Rules by Product and UseCase

May 10, 2023 · View on GitHub

Vendor: SecureNet

Product: SecureNet

Use-Case: Malware

RulesModelsMITRE ATT&CK® TTPsActivity TypesParsers
10111
Event TypeRulesModels
vpn-loginT1078 - Valid Accounts
↳ Auth-Blacklist-Shost: User authentication or login from a known blacklisted IP

Contents

  1. 1Vendor: SecureNet
  2. 1.1Product: SecureNet
  3. 1.2Use-Case: Malware