Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 5.49 KB

ds_phantom_phantom.md

File metadata and controls

22 lines (20 loc) · 5.49 KB
Raw

Vendor: Phantom

Product: Phantom

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
37 16 4 2 0
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Data Leak email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 32 Rules
  • 15 Models
Malware email-receive:success (dlp-email-alert-in)
phantom-p-kv-email-receive-success-emailreceived

email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1190 - Exploit Public Fasing Application
  • 1 Rules
Phishing email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 1 Rules
  • 1 Models
Privilege Abuse email-receive:success (dlp-email-alert-in)
phantom-p-kv-email-receive-success-emailreceived

email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1078 - Valid Accounts
  • 1 Rules
Privileged Activity email-receive:success (dlp-email-alert-in)
phantom-p-kv-email-receive-success-emailreceived

email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1078 - Valid Accounts
  • 1 Rules
Workforce Protection email-send:success (dlp-email-alert-out)
phantom-p-kv-email-receive-success-emailreceived
 T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Valid Accounts

Exploit Public Fasing Application

 Valid Accounts

 Valid Accounts

 Valid Accounts

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol