| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 59 | 20 | 10 | 3 | 3 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Lateral Movement | network-traffic:fail (network-connection-failed) ↳microsoft-azure-sk4-network-traffic-success-firewallnetworkrule network-traffic:success (network-connection-successful) ↳microsoft-azure-sk4-network-traffic-success-firewallnetworkrule ↳microsoft-azure-sk4-network-traffic-success-firewallapp |
T1071 - Application Layer Protocol T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011 |
|
| Malware | dns-request:fail (dns-query) ↳microsoft-azurefw-json-dns-request-success-azfwdnsquery network-traffic:fail (network-connection-failed) ↳microsoft-azure-sk4-network-traffic-success-firewallnetworkrule network-traffic:success (network-connection-successful) ↳microsoft-azure-sk4-network-traffic-success-firewallnetworkrule ↳microsoft-azure-sk4-network-traffic-success-firewallapp |
T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 TA0011 - TA0011 |
|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Exploit Public Fasing Application |
Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy |