Rules by Product and UseCase

Vendor: Swift

Product: Swift

Use-Case: Ransomware

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
3	0	3	3	0

Event Type	Rules	Models
app-login	T1078 - Valid Accounts ↳ Auth-Ransomware-Shost: User authentication or login from a known ransomware IP
failed-app-login	T1078 - Valid Accounts ↳ Auth-Ransomware-Shost-Failed: User authentication or login failure from a known ransomware IP
web-activity-denied	T1071 - Application Layer Protocol ↳ WEB-UI-Ransomware: User attempted to connect to IP address which is associated to Ransomware T1071.001 - Application Layer Protocol: Web Protocols ↳ WEB-UI-Ransomware: User attempted to connect to IP address which is associated to Ransomware