Vendor: Cisco

June 14, 2023 · View on GitHub

Product: Firepower

Use-Case: Data Access

RulesModelsMITRE ATT&CK® TTPsEvent TypesParsers
31222
Event TypeRulesModels
process-createdT1003 - OS Credential Dumping
A-CP-Sensitive-Files: Copying sensitive files with credential data on this asset
CP-Sensitive-Files: Copying sensitive files with credential data
vpn-logoutT1110 - Brute Force
APP-UFL-COUNT: Abnormal number of failed application logins for user		APP-UFL-COUNT: Count of failed application logins in a session