Vendor: VMware
June 30, 2023 · View on GitHub
Product: AirWatch
Use-Case: Lateral Movement
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 6 | 0 | 3 | 4 | 4 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost: User authentication or login from a known TOR IP | |
| authentication-failed | T1078 - Valid Accounts ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost-Failed: User authentication or login failure from a known TOR IP | |
| authentication-successful | T1090.003 - Proxy: Multi-hop Proxy ↳ Auth-Tor-Shost: User authentication or login from a known TOR IP | |
| security-alert | T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools ↳ A-ALERT-DL: DL Correlation rule alert on asset ↳ A-ALERT-Correlation-Rule: Correlation rule alert on asset ↳ ALERT-Correlation-Rule: Correlation rule alert on asset accessed by this user ↳ ALERT-DL: DL Correlation rule alert on asset accessed by this user |