Skip to content

Latest commit

 

History

History
25 lines (23 loc) · 8.23 KB

ds_onespan_onespan_sign.md

File metadata and controls

25 lines (23 loc) · 8.23 KB
Raw

Vendor: OneSpan

Product: OneSpan Sign

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
27 4 13 1 0
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1078 - Valid Accounts
T1110 - Brute Force
  • 5 Rules
  • 2 Models
Brute Force Attack endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1110 - Brute Force
T1110.003 - T1110.003
  • 9 Rules
Compromised Credentials endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Lateral Movement endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models
Malware endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1210 - Exploitation of Remote Services
  • 1 Rules
Privilege Abuse endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Privilege Escalation endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1210 - Exploitation of Remote Services
  • 1 Rules
Privileged Activity endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Ransomware endpoint-login:fail (failed-logon)
onespan-osign-kv-endpoint-login-fail-ikeyserver
 T1078 - Valid Accounts
  • 1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Valid Accounts

 Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

Use Alternate Authentication Material: Pass the Ticket

 Brute Force

Steal or Forge Kerberos Tickets

 Exploitation of Remote Services

Remote Services

Use Alternate Authentication Material

Remote Services: Remote Desktop Protocol

 Proxy: Multi-hop Proxy

Proxy