Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor: Postfix
Product: Postfix
Use-Case: Lateral Movement
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 18 | 7 | 5 | 1 | 0 |
| Event Type | Rules | Models |
|---|---|---|
| network-connection-failed | T1190 - Exploit Public Fasing Application ↳ A-NETF-Log4j-IP: There was a failed attempt to access this asset by an external IP associated with Log4j exploit TA0010 - TA0010 ↳ A-NETF-HCountry-Outbound-F: First failed outbound connection to this country from asset ↳ A-NETF-HCountry-Outbound-A: Outbound connection to abnormal country for asset has failed ↳ A-NETF-OCountry-Outbound-F: First failed outbound connection to this country from organization ↳ A-NETF-OCountry-Outbound-A: Outbound connection to abnormal country for the organization has failed ↳ A-NETF-ZCountry-Outbound-A: Outbound connection to abnormal country for the zone has failed ↳ A-NETF-ZCountry-Outbound-F: First failed outbound connection to this country from zone ↳ A-NETF-OsH-Outbound-F: First failed outbound connection for host in the organization ↳ A-NETF-OsH-Outbound-A: Abnormal outbound connection from host failed in the organization ↳ A-NETF-ZsH-Outbound-F: First failed outbound connection for host in the zone ↳ A-NETF-ZsH-Outbound-A: Abnormal outbound connection from host failed in the zone ↳ A-NETF-HsH-Outbound-F: First failed outbound connection for host ↳ A-NETF-HsH-Outbound-A: Abnormal outbound connection from host failed ↳ A-NETF-OsZ-Outbound-F: First failed outbound connection from zone ↳ A-NETF-OsZ-Outbound-A: Abnormal outbound connection from zone failed TA0011 - TA0011 ↳ A-NETF-HCountry-Outbound-F: First failed outbound connection to this country from asset ↳ A-NETF-HCountry-Outbound-A: Outbound connection to abnormal country for asset has failed ↳ A-NETF-OCountry-Outbound-F: First failed outbound connection to this country from organization ↳ A-NETF-OCountry-Outbound-A: Outbound connection to abnormal country for the organization has failed ↳ A-NETF-ZCountry-Outbound-A: Outbound connection to abnormal country for the zone has failed ↳ A-NETF-ZCountry-Outbound-F: First failed outbound connection to this country from zone ↳ A-NET-TI-H-Outbound: Outbound connection to a known malicious host ↳ A-NETF-TI-H-Outbound: Outbound failed connection to a known malicious host ↳ A-NETF-OsH-Outbound-F: First failed outbound connection for host in the organization ↳ A-NETF-OsH-Outbound-A: Abnormal outbound connection from host failed in the organization ↳ A-NETF-ZsH-Outbound-F: First failed outbound connection for host in the zone ↳ A-NETF-ZsH-Outbound-A: Abnormal outbound connection from host failed in the zone ↳ A-NETF-HsH-Outbound-F: First failed outbound connection for host ↳ A-NETF-HsH-Outbound-A: Abnormal outbound connection from host failed ↳ A-NETF-OsZ-Outbound-F: First failed outbound connection from zone ↳ A-NETF-OsZ-Outbound-A: Abnormal outbound connection from zone failed T1090 - Proxy ↳ A-NETF-TOR-Outbound: Outbound failed connection to a known TOR IP T1090.003 - Proxy: Multi-hop Proxy ↳ A-NETF-TOR-Outbound: Outbound failed connection to a known TOR IP | • A-NET-OsZ-Outbound: Outbound communicating zones in the organization • A-NET-HsH-Outbound: Outbound communicating hosts for the asset • A-NET-ZsH-Outbound: Outbound communicating hosts in the zone • A-NET-OsH-Outbound: Outbound communicating hosts • A-NETF-ZCountry-Outbound: Failed outbound country per zone • A-NETF-OCountry-Outbound: Failed outbound country per organization • A-NETF-HCountry-Outbound: Failed outbound country per asset |