessionendedeforuser ↳juniper-ps-str-vpn-logout-success-sessiontimedout ↳juniper-ps-sk4-vpn-logout-success-closedconnection ↳juniper-ps-sk4-vpn-logout-success-sessiontimedout ↳ivanti-ps-kv-vpn-logout-success-notauthenticated ↳juniper-ps-cef-vpn-logout-success-vpntunnelingended ↳juniper-ps-kv-vpn-logout-success-juniper ↳juniper-ps-str-vpn-logout-success-timeout ↳juniper-ps-cef-vpn-logout-success-adminidletimeout ↳ivanti-ps-kv-vpn-logout-success-aut22927 ↳ivanti-ps-kv-vpn-logout-success-nwc32164 ↳juniper-ps-cef-vpn-logout-success-terminated ↳juniper-ps-str-vpn-logout-success-logout ↳juniper-ps-str-vpn-logout-success-terminated ↳ivanti-ps-kv-vpn-logout-success-nwc32185 ↳juniper-ps-cef-vpn-logout-success-authenticated ↳juniper-ps-cef-vpn-logout-success-ended ↳juniper-ps-kv-vpn-logout-success-firewall ↳juniper-ps-sk4-vpn-logout-success-sessionlogout ↳ivanti-ps-kv-vpn-logout-success-sessiondeleted ↳juniper-ps-cef-vpn-logout-success-userlogout ↳juniper-ps-cef-vpn-logout-success-loggedoutfrom ↳ivanti-ps-str-vpn-logout-success-notauthenticated ↳juniper-ps-cef-vpn-logout-success-logout ↳ivanti-ps-kv-vpn-logout-success-aut31829 ↳juniper-ps-str-vpn-logout-success-loggedout ↳ivanti-ps-str-vpn-logout-success-sessiondeleted http-traffic:success (web-activity-allowed) ↳juniper-ps-str-http-session-success-request ↳juniper-ps-str-http-session-success-request-1 ↳juniper-ps-str-http-session-success-request-2 ↳juniper-ps-cef-http-session-success-webrequestcompleted T1021 - Remote ServicesT1071 - Application Layer ProtocolT1071.001 - Application Layer Protocol: Web ProtocolsT1078 - Valid AccountsT1133 - External Remote Services 35 Rules13 Models Account Manipulation user-delete:success (account-deleted) ↳juniper-ps-str-user-delete-success-modified ↳juniper-ps-sk4-user-delete-success-accountmodified ↳juniper-ps-cef-user-delete-fail-juniper ↳juniper-ps-str-user-delete-fail-firewall scheduled_task-trigger:success (app-activity) ↳juniper-ps-kv-app-activity-success-webrequestcomplect ↳juniper-ps-cef-app-activity-success-requestcompleted vpn-logout:success (vpn-logout) ↳juniper-ps-str-vpn-logout-success-ended ↳juniper-ps-cef-vpn-logout-success-secureaccess ↳ivanti-ps-kv-vpn-logout-success-aut20914 ↳ivanti-ps-kv-vpn-logout-success-aut22818 ↳juniper-ps-cef-vpn-logout-success-closedconnection ↳juniper-ps-str-vpn-logout-success-closed ↳juniper-ps-kv-vpn-logout-success-mcafee ↳juniper-ps-kv-vpn-logout-success-firewall-1 ↳juniper-ps-kv-vpn-logout-success-closed ↳ivanti-ps-str-vpn-logout-success-sessionended-1 ↳juniper-ps-cef-vpn-logout-success-closed ↳juniper-ps-str-vpn-logout-success-loggedout-adm23573 ↳juniper-ps-cef-vpn-logout-success-timedout ↳juniper-ps-json-vpn-logout-success-closed ↳juniper-ps-sk4-vpn-logout-success-sessionended ↳juniper-ps-cef-vpn-logout-success-juniper ↳juniper-ps-cef-vpn-logout-success-sessionendedeforuser ↳juniper-ps-str-vpn-logout-success-sessiontimedout ↳juniper-ps-sk4-vpn-logout-success-closedconnection ↳juniper-ps-sk4-vpn-logout-success-sessiontimedout ↳ivanti-ps-kv-vpn-logout-success-notauthenticated ↳juniper-ps-cef-vpn-logout-success-vpntunnelingended ↳juniper-ps-kv-vpn-logout-success-juniper ↳juniper-ps-str-vpn-logout-success-timeout ↳juniper-ps-cef-vpn-logout-success-adminidletimeout ↳ivanti-ps-kv-vpn-logout-success-aut22927 ↳ivanti-ps-kv-vpn-logout-success-nwc32164 ↳juniper-ps-cef-vpn-logout-success-terminated ↳juniper-ps-str-vpn-logout-success-logout ↳juniper-ps-str-vpn-logout-success-terminated ↳ivanti-ps-kv-vpn-logout-success-nwc32185 ↳juniper-ps-cef-vpn-logout-success-authenticated ↳juniper-ps-cef-vpn-logout-success-ended ↳juniper-ps-kv-vpn-logout-success-firewall ↳juniper-ps-sk4-vpn-logout-success-sessionlogout ↳ivanti-ps-kv-vpn-logout-success-sessiondeleted ↳juniper-ps-cef-vpn-logout-success-userlogout ↳juniper-ps-cef-vpn-logout-success-loggedoutfrom ↳ivanti-ps-str-vpn-logout-success-notauthenticated ↳juniper-ps-cef-vpn-logout-success-logout ↳ivanti-ps-kv-vpn-logout-success-aut31829 ↳juniper-ps-str-vpn-logout-success-loggedout ↳ivanti-ps-str-vpn-logout-success-sessiondeleted T1098 - Account ManipulationT1098.002 - Account Manipulation: Exchange Email Delegate PermissionsT1136 - Create AccountT1484 - Group Policy ModificationT1531 - Account Access Removal 12 Rules8 Models Cryptomining http-traffic:success (web-activity-allowed) ↳juniper-ps-str-http-session-success-request ↳juniper-ps-str-http-session-success-request-1 ↳juniper-ps-str-http-session-success-request-2 ↳juniper-ps-cef-http-session-success-webrequestcompleted T1071 - Application Layer ProtocolT1071.001 - Application Layer Protocol: Web ProtocolsT1496 - Resource Hijacking 1 Rules Workforce Protection http-traffic:success (web-activity-allowed) ↳juniper-ps-str-http-session-success-request ↳juniper-ps-str-http-session-success-request-1 ↳juniper-ps-str-http-session-success-request-2 ↳juniper-ps-cef-http-session-success-webrequestcompleted T1071 - Application Layer ProtocolT1071.001 - Application Layer Protocol: Web Protocols 4 Rules2 Models Next Page -->> MITRE ATT&CK® Framework for Enterprise Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Phishing: Spearphishing LinkExternal Remote ServicesValid AccountsDrive-by CompromiseExploit Public Fasing ApplicationPhishing User Execution Create AccountExternal Remote ServicesValid AccountsAccount ManipulationAccount Manipulation: Exchange Email Delegate Permissions Valid AccountsGroup Policy Modification Group Policy ModificationValid Accounts Brute ForceSteal or Forge Kerberos TicketsCredentials from Password StoresSteal or Forge Kerberos Tickets: Kerberoasting Remote ServicesInternal Spearphishing Email CollectionEmail Collection: Email Forwarding Rule Web ServiceApplication Layer Protocol: Web ProtocolsDynamic ResolutionDynamic Resolution: Domain Generation AlgorithmsProxy: Multi-hop ProxyApplication Layer ProtocolProxy Exfiltration Over Alternative ProtocolExfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolExfiltration Over Physical Medium: Exfiltration over USBExfiltration Over C2 ChannelExfiltration Over Physical MediumExfiltration Over Web Service: Exfiltration to Cloud StorageExfiltration Over Web Service Account Access RemovalResource Hijacking