uc_workforce_protection.md

Use Case: Workforce Protection

Vendor: Accellion

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Akamai

Product	MITRE ATT&CK® TTP	Content
Cloud Akamai	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS CloudWatch	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
AWS Elastic Load Balancer	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
AWS WAF	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Armorblox

Product	MITRE ATT&CK® TTP	Content
Armorblox	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Auth0

Product	MITRE ATT&CK® TTP	Content
Auth0	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Email Security Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondTrust Remote Support	T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts	2 Rules 1 Models

Vendor: Bitglass

Product	MITRE ATT&CK® TTP	Content
Bitglass CASB	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: CatoNetworks

Product	MITRE ATT&CK® TTP	Content
Cato Cloud	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Avanan	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Check Point NGFW	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
Cisco ADC	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Adaptive Security Appliance	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Cloud Web Security	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Firepower	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Meraki MX appliance	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Secure Email	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Cisco Secure Web Appliance	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Cisco Umbrella	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
IronPort Email	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
IronPort Web Security	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Gateway	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Clearswift

Product	MITRE ATT&CK® TTP	Content
Clearswift Secure Email Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare WAF	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Code42

Product	MITRE ATT&CK® TTP	Content
Code42 Incydr	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Darktrace

Product	MITRE ATT&CK® TTP	Content
Darktrace	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
Sonicwall	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Digital Arts

Product	MITRE ATT&CK® TTP	Content
Digital Arts i-FILTER for Business	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Digital Guardian Network DLP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: EdgeWave

Product	MITRE ATT&CK® TTP	Content
EdgeWave iPrism	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
F5 Advanced Web Application Firewall	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
F5 Application Security Manager	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
F5 WebSafe	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Fidelis

Product	MITRE ATT&CK® TTP	Content
Fidelis XPS	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: FireEye

Product	MITRE ATT&CK® TTP	Content
FireEye CMS	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
FireEye Network Security (NX)	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint CASB	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Forcepoint DLP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Forcepoint Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Forcepoint Email Security Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Websense Security Gateway	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
FortiGate	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
FortiSIEM	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Fortinet Enterprise Firewall	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Fortinet UTM	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models
Fortiweb Web Application Firewall	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
GCP CloudAudit	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Google Cloud Platform	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Google Workspace	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: HashiCorp

Product	MITRE ATT&CK® TTP	Content
Terraform	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Hornet

Product	MITRE ATT&CK® TTP	Content
Hornetsecurity Cloud Email Security Services	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
Security Access Manager	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: IMSVA

Product	MITRE ATT&CK® TTP	Content
IMSVA	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva Incapsula	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models

Vendor: Infoblox

Product	MITRE ATT&CK® TTP	Content
BloxOne DDI	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Ivanti Pulse Secure	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper SRX Series	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Kasada

Product	MITRE ATT&CK® TTP	Content
Kasada	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Kaspersky

Product	MITRE ATT&CK® TTP	Content
Kaspersky Secure Mail Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
McAfee DLP Endpoint	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
McAfee DLP Prevent	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
McAfee Email Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
McAfee Web Gateway	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Menlo Security

Product	MITRE ATT&CK® TTP	Content
Menlo Security	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Azure Monitor	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Microsoft 365	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Microsoft CAS	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Microsoft Defender for Endpoint	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models
Microsoft Exchange	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Microsoft IIS	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Microsoft Web Application Proxy	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Web Application Proxy-TLS Gateway	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Secure Email Gateway	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Mimecast Targeted Threat Protection - URL	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models
Netskope Webtx	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: NextDLP

Product	MITRE ATT&CK® TTP	Content
Reveal	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
Palo Alto NGFW	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Prisma Access	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Prisma Cloud	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Phantom

Product	MITRE ATT&CK® TTP	Content
Phantom	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Ping Identity

Product	MITRE ATT&CK® TTP	Content
Ping Access	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Postfix

Product	MITRE ATT&CK® TTP	Content
Postfix	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Proofpoint Email Protection	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Targeted Attack Platform	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: RSA

Product	MITRE ATT&CK® TTP	Content
RSA DLP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: SIGSCI

Product	MITRE ATT&CK® TTP	Content
SIGSCI	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: SafeSend

Product	MITRE ATT&CK® TTP	Content
SafeSend	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Salesforce

Product	MITRE ATT&CK® TTP	Content
Salesforce	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Sangfor

Product	MITRE ATT&CK® TTP	Content
Sangfor NGAF	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Singularity Platform	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos UTM	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Sophos XG Firewall	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Squid

Product	MITRE ATT&CK® TTP	Content
Squid	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec DLP	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Symantec Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Symantec Fireglass	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Symantec Web Security Service	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Tessian

Product	MITRE ATT&CK® TTP	Content
Tessian Cloud Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
OfficeScan	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models
Trend Micro Email Security	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Unix	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models
Unix Sendmail	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 1 Models

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Stream	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models

Vendor: Watchguard

Product	MITRE ATT&CK® TTP	Content
Watchguard	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Weblogin

Product	MITRE ATT&CK® TTP	Content
Weblogin	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1048 - Exfiltration Over Alternative Protocol T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models

Vendor: Zoom

Product	MITRE ATT&CK® TTP	Content
Zoom	T1078 - Valid Accounts T1078.004 - Valid Accounts: Cloud Accounts T1090 - Proxy T1090.003 - Proxy: Multi-hop Proxy T1098 - Account Manipulation	11 Rules 5 Models

Vendor: Zscaler

Product	MITRE ATT&CK® TTP	Content
Zscaler Internet Access	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models
Zscaler Private Access	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models

Vendor:

Vendor: iBoss

Product	MITRE ATT&CK® TTP	Content
Iboss Cloud	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	4 Rules 2 Models