Skip to content

Latest commit

 

History

History
795 lines (793 loc) · 179 KB

uc_data_access.md

File metadata and controls

795 lines (793 loc) · 179 KB
Raw

Use Case: Data Access

Vendor: AVI Networks

Product MITRE ATT&CK® TTP Content
AVI Networks Software Load Balancer T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Absolute

Product MITRE ATT&CK® TTP Content
Absolute DDS T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Accellion

Product MITRE ATT&CK® TTP Content
Kiteworks T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Adaxes

Product MITRE ATT&CK® TTP Content
Adaxes T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Airlock

Product MITRE ATT&CK® TTP Content
Airlock Allowlisting T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Airlock Security Access Hub T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 30 Rules
  • 17 Models

Vendor: Akamai

Product MITRE ATT&CK® TTP Content
Akamai Guardicore T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Amazon

Product MITRE ATT&CK® TTP Content
AWS CloudTrail T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 38 Rules
  • 21 Models
AWS GuardDuty T1213 - Data from Information Repositories
  • 10 Rules
  • 5 Models
AWS Redshift T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models
Amazon RDS T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: Anywhere365

Product MITRE ATT&CK® TTP Content
Anywhere365 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Apache

Product MITRE ATT&CK® TTP Content
Apache Guacamole T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
Apache Subversion T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: AssetView

Product MITRE ATT&CK® TTP Content
AssetView T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Atlassian

Product MITRE ATT&CK® TTP Content
Atlassian T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Atlassian BitBucket T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Auth0

Product MITRE ATT&CK® TTP Content
Auth0 T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Banyan Security

Product MITRE ATT&CK® TTP Content
Banyan Security T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Barracuda

Product MITRE ATT&CK® TTP Content
Barracuda Cloudgen Firewall T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: BeyondTrust

Product MITRE ATT&CK® TTP Content
BeyondInsight T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 21 Rules
  • 11 Models
BeyondTrust T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
BeyondTrust Privileged Identity T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
BeyondTrust Secure Remote Access T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Bitdefender

Product MITRE ATT&CK® TTP Content
GravityZone T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Bitglass

Product MITRE ATT&CK® TTP Content
Bitglass CASB T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 30 Rules
  • 17 Models

Vendor: BlackBerry

Product MITRE ATT&CK® TTP Content
BlackBerry Protect T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Box

Product MITRE ATT&CK® TTP Content
Box Cloud Content Management T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Bromium

Product MITRE ATT&CK® TTP Content
Bromium Secure Platform T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: CA Technologies

Product MITRE ATT&CK® TTP Content
CA Privileged Access Manager Server Control T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: CatoNetworks

Product MITRE ATT&CK® TTP Content
Cato Cloud T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: Check Point

Product MITRE ATT&CK® TTP Content
Check Point Identity Awareness T1110 - Brute Force
  • 1 Rules
  • 1 Models
Check Point NGFW T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models
Check Point Security Gateway T1110 - Brute Force
  • 1 Rules
  • 1 Models
SmartDefense T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Checkmarx

Product MITRE ATT&CK® TTP Content
Checkmarx T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Cisco

Product MITRE ATT&CK® TTP Content
AnyConnect T1110 - Brute Force
  • 1 Rules
  • 1 Models
Cisco T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Cisco ACS T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Cisco Adaptive Security Appliance T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1110 - Brute Force
  • 3 Rules
  • 1 Models
Cisco Firepower T1003 - OS Credential Dumping
T1110 - Brute Force
  • 2 Rules
  • 1 Models
Cisco IOS T1003 - OS Credential Dumping
  • 1 Rules
Cisco ISE T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models
Cisco Meraki MX appliance T1110 - Brute Force
  • 1 Rules
  • 1 Models
Cisco Secure Network Analytics T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
Cisco Umbrella T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Duo Access T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Citrix

Product MITRE ATT&CK® TTP Content
Citrix Endpoint Management T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Citrix Gateway T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1110 - Brute Force
  • 21 Rules
  • 12 Models
Citrix Gateway Connector For Exchange ActiveSync T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Citrix ShareFile T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Citrix Virtual Apps T1078 - Valid Accounts
T1110 - Brute Force
  • 6 Rules
  • 5 Models

Vendor: Claroty

Product MITRE ATT&CK® TTP Content
CTD T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Clearsense

Product MITRE ATT&CK® TTP Content
Clearsense T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Click Studios

Product MITRE ATT&CK® TTP Content
Passwordstate T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Cloudflare

Product MITRE ATT&CK® TTP Content
Cloudflare Insights T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Code42

Product MITRE ATT&CK® TTP Content
Code42 Incydr T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Cohesity

Product MITRE ATT&CK® TTP Content
Cohesity DataPlatform T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: CrowdStrike

Product MITRE ATT&CK® TTP Content
Falcon T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 45 Rules
  • 24 Models

Vendor: CyberArk

Product MITRE ATT&CK® TTP Content
CyberArk Privilege Access Manager T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Darktrace

Product MITRE ATT&CK® TTP Content
Darktrace T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Delinea

Product MITRE ATT&CK® TTP Content
Centrify Audit and Monitoring Service T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
Centrify Infrastructure Services T1003 - OS Credential Dumping
  • 1 Rules
Centrify Zero Trust Privilege Services T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Thycotic Software Secret Server T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Dell

Product MITRE ATT&CK® TTP Content
EMC Isilon T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
One Identity Manager T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Sonicwall T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: Digital Guardian

Product MITRE ATT&CK® TTP Content
Digital Guardian Endpoint Protection T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Dropbox

Product MITRE ATT&CK® TTP Content
Dropbox T1078 - Valid Accounts
T1083 - File and Directory Discovery
T1110 - Brute Force
  • 44 Rules
  • 25 Models

Vendor: Dtex Systems

Product MITRE ATT&CK® TTP Content
DTEX InTERCEPT T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
  • 25 Rules
  • 13 Models

Vendor: EMP

Product MITRE ATT&CK® TTP Content
EMP T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: ESET

Product MITRE ATT&CK® TTP Content
ESET Endpoint Security T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: ESector

Product MITRE ATT&CK® TTP Content
ESector DEFESA Logger T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Egnyte

Product MITRE ATT&CK® TTP Content
Egnyte T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Epic

Product MITRE ATT&CK® TTP Content
Epic SIEM T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Exabeam

Product MITRE ATT&CK® TTP Content
Search T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: F5

Product MITRE ATT&CK® TTP Content
F5 Access Policy Manager T1110 - Brute Force
  • 1 Rules
  • 1 Models
F5 Advanced Web Application Firewall T1003 - OS Credential Dumping
  • 1 Rules
F5 BIG-IP T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: FTP

Product MITRE ATT&CK® TTP Content
FTP T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Fast Enterprises

Product MITRE ATT&CK® TTP Content
Fast Enterprises GenTax T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: FileAuditor

Product MITRE ATT&CK® TTP Content
FileAuditor T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: FireEye

Product MITRE ATT&CK® TTP Content
FireEye Endpoint Security (HX) T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
FireEye Network Security (NX) T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: FireMon

Product MITRE ATT&CK® TTP Content
FireMon T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Forcepoint

Product MITRE ATT&CK® TTP Content
Forcepoint CASB T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Fortinet

Product MITRE ATT&CK® TTP Content
FortiGate T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models
Fortinet Enterprise Firewall T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Fortinet UTM T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: GitHub

Product MITRE ATT&CK® TTP Content
GitHub T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 21 Rules
  • 11 Models

Vendor: GoAnywhere

Product MITRE ATT&CK® TTP Content
GoAnywhere MFT T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Google

Product MITRE ATT&CK® TTP Content
Google Cloud Platform T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 37 Rules
  • 21 Models
Google Workspace T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: HP

Product MITRE ATT&CK® TTP Content
Aruba ClearPass Policy Manager T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
HP Virtual Connect Enterprise Manager T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
HP iLO T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
HPE Comware T1003 - OS Credential Dumping
  • 1 Rules

Vendor: HashiCorp

Product MITRE ATT&CK® TTP Content
HashiCorp Vault T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: HelpSystems

Product MITRE ATT&CK® TTP Content
Powertech Identity and Access Manager T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
  • 25 Rules
  • 13 Models

Vendor: Hornet

Product MITRE ATT&CK® TTP Content
Hornetsecurity Cloud Email Security Services T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Huawei

Product MITRE ATT&CK® TTP Content
Huawei Unified Security Gateway T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
T1213 - Data from Information Repositories
  • 43 Rules
  • 23 Models

Vendor: IBM

Product MITRE ATT&CK® TTP Content
DB2 T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
Guardium T1213 - Data from Information Repositories
  • 36 Rules
  • 19 Models
IBM T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
IBM Mainframe T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
IBM Resource Access Control Facility T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 30 Rules
  • 16 Models
Sametime T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: ICDB

Product MITRE ATT&CK® TTP Content
ICDB T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Imperva

Product MITRE ATT&CK® TTP Content
CounterBreach T1213 - Data from Information Repositories
  • 30 Rules
  • 16 Models
Imperva File Activity Monitoring T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
Imperva SecureSphere T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 42 Rules
  • 23 Models

Vendor: Imprivata

Product MITRE ATT&CK® TTP Content
Imprivata T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: InfoWatch

Product MITRE ATT&CK® TTP Content
InfoWatch DLP T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Infoblox

Product MITRE ATT&CK® TTP Content
BloxOne DDI T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Ipswitch

Product MITRE ATT&CK® TTP Content
MoveIt Transfer T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Ivanti

Product MITRE ATT&CK® TTP Content
Ivanti Pulse Secure T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models

Vendor: Jumpcloud

Product MITRE ATT&CK® TTP Content
Jumpcloud T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Juniper Networks

Product MITRE ATT&CK® TTP Content
Junos OS T1003 - OS Credential Dumping
  • 1 Rules

Vendor: Kemp

Product MITRE ATT&CK® TTP Content
Kemp LoadMaster T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: LEAP

Product MITRE ATT&CK® TTP Content
LEAP T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: LOGBinder

Product MITRE ATT&CK® TTP Content
LOGBinder for SharePoint T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: LanScope

Product MITRE ATT&CK® TTP Content
LanScope Cat T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: LastPass

Product MITRE ATT&CK® TTP Content
LastPass T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Lenel

Product MITRE ATT&CK® TTP Content
OnGuard T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: LiquidFiles

Product MITRE ATT&CK® TTP Content
LiquidFiles T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: LogRhythm

Product MITRE ATT&CK® TTP Content
LogRhythm T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: ManageEngine

Product MITRE ATT&CK® TTP Content
ADAuditPlus T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
ADSSP T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
PAM360 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: MariaDB

Product MITRE ATT&CK® TTP Content
MariaDB T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: MasterSAM

Product MITRE ATT&CK® TTP Content
MasterSAM PAM T1213 - Data from Information Repositories
  • 10 Rules
  • 5 Models

Vendor: McAfee

Product MITRE ATT&CK® TTP Content
McAfee DAM T1213 - Data from Information Repositories
  • 36 Rules
  • 19 Models
McAfee Endpoint Security T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models
McAfee Network Security Platform T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
Skyhigh Networks CASB T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Microsoft

Product MITRE ATT&CK® TTP Content
Azure T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Azure AD Activity Logs T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 38 Rules
  • 21 Models
Azure AD Sign-In Logs T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Azure ATP T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Azure Container Registry T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
Azure DevOps T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Azure Key Vault T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Azure MFA T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Azure Monitor T1078 - Valid Accounts
T1083 - File and Directory Discovery
T1213 - Data from Information Repositories
  • 61 Rules
  • 34 Models
Azure Monitor - VM Insights T1003 - OS Credential Dumping
  • 1 Rules
Event Viewer - BITS-Client T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Event Viewer - CAPI2 T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Event Viewer - PowerShell T1003 - OS Credential Dumping
  • 1 Rules
Event Viewer - RemoteDesktopServices T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Event Viewer - Security T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Event Viewer - Setup T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Event Viewer - System T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Event Viewer - WinNat T1110 - Brute Force
  • 1 Rules
  • 1 Models
MSSQL T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 19 Rules
  • 10 Models
Microsoft 365 T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 45 Rules
  • 24 Models
Microsoft CAS T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Microsoft Defender for Cloud T1213 - Data from Information Repositories
  • 30 Rules
  • 16 Models
Microsoft Defender for Endpoint T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Microsoft Exchange T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Microsoft Intune T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Microsoft RRAS T1110 - Brute Force
  • 1 Rules
  • 1 Models
Microsoft Sentinel T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 21 Rules
  • 11 Models
Microsoft WMI Log T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Sysmon T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Mimecast

Product MITRE ATT&CK® TTP Content
Mimecast Secure Email Gateway T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Mvision

Product MITRE ATT&CK® TTP Content
Mvision T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Mysql

Product MITRE ATT&CK® TTP Content
Mysql T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: NCP

Product MITRE ATT&CK® TTP Content
NCP T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: NNT

Product MITRE ATT&CK® TTP Content
NNT ChangeTracker T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Nasuni

Product MITRE ATT&CK® TTP Content
Nasuni T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: NetApp

Product MITRE ATT&CK® TTP Content
NetApp T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: NetDocs

Product MITRE ATT&CK® TTP Content
NetDocs T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: NetIQ

Product MITRE ATT&CK® TTP Content
Micro Focus NetIQ Identity Manager T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: NetMotion Wireless

Product MITRE ATT&CK® TTP Content
NetMotion Wireless T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: Netskope

Product MITRE ATT&CK® TTP Content
Netskope Security Cloud T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Netwrix

Product MITRE ATT&CK® TTP Content
Netwrix Auditor T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: NextDLP

Product MITRE ATT&CK® TTP Content
Reveal T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Nortel Contivity

Product MITRE ATT&CK® TTP Content
Nortel Contivity VPN T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: Nutanix

Product MITRE ATT&CK® TTP Content
Nutanix Unified Storage T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Okta

Product MITRE ATT&CK® TTP Content
Okta Adaptive MFA T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Onapsis

Product MITRE ATT&CK® TTP Content
Onapsis T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: OneLogin

Product MITRE ATT&CK® TTP Content
OneLogin T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: OneSpan

Product MITRE ATT&CK® TTP Content
Digipass for Apps T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Open VPN

Product MITRE ATT&CK® TTP Content
Open VPN T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models

Vendor: OpenLDAP

Product MITRE ATT&CK® TTP Content
OpenLDAP T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: OpenText

Product MITRE ATT&CK® TTP Content
eDOCS T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Oracle

Product MITRE ATT&CK® TTP Content
Oracle Access Management T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Oracle Database T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models
Oracle Public Cloud T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Solaris T1003 - OS Credential Dumping
  • 1 Rules

Vendor: Osirium

Product MITRE ATT&CK® TTP Content
Osirium T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Osquery

Product MITRE ATT&CK® TTP Content
Osquery T1078 - Valid Accounts
T1213 - Data from Information Repositories
  • 37 Rules
  • 21 Models

Vendor: Palo Alto Networks

Product MITRE ATT&CK® TTP Content
Cortex XDR T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
GlobalProtect T1078 - Valid Accounts
T1110 - Brute Force
  • 20 Rules
  • 12 Models
Palo Alto Aperture T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Password Manager Pro

Product MITRE ATT&CK® TTP Content
Password Manager Pro T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Perforce

Product MITRE ATT&CK® TTP Content
Perforce T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Ping Identity

Product MITRE ATT&CK® TTP Content
Ping Identity T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
PingOne T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: PostgreSQL

Product MITRE ATT&CK® TTP Content
PostgreSQL T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: PowerSentry

Product MITRE ATT&CK® TTP Content
PowerSentry T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Procad

Product MITRE ATT&CK® TTP Content
Pro.File DMS T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Proofpoint

Product MITRE ATT&CK® TTP Content
ObserveIT T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 21 Rules
  • 11 Models

Vendor: Qualys

Product MITRE ATT&CK® TTP Content
Qualys AssetView T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Quest Software

Product MITRE ATT&CK® TTP Content
Quest Change Auditor for Active Directory T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 30 Rules
  • 17 Models
Quest Change Auditor for SQL Server T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: RSA

Product MITRE ATT&CK® TTP Content
RSA Authentication Manager T1078 - Valid Accounts
  • 6 Rules
  • 4 Models
RSA NetWitness Platform T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
SecurID T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: RangerAudit

Product MITRE ATT&CK® TTP Content
RangerAudit T1078 - Valid Accounts
T1083 - File and Directory Discovery
T1213 - Data from Information Repositories
  • 62 Rules
  • 34 Models

Vendor: Rubrik

Product MITRE ATT&CK® TTP Content
Rubrik Cloud Data Management T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: SAP

Product MITRE ATT&CK® TTP Content
SAP T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Sailpoint

Product MITRE ATT&CK® TTP Content
IdentityNow T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models
SecurityIQ T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Salesforce

Product MITRE ATT&CK® TTP Content
Salesforce T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Saviynt

Product MITRE ATT&CK® TTP Content
Saviynt T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Secomea

Product MITRE ATT&CK® TTP Content
Secomea T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: SecureAuth

Product MITRE ATT&CK® TTP Content
SecureAuth IDP T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
SecureAuth Login T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: SecureLink

Product MITRE ATT&CK® TTP Content
SecureLink T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: SecureNet

Product MITRE ATT&CK® TTP Content
SecureNet T1110 - Brute Force
  • 1 Rules
  • 1 Models

Vendor: Semperis

Product MITRE ATT&CK® TTP Content
Semperis DSP T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: SentinelOne

Product MITRE ATT&CK® TTP Content
Singularity Platform T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 45 Rules
  • 24 Models
Vigilance T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: ServiceNow

Product MITRE ATT&CK® TTP Content
ServiceNow T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Shibboleth

Product MITRE ATT&CK® TTP Content
Shibboleth T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Silverfort

Product MITRE ATT&CK® TTP Content
Silverfort Authentication Platform T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: SkySea

Product MITRE ATT&CK® TTP Content
SkySea ClientView T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models

Vendor: Skyformation

Product MITRE ATT&CK® TTP Content
Skyformation T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Slack

Product MITRE ATT&CK® TTP Content
Slack T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Snowflake

Product MITRE ATT&CK® TTP Content
Snowflake T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: Sophos

Product MITRE ATT&CK® TTP Content
Sophos SafeGuard T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Sophos XG Firewall T1078 - Valid Accounts
T1110 - Brute Force
  • 6 Rules
  • 5 Models

Vendor: StealthBits

Product MITRE ATT&CK® TTP Content
StealthIntercept T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Swift

Product MITRE ATT&CK® TTP Content
Swift T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Swivel

Product MITRE ATT&CK® TTP Content
Swivel T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Sybase

Product MITRE ATT&CK® TTP Content
Sybase T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: Symantec

Product MITRE ATT&CK® TTP Content
Symantec Advanced Threat Protection T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Symantec CloudSOC T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Symantec Endpoint Protection T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models
Symantec VIP T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Tanium

Product MITRE ATT&CK® TTP Content
Tanium Cloud Platform T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Tanium Core Platform T1003 - OS Credential Dumping
  • 1 Rules
Tanium Integrity Monitor T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
  • 25 Rules
  • 13 Models

Vendor: Teradata

Product MITRE ATT&CK® TTP Content
Teradata RDBMS T1213 - Data from Information Repositories
  • 18 Rules
  • 10 Models

Vendor: TitanFTP

Product MITRE ATT&CK® TTP Content
TitanFTP T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Trend Micro

Product MITRE ATT&CK® TTP Content
Deep Discovery Inspector T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
Deep Security T1003 - OS Credential Dumping
  • 1 Rules
Vision One T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Tyco

Product MITRE ATT&CK® TTP Content
CCURE Building Management System T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Unix

Product MITRE ATT&CK® TTP Content
Auditbeat T1003 - OS Credential Dumping
T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
Unix T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 44 Rules
  • 24 Models
Unix Auditd T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
  • 25 Rules
  • 13 Models

Vendor: VMware

Product MITRE ATT&CK® TTP Content
Carbon Black App Control T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 30 Rules
  • 17 Models
Carbon Black CES T1003 - OS Credential Dumping
T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 31 Rules
  • 17 Models
Carbon Black EDR T1003 - OS Credential Dumping
T1083 - File and Directory Discovery
  • 25 Rules
  • 13 Models
VMware ESXi T1078 - Valid Accounts
  • 5 Rules
  • 4 Models
VMware Identity Manager T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
VMware View T1078 - Valid Accounts
  • 20 Rules
  • 11 Models
vCenter T1078 - Valid Accounts
  • 5 Rules
  • 4 Models

Vendor: Varonis

Product MITRE ATT&CK® TTP Content
Varonis Data Security Platform T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Vectra

Product MITRE ATT&CK® TTP Content
Vectra Cognito Detect T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Vectra Cognito Stream T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Veeam

Product MITRE ATT&CK® TTP Content
Veeam T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Venafi

Product MITRE ATT&CK® TTP Content
TLS Protect T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Vormetric

Product MITRE ATT&CK® TTP Content
Vormetric T1083 - File and Directory Discovery
  • 24 Rules
  • 13 Models

Vendor: Watchguard

Product MITRE ATT&CK® TTP Content
Watchguard T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Wiz

Product MITRE ATT&CK® TTP Content
Wiz T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Workday

Product MITRE ATT&CK® TTP Content
Workday T1078 - Valid Accounts
  • 20 Rules
  • 11 Models

Vendor: Xceedium

Product MITRE ATT&CK® TTP Content
Xceedium T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Xiting

Product MITRE ATT&CK® TTP Content
XAMS T1078 - Valid Accounts
  • 6 Rules
  • 4 Models

Vendor: Zeek

Product MITRE ATT&CK® TTP Content
Zeek T1078 - Valid Accounts
T1083 - File and Directory Discovery
  • 43 Rules
  • 24 Models

Vendor: Zendesk

Product MITRE ATT&CK® TTP Content
Zendesk T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Zlock

Product MITRE ATT&CK® TTP Content
Zlock T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: Zscaler

Product MITRE ATT&CK® TTP Content
Zscaler Internet Access T1078 - Valid Accounts
  • 19 Rules
  • 11 Models
Zscaler Private Access T1078 - Valid Accounts
T1110 - Brute Force
  • 7 Rules
  • 5 Models

Vendor:

Vendor: iManage

Product MITRE ATT&CK® TTP Content
iManage T1078 - Valid Accounts
  • 19 Rules
  • 11 Models

Vendor: jSONAR

Product MITRE ATT&CK® TTP Content
SonarG T1213 - Data from Information Repositories
  • 10 Rules
  • 5 Models

Vendor: oVirt

Product MITRE ATT&CK® TTP Content
oVirt T1078 - Valid Accounts
  • 20 Rules
  • 11 Models