Vendor: IBM

June 14, 2023 · View on GitHub

Product: Infosphere Guardium

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
42	22	2	3	3

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	database-alert ↳cef-guardium-db-alert-1 ↳s-guardium-db-alert ↳s-guardium-db-alert-1 ↳cef-syslog-guardium-db-alert ↳cef-syslog-guardium-db-alert-1 ↳cef-guardium-db-alert ↳cef-guardium-database-alert database-login ↳s-db-login database-query ↳cef-guardium-db-query ↳cef-syslog-guardium-db-query ↳guardium-db-query ↳leef-guardium-db-query ↳leef-guardium-db-query-1	T1213 - Data from Information Repositories	38 Rules 20 Models
Data Access	database-alert ↳cef-guardium-db-alert-1 ↳s-guardium-db-alert ↳s-guardium-db-alert-1 ↳cef-syslog-guardium-db-alert ↳cef-syslog-guardium-db-alert-1 ↳cef-guardium-db-alert ↳cef-guardium-database-alert database-login ↳s-db-login database-query ↳cef-guardium-db-query ↳cef-syslog-guardium-db-query ↳guardium-db-query ↳leef-guardium-db-query ↳leef-guardium-db-query-1	T1213 - Data from Information Repositories	38 Rules 20 Models
Data Exfiltration	database-alert ↳cef-guardium-db-alert-1 ↳s-guardium-db-alert ↳s-guardium-db-alert-1 ↳cef-syslog-guardium-db-alert ↳cef-syslog-guardium-db-alert-1 ↳cef-guardium-db-alert ↳cef-guardium-database-alert	TA0002 - TA0002	2 Rules 1 Models
Malware	database-alert ↳cef-guardium-db-alert-1 ↳s-guardium-db-alert ↳s-guardium-db-alert-1 ↳cef-syslog-guardium-db-alert ↳cef-syslog-guardium-db-alert-1 ↳cef-guardium-db-alert ↳cef-guardium-database-alert	TA0002 - TA0002	2 Rules 1 Models

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
								Data from Information Repositories