Vendor: NetApp

December 5, 2023 · View on GitHub

Product: NetApp

Rules	Models	MITRE ATT&CK® TTPs	Activity Types	Parsers
86	36	15	4	4

Use-Case	Activity Types/Parsers	MITRE ATT&CK® TTP	Content
Abnormal Authentication & Access	app-login ↳netapp-n-sk4-file-rename-9999	T1078 - Valid Accounts T1133 - External Remote Services	12 Rules 4 Models
Compromised Credentials	app-login ↳netapp-n-sk4-file-rename-9999 file-delete ↳netapp-n-cef-file-delete-success-objectopenfordelete ↳netapp-n-cef-file-delete-success-deleteobjectattempt file-read ↳netapp-n-cef-file-read-success-objectopen ↳netapp-n-cef-file-read-success-objectopen-1 file-write ↳netapp-n-cef-file-write-success-cifs	T1003.001 - T1003.001 T1003.002 - T1003.002 T1003.003 - T1003.003 T1078 - Valid Accounts T1083 - File and Directory Discovery T1133 - External Remote Services T1190 - Exploit Public Fasing Application	59 Rules 30 Models
Data Exfiltration	file-write ↳netapp-n-cef-file-write-success-cifs	TA0002 - TA0002	2 Rules 1 Models
Data Leak	file-write ↳netapp-n-cef-file-write-success-cifs	T1114.001 - T1114.001	1 Rules
Destruction of Data	file-delete ↳netapp-n-cef-file-delete-success-objectopenfordelete ↳netapp-n-cef-file-delete-success-deleteobjectattempt	T1070.004 - Indicator Removal on Host: File Deletion T1485 - Data Destruction	1 Rules
Lateral Movement	app-login ↳netapp-n-sk4-file-rename-9999	T1090.003 - Proxy: Multi-hop Proxy	1 Rules
Malware	app-login ↳netapp-n-sk4-file-rename-9999 file-write ↳netapp-n-cef-file-write-success-cifs	T1003.002 - T1003.002 T1078 - Valid Accounts T1505.003 - Server Software Component: Web Shell T1547.001 - T1547.001 TA0002 - TA0002	11 Rules 4 Models
Ransomware	app-login ↳netapp-n-sk4-file-rename-9999 file-write ↳netapp-n-cef-file-write-success-cifs	T1078 - Valid Accounts T1486 - Data Encrypted for Impact	2 Rules
Next Page -->>

MITRE ATT&CK® Framework for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts Exploit Public Fasing Application		External Remote Services Valid Accounts Server Software Component: Web Shell Server Software Component Boot or Logon Autostart Execution	Valid Accounts Boot or Logon Autostart Execution	Indicator Removal on Host: File Deletion Valid Accounts Indicator Removal on Host	OS Credential Dumping	File and Directory Discovery		Email Collection	Proxy: Multi-hop Proxy Proxy		Data Destruction Data Encrypted for Impact