Vendor: Cisco
June 14, 2023 · View on GitHub
Product: Netflow
Use-Case: Compromised Credentials
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 1 | 1 | 1 | 1 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| netflow-connection | T1046 - Network Service Scanning ↳ A-NETFLOW-OsH-SweepScan-A: Abnormal for asset to access 20 assets in 10 seconds | • A-NETFLOW-OsH-Scanners: Assets that access multiple assets within seconds in the organization |