Skip to content

Latest commit

 

History

History
1241 lines (1239 loc) · 356 KB

uc_privileged_activity.md

File metadata and controls

1241 lines (1239 loc) · 356 KB
Raw

Use Case: Privileged Activity

Vendor: AMAG

Product MITRE ATT&CK® TTP Content
Symmetry Access Control T1078 - Valid Accounts
  • 1 Rules

Vendor: APC

Product MITRE ATT&CK® TTP Content
APC T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: AVI Networks

Product MITRE ATT&CK® TTP Content
AVI Networks Software Load Balancer T1078 - Valid Accounts
  • 1 Rules

Vendor: Abnormal Security

Product MITRE ATT&CK® TTP Content
Abnormal Security T1078 - Valid Accounts
  • 1 Rules

Vendor: Absolute

Product MITRE ATT&CK® TTP Content
Absolute DDS T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Accellion

Product MITRE ATT&CK® TTP Content
Kiteworks T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: AccessIT

Product MITRE ATT&CK® TTP Content
AccessIT Universal.NET T1078 - Valid Accounts
  • 1 Rules

Vendor: Adaxes

Product MITRE ATT&CK® TTP Content
Adaxes T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Admin By Request

Product MITRE ATT&CK® TTP Content
Admin By Request TA0002 - TA0002
  • 10 Rules
  • 7 Models

Vendor: Airlock

Product MITRE ATT&CK® TTP Content
Airlock Allowlisting T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Airlock Security Access Hub T1078 - Valid Accounts
  • 2 Rules

Vendor: Akamai

Product MITRE ATT&CK® TTP Content
Akamai Guardicore T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Akamai SIEM T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cloud Akamai T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Amazon

Product MITRE ATT&CK® TTP Content
AWS Bastion T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
AWS CloudTrail T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
AWS CloudWatch T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
AWS Elastic Load Balancer T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
AWS GuardDuty T1068 - Exploitation for Privilege Escalation
  • 1 Rules
AWS WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Anywhere365

Product MITRE ATT&CK® TTP Content
Anywhere365 T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Apache

Product MITRE ATT&CK® TTP Content
Apache T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Apache Guacamole T1078 - Valid Accounts
  • 1 Rules
Apache Subversion T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Apple

Product MITRE ATT&CK® TTP Content
macOS T1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 5 Models

Vendor: Arista Networks

Product MITRE ATT&CK® TTP Content
Awake Security T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Armorblox

Product MITRE ATT&CK® TTP Content
Armorblox T1078 - Valid Accounts
  • 1 Rules

Vendor: AssetView

Product MITRE ATT&CK® TTP Content
AssetView T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Atlassian

Product MITRE ATT&CK® TTP Content
Atlassian T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Atlassian BitBucket T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Attivo

Product MITRE ATT&CK® TTP Content
BOTsink T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Auth0

Product MITRE ATT&CK® TTP Content
Auth0 T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 19 Rules
  • 7 Models

Vendor: Aviglion

Product MITRE ATT&CK® TTP Content
Aviglion ACM T1078 - Valid Accounts
  • 1 Rules

Vendor: Axway

Product MITRE ATT&CK® TTP Content
Axway Gateway T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: Badge

Product MITRE ATT&CK® TTP Content
Badge T1078 - Valid Accounts
  • 1 Rules

Vendor: Badgepoint

Product MITRE ATT&CK® TTP Content
Badgepoint T1078 - Valid Accounts
  • 1 Rules

Vendor: Banyan Security

Product MITRE ATT&CK® TTP Content
Banyan Security T1078 - Valid Accounts
  • 1 Rules

Vendor: Barracuda

Product MITRE ATT&CK® TTP Content
Barracuda Cloudgen Firewall T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Barracuda Email Security Gateway T1078 - Valid Accounts
  • 1 Rules

Vendor: BeyondTrust

Product MITRE ATT&CK® TTP Content
BeyondInsight T1078 - Valid Accounts
T1482 - Domain Trust Discovery
TA0002 - TA0002
  • 14 Rules
  • 8 Models
BeyondTrust T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
TA0002 - TA0002
  • 25 Rules
  • 13 Models
BeyondTrust Privileged Identity T1078 - Valid Accounts
TA0002 - TA0002
  • 13 Rules
  • 8 Models
BeyondTrust Secure Remote Access T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Bitdefender

Product MITRE ATT&CK® TTP Content
GravityZone T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 16 Rules
  • 5 Models

Vendor: Bitglass

Product MITRE ATT&CK® TTP Content
Bitglass CASB T1078 - Valid Accounts
  • 2 Rules

Vendor: BlackBerry

Product MITRE ATT&CK® TTP Content
BlackBerry Protect T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Box

Product MITRE ATT&CK® TTP Content
Box Cloud Content Management T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Brivo

Product MITRE ATT&CK® TTP Content
Brivo T1078 - Valid Accounts
  • 1 Rules

Vendor: Bromium

Product MITRE ATT&CK® TTP Content
Bromium Secure Platform T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: CA Technologies

Product MITRE ATT&CK® TTP Content
CA Privileged Access Manager Server Control T1078 - Valid Accounts
  • 2 Rules

Vendor: CDS

Product MITRE ATT&CK® TTP Content
CDS T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: CatoNetworks

Product MITRE ATT&CK® TTP Content
Cato Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: CenturyLink

Product MITRE ATT&CK® TTP Content
CenturyLink Managed Security Service T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Check Point

Product MITRE ATT&CK® TTP Content
Check Point Anti-Malware T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Check Point Avanan T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Check Point Endpoint Security T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Check Point NGFW T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 15 Rules
  • 6 Models
Check Point Threat Emulation T1068 - Exploitation for Privilege Escalation
  • 1 Rules
SmartDefense T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Checkmarx

Product MITRE ATT&CK® TTP Content
Checkmarx T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Cisco

Product MITRE ATT&CK® TTP Content
Cisco T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cisco ACS T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
Cisco ADC T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Adaptive Security Appliance T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 21 Rules
  • 7 Models
Cisco Cloud Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Cognitive Threat Analytics T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cisco Firepower T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 5 Rules
Cisco IOS T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 16 Rules
  • 7 Models
Cisco ISE T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models
Cisco Meraki MX appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Secure Email T1078 - Valid Accounts
  • 1 Rules
Cisco Secure Endpoint T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cisco Secure Network Analytics T1078 - Valid Accounts
  • 1 Rules
Cisco Secure Web Appliance T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Umbrella T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Duo Access T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IronPort Email T1078 - Valid Accounts
  • 1 Rules
IronPort Web Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Citrix

Product MITRE ATT&CK® TTP Content
Citrix Endpoint Management T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
Citrix Gateway T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 24 Rules
  • 8 Models
Citrix Gateway Connector For Exchange ActiveSync T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Citrix ShareFile T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Citrix Virtual Apps T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Citrix Virtual Desktop T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Claroty

Product MITRE ATT&CK® TTP Content
CTD T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Claroty T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Clearsense

Product MITRE ATT&CK® TTP Content
Clearsense T1078 - Valid Accounts
  • 1 Rules

Vendor: Clearswift

Product MITRE ATT&CK® TTP Content
Clearswift Secure Email Gateway T1078 - Valid Accounts
  • 1 Rules

Vendor: Click Studios

Product MITRE ATT&CK® TTP Content
Passwordstate T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: Cloudflare

Product MITRE ATT&CK® TTP Content
Cloudflare Insights T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cloudflare WAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Code42

Product MITRE ATT&CK® TTP Content
Code42 Incydr T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Cofense

Product MITRE ATT&CK® TTP Content
Cofense Phishme T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Cohesity

Product MITRE ATT&CK® TTP Content
Cohesity DataPlatform T1078 - Valid Accounts
  • 1 Rules

Vendor: Contrast Security

Product MITRE ATT&CK® TTP Content
Contrast Agent T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: CrowdStrike

Product MITRE ATT&CK® TTP Content
Falcon T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 25 Rules
  • 8 Models
Identity Threat Detection & Response T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: CyberArk

Product MITRE ATT&CK® TTP Content
CyberArk Endpoint Privilege Manager TA0002 - TA0002
  • 10 Rules
  • 7 Models
CyberArk Privilege Access Manager T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 20 Rules
  • 8 Models

Vendor: Cybereason

Product MITRE ATT&CK® TTP Content
Cybereason T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Cylance

Product MITRE ATT&CK® TTP Content
Cylance OPTICS T1078 - Valid Accounts
  • 1 Rules

Vendor: Cynet

Product MITRE ATT&CK® TTP Content
Cynet EDR T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Damballa

Product MITRE ATT&CK® TTP Content
Damballa Failsafe T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Darktrace

Product MITRE ATT&CK® TTP Content
Darktrace T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: DataWatch Systems

Product MITRE ATT&CK® TTP Content
DataWatch T1078 - Valid Accounts
  • 1 Rules

Vendor: Delinea

Product MITRE ATT&CK® TTP Content
Centrify Audit and Monitoring Service T1078 - Valid Accounts
  • 1 Rules
Centrify Authentication Service T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Centrify Infrastructure Services T1482 - Domain Trust Discovery
  • 1 Rules
Centrify Zero Trust Privilege Services T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Thycotic Software Secret Server T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Dell

Product MITRE ATT&CK® TTP Content
EMC Isilon T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 6 Rules
  • 2 Models
One Identity Manager T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Sonicwall T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 17 Rules
  • 7 Models

Vendor: Digital Arts

Product MITRE ATT&CK® TTP Content
Digital Arts i-FILTER for Business T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Digital Guardian

Product MITRE ATT&CK® TTP Content
Digital Guardian Endpoint Protection T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 15 Rules
  • 6 Models
Digital Guardian Network DLP T1078 - Valid Accounts
  • 1 Rules

Vendor: Dropbox

Product MITRE ATT&CK® TTP Content
Dropbox T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Dtex Systems

Product MITRE ATT&CK® TTP Content
DTEX InTERCEPT T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 19 Rules
  • 7 Models

Vendor: EMP

Product MITRE ATT&CK® TTP Content
EMP T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: ESET

Product MITRE ATT&CK® TTP Content
ESET Endpoint Security T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: ESector

Product MITRE ATT&CK® TTP Content
ESector DEFESA Logger T1078 - Valid Accounts
  • 1 Rules

Vendor: EdgeWave

Product MITRE ATT&CK® TTP Content
EdgeWave iPrism T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Egnyte

Product MITRE ATT&CK® TTP Content
Egnyte T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Endgame

Product MITRE ATT&CK® TTP Content
Endgame EDR T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Epic

Product MITRE ATT&CK® TTP Content
Epic SIEM T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Exabeam

Product MITRE ATT&CK® TTP Content
Correlation Rule T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Search T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Extrahop

Product MITRE ATT&CK® TTP Content
Extrahop Reveal(x) T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Extreme Networks

Product MITRE ATT&CK® TTP Content
Zebra WLAN Management T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: F-Secure

Product MITRE ATT&CK® TTP Content
F-Secure Client Security T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: F5

Product MITRE ATT&CK® TTP Content
F5 Access Policy Manager T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
F5 Advanced Firewall Manager T1068 - Exploitation for Privilege Escalation
  • 1 Rules
F5 Advanced Web Application Firewall T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
F5 Application Security Manager T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
F5 BIG-IP T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
F5 WebSafe T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: FTP

Product MITRE ATT&CK® TTP Content
FTP T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Fast Enterprises

Product MITRE ATT&CK® TTP Content
Fast Enterprises GenTax T1078 - Valid Accounts
  • 1 Rules

Vendor: Fidelis

Product MITRE ATT&CK® TTP Content
Fidelis Network T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Fidelis XPS T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: FileAuditor

Product MITRE ATT&CK® TTP Content
FileAuditor T1078 - Valid Accounts
  • 1 Rules

Vendor: FireEye

Product MITRE ATT&CK® TTP Content
FireEye CMS T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
FireEye ETP T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
FireEye Email MPS T1068 - Exploitation for Privilege Escalation
  • 1 Rules
FireEye Endpoint Security (HX) T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
FireEye Network Security (NX) T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models
FireEye Web MPS T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: FireMon

Product MITRE ATT&CK® TTP Content
FireMon T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Forcepoint

Product MITRE ATT&CK® TTP Content
Forcepoint CASB T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Forcepoint DLP T1078 - Valid Accounts
  • 1 Rules
Forcepoint Email Security T1078 - Valid Accounts
  • 1 Rules
Forcepoint Email Security Gateway T1078 - Valid Accounts
  • 1 Rules
Websense Security Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Forescout

Product MITRE ATT&CK® TTP Content
EyeInspect T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Fortinet

Product MITRE ATT&CK® TTP Content
EnSilo T1068 - Exploitation for Privilege Escalation
  • 1 Rules
FortiGate T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
FortiSIEM T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Fortinet Enterprise Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Fortinet UTM T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Fortiweb Web Application Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Galaxy

Product MITRE ATT&CK® TTP Content
Galaxy T1078 - Valid Accounts
  • 1 Rules

Vendor: Gamma

Product MITRE ATT&CK® TTP Content
Gamma T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Generic Badge Access

Product MITRE ATT&CK® TTP Content
Generic Badge Access T1078 - Valid Accounts
  • 1 Rules

Vendor: Genetec

Product MITRE ATT&CK® TTP Content
Genetec Badge T1078 - Valid Accounts
  • 1 Rules

Vendor: GitHub

Product MITRE ATT&CK® TTP Content
GitHub T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models

Vendor: GoAnywhere

Product MITRE ATT&CK® TTP Content
GoAnywhere MFT T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models

Vendor: Google

Product MITRE ATT&CK® TTP Content
GCP CloudAudit T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Google Cloud Platform T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Google Workspace T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: HP

Product MITRE ATT&CK® TTP Content
Aruba ClearPass Policy Manager T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
HP Virtual Connect Enterprise Manager T1078 - Valid Accounts
  • 1 Rules
HP iLO T1078 - Valid Accounts
  • 1 Rules
HPE Comware T1482 - Domain Trust Discovery
  • 1 Rules

Vendor: HashiCorp

Product MITRE ATT&CK® TTP Content
HashiCorp Vault T1078 - Valid Accounts
  • 1 Rules
Terraform T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: HelpSystems

Product MITRE ATT&CK® TTP Content
Powertech Identity and Access Manager T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 18 Rules
  • 7 Models

Vendor: Honeywell

Product MITRE ATT&CK® TTP Content
Honeywell Pro-Watch T1078 - Valid Accounts
  • 1 Rules
Honeywell WIN-PAK T1078 - Valid Accounts
  • 1 Rules
Honeywell siama T1078 - Valid Accounts
  • 1 Rules

Vendor: Hornet

Product MITRE ATT&CK® TTP Content
Hornetsecurity Cloud Email Security Services T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules

Vendor: Huawei

Product MITRE ATT&CK® TTP Content
Huawei Unified Security Gateway T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 18 Rules
  • 7 Models

Vendor: IBM

Product MITRE ATT&CK® TTP Content
DB2 T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
IBM T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IBM Mainframe T1078 - Valid Accounts
  • 1 Rules
IBM Resource Access Control Facility T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IBM Security Trusteer Apex Advanced Malware Protection T1068 - Exploitation for Privilege Escalation
  • 1 Rules
IBM Sense T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Sametime T1078 - Valid Accounts
  • 1 Rules
Security Access Manager T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sterling B2B Integrator T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: ICDB

Product MITRE ATT&CK® TTP Content
ICDB T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: ICPAM

Product MITRE ATT&CK® TTP Content
ICPAM T1078 - Valid Accounts
  • 1 Rules

Vendor: IMSS

Product MITRE ATT&CK® TTP Content
IMSS T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: IMSVA

Product MITRE ATT&CK® TTP Content
IMSVA T1078 - Valid Accounts
  • 1 Rules

Vendor: Identiv

Product MITRE ATT&CK® TTP Content
Identiv T1078 - Valid Accounts
  • 1 Rules

Vendor: Imperva

Product MITRE ATT&CK® TTP Content
Imperva File Activity Monitoring T1078 - Valid Accounts
  • 1 Rules
Imperva Incapsula T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Imperva SecureSphere T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Imprivata

Product MITRE ATT&CK® TTP Content
Imprivata T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: InfoWatch

Product MITRE ATT&CK® TTP Content
InfoWatch DLP T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: Infoblox

Product MITRE ATT&CK® TTP Content
BloxOne DDI T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: Inky

Product MITRE ATT&CK® TTP Content
Inky Anti-Phishing T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Ipswitch

Product MITRE ATT&CK® TTP Content
MoveIt Transfer T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 5 Rules
  • 1 Models

Vendor: Ivanti

Product MITRE ATT&CK® TTP Content
Ivanti Pulse Secure T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: JH

Product MITRE ATT&CK® TTP Content
JH T1078 - Valid Accounts
  • 1 Rules

Vendor: Johnson Controls

Product MITRE ATT&CK® TTP Content
Johnson Controls P2000 T1078 - Valid Accounts
  • 1 Rules

Vendor: Jumpcloud

Product MITRE ATT&CK® TTP Content
Jumpcloud T1078 - Valid Accounts
  • 1 Rules

Vendor: Juniper Networks

Product MITRE ATT&CK® TTP Content
Juniper Advanced Threat Protection T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Juniper SRX Series T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Junos OS T1482 - Domain Trust Discovery
  • 1 Rules

Vendor: KABA EXOS

Product MITRE ATT&CK® TTP Content
KABA EXOS T1078 - Valid Accounts
  • 1 Rules

Vendor: Kasada

Product MITRE ATT&CK® TTP Content
Kasada T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Kaspersky

Product MITRE ATT&CK® TTP Content
Kaspersky AV T1078 - Valid Accounts
  • 1 Rules
Kaspersky Endpoint Security for Business T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Kaspersky Secure Mail Gateway T1078 - Valid Accounts
  • 1 Rules

Vendor: Kemp

Product MITRE ATT&CK® TTP Content
Kemp LoadMaster T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: LEAP

Product MITRE ATT&CK® TTP Content
LEAP T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: LOGBinder

Product MITRE ATT&CK® TTP Content
LOGBinder for SharePoint T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Lacework

Product MITRE ATT&CK® TTP Content
Lacework T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: LanScope

Product MITRE ATT&CK® TTP Content
LanScope Cat T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 17 Rules
  • 6 Models

Vendor: LastPass

Product MITRE ATT&CK® TTP Content
LastPass T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Lenel

Product MITRE ATT&CK® TTP Content
OnGuard T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: LiquidFiles

Product MITRE ATT&CK® TTP Content
LiquidFiles T1078 - Valid Accounts
  • 2 Rules

Vendor: LogMeIn

Product MITRE ATT&CK® TTP Content
RemotelyAnywhere T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: LogRhythm

Product MITRE ATT&CK® TTP Content
LogRhythm T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models

Vendor: Lookout

Product MITRE ATT&CK® TTP Content
Lookout T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Lumension

Product MITRE ATT&CK® TTP Content
Lumension T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Lyrix

Product MITRE ATT&CK® TTP Content
Lyrix T1078 - Valid Accounts
  • 1 Rules

Vendor: Malwarebytes

Product MITRE ATT&CK® TTP Content
Malwarebytes Endpoint Detection and Response T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Malwarebytes Endpoint Protection T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Malwarebytes Incident Response T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: ManageEngine

Product MITRE ATT&CK® TTP Content
ADAuditPlus T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 9 Rules
  • 3 Models
ADManager Plus T1068 - Exploitation for Privilege Escalation
  • 1 Rules
ADSSP T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PAM360 T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: McAfee

Product MITRE ATT&CK® TTP Content
McAfee Application Control T1068 - Exploitation for Privilege Escalation
  • 1 Rules
McAfee DLP Endpoint T1078 - Valid Accounts
  • 1 Rules
McAfee DLP Prevent T1078 - Valid Accounts
  • 1 Rules
McAfee Email Protection T1078 - Valid Accounts
  • 1 Rules
McAfee Endpoint Security T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
McAfee Enterprise Security Manager T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
McAfee Network Security Platform T1078 - Valid Accounts
  • 1 Rules
McAfee Web Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
McAfee ePolicy Orchestrator T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Skyhigh Networks CASB T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Menlo Security

Product MITRE ATT&CK® TTP Content
Menlo Security T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Microsoft

Product MITRE ATT&CK® TTP Content
Azure T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure AD Activity Logs T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 9 Rules
  • 3 Models
Azure AD Identity Protection T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Azure AD Sign-In Logs T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure ATP T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Azure Container Registry T1078 - Valid Accounts
  • 1 Rules
Azure DevOps T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure Key Vault T1078 - Valid Accounts
  • 1 Rules
Azure MFA T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure Monitor T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Azure Monitor - VM Insights T1482 - Domain Trust Discovery
  • 1 Rules
Event Viewer - ADFS T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Event Viewer - Application T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - Applocker T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Event Viewer - BITS-Client T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - CAPI2 T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - NTLM T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
Event Viewer - OpenSSH T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - PowerShell T1482 - Domain Trust Discovery
  • 1 Rules
Event Viewer - RemoteDesktopServices T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Security T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1207 - Rogue Domain Controller
T1482 - Domain Trust Discovery
T1484 - Group Policy Modification
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
TA0002 - TA0002
  • 44 Rules
  • 17 Models
Event Viewer - Setup T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - System T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 4 Rules
  • 3 Models
Event Viewer - TaskScheduler T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 2 Rules
  • 2 Models
Event Viewer - TerminalServices-Gateway T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - TerminalServices-RemoteConnectionManager T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
MSSQL T1078 - Valid Accounts
  • 1 Rules
Microsoft 365 T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Microsoft Advanced Threat Analytics T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Microsoft CAS T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Microsoft Defender for Cloud T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Microsoft Defender for Endpoint T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 27 Rules
  • 8 Models
Microsoft Defender for Office 365 T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Microsoft Exchange T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft IIS T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Microsoft Intune T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft Sentinel T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models
Microsoft WMI Log T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
Microsoft Web Application Proxy T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sysmon T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models
Web Application Proxy-TLS Gateway T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Windows Defender Application Control T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Mimecast

Product MITRE ATT&CK® TTP Content
Mimecast Secure Email Gateway T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Mimecast Targeted Threat Protection - URL T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: MobileIron

Product MITRE ATT&CK® TTP Content
MobileIron T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Morphisec

Product MITRE ATT&CK® TTP Content
Morphisec T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Mvision

Product MITRE ATT&CK® TTP Content
Mvision T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 10 Rules
  • 3 Models

Vendor: NNT

Product MITRE ATT&CK® TTP Content
NNT ChangeTracker T1078 - Valid Accounts
  • 1 Rules

Vendor: Namespace rDirectory

Product MITRE ATT&CK® TTP Content
Namespace rDirectory T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 7 Rules
  • 2 Models

Vendor: Nasuni

Product MITRE ATT&CK® TTP Content
Nasuni T1078 - Valid Accounts
  • 1 Rules

Vendor: NetApp

Product MITRE ATT&CK® TTP Content
NetApp T1078 - Valid Accounts
  • 1 Rules

Vendor: NetDocs

Product MITRE ATT&CK® TTP Content
NetDocs T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: NetIQ

Product MITRE ATT&CK® TTP Content
Micro Focus NetIQ Identity Manager T1078 - Valid Accounts
  • 1 Rules

Vendor: Netskope

Product MITRE ATT&CK® TTP Content
Netskope Security Cloud T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Netskope Webtx T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Netwrix

Product MITRE ATT&CK® TTP Content
Netwrix Auditor T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 5 Rules
  • 1 Models
Netwrix Threat Prevention T1078 - Valid Accounts
T1078.002 - T1078.002
  • 6 Rules
  • 3 Models

Vendor: NextDLP

Product MITRE ATT&CK® TTP Content
Reveal T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: Nexthink

Product MITRE ATT&CK® TTP Content
Nexthink Infinity T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Novell

Product MITRE ATT&CK® TTP Content
eDirectory T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Nozomi Networks

Product MITRE ATT&CK® TTP Content
Nozomi Networks Guardian T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Nutanix

Product MITRE ATT&CK® TTP Content
Nutanix Unified Storage T1078 - Valid Accounts
  • 1 Rules

Vendor: OSSEC

Product MITRE ATT&CK® TTP Content
OSSEC T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Okta

Product MITRE ATT&CK® TTP Content
Okta Adaptive MFA T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Onapsis

Product MITRE ATT&CK® TTP Content
Onapsis T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: OneLogin

Product MITRE ATT&CK® TTP Content
OneLogin T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OneSpan

Product MITRE ATT&CK® TTP Content
Digipass for Apps T1078 - Valid Accounts
  • 1 Rules
OneSpan Sign T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: OneWelcome

Product MITRE ATT&CK® TTP Content
OneWelcome Cloud Identity Platform T1078 - Valid Accounts
  • 1 Rules

Vendor: Open VPN

Product MITRE ATT&CK® TTP Content
Open VPN T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OpenLDAP

Product MITRE ATT&CK® TTP Content
OpenLDAP T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OpenText

Product MITRE ATT&CK® TTP Content
eDOCS T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Oracle

Product MITRE ATT&CK® TTP Content
Oracle Access Management T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Oracle Public Cloud T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Solaris T1482 - Domain Trust Discovery
  • 1 Rules

Vendor: Osirium

Product MITRE ATT&CK® TTP Content
Osirium T1078 - Valid Accounts
  • 1 Rules

Vendor: Osquery

Product MITRE ATT&CK® TTP Content
Osquery T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Palo Alto Networks

Product MITRE ATT&CK® TTP Content
Cortex XDR T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
GlobalProtect T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models
Palo Alto Aperture T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Palo Alto NGFW T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models
Palo Alto WildFire T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Prisma Access T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Prisma Cloud T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Traps Endpoint Security Manager T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Password Manager Pro

Product MITRE ATT&CK® TTP Content
Password Manager Pro T1078 - Valid Accounts
  • 2 Rules

Vendor: Paxton

Product MITRE ATT&CK® TTP Content
NET2DOOR T1078 - Valid Accounts
  • 1 Rules

Vendor: Perforce

Product MITRE ATT&CK® TTP Content
Perforce T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Phantom

Product MITRE ATT&CK® TTP Content
Phantom T1078 - Valid Accounts
  • 1 Rules

Vendor: Picture Perfect

Product MITRE ATT&CK® TTP Content
Picture Perfect T1078 - Valid Accounts
  • 1 Rules

Vendor: Ping Identity

Product MITRE ATT&CK® TTP Content
Ping Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Ping Identity T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PingOne T1078 - Valid Accounts
  • 1 Rules

Vendor: Postfix

Product MITRE ATT&CK® TTP Content
Postfix T1078 - Valid Accounts
  • 1 Rules

Vendor: PowerSentry

Product MITRE ATT&CK® TTP Content
PowerSentry T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Procad

Product MITRE ATT&CK® TTP Content
Pro.File DMS T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Progress

Product MITRE ATT&CK® TTP Content
Progress Database T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Proofpoint

Product MITRE ATT&CK® TTP Content
ObserveIT T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 18 Rules
  • 8 Models
Proofpoint CASB T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Proofpoint Email Protection T1078 - Valid Accounts
  • 1 Rules
Targeted Attack Platform T1078 - Valid Accounts
  • 1 Rules

Vendor: Qualys

Product MITRE ATT&CK® TTP Content
Qualys AssetView T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Quest Software

Product MITRE ATT&CK® TTP Content
Quest Change Auditor for Active Directory T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 25 Rules
  • 9 Models

Vendor: RS2 Technologies

Product MITRE ATT&CK® TTP Content
RS2 Technologies T1078 - Valid Accounts
  • 1 Rules

Vendor: RSA

Product MITRE ATT&CK® TTP Content
RSA Authentication Manager T1078 - Valid Accounts
  • 1 Rules
RSA DLP T1078 - Valid Accounts
  • 1 Rules
RSA ECAT T1068 - Exploitation for Privilege Escalation
  • 1 Rules
RSA NetWitness Platform T1078 - Valid Accounts
  • 1 Rules

Vendor: RangerAudit

Product MITRE ATT&CK® TTP Content
RangerAudit T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Rapid7

Product MITRE ATT&CK® TTP Content
Rapid7 InsightVM T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Red Canary

Product MITRE ATT&CK® TTP Content
Red Canary Managed Detection and Response T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Rubrik

Product MITRE ATT&CK® TTP Content
Rubrik Cloud Data Management T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: SAP

Product MITRE ATT&CK® TTP Content
SAP T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models

Vendor: SIGSCI

Product MITRE ATT&CK® TTP Content
SIGSCI T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: SafeSend

Product MITRE ATT&CK® TTP Content
SafeSend T1078 - Valid Accounts
  • 1 Rules

Vendor: Sailpoint

Product MITRE ATT&CK® TTP Content
IdentityNow T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
SecurityIQ T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Salesforce

Product MITRE ATT&CK® TTP Content
Salesforce T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Sangfor

Product MITRE ATT&CK® TTP Content
Sangfor NGAF T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Saviynt

Product MITRE ATT&CK® TTP Content
Saviynt T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Secomea

Product MITRE ATT&CK® TTP Content
Secomea T1078 - Valid Accounts
  • 1 Rules

Vendor: SecureAuth

Product MITRE ATT&CK® TTP Content
SecureAuth IDP T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
SecureAuth Login T1078 - Valid Accounts
  • 1 Rules

Vendor: SecureLink

Product MITRE ATT&CK® TTP Content
SecureLink T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: SecureWorks

Product MITRE ATT&CK® TTP Content
Managed iSensor IPS T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: SecurityExpert

Product MITRE ATT&CK® TTP Content
SecurityExpert T1078 - Valid Accounts
  • 1 Rules

Vendor: Semperis

Product MITRE ATT&CK® TTP Content
Semperis DSP T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 8 Rules
  • 2 Models

Vendor: Sensormatik

Product MITRE ATT&CK® TTP Content
Sensormatik T1078 - Valid Accounts
  • 1 Rules

Vendor: SentinelOne

Product MITRE ATT&CK® TTP Content
Singularity Platform T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 23 Rules
  • 8 Models
Vigilance T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: ServiceNow

Product MITRE ATT&CK® TTP Content
ServiceNow T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Shibboleth

Product MITRE ATT&CK® TTP Content
Shibboleth T1078 - Valid Accounts
  • 1 Rules

Vendor: Siemens

Product MITRE ATT&CK® TTP Content
Siemens Access Control T1078 - Valid Accounts
  • 1 Rules

Vendor: Silverfort

Product MITRE ATT&CK® TTP Content
Silverfort Authentication Platform T1078 - Valid Accounts
  • 1 Rules

Vendor: SkySea

Product MITRE ATT&CK® TTP Content
SkySea ClientView T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 7 Rules
  • 1 Models

Vendor: Skyformation

Product MITRE ATT&CK® TTP Content
Skyformation T1078 - Valid Accounts
  • 1 Rules

Vendor: Skyhigh Security

Product MITRE ATT&CK® TTP Content
Skyhigh Security Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Slack

Product MITRE ATT&CK® TTP Content
Slack T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Snort

Product MITRE ATT&CK® TTP Content
Snort T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Sophos

Product MITRE ATT&CK® TTP Content
Sophos Endpoint Protection T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
Sophos SafeGuard T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Sophos UTM T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sophos XG Firewall T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: Squid

Product MITRE ATT&CK® TTP Content
Squid T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: StealthBits

Product MITRE ATT&CK® TTP Content
StealthIntercept T1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 8 Rules
  • 2 Models

Vendor: Swift

Product MITRE ATT&CK® TTP Content
Swift T1078 - Valid Accounts
  • 1 Rules

Vendor: Swipes

Product MITRE ATT&CK® TTP Content
Swipes T1078 - Valid Accounts
  • 1 Rules

Vendor: Swivel

Product MITRE ATT&CK® TTP Content
Swivel T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Symantec

Product MITRE ATT&CK® TTP Content
Symantec Advanced Threat Protection T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Symantec CloudSOC T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Symantec Content Analysis System T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Symantec Critical System Protection T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
Symantec DLP T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Symantec Email Security T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Symantec Endpoint Protection T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Symantec Fireglass T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Symantec Managed Security Services T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Symantec VIP T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Symantec Web Security Service T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 17 Rules
  • 7 Models

Vendor: Tanium

Product MITRE ATT&CK® TTP Content
Tanium Cloud Platform T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Tanium Core Platform T1068 - Exploitation for Privilege Escalation
T1482 - Domain Trust Discovery
  • 2 Rules
Tanium Integrity Monitor T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
Tanium Threat Response T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tenable

Product MITRE ATT&CK® TTP Content
Tenable Identity Exposure T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Tenable Vulnerability Management T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Tenable Web App Scanning T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tessian

Product MITRE ATT&CK® TTP Content
Tessian Cloud Email Security T1078 - Valid Accounts
  • 1 Rules

Vendor: TimeLox

Product MITRE ATT&CK® TTP Content
TimeLox T1078 - Valid Accounts
  • 1 Rules

Vendor: TitanFTP

Product MITRE ATT&CK® TTP Content
TitanFTP T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Trend Micro

Product MITRE ATT&CK® TTP Content
Apex One T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Deep Discovery Inspector T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Deep Security T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 5 Rules
  • 2 Models
OfficeScan T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
TippingPoint NGIPS T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trend Micro Cloud App Security T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trend Micro Email Security T1078 - Valid Accounts
  • 1 Rules
Trend Micro ScanMail T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Vision One T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Tripwire Enterprise

Product MITRE ATT&CK® TTP Content
Tripwire Enterprise T1078 - Valid Accounts
  • 1 Rules

Vendor: Tyco

Product MITRE ATT&CK® TTP Content
CCURE Building Management System T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Unix

Product MITRE ATT&CK® TTP Content
Auditbeat T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
Unix T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 25 Rules
  • 8 Models
Unix Auditd T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 20 Rules
  • 7 Models
Unix Privilege Management T1078 - Valid Accounts
  • 1 Rules
Unix Sendmail T1078 - Valid Accounts
  • 1 Rules

Vendor: VBCorp

Product MITRE ATT&CK® TTP Content
VBCorp T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: VMS Software

Product MITRE ATT&CK® TTP Content
OpenVMS T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: VMware

Product MITRE ATT&CK® TTP Content
Carbon Black App Control T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 15 Rules
  • 5 Models
Carbon Black CES T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
Carbon Black EDR T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
Lastline T1068 - Exploitation for Privilege Escalation
  • 1 Rules
VMware AirWatch T1068 - Exploitation for Privilege Escalation
  • 1 Rules
VMware ESXi T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
VMware Horizon T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
VMware Identity Manager T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
VMware View T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
vCenter T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 19 Rules
  • 7 Models

Vendor: Vanderbilt

Product MITRE ATT&CK® TTP Content
Vanderbilt T1078 - Valid Accounts
  • 1 Rules

Vendor: Varonis

Product MITRE ATT&CK® TTP Content
Varonis Data Security Platform T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Vectra

Product MITRE ATT&CK® TTP Content
Vectra Cognito Detect T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Vectra Cognito Stream T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 7 Rules
  • 2 Models

Vendor: Veeam

Product MITRE ATT&CK® TTP Content
Veeam T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Venafi

Product MITRE ATT&CK® TTP Content
TLS Protect T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Verizon

Product MITRE ATT&CK® TTP Content
Verizon NDR T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Vicarius

Product MITRE ATT&CK® TTP Content
Vicarius vRx T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Visma

Product MITRE ATT&CK® TTP Content
Megaflex T1078 - Valid Accounts
  • 1 Rules

Vendor: Vormetric

Product MITRE ATT&CK® TTP Content
Vormetric T1078 - Valid Accounts
  • 1 Rules

Vendor: Watchguard

Product MITRE ATT&CK® TTP Content
Watchguard T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Wazuh

Product MITRE ATT&CK® TTP Content
Wazuh T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Weblogin

Product MITRE ATT&CK® TTP Content
Weblogin T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Wiz

Product MITRE ATT&CK® TTP Content
Wiz T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Workday

Product MITRE ATT&CK® TTP Content
Workday T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Xceedium

Product MITRE ATT&CK® TTP Content
Xceedium T1078 - Valid Accounts
  • 1 Rules

Vendor: Xiting

Product MITRE ATT&CK® TTP Content
XAMS T1078 - Valid Accounts
  • 1 Rules

Vendor: Zeek

Product MITRE ATT&CK® TTP Content
Zeek T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 25 Rules
  • 8 Models

Vendor: Zendesk

Product MITRE ATT&CK® TTP Content
Zendesk T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Zimperium

Product MITRE ATT&CK® TTP Content
Zimperium MTD T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Zlock

Product MITRE ATT&CK® TTP Content
Zlock T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Zscaler

Product MITRE ATT&CK® TTP Content
Zscaler Internet Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Zscaler Private Access T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor:

Vendor: iBoss

Product MITRE ATT&CK® TTP Content
Iboss Cloud T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: iManage

Product MITRE ATT&CK® TTP Content
iManage T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: oVirt

Product MITRE ATT&CK® TTP Content
oVirt T1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: xPLAN

Product MITRE ATT&CK® TTP Content
xPLAN T1078 - Valid Accounts
  • 1 Rules

Vendor: xsuite

Product MITRE ATT&CK® TTP Content
xsuite T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models