Use Case: Data Exfiltration

May 13, 2026 · View on GitHub

Use Case: Data Exfiltration

Vendor: Abnormal Security

ProductMITRE ATT&CK® TTPContent
Abnormal SecurityT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai SIEMT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cloud AkamaiT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudWatchT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 9 Rules
  • 2 Models
AWS Elastic Load BalancerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
AWS WAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Amazon S3T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondTrustT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: BlackBerry

ProductMITRE ATT&CK® TTPContent
BlackBerry ProtectT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Check Point Identity AwarenessT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Check Point NGFWT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Check Point Security GatewayT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Cimcor

ProductMITRE ATT&CK® TTPContent
CimTrakTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco IOST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Cisco Network Monitoring and AnalyticsT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Cisco Network SecurityT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 19 Rules
  • 6 Models
Cisco Remote Access SecurityT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Cisco Web SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 18 Rules
  • 6 Models
Citrix Virtual AppsT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cloudflare WAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Privilege Access ManagerTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Cyberhaven

ProductMITRE ATT&CK® TTPContent
Cyberhaven DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Cyera

ProductMITRE ATT&CK® TTPContent
Omni DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICSTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Audit and Monitoring ServiceTA0002 - TA0002
  • 2 Rules
  • 1 Models
Centrify Infrastructure ServicesT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonTA0002 - TA0002
  • 2 Rules
  • 1 Models
SonicwallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Digital Guardian Network DLPT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 18 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1133 - External Remote Services
TA0002 - TA0002
TA0010 - TA0010
  • 6 Rules
  • 5 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Egnyte

ProductMITRE ATT&CK® TTPContent
EgnyteTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
F5 BIG-IPT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
F5 Distributed CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
F5 WebSafeT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Websense Security GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
FortiGateT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Fortinet Enterprise FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Fortinet UTMT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models
Fortiweb Web Application FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: FreeBSD

ProductMITRE ATT&CK® TTPContent
FreeBSDT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Google Cloud PlatformT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 9 Rules
  • 2 Models
Google WorkspaceT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba Mobility MasterT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Halcyon

ProductMITRE ATT&CK® TTPContent
HalcyonTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
GuardiumTA0002 - TA0002
  • 2 Rules
  • 1 Models
Security Access ManagerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Imperva SecureSphereTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 11 Rules
  • 6 Models

Vendor: Jamf

ProductMITRE ATT&CK® TTPContent
Jamf ProtectT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Junos OST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 36 Rules
  • 19 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Azure MonitorT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models
Azure Monitor - VM InsightsT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - ADFST1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Event Viewer - ApplicationT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - PowerShellT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - SecurityT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models
Event Viewer - SystemT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - WinNatT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
MSSQLT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Microsoft 365T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Microsoft CAST1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Microsoft DefenderT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 48 Rules
  • 21 Models
Microsoft IIST1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Microsoft PurviewT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Microsoft RRAST1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Microsoft SentinelT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Microsoft WMI LogT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
SysmonT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrTA0002 - TA0002
  • 2 Rules
  • 1 Models
Mimecast Secure Email GatewayT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Mimecast Targeted Threat Protection - URLT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Mvision

ProductMITRE ATT&CK® TTPContent
MvisionT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Netskope WebtxT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 20 Models

Vendor: Nightfall

ProductMITRE ATT&CK® TTPContent
Nightfall AIT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Public CloudT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
SolarisT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
GlobalProtectT1133 - External Remote Services
TA0002 - TA0002
TA0010 - TA0010
  • 6 Rules
  • 5 Models
Palo Alto ApertureT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Palo Alto NGFWT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Palo Alto WildFireTA0002 - TA0002
  • 2 Rules
  • 1 Models
Prisma AccessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Prisma CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Ping AccessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress ShareFileTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Proofpoint CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 17 Rules
  • 3 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Skyhigh CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Skyhigh Security CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 35 Rules
  • 19 Models
Sophos UTMT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Sophos XG FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Sophos XGS FirewallT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionTA0002 - TA0002
  • 2 Rules
  • 1 Models
Symantec CloudSOCT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec Endpoint ProtectionTA0002 - TA0002
  • 2 Rules
  • 1 Models
Symantec Web Security ServiceT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Integrity MonitorTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix DLP EndpointT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Trellix Database SecurityTA0002 - TA0002
  • 2 Rules
  • 1 Models
Trellix Endpoint SecurityTA0002 - TA0002
  • 2 Rules
  • 1 Models
Trellix Network Security (NX)T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models
Trellix ePolicy OrchestratorT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep SecurityT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
OfficeScanT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Tripwire Enterprise

ProductMITRE ATT&CK® TTPContent
Tripwire EnterpriseTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
UnixT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Unix AuditdT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black CEST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black EDRT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552 - Unsecured Credentials
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
VMware ESXiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models

Vendor: Virtru

ProductMITRE ATT&CK® TTPContent
VirtruT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Vormetric

ProductMITRE ATT&CK® TTPContent
VormetricTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Zscaler Internet AccessT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models
Zscaler Private AccessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models