Vendor: Cisco

Product: Cisco Netflow

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
53	21	12	1	1

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Compromised Credentials	netflow-connection ↳cisco-netflow-json-network-traffic-success-90 ↳cisco-netflow-kv-network-traffic-success-networkflow	T1046 - Network Service Scanning	1 Rules 1 Models
Data Exfiltration	netflow-connection ↳cisco-netflow-json-network-traffic-success-90 ↳cisco-netflow-kv-network-traffic-success-networkflow	T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol T1071.002 - Application Layer Protocol: File Transfer Protocols	1 Rules
Lateral Movement	netflow-connection ↳cisco-netflow-json-network-traffic-success-90 ↳cisco-netflow-kv-network-traffic-success-networkflow	T1018 - Remote System Discovery T1021 - Remote Services T1021.001 - Remote Services: Remote Desktop Protocol T1046 - Network Service Scanning T1071 - Application Layer Protocol T1090.003 - Proxy: Multi-hop Proxy T1190 - Exploit Public Fasing Application T1210 - Exploitation of Remote Services TA0008 - TA0008 TA0010 - TA0010 TA0011 - TA0011	51 Rules 21 Models
Malware	netflow-connection ↳cisco-netflow-json-network-traffic-success-90 ↳cisco-netflow-kv-network-traffic-success-networkflow	TA0011 - TA0011	3 Rules

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Exploit Public Fasing Application						Network Service Scanning Remote System Discovery	Exploitation of Remote Services Remote Services Remote Services: Remote Desktop Protocol		Application Layer Protocol: File Transfer Protocols Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol