2_ds_bitdefender_gravityzone.md

November 29, 2023 · View on GitHub

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Lateral Movement	app-login ↳bitdefender-gz-json-app-login-success-gravityzonelogin authentication-failed ↳bitdefender-gz-json-app-activity-success-registration security-alert ↳bitdefender-gz-sk4-alert-trigger-success-av ↳bitdefender-gz-cef-alert-trigger-success-gravityzone ↳bitdefender-gz-json-alert-trigger-success-av ↳bitdefender-gz-sk4-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-newincident ↳bitdefender-gz-json-alert-trigger-success-hd ↳bitdefender-gz-json-alert-trigger-success-avc ↳bitdefender-gz-json-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-fw ↳bitdefender-gz-sk4-alert-trigger-success-avc	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy	4 Rules
Malware	app-login ↳bitdefender-gz-json-app-login-success-gravityzonelogin security-alert ↳bitdefender-gz-sk4-alert-trigger-success-av ↳bitdefender-gz-cef-alert-trigger-success-gravityzone ↳bitdefender-gz-json-alert-trigger-success-av ↳bitdefender-gz-sk4-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-newincident ↳bitdefender-gz-json-alert-trigger-success-hd ↳bitdefender-gz-json-alert-trigger-success-avc ↳bitdefender-gz-json-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-fw ↳bitdefender-gz-sk4-alert-trigger-success-avc	T1078 - Valid Accounts TA0002 - TA0002	5 Rules 2 Models
Privileged Activity	app-login ↳bitdefender-gz-json-app-login-success-gravityzonelogin security-alert ↳bitdefender-gz-sk4-alert-trigger-success-av ↳bitdefender-gz-cef-alert-trigger-success-gravityzone ↳bitdefender-gz-json-alert-trigger-success-av ↳bitdefender-gz-sk4-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-newincident ↳bitdefender-gz-json-alert-trigger-success-hd ↳bitdefender-gz-json-alert-trigger-success-avc ↳bitdefender-gz-json-alert-trigger-success-aph ↳bitdefender-gz-sk4-alert-trigger-success-fw ↳bitdefender-gz-sk4-alert-trigger-success-avc	T1068 - Exploitation for Privilege Escalation T1078 - Valid Accounts	2 Rules