Use Case: Privileged Activity

May 13, 2026 · View on GitHub

Use Case: Privileged Activity

Vendor: 1password

ProductMITRE ATT&CK® TTPContent
1passwordT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: AIM Security

ProductMITRE ATT&CK® TTPContent
AI SecurityT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: Abnormal Security

ProductMITRE ATT&CK® TTPContent
Abnormal SecurityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Adaxes

ProductMITRE ATT&CK® TTPContent
AdaxesT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Admin By Request

ProductMITRE ATT&CK® TTPContent
Admin By RequestTA0002 - TA0002
  • 10 Rules
  • 7 Models

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai GuardicoreT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Akamai SIEMT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Cloud AkamaiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS BastionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
AWS CloudTrailT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
AWS CloudWatchT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
AWS Elastic Load BalancerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
AWS GuardDutyT1068 - Exploitation for Privilege Escalation
  • 1 Rules
AWS Simple Email ServiceT1078 - Valid Accounts
  • 1 Rules
AWS WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Amazon EKST1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Amazon InspectorT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Amazon QT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Amazon S3T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Apache SubversionT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Apple

ProductMITRE ATT&CK® TTPContent
macOST1078 - Valid Accounts
T1078.002 - T1078.002
  • 11 Rules
  • 5 Models

Vendor: Arctic Wolf

ProductMITRE ATT&CK® TTPContent
Cylance PROTECTT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cylance ProtectT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1078 - Valid Accounts
  • 1 Rules

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewT1078 - Valid Accounts
  • 1 Rules

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
AtlassianT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Atlassian BitBucketT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Atlassian GuardT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Attivo

ProductMITRE ATT&CK® TTPContent
BOTsinkT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 21 Rules
  • 8 Models

Vendor: Axway

ProductMITRE ATT&CK® TTPContent
Axway GatewayT1078 - Valid Accounts
  • 1 Rules

Vendor: Badge

ProductMITRE ATT&CK® TTPContent
BadgeT1078 - Valid Accounts
  • 1 Rules

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Barracuda Email Security GatewayT1078 - Valid Accounts
  • 1 Rules

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1078 - Valid Accounts
TA0002 - TA0002
  • 12 Rules
  • 8 Models
BeyondTrustT1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 14 Rules
  • 6 Models
BeyondTrust Privileged IdentityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
BeyondTrust Secure Remote AccessT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Bitdefender

ProductMITRE ATT&CK® TTPContent
GravityZoneT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: BlackBerry

ProductMITRE ATT&CK® TTPContent
BlackBerry ProtectT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Box ShieldT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: CDS

ProductMITRE ATT&CK® TTPContent
CDST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: Canon

ProductMITRE ATT&CK® TTPContent
imageRUNNER ADVANCET1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 6 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point Anti-MalwareT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Check Point AvananT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Check Point Endpoint SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Check Point NGFWT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Check Point Security GatewayT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Check Point Threat EmulationT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Harmony SaaST1068 - Exploitation for Privilege Escalation
  • 1 Rules
SmartDefenseT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Checkmarx

ProductMITRE ATT&CK® TTPContent
CheckmarxT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Cimcor

ProductMITRE ATT&CK® TTPContent
CimTrakT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Cyber VisionT1078 - Valid Accounts
  • 1 Rules
Cisco Email SecurityT1078 - Valid Accounts
  • 1 Rules
Cisco IOST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 16 Rules
  • 7 Models
Cisco Identity IntelligenceT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cisco Identity and Access ManagementT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models
Cisco Network Infrastructure and ManagementT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
Cisco Network SecurityT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 22 Rules
  • 8 Models
Cisco Secure EndpointT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Cisco Secure Firewall Management CenterT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cisco Web SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 24 Rules
  • 8 Models
Citrix Security AnalyticsT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Citrix Virtual AppsT1078 - Valid Accounts
  • 2 Rules

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
ClarotyT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare AuditT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cloudflare InsightsT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Cloudflare WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Commvault

ProductMITRE ATT&CK® TTPContent
CommvaultT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Commvault ThreatWiseT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Corelight

ProductMITRE ATT&CK® TTPContent
Corelight IDST1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Cribl

ProductMITRE ATT&CK® TTPContent
CriblT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 26 Rules
  • 8 Models
Identity Threat Detection & ResponseT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Privilege Access ManagerT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 20 Rules
  • 8 Models

Vendor: Cybereason

ProductMITRE ATT&CK® TTPContent
CybereasonT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICST1078 - Valid Accounts
  • 1 Rules

Vendor: Cynet

ProductMITRE ATT&CK® TTPContent
Cynet EDRT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: DataWatch Systems

ProductMITRE ATT&CK® TTPContent
DataWatchT1078 - Valid Accounts
  • 1 Rules

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Audit and Monitoring ServiceT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Centrify Authentication ServiceT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Centrify Infrastructure ServicesT1482 - Domain Trust Discovery
  • 1 Rules
Centrify Zero Trust Privilege ServicesT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Secret ServerT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1078 - Valid Accounts
  • 1 Rules
PowerMaxT1078 - Valid Accounts
  • 1 Rules
PowerProtectT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PowerProtect Data ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PowerStoreT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
SonicwallT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 13 Rules
  • 5 Models
Digital Guardian Network DLPT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Egnyte

ProductMITRE ATT&CK® TTPContent
EgnyteT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Entrust

ProductMITRE ATT&CK® TTPContent
Entrust Identity EnterpriseT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Ermes

ProductMITRE ATT&CK® TTPContent
Ermes Browser Security PlatformT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Correlation RuleT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Phishing DetectionT1078 - Valid Accounts
  • 1 Rules
SearchT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Extrahop

ProductMITRE ATT&CK® TTPContent
Extrahop Reveal(x)T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
Platform ONET1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Universal ZTNAT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Zebra WLAN ManagementT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: F-Secure

ProductMITRE ATT&CK® TTPContent
F-Secure Client SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules
F-Secure Policy ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
F5 Advanced Firewall ManagerT1068 - Exploitation for Privilege Escalation
  • 1 Rules
F5 Application Security ManagerT1068 - Exploitation for Privilege Escalation
  • 1 Rules
F5 BIG-IPT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
F5 Distributed CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
F5 WebSafeT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1078 - Valid Accounts
  • 1 Rules
Forcepoint Email SecurityT1078 - Valid Accounts
  • 1 Rules
Forcepoint Next-Gen FirewallT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Websense Security GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Forescout

ProductMITRE ATT&CK® TTPContent
Forescout CounterACTT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
FortiGateT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
FortiNACT1078 - Valid Accounts
T1078.002 - T1078.002
  • 13 Rules
  • 6 Models
FortiSIEMT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Fortinet Enterprise FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Fortinet UTMT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Fortiweb Web Application FirewallT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: FreeBSD

ProductMITRE ATT&CK® TTPContent
FreeBSDT1482 - Domain Trust Discovery
  • 1 Rules

Vendor: Gallagher

ProductMITRE ATT&CK® TTPContent
Gallagher Access ControlT1078 - Valid Accounts
  • 1 Rules

Vendor: Gamma

ProductMITRE ATT&CK® TTPContent
GammaT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models

Vendor: GitLab

ProductMITRE ATT&CK® TTPContent
GitLabT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: GoAnywhere

ProductMITRE ATT&CK® TTPContent
GoAnywhere MFTT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Gemini EnterpriseT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Google Cloud PlatformT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Google WorkspaceT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Security Command CenterT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
ArubaOST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
HP iLOT1078 - Valid Accounts
  • 1 Rules
HPE 3PAR StoreServT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
NonStopT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Halcyon

ProductMITRE ATT&CK® TTPContent
HalcyonT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 18 Rules
  • 7 Models

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
HCL NotesT1078 - Valid Accounts
  • 1 Rules
IBMT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IBM DatapowerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IBM MainframeT1078 - Valid Accounts
  • 1 Rules
Security Access ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sterling B2B IntegratorT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1078 - Valid Accounts
  • 1 Rules

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Imperva SecureSphereT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models
Infoblox NetMRIT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Informatica

ProductMITRE ATT&CK® TTPContent
Informatica CloudT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Int64 Software

ProductMITRE ATT&CK® TTPContent
OVERLAPST1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules

Vendor: Ironscales

ProductMITRE ATT&CK® TTPContent
IronscalesT1078 - Valid Accounts
  • 1 Rules

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Jamf

ProductMITRE ATT&CK® TTPContent
Jamf ProtectT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models

Vendor: Johnson Controls

ProductMITRE ATT&CK® TTPContent
Johnson Controls P2000T1078 - Valid Accounts
  • 1 Rules

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1078 - Valid Accounts
TA0002 - TA0002
  • 13 Rules
  • 8 Models

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper SRX SeriesT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Junos OST1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky Endpoint Security for BusinessT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: KnowBe4

ProductMITRE ATT&CK® TTPContent
Security Awareness TrainingT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Lenel

ProductMITRE ATT&CK® TTPContent
OnGuardT1078 - Valid Accounts
  • 1 Rules

Vendor: Libraesva

ProductMITRE ATT&CK® TTPContent
Libraesva Email SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models

Vendor: Lookout

ProductMITRE ATT&CK® TTPContent
LookoutT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Malwarebytes

ProductMITRE ATT&CK® TTPContent
Malwarebytes Endpoint ProtectionT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
ADManager PlusT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
ADSSPT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PAM360T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
AzureT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure AD Activity LogsT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 9 Rules
  • 3 Models
Azure AD Sign-In LogsT1078 - Valid Accounts
  • 1 Rules
Azure ATPT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Azure Container RegistryT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure DevOpsT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure Event HubT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Azure Key VaultT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure Kubernetes ServiceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure MFAT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure MonitorT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 20 Rules
  • 8 Models
Azure Monitor - VM InsightsT1482 - Domain Trust Discovery
  • 1 Rules
CopilotT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Event Viewer - ADFST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Event Viewer - ADWST1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - ApplicationT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 19 Rules
  • 8 Models
Event Viewer - ApplockerT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Event Viewer - AzureADPasswordProtection-DCAgentT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - AzureADPasswordProtection-ProxyServiceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - BFE Resorce FlowsT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - BITS-ClientT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - CAPI2T1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - CodeIntegrityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - DFS-ReplicationT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 9 Rules
  • 3 Models
Event Viewer - DNSServerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Directory-ServiceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - File Replication ServiceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - FileShareShadowCopyProviderT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Kerberos-Key-Distribution-CenterT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Kernel-IOT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Kernel-PnPT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - KnownFoldersT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - LSAT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Licensing-PlatformT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - LiveIdT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - NTLMT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 2 Models
Event Viewer - NetworkProfileT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - OpenSSHT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - PowerShellT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
Event Viewer - RemoteDesktopServicesT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - SMBT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - SecurityT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1207 - Rogue Domain Controller
T1482 - Domain Trust Discovery
T1484 - Group Policy Modification
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
TA0002 - TA0002
  • 46 Rules
  • 17 Models
Event Viewer - SetupT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - SystemT1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 6 Rules
  • 3 Models
Event Viewer - TaskSchedulerT1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1078 - Valid Accounts
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 4 Rules
  • 3 Models
Event Viewer - TerminalServicesT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - TerminalServices-GatewayT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - TerminalServices-RemoteConnectionManagerT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
Event Viewer - WinRMT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - Windows FirewallT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
M365 Audit LogsT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
MSSQLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Microsoft 365T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Microsoft Advanced Threat AnalyticsT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Microsoft CAST1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Microsoft DHCP LogT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft DefenderT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1207 - Rogue Domain Controller
T1482 - Domain Trust Discovery
T1484 - Group Policy Modification
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 35 Rules
  • 10 Models
Microsoft Defender for CloudT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Microsoft EntraT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Microsoft ExchangeT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Microsoft IIST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Microsoft IntuneT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft RRAST1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft SentinelT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models
Microsoft WMI LogT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
NetLogonT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models
SysmonT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models
WindowsT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Windows Defender Application ControlT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Windows Device registration serviceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Mimecast Secure Email GatewayT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Mimecast Targeted Threat Protection - URLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Monday.com

ProductMITRE ATT&CK® TTPContent
Monday.comT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Mvision

ProductMITRE ATT&CK® TTPContent
MvisionT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppT1078 - Valid Accounts
  • 1 Rules
NetApp OntapT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope CASBT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Netskope Security CloudT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Netskope WebtxT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: Nozomi Networks

ProductMITRE ATT&CK® TTPContent
Nozomi Networks GuardianT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: OSSEC

ProductMITRE ATT&CK® TTPContent
OSSECT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Obsidian Security

ProductMITRE ATT&CK® TTPContent
SaaS SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Onapsis

ProductMITRE ATT&CK® TTPContent
OnapsisT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: Open Shift

ProductMITRE ATT&CK® TTPContent
OpenShiftT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OpenAI

ProductMITRE ATT&CK® TTPContent
ChatGPTT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: OpenLDAP

ProductMITRE ATT&CK® TTPContent
OpenLDAPT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Cloud InfrastructureT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Oracle DatabaseT1078 - Valid Accounts
  • 1 Rules
Oracle Public CloudT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
SolarisT1482 - Domain Trust Discovery
  • 1 Rules

Vendor: Ordr

ProductMITRE ATT&CK® TTPContent
Ordr SCET1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: PagerDuty

ProductMITRE ATT&CK® TTPContent
PagerDutyT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XDRT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
GlobalProtectT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Palo Alto ApertureT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Palo Alto NGFWT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 20 Rules
  • 8 Models
Palo Alto WildFireT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Prisma AccessT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Prisma CloudT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Perforce

ProductMITRE ATT&CK® TTPContent
PerforceT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Picture Perfect

ProductMITRE ATT&CK® TTPContent
Picture PerfectT1078 - Valid Accounts
  • 1 Rules

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Ping AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Ping IdentityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PingOneT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Portkey

ProductMITRE ATT&CK® TTPContent
PortkeyT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Portnox

ProductMITRE ATT&CK® TTPContent
Portnox CloudT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1078 - Valid Accounts
  • 1 Rules

Vendor: PowerSentry

ProductMITRE ATT&CK® TTPContent
PowerSentryT1078 - Valid Accounts
  • 1 Rules

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress ShareFileT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Proofpoint CASBT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Proofpoint Email ProtectionT1078 - Valid Accounts
  • 1 Rules
Proofpoint Enterprise ProtectionT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Targeted Attack PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: Qualys

ProductMITRE ATT&CK® TTPContent
Qualys AssetViewT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: RS2 Technologies

ProductMITRE ATT&CK® TTPContent
RS2 TechnologiesT1078 - Valid Accounts
  • 1 Rules

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Authentication ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Radware

ProductMITRE ATT&CK® TTPContent
AlteonT1078 - Valid Accounts
  • 1 Rules
Radware WAFT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Rapid7

ProductMITRE ATT&CK® TTPContent
Rapid7 InsightVMT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
SecurityIQT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Saviynt

ProductMITRE ATT&CK® TTPContent
SaviyntT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Secomea

ProductMITRE ATT&CK® TTPContent
SecomeaT1078 - Valid Accounts
  • 1 Rules

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth IDPT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
SecureAuth LoginT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
ProductMITRE ATT&CK® TTPContent
SecureLinkT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Semperis

ProductMITRE ATT&CK® TTPContent
Semperis DSPT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 9 Rules
  • 2 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1021 - Remote Services
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 25 Rules
  • 8 Models
VigilanceT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 7 Rules
  • 1 Models

Vendor: Shibboleth

ProductMITRE ATT&CK® TTPContent
ShibbolethT1078 - Valid Accounts
  • 1 Rules

Vendor: Siemens

ProductMITRE ATT&CK® TTPContent
Siemens Access ControlT1078 - Valid Accounts
  • 1 Rules

Vendor: Silverfort

ProductMITRE ATT&CK® TTPContent
Silverfort Authentication PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 7 Rules
  • 1 Models

Vendor: Skyformation

ProductMITRE ATT&CK® TTPContent
SkyformationT1078 - Valid Accounts
  • 1 Rules

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
Skyhigh CASBT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Skyhigh Security CloudT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models

Vendor: Slack

ProductMITRE ATT&CK® TTPContent
SlackT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: SmartSuite

ProductMITRE ATT&CK® TTPContent
SmartSuiteT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Snort

ProductMITRE ATT&CK® TTPContent
SnortT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Sophos UTMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sophos XG FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Sophos XGS FirewallT1078 - Valid Accounts
  • 1 Rules

Vendor: Splunk

ProductMITRE ATT&CK® TTPContent
Splunk EST1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: StealthBits

ProductMITRE ATT&CK® TTPContent
StealthInterceptT1003 - OS Credential Dumping
T1003.006 - OS Credential Dumping: DCSync
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 7 Rules
  • 2 Models

Vendor: Suricata

ProductMITRE ATT&CK® TTPContent
SuricataT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Swimlane

ProductMITRE ATT&CK® TTPContent
Swimlane TurbineT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Swivel

ProductMITRE ATT&CK® TTPContent
SwivelT1078 - Valid Accounts
  • 1 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Symantec CloudSOCT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Symantec Content Analysis SystemT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Symantec DLPT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Symantec Email SecurityT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Symantec Endpoint ProtectionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Symantec Web Security ServiceT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: TXOne Networks

ProductMITRE ATT&CK® TTPContent
StellarOneT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
StellarProtectT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Cloud PlatformT1078 - Valid Accounts
  • 1 Rules
Tanium Core PlatformT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Tanium Integrity MonitorT1078 - Valid Accounts
  • 1 Rules
Tanium Threat ResponseT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tenable

ProductMITRE ATT&CK® TTPContent
Tenable Cloud SecurityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Tenable Identity ExposureT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Tenable Vulnerability ManagementT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Tenable Web App ScanningT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: ThoughtSpot

ProductMITRE ATT&CK® TTPContent
ThoughtSpotT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix Central ManagementT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trellix Email SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trellix Endpoint SecurityT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models
Trellix Endpoint Security (HX)T1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trellix Network Security (NX)T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models
Trellix Web MPST1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Apex OneT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Deep Discovery InspectorT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Deep SecurityT1053 - Scheduled Task/Job
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
T1543 - Create or Modify System Process
T1543.003 - Create or Modify System Process: Windows Service
  • 7 Rules
  • 3 Models
OfficeScanT1068 - Exploitation for Privilege Escalation
  • 1 Rules
TippingPoint NGIPST1068 - Exploitation for Privilege Escalation
  • 1 Rules
Trend Micro ScanMailT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Vision OneT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Tripwire Enterprise

ProductMITRE ATT&CK® TTPContent
Tripwire EnterpriseT1078 - Valid Accounts
  • 1 Rules

Vendor: Tyco

ProductMITRE ATT&CK® TTPContent
CCURE Building Management SystemT1078 - Valid Accounts
  • 1 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
UnixT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 25 Rules
  • 8 Models
Unix AuditdT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 20 Rules
  • 8 Models
Unix NamedT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Unix SendmailT1078 - Valid Accounts
  • 1 Rules

Vendor: VBCorp

ProductMITRE ATT&CK® TTPContent
VBCorpT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Carbon Black CEST1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Carbon Black EDRT1078 - Valid Accounts
T1482 - Domain Trust Discovery
TA0002 - TA0002
  • 14 Rules
  • 8 Models
VMware AirWatchT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
VMware ESXiT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 20 Rules
  • 8 Models
VMware HorizonT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models
VMware NSXT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
VMware ViewT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
vCenterT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Veeam

ProductMITRE ATT&CK® TTPContent
VeeamT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Venafi

ProductMITRE ATT&CK® TTPContent
TLS ProtectT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Visma

ProductMITRE ATT&CK® TTPContent
MegaflexT1078 - Valid Accounts
  • 1 Rules

Vendor: Vormetric

ProductMITRE ATT&CK® TTPContent
VormetricT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Wallix

ProductMITRE ATT&CK® TTPContent
Wallix BastionT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 21 Rules
  • 8 Models

Vendor: Zero Networks

ProductMITRE ATT&CK® TTPContent
Zero NetworksT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: ZeroFox

ProductMITRE ATT&CK® TTPContent
ZeroFox ProtectionT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Zimperium

ProductMITRE ATT&CK® TTPContent
Zimperium MTDT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Zscaler Internet AccessT1068 - Exploitation for Privilege Escalation
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 6 Rules
  • 1 Models
Zscaler Private AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: oVirt

ProductMITRE ATT&CK® TTPContent
oVirtT1078 - Valid Accounts
  • 1 Rules

Vendor: xPLAN

ProductMITRE ATT&CK® TTPContent
xPLANT1078 - Valid Accounts
  • 1 Rules