Use Case: Data Leak

May 13, 2026 · View on GitHub

Use Case: Data Leak

Vendor: 1password

ProductMITRE ATT&CK® TTPContent
1passwordT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: AIM Security

ProductMITRE ATT&CK® TTPContent
AI SecurityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Abnormal Security

ProductMITRE ATT&CK® TTPContent
Abnormal SecurityT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 36 Rules
  • 15 Models

Vendor: Adaxes

ProductMITRE ATT&CK® TTPContent
AdaxesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai GuardicoreT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Akamai SIEMT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Cloud AkamaiT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudTrailT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
AWS CloudWatchT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
AWS Elastic Load BalancerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
AWS Simple Email ServiceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models
AWS WAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Amazon EKST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Amazon QT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Amazon S3T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Apache SubversionT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Arctic Wolf

ProductMITRE ATT&CK® TTPContent
Cylance PROTECTT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 32 Rules
  • 15 Models

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewT1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
  • 18 Rules
  • 6 Models

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
AtlassianT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Atlassian BitBucketT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 8 Rules
  • 2 Models

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
Barracuda Email Security GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
BeyondTrustT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
BeyondTrust Privileged IdentityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
BeyondTrust Secure Remote AccessT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 65 Rules
  • 32 Models

Vendor: BlackBerry

ProductMITRE ATT&CK® TTPContent
BlackBerry ProtectT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Canon

ProductMITRE ATT&CK® TTPContent
imageRUNNER ADVANCET1052 - Exfiltration Over Physical Medium
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 7 Rules
  • 2 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 17 Rules
  • 13 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 63 Rules
  • 33 Models
Check Point Identity AwarenessT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
Check Point NGFWT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 53 Rules
  • 27 Models
Check Point Security GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models
SmartDefenseT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Checkmarx

ProductMITRE ATT&CK® TTPContent
CheckmarxT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Cimcor

ProductMITRE ATT&CK® TTPContent
CimTrakT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Cisco Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models
Cisco Identity and Access ManagementT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Cisco Network Infrastructure and ManagementT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Cisco Network SecurityT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 20 Rules
  • 13 Models
Cisco Remote Access SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
Cisco Secure EndpointT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Cisco Secure Firewall Management CenterT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Cisco Web SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 19 Rules
  • 13 Models
Citrix Virtual AppsT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare AuditT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Cloudflare InsightsT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Cloudflare WAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Commvault

ProductMITRE ATT&CK® TTPContent
CommvaultT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Corelight

ProductMITRE ATT&CK® TTPContent
Corelight IDST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Cribl

ProductMITRE ATT&CK® TTPContent
CriblT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 17 Rules
  • 4 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Privilege Access ManagerT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Cyberhaven

ProductMITRE ATT&CK® TTPContent
Cyberhaven DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Cyera

ProductMITRE ATT&CK® TTPContent
Omni DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 35 Rules
  • 15 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Audit and Monitoring ServiceT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules
Centrify Zero Trust Privilege ServicesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Secret ServerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules
PowerProtectT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
PowerProtect Data ManagerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
PowerStoreT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
SonicwallT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 20 Rules
  • 13 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Network DLPT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 69 Rules
  • 34 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 15 Rules
  • 11 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
  • 15 Rules
  • 4 Models

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Egnyte

ProductMITRE ATT&CK® TTPContent
EgnyteT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Entrust

ProductMITRE ATT&CK® TTPContent
Entrust Identity EnterpriseT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Ermes

ProductMITRE ATT&CK® TTPContent
Ermes Browser Security PlatformT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
SearchT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Extrahop

ProductMITRE ATT&CK® TTPContent
Extrahop Reveal(x)T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
Platform ONET1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Universal ZTNAT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: F-Secure

ProductMITRE ATT&CK® TTPContent
F-Secure Policy ManagerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models
F5 BIG-IPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models
F5 Distributed CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
F5 WebSafeT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 63 Rules
  • 33 Models
Forcepoint Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 32 Rules
  • 15 Models
Forcepoint Next-Gen FirewallT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Websense Security GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Forescout

ProductMITRE ATT&CK® TTPContent
Forescout CounterACTT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
FortiGateT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 20 Rules
  • 13 Models
FortiNACT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
FortiSIEMT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models
Fortinet Enterprise FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Fortinet UTMT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 38 Rules
  • 19 Models
Fortiweb Web Application FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: GitLab

ProductMITRE ATT&CK® TTPContent
GitLabT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Gemini EnterpriseT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Google Cloud PlatformT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Google WorkspaceT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 67 Rules
  • 33 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Aruba Mobility MasterT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
HP LaserJet PrinterT1052 - Exfiltration Over Physical Medium
  • 4 Rules
  • 2 Models
HP Print ServerT1052 - Exfiltration Over Physical Medium
  • 4 Rules
  • 2 Models
HPE 3PAR StoreServT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
NonStopT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Halcyon

ProductMITRE ATT&CK® TTPContent
HalcyonT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
IBMT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
IBM DatapowerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Security Access ManagerT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Sterling B2B IntegratorT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 32 Rules
  • 15 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Imperva SecureSphereT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 7 Rules
  • 2 Models
Infoblox NetMRIT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Informatica

ProductMITRE ATT&CK® TTPContent
Informatica CloudT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Int64 Software

ProductMITRE ATT&CK® TTPContent
OVERLAPST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 19 Rules
  • 13 Models

Vendor: Jamf

ProductMITRE ATT&CK® TTPContent
Jamf ProtectT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper SRX SeriesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky Endpoint Security for BusinessT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: KnowBe4

ProductMITRE ATT&CK® TTPContent
Security Awareness TrainingT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1091 - Replication Through Removable Media
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 52 Rules
  • 25 Models

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Libraesva

ProductMITRE ATT&CK® TTPContent
Libraesva Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 36 Rules
  • 15 Models

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
ADManager PlusT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
ADSSPT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
PAM360T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 5 Rules
  • 2 Models
AzureT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure AD Activity LogsT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure Container RegistryT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure DevOpsT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure Key VaultT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure Kubernetes ServiceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure MFAT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Azure MonitorT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 10 Rules
  • 2 Models
CopilotT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - ADFST1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 8 Rules
  • 2 Models
Event Viewer - ADWST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - ApplicationT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - ApplockerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - AzureADPasswordProtection-DCAgentT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - AzureADPasswordProtection-ProxyServiceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - BFE Resorce FlowsT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - BITS-ClientT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - CAPI2T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - CodeIntegrityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - DFS-ReplicationT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - DNSServerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Directory-ServiceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - File Replication ServiceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - FileShareShadowCopyProviderT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Kerberos-Key-Distribution-CenterT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Kernel-IOT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Kernel-PnPT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - KnownFoldersT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - LSAT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Licensing-PlatformT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - LiveIdT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - NetworkProfileT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - PowerShellT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - PrintServiceT1052 - Exfiltration Over Physical Medium
  • 4 Rules
  • 2 Models
Event Viewer - RemoteDesktopServicesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - SMBT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - SecurityT1041 - Exfiltration Over C2 Channel
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 22 Rules
  • 6 Models
Event Viewer - SetupT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - SystemT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - TaskSchedulerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - TerminalServicesT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - WinNatT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models
Event Viewer - WinRMT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Event Viewer - Windows FirewallT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
M365 Audit LogsT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 35 Rules
  • 15 Models
MSSQLT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 8 Rules
  • 2 Models
Microsoft 365T1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 87 Rules
  • 39 Models
Microsoft Advanced Threat AnalyticsT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Microsoft CAST1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 65 Rules
  • 32 Models
Microsoft DHCP LogT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Microsoft DefenderT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 87 Rules
  • 39 Models
Microsoft Defender for CloudT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Microsoft ExchangeT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 37 Rules
  • 16 Models
Microsoft IIST1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Microsoft IntuneT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Microsoft PurviewT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Microsoft RRAST1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models
Microsoft SentinelT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Microsoft WMI LogT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
SysmonT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules
WindowsT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Windows Defender Application ControlT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Windows Device registration serviceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 40 Rules
  • 17 Models
Mimecast Secure Email GatewayT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 66 Rules
  • 33 Models
Mimecast Targeted Threat Protection - URLT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Monday.com

ProductMITRE ATT&CK® TTPContent
Monday.comT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Mvision

ProductMITRE ATT&CK® TTPContent
MvisionT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetApp OntapT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope CASBT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Netskope Security CloudT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 71 Rules
  • 34 Models
Netskope WebtxT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 35 Rules
  • 19 Models

Vendor: Nightfall

ProductMITRE ATT&CK® TTPContent
Nightfall AIT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Open Shift

ProductMITRE ATT&CK® TTPContent
OpenShiftT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models

Vendor: OpenAI

ProductMITRE ATT&CK® TTPContent
ChatGPTT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: OpenLDAP

ProductMITRE ATT&CK® TTPContent
OpenLDAPT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Cloud InfrastructureT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Oracle Public CloudT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Ordr

ProductMITRE ATT&CK® TTPContent
Ordr SCET1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: PagerDuty

ProductMITRE ATT&CK® TTPContent
PagerDutyT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XDRT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
GlobalProtectT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
TA0010 - TA0010
  • 14 Rules
  • 11 Models
Palo Alto ApertureT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 33 Rules
  • 17 Models
Palo Alto NGFWT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 38 Rules
  • 19 Models
Prisma AccessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Prisma CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Perforce

ProductMITRE ATT&CK® TTPContent
PerforceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
Ping AccessT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Ping IdentityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
PingOneT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Portkey

ProductMITRE ATT&CK® TTPContent
PortkeyT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Portnox

ProductMITRE ATT&CK® TTPContent
Portnox CloudT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress ShareFileT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models
Proofpoint CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Proofpoint Email ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models
Proofpoint Enterprise ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 37 Rules
  • 16 Models
Targeted Attack PlatformT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: Qualys

ProductMITRE ATT&CK® TTPContent
Qualys AssetViewT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Authentication ManagerT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
SecurityIQT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 41 Rules
  • 17 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Saviynt

ProductMITRE ATT&CK® TTPContent
SaviyntT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth LoginT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
ProductMITRE ATT&CK® TTPContent
SecureLinkT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models
VigilanceT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 8 Rules
  • 2 Models

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 46 Rules
  • 19 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Skyhigh CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models
Skyhigh Security CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Slack

ProductMITRE ATT&CK® TTPContent
SlackT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: SmartSuite

ProductMITRE ATT&CK® TTPContent
SmartSuiteT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1020 - Automated Exfiltration
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1091 - Replication Through Removable Media
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 46 Rules
  • 23 Models
Sophos UTMT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Sophos XG FirewallT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Sophos XGS FirewallT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1133 - External Remote Services
TA0010 - TA0010
  • 11 Rules
  • 11 Models

Vendor: Splunk

ProductMITRE ATT&CK® TTPContent
Splunk EST1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 7 Rules
  • 2 Models

Vendor: Swimlane

ProductMITRE ATT&CK® TTPContent
Swimlane TurbineT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Symantec CloudSOCT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 32 Rules
  • 17 Models
Symantec DLPT1020 - Automated Exfiltration
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
TA0010 - TA0010
  • 80 Rules
  • 37 Models
Symantec Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models
Symantec Endpoint ProtectionT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Symantec Web Security ServiceT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 67 Rules
  • 34 Models

Vendor: TXOne Networks

ProductMITRE ATT&CK® TTPContent
StellarOneT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
StellarProtectT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Core PlatformT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Tanium Integrity MonitorT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules

Vendor: Tenable

ProductMITRE ATT&CK® TTPContent
Tenable Cloud SecurityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Tenable Vulnerability ManagementT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 32 Rules
  • 15 Models

Vendor: ThoughtSpot

ProductMITRE ATT&CK® TTPContent
ThoughtSpotT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix DLP EndpointT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Trellix Endpoint SecurityT1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 18 Rules
  • 4 Models
Trellix Network Security (NX)T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 7 Rules
  • 2 Models
Trellix ePolicy OrchestratorT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep SecurityT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
OfficeScanT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Vision OneT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1114 - Email Collection
T1114.001 - T1114.001
  • 1 Rules
UnixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 38 Rules
  • 16 Models
Unix AuditdT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Unix NamedT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
Unix SendmailT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 34 Rules
  • 16 Models

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1091 - Replication Through Removable Media
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 17 Rules
  • 4 Models
Carbon Black CEST1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules
Carbon Black EDRT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules
VMware AirWatchT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
VMware ESXiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 7 Rules
  • 2 Models
VMware NSXT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
VMware ViewT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules
vCenterT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
T1114 - Email Collection
T1114.001 - T1114.001
TA0010 - TA0010
  • 30 Rules
  • 17 Models

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Veeam

ProductMITRE ATT&CK® TTPContent
VeeamT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Venafi

ProductMITRE ATT&CK® TTPContent
TLS ProtectT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Virtru

ProductMITRE ATT&CK® TTPContent
VirtruT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Vormetric

ProductMITRE ATT&CK® TTPContent
VormetricT1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
  • 4 Rules

Vendor: Wallix

ProductMITRE ATT&CK® TTPContent
Wallix BastionT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 9 Rules
  • 2 Models

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: XPS

ProductMITRE ATT&CK® TTPContent
XPST1052 - Exfiltration Over Physical Medium
  • 4 Rules
  • 2 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 42 Rules
  • 17 Models

Vendor: Zero Networks

ProductMITRE ATT&CK® TTPContent
Zero NetworksT1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
  • 3 Rules

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models
Zscaler Internet AccessT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.001 - T1114.001
T1114.003 - Email Collection: Email Forwarding Rule
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 39 Rules
  • 19 Models
Zscaler Private AccessT1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1052 - Exfiltration Over Physical Medium
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1114 - Email Collection
T1114.003 - Email Collection: Email Forwarding Rule
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
TA0010 - TA0010
  • 20 Rules
  • 13 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 6 Rules
  • 2 Models