2_ds_cisco_secure_endpoint.md
June 14, 2023 · View on GitHub
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Malware | security-alert ↳s-cisco-amp-alert-8 ↳s-cisco-amp-alert-9 ↳s-cisco-amp-alert-2 ↳s-cisco-amp-alert-3 ↳s-cisco-amp-alert-11 ↳s-cisco-amp-alert-14 ↳s-cisco-amp-alert-1 ↳s-cisco-amp-alert-13 ↳s-cisco-amp-alert-16 ↳s-cisco-amp-alert-7 ↳s-cisco-amp-alert-15 ↳s-cisco-amp-alert-5 ↳s-cisco-amp-alert-10 | TA0002 - TA0002 |
|
| Privileged Activity | security-alert ↳s-cisco-amp-alert-8 ↳s-cisco-amp-alert-9 ↳s-cisco-amp-alert-2 ↳s-cisco-amp-alert-3 ↳s-cisco-amp-alert-11 ↳s-cisco-amp-alert-14 ↳s-cisco-amp-alert-1 ↳s-cisco-amp-alert-13 ↳s-cisco-amp-alert-16 ↳s-cisco-amp-alert-7 ↳s-cisco-amp-alert-15 ↳s-cisco-amp-alert-5 ↳s-cisco-amp-alert-10 | T1068 - Exploitation for Privilege Escalation |
|