Rules by Product and UseCase
November 29, 2023 · View on GitHub
Vendor: GitHub
Product: GitHub
Use-Case: Malware
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 4 | 0 | 2 | 3 | 3 |
| Event Type | Rules | Models |
|---|---|---|
| app-activity | T1078 - Valid Accounts ↳ Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP | |
| authentication-successful | T1078 - Valid Accounts ↳ Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP | |
| network-connection-successful | TA0011 - TA0011 ↳ A-NET-TI-H-Outbound: Outbound connection to a known malicious host ↳ A-NET-TI-IP-Inbound: Inbound connection from a known malicious IP ↳ A-NET-TI-H-Inbound: Inbound connection from a known malicious host |