Use Case: Workforce Protection

May 13, 2026 · View on GitHub

Use Case: Workforce Protection

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Adobe

ProductMITRE ATT&CK® TTPContent
Adobe Experience ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai SIEMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Cloud AkamaiT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudWatchT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
AWS Elastic Load BalancerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
AWS Simple Email ServiceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
AWS WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Amazon S3T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Email Security GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondTrust Remote SupportT1078 - Valid Accounts
T1078.004 - Valid Accounts: Cloud Accounts
  • 2 Rules
  • 1 Models

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: CatoNetworks

ProductMITRE ATT&CK® TTPContent
Cato CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Check Point NGFWT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
Cisco Cloud SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Cisco Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Cisco Network SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Cisco Web SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Cloudflare WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
SonicwallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Digital Arts

ProductMITRE ATT&CK® TTPContent
Digital Arts i-FILTER for BusinessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Network DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Distributed CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
F5 WebSafeT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Forcepoint Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Websense Security GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiClientT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
FortiGateT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
FortiSIEMT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Fortinet Enterprise FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Fortinet UTMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Fortiweb Web Application FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
GCP CloudAuditT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Google Cloud PlatformT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Google WorkspaceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: HUMAN Security

ProductMITRE ATT&CK® TTPContent
HUMAN Bot DefenderT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
Security Access ManagerT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Island

ProductMITRE ATT&CK® TTPContent
Island Enterprise BrowserT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Kong

ProductMITRE ATT&CK® TTPContent
Kong GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Libraesva

ProductMITRE ATT&CK® TTPContent
Libraesva Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Menlo Security

ProductMITRE ATT&CK® TTPContent
Menlo SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Azure MonitorT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Event Viewer - ADFST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Event Viewer - SecurityT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
M365 Audit LogsT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
MSSQLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Microsoft 365T1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models
Microsoft CAST1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Microsoft DefenderT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models
Microsoft ExchangeT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Microsoft IIST1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Mimecast Secure Email GatewayT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Mimecast Targeted Threat Protection - URLT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models
Netskope WebtxT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Palo Alto NGFWT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Prisma AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Prisma CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
ForgeRockT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Ping AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
Proofpoint Email ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Proofpoint Enterprise ProtectionT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Targeted Attack PlatformT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models

Vendor: Sangfor

ProductMITRE ATT&CK® TTPContent
Sangfor NGAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Secure Web GatewayT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Skyhigh Security CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos UTMT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Sophos XG FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec DLPT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Symantec Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Symantec Web Security ServiceT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Trellix

ProductMITRE ATT&CK® TTPContent
Trellix Network Security (NX)T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
UnixT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models
Unix SendmailT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 1 Models

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1048 - Exfiltration Over Alternative Protocol
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 8 Rules
  • 3 Models

Vendor: Zoom

ProductMITRE ATT&CK® TTPContent
ZoomT1078 - Valid Accounts
T1078.004 - Valid Accounts: Cloud Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1098 - Account Manipulation
  • 11 Rules
  • 5 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Breach PredictorT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Zscaler Internet AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models
Zscaler Private AccessT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models

Vendor:

Vendor: iBoss

ProductMITRE ATT&CK® TTPContent
Iboss CloudT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
  • 4 Rules
  • 2 Models