2_ds_cisco_call_manager.md
June 14, 2023 · View on GitHub
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Lateral Movement | app-activity ↳cisco-app-activity app-activity-failed ↳cisco-app-activity authentication-failed ↳cisco-auth-failed-2 ↳cisco-auth-failed-1 ↳cisco-auth-failed authentication-successful ↳cisco-auth-successful ↳cisco-auth-successful-2 ↳cisco-auth-successful-1 | T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy |
|
| Ransomware | app-activity ↳cisco-app-activity app-activity-failed ↳cisco-app-activity authentication-failed ↳cisco-auth-failed-2 ↳cisco-auth-failed-1 ↳cisco-auth-failed authentication-successful ↳cisco-auth-successful ↳cisco-auth-successful-2 ↳cisco-auth-successful-1 | T1078 - Valid Accounts |
|