Product: Squid
Use-Case: Lateral Movement
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 9 | 0 | 5 | 2 | 5 |
| Event Type | Rules | Models |
|---|---|---|
| web-activity-allowed | T1190 - Exploit Public Fasing Application ↳ A-NET-Log4j-IP: Asset was accessed by an external IP associated with Log4j exploit T1090 - Proxy ↳ WEB-UD-TorProxy: User has accessed a known Tor web proxy ↳ WEB-UI-Tor: User has accessed a known Tor exit node ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site ↳ A-WEB-TorProxy: Asset has accessed a known Tor web proxy ↳ A-WEB-UU-Tor: Asset has accessed a URL containing '/tor/server' ↳ A-NET-TOR-Outbound: Outbound connection to a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ WEB-UD-TorProxy: User has accessed a known Tor web proxy ↳ WEB-UI-Tor: User has accessed a known Tor exit node ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site ↳ A-WEB-TorProxy: Asset has accessed a known Tor web proxy ↳ A-WEB-UU-Tor: Asset has accessed a URL containing '/tor/server' ↳ A-NET-TOR-Outbound: Outbound connection to a known TOR IP T1071 - Application Layer Protocol ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site T1071.001 - Application Layer Protocol: Web Protocols ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site |
|
| web-activity-denied | T1190 - Exploit Public Fasing Application ↳ A-NETF-Log4j-IP: There was a failed attempt to access this asset by an external IP associated with Log4j exploit T1090 - Proxy ↳ WEB-UD-TorProxy: User has accessed a known Tor web proxy ↳ WEB-UI-Tor: User has accessed a known Tor exit node ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site ↳ A-WEB-TorProxy: Asset has accessed a known Tor web proxy ↳ A-WEB-UU-Tor: Asset has accessed a URL containing '/tor/server' ↳ A-NETF-TOR-Outbound: Outbound failed connection to a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ WEB-UD-TorProxy: User has accessed a known Tor web proxy ↳ WEB-UI-Tor: User has accessed a known Tor exit node ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site ↳ A-WEB-TorProxy: Asset has accessed a known Tor web proxy ↳ A-WEB-UU-Tor: Asset has accessed a URL containing '/tor/server' ↳ A-NETF-TOR-Outbound: Outbound failed connection to a known TOR IP T1071 - Application Layer Protocol ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site T1071.001 - Application Layer Protocol: Web Protocols ↳ WEB-URank-Tor: User has accessed a tor-to-web proxy site |