Rules by Product and UseCase
April 15, 2026 · View on GitHub
Vendor: Swift
Product: Swift
Use-Case: Data Leak
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 7 | 2 | 6 | 2 | 1 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1114 - Email Collection ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords T1114.003 - Email Collection: Email Forwarding Rule ↳ EM-InRule-EX: User has created an inbox forwarding rule to forward email to an external domain email ↳ EM-InRule-Public: User has created an inbox forwarding rule to forward email to a public email domain ↳ EM-InRule-Fin: User has created an inbox forwarding rule to forward emails containing financial keywords | |
| web-activity-denied | T1071 - Application Layer Protocol ↳ WEB-New-File-20-Block: User with no web activity history was blocked from uploading 20MB or more T1071.001 - Application Layer Protocol: Web Protocols ↳ WEB-New-File-20-Block: User with no web activity history was blocked from uploading 20MB or more T1567 - Exfiltration Over Web Service ↳ WEB-FS: User has accessed a file sharing domain ↳ WEB-OU-FS: One of the top file sharing users in the organization ↳ WEB-OG-FS: One of the top file sharing users in the peer group T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage ↳ WEB-FS: User has accessed a file sharing domain ↳ WEB-OU-FS: One of the top file sharing users in the organization ↳ WEB-OG-FS: One of the top file sharing users in the peer group | • WEB-OG-FS: File sharing activities of users in the peer group • WEB-OU-FS: File sharing activities of users in the organization |