Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 13.9 KB

ds_sophos_sophos_endpoint_protection.md

File metadata and controls

22 lines (20 loc) · 13.9 KB
Raw

Vendor: Sophos

Product: Sophos Endpoint Protection

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
162 65 31 10 36
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Abnormal Authentication & Access http-session:fail (web-activity-denied)
sophos-ep-json-http-session-fail-endpoint
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 3 Rules
  • 3 Models
Compromised Credentials alert-trigger:success (network-alert)
sophos-ep-kv-alert-trigger-success-devicecontrol

alert-trigger:success (security-alert)
sophos-ep-xml-alert-trigger-success-antivirus
sophos-ep-json-alert-trigger-success-webcontrolviolation
sophos-ep-leef-alert-trigger-success-spyware
sophos-ep-sk4-alert-trigger-success-userauthorised
sophos-ep-cef-alert-trigger-success-applicationcontrol
sophos-ep-leef-alert-trigger-success-enterpriseconsole
sophos-ep-json-alert-trigger-success-applicationblocked
sophos-ep-cef-alert-trigger-success-corepuadetected
sophos-ep-sk4-alert-trigger-success-userblocked
sophos-ep-kv-alert-trigger-success-virus
sophos-ep-kv-alert-trigger-success-alerttriggerd
sophos-ep-json-alert-trigger-success-datalosspreventionuserblocked
sophos-ep-json-alert-trigger-success-datalosspreventionuserallowed
sophos-ep-kv-alert-trigger-success-alertdetected
sophos-ep-kv-alert-trigger-success-variablebindings
sophos-invincea-kv-alert-trigger-success-invincea
sophos-invincea-leef-alert-trigger-success-kiwisyslogserver
sophos-ep-cef-alert-trigger-success-coredetection
sophos-ep-cef-alert-trigger-success-corecleanfailed
sophos-ep-cef-alert-trigger-success-endpointfirewall
sophos-ep-cef-alert-trigger-success-corepuacleanfailed
sophos-ep-cef-alert-trigger-success-hmpaexploitprevented
sophos-ep-cef-alert-trigger-success-webfilteringblocked
sophos-ep-cef-alert-trigger-success-hmpabehaviourprevented
sophos-ep-cef-alert-trigger-success-applicationcontrol-1
sophos-ep-kv-alert-trigger-success-728

http-session:fail (web-activity-denied)
sophos-ep-json-http-session-fail-endpoint
 T1027 - Obfuscated Files or Information
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1133 - External Remote Services
T1189 - Drive-by Compromise
T1190 - Exploit Public Fasing Application
T1204 - User Execution
T1204.001 - T1204.001
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 66 Rules
  • 31 Models
Cryptomining http-session:fail (web-activity-denied)
sophos-ep-json-http-session-fail-endpoint
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 1 Rules
Phishing http-session:fail (web-activity-denied)
sophos-ep-json-http-session-fail-endpoint
 T1189 - Drive-by Compromise
T1204 - User Execution
T1204.001 - T1204.001
T1534 - Internal Spearphishing
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
T1598 - T1598
T1598.003 - T1598.003
  • 3 Rules
Ransomware http-session:fail (web-activity-denied)
sophos-ep-json-http-session-fail-endpoint
 T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 1 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Drive-by Compromise

Exploit Public Fasing Application

Replication Through Removable Media

Phishing

 User Execution

 External Remote Services

Valid Accounts

 Valid Accounts

Exploitation for Privilege Escalation

 Obfuscated Files or Information: Indicator Removal from Tools

Valid Accounts

Obfuscated Files or Information

 Replication Through Removable Media

Internal Spearphishing

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Physical Medium: Exfiltration over USB

Exfiltration Over Physical Medium

Automated Exfiltration

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking