Skip to content

Latest commit

 

History

History
20 lines (18 loc) · 4.84 KB

ds_rsa_rsa_ecat.md

File metadata and controls

20 lines (18 loc) · 4.84 KB

Vendor: RSA

Product: RSA ECAT

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
30 11 7 1 0
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Compromised Credentials alert-trigger:success (security-alert)
rsa-ecat-cef-alert-trigger-success-ecatalert
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1133 - External Remote Services
T1190 - Exploit Public Fasing Application
  • 23 Rules
  • 9 Models
Lateral Movement alert-trigger:success (security-alert)
rsa-ecat-cef-alert-trigger-success-ecatalert
T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malware alert-trigger:success (security-alert)
rsa-ecat-cef-alert-trigger-success-ecatalert
TA0002 - TA0002
  • 4 Rules
  • 2 Models
Privileged Activity alert-trigger:success (security-alert)
rsa-ecat-cef-alert-trigger-success-ecatalert
T1068 - Exploitation for Privilege Escalation
  • 1 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
External Remote Services

Valid Accounts

Exploit Public Fasing Application

External Remote Services

Valid Accounts

Valid Accounts

Exploitation for Privilege Escalation

Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information