Vendor: Trend Micro
June 14, 2023 · View on GitHub
Product: OfficeScan
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 187 | 79 | 24 | 7 | 7 |
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Abnormal Authentication & Access | privileged-object-access ↳leef-trendmicro-privileged-object-access web-activity-allowed ↳trendmicro-cef-web-activity | T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts |
|
| Compromised Credentials | security-alert ↳q-trendmicro-syslog-alert ↳s-trendmicro-epp-alert-1 ↳s-trendmicro-epp-alert ↳s-trendmicro-epp-alert-2 ↳q-trendmicro-epp-alert ↳trendmicro-cef-alert ↳trend-micro-alert-2 ↳trend-micro-alert-3 ↳trend-micro-alert-4 ↳trend-micro-alert-5 ↳trend-micro-alert-6 ↳trend-micro-alert-7 ↳trend-micro-alert-8 ↳s-trendmicro-security-alert-2 ↳s-trendmicro-security-alert-3 ↳cef-trendmicro-security-alert ↳trend-micro-alert-1 ↳s-trendmicro-security-alert-1 ↳leef-trendmicro-security-alert ↳s-trendmicro-security-alert web-activity-allowed ↳trendmicro-cef-web-activity | T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1190 - Exploit Public Fasing Application T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms |
|
| Cryptomining | web-activity-allowed ↳trendmicro-cef-web-activity | T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking |
|
| Data Exfiltration | dlp-alert ↳q-trendmicro-dlp-alert ↳cef-trendmicro-dlp-alert-1 ↳cef-trendmicro-dlp-alert web-activity-allowed ↳trendmicro-cef-web-activity | T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms TA0010 - TA0010 |
|
| Data Leak | dlp-alert ↳q-trendmicro-dlp-alert ↳cef-trendmicro-dlp-alert-1 ↳cef-trendmicro-dlp-alert dlp-email-alert-out ↳trendmicro-cef-alert usb-write ↳cef-trendmicro-usb-write web-activity-allowed ↳trendmicro-cef-web-activity | T1020 - Automated Exfiltration T1041 - Exfiltration Over C2 Channel T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1091 - Replication Through Removable Media T1567 - Exfiltration Over Web Service T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage TA0010 - TA0010 |
|
| Phishing | dlp-email-alert-out ↳trendmicro-cef-alert web-activity-allowed ↳trendmicro-cef-web-activity | T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1189 - Drive-by Compromise T1204.001 - T1204.001 T1534 - Internal Spearphishing T1566.002 - Phishing: Spearphishing Link T1598.003 - T1598.003 |
|
| Privilege Abuse | dlp-email-alert-in ↳trendmicro-cef-alert dlp-email-alert-out ↳trendmicro-cef-alert web-activity-allowed ↳trendmicro-cef-web-activity | T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts |
|
| Ransomware | web-activity-allowed ↳trendmicro-cef-web-activity | T1071.001 - Application Layer Protocol: Web Protocols |
|
| Workforce Protection | dlp-email-alert-out ↳trendmicro-cef-alert web-activity-allowed ↳trendmicro-cef-web-activity | T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.001 - Application Layer Protocol: Web Protocols |
|
| Next Page -->> |