Vendor: Cisco

July 25, 2023 · View on GitHub

Rules	Models	MITRE TTPs	Event Types	Parsers
2	2	1	3	3

Event Type	Rules	Models
vpn-logout	T1566 - Phishing ↳ EM-FNum-in: Abnormal number of incoming emails ↳ EM-BSum-in: Abnormal size of incoming emails	• EM-BSum-in: Sum of bytes in incoming emails • EM-FNum-in: Count of incoming emails