Vendor: Check Point

June 14, 2023 · View on GitHub

Product: Threat Prevention

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
82	31	7	3	3

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	network-alert ↳syslog-checkpoint-network-alert ↳checkpoint-network-alert-2 ↳checkpoint-network-alert-4 ↳cef-checkpoint-network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert ↳checkpoint-network-alert-1 ↳checkpoint-network-alert	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1190 - Exploit Public Fasing Application	22 Rules 9 Models
Lateral Movement	network-connection-failed ↳checkpoint-firewall-2 network-connection-successful ↳checkpoint-firewall-2	T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application TA0010 - TA0010 TA0011 - TA0011	56 Rules 20 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Exploit Public Fasing Application				Obfuscated Files or Information: Indicator Removal from Tools Obfuscated Files or Information					Proxy: Multi-hop Proxy Application Layer Protocol Proxy