2_ds_bitdefender_gravityzone.md

June 14, 2023 · View on GitHub

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Lateral Movement	app-login ↳gravityzone-security-alert-new-login security-alert ↳gravityzone-security-alert-fw ↳gravityzone-security-alert-new-incident ↳gravityzone-security-alert-avc-1 ↳gravityzone-security-alert-aph ↳gravityzone-security-alert-av ↳gravityzone-security-alert-avc ↳gravityzone-security-alert-av-1 ↳gravityzone-security-alert-aph-1 ↳gravityzone-security-alert-hd ↳cef-bitdefender-gravityzone-alert web-activity-denied ↳gravityzone-web-activity-denied	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application	13 Rules
Malware	app-login ↳gravityzone-security-alert-new-login security-alert ↳gravityzone-security-alert-fw ↳gravityzone-security-alert-new-incident ↳gravityzone-security-alert-avc-1 ↳gravityzone-security-alert-aph ↳gravityzone-security-alert-av ↳gravityzone-security-alert-avc ↳gravityzone-security-alert-av-1 ↳gravityzone-security-alert-aph-1 ↳gravityzone-security-alert-hd ↳cef-bitdefender-gravityzone-alert web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0002 - TA0002	29 Rules 9 Models
Privileged Activity	app-login ↳gravityzone-security-alert-new-login security-alert ↳gravityzone-security-alert-fw ↳gravityzone-security-alert-new-incident ↳gravityzone-security-alert-avc-1 ↳gravityzone-security-alert-aph ↳gravityzone-security-alert-av ↳gravityzone-security-alert-avc ↳gravityzone-security-alert-av-1 ↳gravityzone-security-alert-aph-1 ↳gravityzone-security-alert-hd ↳cef-bitdefender-gravityzone-alert web-activity-denied ↳gravityzone-web-activity-denied	T1068 - Exploitation for Privilege Escalation T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service	4 Rules