Vendor: GTB

July 25, 2023 · View on GitHub

Product: GTBInspector

Rules	Models	MITRE TTPs	Event Types	Parsers
19	11	3	1	1

Use-Case	Event Types/Parsers	MITRE TTP	Content
Data Exfiltration	dlp-alert ↳ cef-gtb-dlp-alert	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1204 - User Execution	15 Rules 9 Models
Data Leak	dlp-alert ↳ cef-gtb-dlp-alert	T1020 - Automated Exfiltration T1048 - Exfiltration Over Alternative Protocol T1204 - User Execution	15 Rules 9 Models
Malware	dlp-alert ↳ cef-gtb-dlp-alert	T1204 - User Execution	4 Rules 2 Models

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
	User Execution									Exfiltration Over Alternative Protocol Automated Exfiltration