Rules by Product and UseCase

April 15, 2026 · View on GitHub

Vendor: SecureNet

Product: SecureNet

Use-Case: Ransomware

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
10110
Event TypeRulesModels
vpn-loginT1078 - Valid Accounts
↳ Auth-Ransomware-Shost: User authentication or login from a known ransomware IP

Contents

  1. 1Vendor: SecureNet
  2. 1.1Product: SecureNet
  3. 1.2Use-Case: Ransomware