Vendor: VMware
July 25, 2023 · View on GitHub
Product: NSX FW
| Rules | Models | MITRE TTPs | Event Types | Parsers |
|---|---|---|---|---|
| 32 | 16 | 4 | 2 | 2 |
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
|---|---|---|---|
| Cryptomining | network-connection-failed ↳ cef-nsx-fw-logs-1 network-connection-successful ↳ cef-nsx-fw-logs-1 | T1496 - Resource Hijacking |
|
| Lateral Movement | network-connection-failed ↳ cef-nsx-fw-logs-1 network-connection-successful ↳ cef-nsx-fw-logs-1 | T1071 - Application Layer Protocol T1090.002 - Proxy: External Proxy T1571 - Non-Standard Port |
|
| Malware | network-connection-failed ↳ cef-nsx-fw-logs-1 network-connection-successful ↳ cef-nsx-fw-logs-1 | T1071 - Application Layer Protocol |
|
| Ransomware | network-connection-failed ↳ cef-nsx-fw-logs-1 network-connection-successful ↳ cef-nsx-fw-logs-1 | T1071 - Application Layer Protocol |
|
ATT&CK Matrix for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Non-Standard Port Proxy: External Proxy Application Layer Protocol Proxy | Resource Hijacking |