Vendor: Bitdefender

June 14, 2023 · View on GitHub

Product: GravityZone

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
130	45	17	3	3

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-login ↳gravityzone-security-alert-new-login web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	15 Rules 7 Models
Compromised Credentials	app-login ↳gravityzone-security-alert-new-login security-alert ↳gravityzone-security-alert-fw ↳gravityzone-security-alert-new-incident ↳gravityzone-security-alert-avc-1 ↳gravityzone-security-alert-aph ↳gravityzone-security-alert-av ↳gravityzone-security-alert-avc ↳gravityzone-security-alert-av-1 ↳gravityzone-security-alert-aph-1 ↳gravityzone-security-alert-hd ↳cef-bitdefender-gravityzone-alert web-activity-denied ↳gravityzone-web-activity-denied	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	78 Rules 39 Models
Cryptomining	web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	2 Rules
Data Access	app-login ↳gravityzone-security-alert-new-login	T1078 - Valid Accounts	5 Rules 4 Models
Data Exfiltration	web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms	6 Rules 2 Models
Data Leak	web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	4 Rules 2 Models
Phishing	web-activity-denied ↳gravityzone-web-activity-denied	T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003	4 Rules
Privilege Abuse	app-login ↳gravityzone-security-alert-new-login web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts	3 Rules
Ransomware	app-login ↳gravityzone-security-alert-new-login web-activity-denied ↳gravityzone-web-activity-denied	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts	2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	External Remote Services Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information			Internal Spearphishing		Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking