Vendor: Netskope

June 14, 2023 · View on GitHub

Product: Security Cloud

Rules	Models	MITRE ATT&CK® TTPs	Event Types	Parsers
344	136	35	16	16

Use-Case	Event Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-activity ↳netskope-activity ↳netskope-app-activity-2 ↳netskope-app-activity-1 ↳s-netskope-activity ↳cef-netskope-app-activity-22 ↳cef-netskope-app-activity-24 ↳cef-netskope-app-activity-23 ↳cef-netskope-app-activity-19 ↳cef-netskope-app-activity-18 ↳cef-netskope-app-activity-15 ↳cef-netskope-app-activity-14 ↳cef-netskope-app-activity-17 ↳cef-netskope-app-activity-16 ↳cef-netskope-app-activity-8 ↳cef-netskope-app-activity-11 ↳cef-netskope-app-activity-7 ↳cef-netskope-app-activity-10 ↳cef-netskope-app-activity-6 ↳cef-netskope-app-activity-13 ↳cef-netskope-app-activity-5 ↳cef-netskope-app-activity-12 ↳cef-netskope-app-activity-51 ↳cef-netskope-app-activity-50 ↳cef-netskope-app-activity-9 ↳json-netskope-app-activity-17 ↳cef-netskope-app-activity-4 ↳cef-netskope-app-activity-3 ↳cef-netskope-app-activity-2 ↳cef-netskope-app-activity-1 ↳cef-netskope-app-activity-48 ↳cef-netskope-app-activity-47 ↳cef-netskope-app-activity-49 ↳cef-netskope-app-activity-44 ↳cef-netskope-app-activity-43 ↳cef-netskope-app-activity-46 ↳cef-netskope-app-activity-45 ↳cef-netskope-app-activity-40 ↳cef-netskope-app-activity-42 ↳cef-netskope-app-activity-41 ↳json-netskope-app-activity-18 ↳cef-netskope-app-activity-37 ↳cef-netskope-app-activity-36 ↳cef-netskope-app-activity-38 ↳cef-netskope-app-activity-33 ↳cef-netskope-app-activity-35 ↳cef-netskope-app-activity-34 ↳cef-netskope-app-activity-31 ↳cef-netskope-app-activity-29 ↳cef-netskope-app-activity-26 ↳cef-netskope-app-activity-25 ↳cef-netskope-app-activity-28 ↳cef-netskope-app-activity-27 ↳netskope-app-activity app-login ↳cef-netskope-app-login-1 ↳cef-netskope-app-login-2 ↳json-netskope-app-login ↳netskope-login ↳s-netskope-login ↳netskope-login-1 failed-app-login ↳cef-netskope-failed-app-login ↳json-netskope-failed-app-login web-activity-allowed ↳cef-netskope-web-activity-1 ↳cef-netskope-web-activity ↳netskope-web-activity web-activity-denied ↳netskope-web-activity ↳cef-netskope-web-policy ↳cef-netskope-web-policy-1	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1133 - External Remote Services	21 Rules 10 Models
Account Manipulation	app-activity ↳netskope-activity ↳netskope-app-activity-2 ↳netskope-app-activity-1 ↳s-netskope-activity ↳cef-netskope-app-activity-22 ↳cef-netskope-app-activity-24 ↳cef-netskope-app-activity-23 ↳cef-netskope-app-activity-19 ↳cef-netskope-app-activity-18 ↳cef-netskope-app-activity-15 ↳cef-netskope-app-activity-14 ↳cef-netskope-app-activity-17 ↳cef-netskope-app-activity-16 ↳cef-netskope-app-activity-8 ↳cef-netskope-app-activity-11 ↳cef-netskope-app-activity-7 ↳cef-netskope-app-activity-10 ↳cef-netskope-app-activity-6 ↳cef-netskope-app-activity-13 ↳cef-netskope-app-activity-5 ↳cef-netskope-app-activity-12 ↳cef-netskope-app-activity-51 ↳cef-netskope-app-activity-50 ↳cef-netskope-app-activity-9 ↳json-netskope-app-activity-17 ↳cef-netskope-app-activity-4 ↳cef-netskope-app-activity-3 ↳cef-netskope-app-activity-2 ↳cef-netskope-app-activity-1 ↳cef-netskope-app-activity-48 ↳cef-netskope-app-activity-47 ↳cef-netskope-app-activity-49 ↳cef-netskope-app-activity-44 ↳cef-netskope-app-activity-43 ↳cef-netskope-app-activity-46 ↳cef-netskope-app-activity-45 ↳cef-netskope-app-activity-40 ↳cef-netskope-app-activity-42 ↳cef-netskope-app-activity-41 ↳json-netskope-app-activity-18 ↳cef-netskope-app-activity-37 ↳cef-netskope-app-activity-36 ↳cef-netskope-app-activity-38 ↳cef-netskope-app-activity-33 ↳cef-netskope-app-activity-35 ↳cef-netskope-app-activity-34 ↳cef-netskope-app-activity-31 ↳cef-netskope-app-activity-29 ↳cef-netskope-app-activity-26 ↳cef-netskope-app-activity-25 ↳cef-netskope-app-activity-28 ↳cef-netskope-app-activity-27 ↳netskope-app-activity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Cryptomining	web-activity-allowed ↳cef-netskope-web-activity-1 ↳cef-netskope-web-activity ↳netskope-web-activity web-activity-denied ↳netskope-web-activity ↳cef-netskope-web-policy ↳cef-netskope-web-policy-1	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	2 Rules
Destruction of Data	file-delete ↳netskope-activity ↳s-netskope-activity	T1070.004 - Indicator Removal on Host: File Deletion T1485 - Data Destruction	1 Rules
Workforce Protection	dlp-email-alert-out ↳cef-netskope-dlp-email-alert-1 web-activity-allowed ↳cef-netskope-web-activity-1 ↳cef-netskope-web-activity ↳netskope-web-activity	T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.001 - Application Layer Protocol: Web Protocols	8 Rules 3 Models
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Exploit Public Fasing Application Phishing	User Execution	External Remote Services Valid Accounts Server Software Component: Web Shell Account Manipulation Server Software Component Boot or Logon Autostart Execution Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts Exploitation for Privilege Escalation Boot or Logon Autostart Execution	Obfuscated Files or Information: Indicator Removal from Tools Indicator Removal on Host: File Deletion Valid Accounts Indicator Removal on Host Obfuscated Files or Information	OS Credential Dumping	File and Directory Discovery	Internal Spearphishing	Email Collection Email Collection: Email Forwarding Rule	Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Exfiltration Over C2 Channel Automated Exfiltration Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Data Destruction Resource Hijacking Data Encrypted for Impact