| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 176 | 75 | 33 | 6 | 18 |
| Use-Case | Activity Types (Legacy Event Type)/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols |
|
| Compromised Credentials | alert-trigger:success (security-alert) ↳trendmicro-officescan-kv-alert-trigger-success-deepsecuritymanager ↳trendmicro-officescan-kv-alert-trigger-success-logvirus ↳trendmicro-officescan-str-alert-trigger-success-virus ↳trendmicro-officescan-kv-alert-trigger-success-contentfiltering ↳trendmicro-officescan-kv-alert-trigger-success-logdevicecontrol ↳trendmicro-officescan-kv-alert-trigger-success-logurlfiltering ↳trendmicro-officescan-kv-alert-trigger-success-logspyware ↳trendmicro-officescan-kv-alert-trigger-success-trendmicro ↳trendmicro-officescan-kv-alert-trigger-success-logbehavior ↳trendmicro-officescan-kv-alert-trigger-success-officescanserver ↳trendmicro-officescan-kv-alert-trigger-success-ccca ↳trendmicro-officescan-kv-alert-trigger-success-logpredictive ↳trendmicro-officescan-kv-alert-trigger-success-webreputation ↳trendmicro-officescan-str-alert-trigger-success-officescan ↳trendmicro-officescan-kv-alert-trigger-success-callbackdetected ↳trendmicro-officescan-kv-alert-trigger-success-lognetworkvirus ↳trendmicro-officescan-cef-email-send-success-controlmanager http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1027 - Obfuscated Files or Information T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204 - User Execution T1204.001 - T1204.001 T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cryptomining | http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking |
|
| Phishing | email-send:success (dlp-email-alert-out) ↳trendmicro-officescan-cef-email-send-success-controlmanager http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204 - User Execution T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1598 - T1598 T1598.003 - T1598.003 |
|
| Ransomware | http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols |
|
| Workforce Protection | email-send:success (dlp-email-alert-out) ↳trendmicro-officescan-cef-email-send-success-controlmanager http-traffic:success (web-activity-allowed) ↳trendmicro-officescan-cef-http-session-success-controlmanager |
T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols |
|
| Next Page -->> |