Skip to content

Latest commit

 

History

History
17 lines (15 loc) · 2.33 KB

ds_splunk_splunk_stream.md

File metadata and controls

17 lines (15 loc) · 2.33 KB
Raw

Vendor: Splunk

Product: Splunk Stream

Rules Models MITRE ATT&CK® TTPs Activity Types Parsers
5 0 5 2 0
Use-Case Activity Types (Legacy Event Type)/Parsers MITRE ATT&CK® TTP Content
Malware dns-request:fail (dns-query)
splunk-stream-json-dns-request-success-query

dns-response:success (dns-response)
splunk-stream-json-dns-response-success-messagetype
 T1071 - Application Layer Protocol
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1583 - T1583
T1583.001 - T1583.001
  • 5 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Application Layer Protocol