Skip to content

Latest commit

 

History

History
552 lines (550 loc) · 259 KB

uc_data_exfiltration.md

File metadata and controls

552 lines (550 loc) · 259 KB
Raw

Use Case: Data Exfiltration

Vendor: Abnormal Security

Product MITRE ATT&CK® TTP Content
Abnormal Security T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Accellion

Product MITRE ATT&CK® TTP Content
Kiteworks T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: Airlock

Product MITRE ATT&CK® TTP Content
Airlock Security Access Hub TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Akamai

Product MITRE ATT&CK® TTP Content
Cloud Akamai T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Amazon

Product MITRE ATT&CK® TTP Content
AWS CloudWatch T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 9 Rules
  • 2 Models
AWS Elastic Load Balancer T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
AWS WAF T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Apache

Product MITRE ATT&CK® TTP Content
Apache T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: AssetView

Product MITRE ATT&CK® TTP Content
AssetView TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Auth0

Product MITRE ATT&CK® TTP Content
Auth0 T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Barracuda

Product MITRE ATT&CK® TTP Content
Barracuda Cloudgen Firewall T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: BeyondTrust

Product MITRE ATT&CK® TTP Content
BeyondInsight T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
BeyondTrust T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Bitdefender

Product MITRE ATT&CK® TTP Content
GravityZone T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Bitglass

Product MITRE ATT&CK® TTP Content
Bitglass CASB T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: BlackBerry

Product MITRE ATT&CK® TTP Content
BlackBerry Protect T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: Box

Product MITRE ATT&CK® TTP Content
Box Cloud Content Management TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Bromium

Product MITRE ATT&CK® TTP Content
Bromium Secure Platform TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: CatoNetworks

Product MITRE ATT&CK® TTP Content
Cato Cloud T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Check Point

Product MITRE ATT&CK® TTP Content
Check Point Avanan T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Check Point Identity Awareness T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Check Point NGFW T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Check Point Security Gateway T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Cisco

Product MITRE ATT&CK® TTP Content
AnyConnect T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Cisco ACS T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Cisco ADC T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Cisco Adaptive Security Appliance T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 18 Rules
  • 6 Models
Cisco Cloud Web Security T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco CloudLock T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Cisco Firepower T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 19 Rules
  • 6 Models
Cisco IOS T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Cisco ISE T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Cisco Meraki MX appliance T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Cisco Netflow T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Cisco Secure Cloud Analytics T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Cisco Secure Network Analytics TA0002 - TA0002
  • 2 Rules
  • 1 Models
Cisco Secure Web Appliance T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco Umbrella T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
IronPort Web Security T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Citrix

Product MITRE ATT&CK® TTP Content
Citrix Gateway T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 19 Rules
  • 6 Models
Citrix Virtual Apps T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Cloudflare

Product MITRE ATT&CK® TTP Content
Cloudflare WAF T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Code42

Product MITRE ATT&CK® TTP Content
Code42 Incydr TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: CrowdStrike

Product MITRE ATT&CK® TTP Content
Falcon T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: CyberArk

Product MITRE ATT&CK® TTP Content
CyberArk Privilege Access Manager TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Cylance

Product MITRE ATT&CK® TTP Content
Cylance OPTICS TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Delinea

Product MITRE ATT&CK® TTP Content
Centrify Audit and Monitoring Service TA0002 - TA0002
  • 2 Rules
  • 1 Models
Centrify Infrastructure Services T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Dell

Product MITRE ATT&CK® TTP Content
EMC Isilon TA0002 - TA0002
  • 2 Rules
  • 1 Models
Sonicwall T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Digital Arts

Product MITRE ATT&CK® TTP Content
Digital Arts i-FILTER for Business T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Digital Guardian

Product MITRE ATT&CK® TTP Content
Digital Guardian Endpoint Protection T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Digital Guardian Network DLP T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Dropbox

Product MITRE ATT&CK® TTP Content
Dropbox T1133 - External Remote Services
TA0002 - TA0002
TA0010 - TA0010
  • 6 Rules
  • 5 Models

Vendor: Dtex Systems

Product MITRE ATT&CK® TTP Content
DTEX InTERCEPT T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models

Vendor: ESector

Product MITRE ATT&CK® TTP Content
ESector DEFESA Logger TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: EdgeWave

Product MITRE ATT&CK® TTP Content
EdgeWave iPrism T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Egnyte

Product MITRE ATT&CK® TTP Content
Egnyte TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: F5

Product MITRE ATT&CK® TTP Content
F5 Access Policy Manager T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
F5 Advanced Web Application Firewall T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
F5 Application Security Manager T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
F5 BIG-IP T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
F5 WebSafe T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: FTP

Product MITRE ATT&CK® TTP Content
FTP TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: FileAuditor

Product MITRE ATT&CK® TTP Content
FileAuditor TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: FireEye

Product MITRE ATT&CK® TTP Content
FireEye CMS T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
FireEye Endpoint Security (HX) TA0002 - TA0002
  • 2 Rules
  • 1 Models
FireEye Network Security (NX) T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Forcepoint

Product MITRE ATT&CK® TTP Content
Forcepoint CASB T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Forcepoint DLP T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Forcepoint Insider Threat T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Websense Security Gateway T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Fortinet

Product MITRE ATT&CK® TTP Content
FortiGate T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Fortinet Enterprise Firewall T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 9 Rules
  • 2 Models
Fortinet UTM T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models
Fortiweb Web Application Firewall T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: GTB

Product MITRE ATT&CK® TTP Content
GTB Technologies DLP T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: GitHub

Product MITRE ATT&CK® TTP Content
GitHub T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Google

Product MITRE ATT&CK® TTP Content
GCP CloudAudit T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Google Cloud Platform T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 9 Rules
  • 2 Models
Google Workspace T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: HP

Product MITRE ATT&CK® TTP Content
HPE Comware T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: HashiCorp

Product MITRE ATT&CK® TTP Content
Terraform T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: HelpSystems

Product MITRE ATT&CK® TTP Content
Powertech Identity and Access Manager T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Huawei

Product MITRE ATT&CK® TTP Content
Huawei Unified Security Gateway T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: IBM

Product MITRE ATT&CK® TTP Content
Guardium TA0002 - TA0002
  • 2 Rules
  • 1 Models
Security Access Manager T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: IMSS

Product MITRE ATT&CK® TTP Content
IMSS T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Imperva

Product MITRE ATT&CK® TTP Content
CounterBreach TA0002 - TA0002
  • 2 Rules
  • 1 Models
Imperva File Activity Monitoring TA0002 - TA0002
  • 2 Rules
  • 1 Models
Imperva Incapsula T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Imperva SecureSphere TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: InfoWatch

Product MITRE ATT&CK® TTP Content
InfoWatch DLP T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Infoblox

Product MITRE ATT&CK® TTP Content
BloxOne DDI T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Ipswitch

Product MITRE ATT&CK® TTP Content
MoveIt Transfer TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Ivanti

Product MITRE ATT&CK® TTP Content
Ivanti Pulse Secure T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 11 Rules
  • 6 Models

Vendor: Juniper Networks

Product MITRE ATT&CK® TTP Content
Juniper SRX Series T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Junos OS T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Kasada

Product MITRE ATT&CK® TTP Content
Kasada T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Kaspersky

Product MITRE ATT&CK® TTP Content
Kaspersky AV TA0002 - TA0002
  • 2 Rules
  • 1 Models
Kaspersky Endpoint Security for Business T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: LOGBinder

Product MITRE ATT&CK® TTP Content
LOGBinder for SharePoint TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: LanScope

Product MITRE ATT&CK® TTP Content
LanScope Cat T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 45 Rules
  • 20 Models

Vendor: Lenel

Product MITRE ATT&CK® TTP Content
OnGuard TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: LogRhythm

Product MITRE ATT&CK® TTP Content
LogRhythm T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Malwarebytes

Product MITRE ATT&CK® TTP Content
Malwarebytes Endpoint Detection and Response T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: McAfee

Product MITRE ATT&CK® TTP Content
Advanced Threat Defense T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee DAM TA0002 - TA0002
  • 2 Rules
  • 1 Models
McAfee DLP Endpoint T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Endpoint Security T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
McAfee Enterprise Security Manager T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Network Security Platform T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee SiteAdvisor T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Web Gateway T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
McAfee ePolicy Orchestrator T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Skyhigh Networks CASB T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Menlo Security

Product MITRE ATT&CK® TTP Content
Menlo Security T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Microsoft

Product MITRE ATT&CK® TTP Content
Azure Monitor T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models
Azure Monitor - VM Insights T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - PowerShell T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - Security T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Event Viewer - WinNat T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Microsoft 365 T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 18 Models
Microsoft CAS T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Microsoft Defender for Cloud T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Microsoft Defender for Endpoint T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 44 Rules
  • 19 Models
Microsoft IIS T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Microsoft RRAS T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Microsoft Sentinel T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Microsoft WMI Log T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Microsoft Web Application Proxy T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Sysmon T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Web Application Proxy-TLS Gateway T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Mimecast

Product MITRE ATT&CK® TTP Content
Mimecast Targeted Threat Protection - URL T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Mvision

Product MITRE ATT&CK® TTP Content
Mvision T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: NCP

Product MITRE ATT&CK® TTP Content
NCP T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Nasuni

Product MITRE ATT&CK® TTP Content
Nasuni TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NetApp

Product MITRE ATT&CK® TTP Content
NetApp TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NetDocs

Product MITRE ATT&CK® TTP Content
NetDocs TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NetMotion Wireless

Product MITRE ATT&CK® TTP Content
NetMotion Wireless T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Netskope

Product MITRE ATT&CK® TTP Content
Netskope Security Cloud T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Netskope Webtx T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Netwrix

Product MITRE ATT&CK® TTP Content
Netwrix Auditor TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NextDLP

Product MITRE ATT&CK® TTP Content
Reveal T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 20 Models

Vendor: Nightfall

Product MITRE ATT&CK® TTP Content
Nightfall AI T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Nortel Contivity

Product MITRE ATT&CK® TTP Content
Nortel Contivity VPN T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Nutanix

Product MITRE ATT&CK® TTP Content
Nutanix Unified Storage TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Open VPN

Product MITRE ATT&CK® TTP Content
Open VPN T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Oracle

Product MITRE ATT&CK® TTP Content
Oracle Access Management TA0002 - TA0002
  • 2 Rules
  • 1 Models
Oracle Public Cloud T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Solaris T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Palo Alto Networks

Product MITRE ATT&CK® TTP Content
GlobalProtect T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Palo Alto Aperture T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Palo Alto NGFW T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Prisma Access T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Prisma Cloud T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Ping Identity

Product MITRE ATT&CK® TTP Content
Ping Access T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Proofpoint

Product MITRE ATT&CK® TTP Content
ObserveIT T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 36 Rules
  • 17 Models
Proofpoint Enterprise Protection T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Targeted Attack Platform T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Quest Software

Product MITRE ATT&CK® TTP Content
Quest Change Auditor for Active Directory TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: RSA

Product MITRE ATT&CK® TTP Content
RSA DLP T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
RSA NetWitness Platform T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
SecurID T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: RangerAudit

Product MITRE ATT&CK® TTP Content
RangerAudit TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: SAP

Product MITRE ATT&CK® TTP Content
SAP TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: SIGSCI

Product MITRE ATT&CK® TTP Content
SIGSCI T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Safend

Product MITRE ATT&CK® TTP Content
Data Protection Suite (DPS) T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Sailpoint

Product MITRE ATT&CK® TTP Content
IdentityNow TA0002 - TA0002
  • 2 Rules
  • 1 Models
SecurityIQ TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Sangfor

Product MITRE ATT&CK® TTP Content
Sangfor NGAF T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: SecureNet

Product MITRE ATT&CK® TTP Content
SecureNet T1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: SentinelOne

Product MITRE ATT&CK® TTP Content
Singularity Platform T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models

Vendor: SkySea

Product MITRE ATT&CK® TTP Content
SkySea ClientView T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 17 Rules
  • 3 Models

Vendor: Skyhigh Security

Product MITRE ATT&CK® TTP Content
Skyhigh Security Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Sophos

Product MITRE ATT&CK® TTP Content
Sophos Endpoint Protection T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 37 Rules
  • 20 Models
Sophos UTM T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Sophos XG Firewall T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Squid

Product MITRE ATT&CK® TTP Content
Squid T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: StealthBits

Product MITRE ATT&CK® TTP Content
StealthIntercept TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Symantec

Product MITRE ATT&CK® TTP Content
Symantec Advanced Threat Protection T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Symantec CloudSOC T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec DLP T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec Endpoint Protection TA0002 - TA0002
  • 2 Rules
  • 1 Models
Symantec Fireglass T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Symantec Web Security Service T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Tanium

Product MITRE ATT&CK® TTP Content
Tanium Core Platform T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Tanium Integrity Monitor T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Trend Micro

Product MITRE ATT&CK® TTP Content
Deep Security T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
OfficeScan T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 36 Rules
  • 19 Models

Vendor: Tripwire Enterprise

Product MITRE ATT&CK® TTP Content
Tripwire Enterprise TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Unix

Product MITRE ATT&CK® TTP Content
Auditbeat T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Unix T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Unix Auditd T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: VMware

Product MITRE ATT&CK® TTP Content
Carbon Black App Control T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black CES T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black EDR T1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Varonis

Product MITRE ATT&CK® TTP Content
Varonis Data Security Platform T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: Vectra

Product MITRE ATT&CK® TTP Content
Vectra Cognito Stream T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Virtru

Product MITRE ATT&CK® TTP Content
Virtru T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Vormetric

Product MITRE ATT&CK® TTP Content
Vormetric TA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Watchguard

Product MITRE ATT&CK® TTP Content
Watchguard T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Weblogin

Product MITRE ATT&CK® TTP Content
Weblogin T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Zeek

Product MITRE ATT&CK® TTP Content
Zeek T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Zscaler

Product MITRE ATT&CK® TTP Content
Zscaler Internet Access T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models
Zscaler Private Access T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor:

Vendor: iBoss

Product MITRE ATT&CK® TTP Content
Iboss Cloud T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: iManage

Product MITRE ATT&CK® TTP Content
iManage T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models