Use Case: Abnormal Authentication & Access

December 5, 2023 · View on GitHub

Use Case: Abnormal Authentication & Access

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
  • 9 Rules
  • 9 Models

Vendor: AVI Networks

ProductMITRE ATT&CK® TTPContent
AVI Networks Software Load BalancerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 16 Rules
  • 4 Models

Vendor: Admin By Request

ProductMITRE ATT&CK® TTPContent
Admin By RequestT1078 - Valid Accounts
  • 1 Rules
  • 1 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Airlock Security Access HubT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Cloud AkamaiT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: AlgoSec

ProductMITRE ATT&CK® TTPContent
AlgoSec Firewall AnalyzerT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudTrailT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
AWS CloudWatchT1133 - External Remote Services
  • 3 Rules
  • 3 Models
AWS GuardDutyT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
AWS WAFT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 10 Models

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Apache GuacamoleT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Apache SubversionT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Apache TomcatT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
Atlassian BitBucketT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 40 Rules
  • 16 Models

Vendor: Avaya

ProductMITRE ATT&CK® TTPContent
Avaya Ethernet Routing SwitchT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Axway

ProductMITRE ATT&CK® TTPContent
Axway GatewayT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models

Vendor: Badge

ProductMITRE ATT&CK® TTPContent
BadgeT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Banyan Security

ProductMITRE ATT&CK® TTPContent
Banyan SecurityT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 38 Rules
  • 17 Models
Barracuda Email Security GatewayT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Barracuda WAFT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
BeyondTrustT1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 31 Rules
  • 13 Models
BeyondTrust Privileged IdentityT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
BeyondTrust Secure Remote AccessT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Bitdefender

ProductMITRE ATT&CK® TTPContent
GravityZoneT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Broadcom

ProductMITRE ATT&CK® TTPContent
z/OST1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 35 Rules
  • 14 Models

Vendor: CDS

ProductMITRE ATT&CK® TTPContent
CDST1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 34 Rules
  • 16 Models

Vendor: CHCOM

ProductMITRE ATT&CK® TTPContent
CHCOMT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point Anti-MalwareT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Check Point Identity AwarenessT1078 - Valid Accounts
T1133 - External Remote Services
  • 13 Rules
  • 5 Models
Check Point NGFWT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 61 Rules
  • 26 Models
Check Point Security GatewayT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 35 Rules
  • 10 Models
Check Point Threat EmulationT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
AnyConnectT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 26 Rules
  • 7 Models
CiscoT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Cisco ACIT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
Cisco ACST1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
Cisco Adaptive Security ApplianceT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 61 Rules
  • 26 Models
Cisco Cloud Web SecurityT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Cisco FirepowerT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 40 Rules
  • 15 Models
Cisco IOST1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 38 Rules
  • 20 Models
Cisco ISET1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 47 Rules
  • 20 Models
Cisco Meraki MX applianceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 19 Rules
  • 11 Models
Cisco PIXT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Cisco Secure EndpointT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 21 Rules
  • 7 Models
Cisco Secure Web ApplianceT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Cisco SourceFireT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Cisco UmbrellaT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Cisco Unified Communications ManagerT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Duo AccessT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 22 Rules
  • 10 Models
IronPort EmailT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 29 Rules
  • 7 Models
Citrix ShareFileT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Citrix Virtual AppsT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 35 Rules
  • 14 Models
Citrix Web App FirewallT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 17 Rules
  • 10 Models

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1078 - Valid Accounts
T1110 - Brute Force
  • 5 Rules
  • 2 Models

Vendor: Clearsense

ProductMITRE ATT&CK® TTPContent
ClearsenseT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Cloudflare WAFT1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
  • 9 Rules
  • 9 Models

Vendor: Code42

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 44 Rules
  • 18 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Endpoint Privilege ManagerT1078 - Valid Accounts
T1133 - External Remote Services
  • 4 Rules
  • 4 Models
CyberArk Privilege Access ManagerT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 46 Rules
  • 22 Models

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICST1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Cylance PROTECTT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: DXC

ProductMITRE ATT&CK® TTPContent
DXC TechnologyT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: DataWatch Systems

ProductMITRE ATT&CK® TTPContent
DataWatchT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Authentication ServiceT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Centrify Zero Trust Privilege ServicesT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
One Identity ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
SonicwallT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 55 Rules
  • 23 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 34 Rules
  • 13 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 25 Rules
  • 6 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
  • 28 Rules
  • 16 Models

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Entrust

ProductMITRE ATT&CK® TTPContent
Entrust Identity EnterpriseT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Envoy

ProductMITRE ATT&CK® TTPContent
EnvoyT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Advanced AnalyticsT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Audit LogT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
SearchT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
ExtremeCloud IQT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Zebra WLAN ManagementT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: F-Secure

ProductMITRE ATT&CK® TTPContent
F-Secure Policy ManagerT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
BIG-IP F5 LBRT1133 - External Remote Services
  • 3 Rules
  • 3 Models
F5 Access Policy ManagerT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 35 Rules
  • 10 Models
F5 Advanced Firewall ManagerT1133 - External Remote Services
  • 3 Rules
  • 3 Models
F5 Advanced Web Application FirewallT1078 - Valid Accounts
T1133 - External Remote Services
  • 5 Rules
  • 4 Models
F5 Application Security ManagerT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 7 Models
F5 BIG-IPT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 55 Rules
  • 20 Models
F5 BIG-IP DNST1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
F5 SilverlineT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Fast Enterprises

ProductMITRE ATT&CK® TTPContent
Fast Enterprises GenTaxT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: FileAuditor

ProductMITRE ATT&CK® TTPContent
FileAuditorT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint CASBT1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
  • 9 Rules
  • 9 Models
Forcepoint Next-Gen FirewallT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Websense Security GatewayT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Forescout

ProductMITRE ATT&CK® TTPContent
EyeInspectT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Forescout CounterACTT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 7 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiGateT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 35 Rules
  • 13 Models
Fortinet UTMT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models
Fortiweb Web Application FirewallT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: GTB

ProductMITRE ATT&CK® TTPContent
GTB Technologies DLPT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Generic Badge Access

ProductMITRE ATT&CK® TTPContent
Generic Badge AccessT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Genetec

ProductMITRE ATT&CK® TTPContent
Genetec BadgeT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Gigamon

ProductMITRE ATT&CK® TTPContent
GigaVUE-HC2T1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: GoAnywhere

ProductMITRE ATT&CK® TTPContent
GoAnywhere MFTT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 37 Rules
  • 16 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
Google Cloud PlatformT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models
Google WorkspaceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 21 Rules
  • 10 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 21 Rules
  • 7 Models
Aruba Mobility MasterT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Aruba Wireless controllerT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 17 Rules
  • 7 Models
HP Print ServerT1078 - Valid Accounts
  • 1 Rules
HP SafeComT1078 - Valid Accounts
  • 1 Rules
HP Virtual Connect Enterprise ManagerT1133 - External Remote Services
  • 3 Rules
  • 3 Models
HP iLOT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models
HPE 3PAR StoreServT1133 - External Remote Services
  • 3 Rules
  • 3 Models
HPE ComwareT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: HashiCorp

ProductMITRE ATT&CK® TTPContent
HashiCorp VaultT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Honeywell

ProductMITRE ATT&CK® TTPContent
Honeywell Pro-WatchT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
DB2T1133 - External Remote Services
  • 3 Rules
  • 3 Models
HCL NotesT1133 - External Remote Services
  • 3 Rules
  • 3 Models
IBM DatapowerT1133 - External Remote Services
  • 3 Rules
  • 3 Models
IBM MainframeT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
IBM Resource Access Control FacilityT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Sterling B2B IntegratorT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Identiv

ProductMITRE ATT&CK® TTPContent
IdentivT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
  • 9 Rules
  • 9 Models
Imperva SecureSphereT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: InfoWatch

ProductMITRE ATT&CK® TTPContent
InfoWatch DLPT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
Infoblox NIOST1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 35 Rules
  • 13 Models

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper SRX SeriesT1078 - Valid Accounts
T1133 - External Remote Services
  • 16 Rules
  • 5 Models
Junos OST1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 37 Rules
  • 19 Models

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Lenel

ProductMITRE ATT&CK® TTPContent
OnGuardT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Magento

ProductMITRE ATT&CK® TTPContent
Magento WAFT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
ADSSPT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
PAM360T1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models

Vendor: MariaDB

ProductMITRE ATT&CK® TTPContent
MariaDBT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: MasterSAM

ProductMITRE ATT&CK® TTPContent
MasterSAM PAMT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee DLP EndpointT1078 - Valid Accounts
  • 1 Rules
McAfee Endpoint SecurityT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
McAfee Network Security PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
McAfee Web GatewayT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
McAfee ePolicy OrchestratorT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Skyhigh Networks CASBT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: MicroFocus ArcSight

ProductMITRE ATT&CK® TTPContent
MicroFocus ArcSightT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 20 Rules
  • 10 Models
AzureT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Azure AD Activity LogsT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Azure AD Sign-In LogsT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Azure ATPT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Azure MFAT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Azure MonitorT1021 - Remote Services
T1078 - Valid Accounts
T1078.004 - Valid Accounts: Cloud Accounts
T1133 - External Remote Services
T1136.003 - Create Account: Create: Cloud Account
  • 25 Rules
  • 9 Models
Event Viewer - ADFST1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 41 Rules
  • 20 Models
Event Viewer - ApplicationT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 21 Rules
  • 7 Models
Event Viewer - ApplockerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Event Viewer - AzureADPasswordProtection-DCAgentT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
Event Viewer - BFE Resorce FlowsT1078 - Valid Accounts
  • 1 Rules
  • 1 Models
Event Viewer - CertificateServicesClientT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Event Viewer - DFS-ReplicationT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
Event Viewer - DHCP-ServerT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Event Viewer - DNSServerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Event Viewer - Directory-ServiceT1133 - External Remote Services
  • 3 Rules
  • 3 Models
Event Viewer - Kernel-IOT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Event Viewer - KnownFoldersT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Event Viewer - Licensing-PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Event Viewer - LiveIdT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Event Viewer - NPST1021 - Remote Services
T1078 - Valid Accounts
  • 8 Rules
  • 4 Models
Event Viewer - NTLMT1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 21 Rules
  • 10 Models
Event Viewer - PowerShellT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Event Viewer - SecurityT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 69 Rules
  • 28 Models
Event Viewer - SystemT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 24 Rules
  • 13 Models
Event Viewer - TaskSchedulerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Event Viewer - TerminalServices-GatewayT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Event Viewer - TerminalServices-LocalSessionManagerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
M365 Audit LogsT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
MSSQLT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Microsoft 365T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Microsoft Advanced Threat AnalyticsT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Microsoft CAST1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Microsoft DHCP LogT1078 - Valid Accounts
T1133 - External Remote Services
  • 4 Rules
  • 4 Models
Microsoft Defender for EndpointT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 49 Rules
  • 20 Models
Microsoft ExchangeT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 27 Rules
  • 13 Models
Microsoft IIST1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Microsoft IntuneT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Microsoft Network Policy ServerT1021 - Remote Services
T1078 - Valid Accounts
  • 8 Rules
  • 4 Models
Microsoft RRAST1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
SysmonT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
WindowsT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Mimecast Secure Email GatewayT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Mimecast Targeted Threat Protection - URLT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: MuleSoft

ProductMITRE ATT&CK® TTPContent
MuleSoft Anypoint PlatformT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: NCP

ProductMITRE ATT&CK® TTPContent
NCPT1021 - Remote Services
T1078 - Valid Accounts
  • 13 Rules
  • 2 Models

Vendor: NNT

ProductMITRE ATT&CK® TTPContent
NNT ChangeTrackerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Nagios

ProductMITRE ATT&CK® TTPContent
NagiosT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models

Vendor: Namespace rDirectory

ProductMITRE ATT&CK® TTPContent
Namespace rDirectoryT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: NetIQ

ProductMITRE ATT&CK® TTPContent
Micro Focus NetIQ Identity ManagerT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 41 Rules
  • 20 Models

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 21 Rules
  • 6 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 44 Rules
  • 23 Models

Vendor: Nortel Contivity

ProductMITRE ATT&CK® TTPContent
Nortel Contivity VPNT1021 - Remote Services
T1078 - Valid Accounts
  • 13 Rules
  • 2 Models

Vendor: OSSEC

ProductMITRE ATT&CK® TTPContent
OSSECT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 22 Rules
  • 10 Models

Vendor: Onapsis

ProductMITRE ATT&CK® TTPContent
OnapsisT1078 - Valid Accounts
  • 1 Rules
  • 1 Models

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: OneSpan

ProductMITRE ATT&CK® TTPContent
Digipass for AppsT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 7 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 26 Rules
  • 7 Models

Vendor: OpenDJ

ProductMITRE ATT&CK® TTPContent
OpenDJT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Access ManagementT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Oracle Audit Vault and Database FirewallT1078 - Valid Accounts
  • 1 Rules
  • 1 Models
Oracle DatabaseT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models
Oracle Public CloudT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XSOART1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
GlobalProtectT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 35 Rules
  • 13 Models
Palo Alto NGFWT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 59 Rules
  • 24 Models
Prisma CloudT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1110 - Brute Force
  • 11 Rules
  • 8 Models
Traps Endpoint Security ManagerT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 7 Models

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
Ping IdentityT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
PingOneT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress DatabaseT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1078 - Valid Accounts
  • 1 Rules
  • 1 Models
Proofpoint Email ProtectionT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
Proofpoint Enterprise ProtectionT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 16 Rules
  • 4 Models

Vendor: RS2 Technologies

ProductMITRE ATT&CK® TTPContent
RS2 TechnologiesT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Adaptive AuthenticationT1133 - External Remote Services
  • 3 Rules
  • 3 Models
RSA Authentication ManagerT1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 16 Rules
  • 4 Models
SecurIDT1021 - Remote Services
T1078 - Valid Accounts
  • 13 Rules
  • 2 Models

Vendor: RStudio

ProductMITRE ATT&CK® TTPContent
RStudio ServerT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Radware

ProductMITRE ATT&CK® TTPContent
AlteonT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: RangerAudit

ProductMITRE ATT&CK® TTPContent
RangerAuditT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Riverbed Steelhead

ProductMITRE ATT&CK® TTPContent
Riverbed SteelheadT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Ruckus

ProductMITRE ATT&CK® TTPContent
RuckusT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Rundeck

ProductMITRE ATT&CK® TTPContent
RundeckT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 36 Rules
  • 14 Models
SuccessFactorsT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Safenet

ProductMITRE ATT&CK® TTPContent
ThalesT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Secomea

ProductMITRE ATT&CK® TTPContent
SecomeaT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: SecurEnvoy

ProductMITRE ATT&CK® TTPContent
SecurEnvoy Multi-Factor AuthenticationT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth IDPT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
SecureAuth LoginT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
ProductMITRE ATT&CK® TTPContent
SecureLinkT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 26 Rules
  • 7 Models

Vendor: SecurityExpert

ProductMITRE ATT&CK® TTPContent
SecurityExpertT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Semperis

ProductMITRE ATT&CK® TTPContent
Semperis DSPT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Sensormatik

ProductMITRE ATT&CK® TTPContent
SensormatikT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Event Viewer - SentineloneT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Singularity PlatformT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 38 Rules
  • 20 Models
VigilanceT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Shibboleth

ProductMITRE ATT&CK® TTPContent
ShibbolethT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Silverfort

ProductMITRE ATT&CK® TTPContent
Silverfort Authentication PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: SiteMinder

ProductMITRE ATT&CK® TTPContent
Symantec SiteMinderT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 10 Models

Vendor: Skyformation

ProductMITRE ATT&CK® TTPContent
SkyformationT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Skyhigh Security CloudT1071.001 - Application Layer Protocol: Web Protocols
  • 3 Rules
  • 3 Models

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models
Sophos UTMT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Sophos XG FirewallT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Specops

ProductMITRE ATT&CK® TTPContent
Specops PasswordT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: SunOne

ProductMITRE ATT&CK® TTPContent
SunOneT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Swipes

ProductMITRE ATT&CK® TTPContent
SwipesT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Swivel

ProductMITRE ATT&CK® TTPContent
SwivelT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Sybase

ProductMITRE ATT&CK® TTPContent
SybaseT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Symantec Critical System ProtectionT1078 - Valid Accounts
T1110 - Brute Force
  • 8 Rules
  • 3 Models
Symantec DLPT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
Symantec Endpoint ProtectionT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 7 Models
Symantec VIPT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
Symantec Web Security ServiceT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Cloud PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Tanium Core PlatformT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Tanium Threat ResponseT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 29 Rules
  • 14 Models

Vendor: Tenable.io

ProductMITRE ATT&CK® TTPContent
Tenable.ioT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Thales Group

ProductMITRE ATT&CK® TTPContent
Gemalto MFAT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep Discovery InspectorT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
Deep SecurityT1133 - External Remote Services
  • 3 Rules
  • 3 Models
OfficeScanT1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
  • 9 Rules
  • 9 Models
Trend Micro ScanMailT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Tufin

ProductMITRE ATT&CK® TTPContent
Tufin SecureTrackT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Tyco

ProductMITRE ATT&CK® TTPContent
CCURE Building Management SystemT1078 - Valid Accounts
T1133 - External Remote Services
  • 16 Rules
  • 5 Models

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 18 Rules
  • 7 Models
UnixT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 46 Rules
  • 19 Models
Unix AuditdT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 48 Rules
  • 22 Models
Unix NamedT1021 - Remote Services
T1078 - Valid Accounts
T1133 - External Remote Services
  • 21 Rules
  • 7 Models
Unix Privilege ManagementT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Unix dhcpdT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models
rsyslogT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: VMS Software

ProductMITRE ATT&CK® TTPContent
OpenVMST1078 - Valid Accounts
  • 1 Rules
  • 1 Models

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
  • 22 Rules
  • 10 Models
Carbon Black CEST1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
Carbon Black EDRT1078 - Valid Accounts
T1133 - External Remote Services
  • 11 Rules
  • 4 Models
LastlineT1133 - External Remote Services
  • 3 Rules
  • 3 Models
VMware AirWatchT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
VMware ESXiT1021 - Remote Services
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 32 Rules
  • 14 Models
VMware HorizonT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models
VMware Identity ManagerT1133 - External Remote Services
  • 3 Rules
  • 3 Models
VMware ViewT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models
vCenterT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Vectra Cognito StreamT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.003 - Valid Accounts: Local Accounts
T1133 - External Remote Services
  • 31 Rules
  • 14 Models

Vendor: ViaScope

ProductMITRE ATT&CK® TTPContent
ViaScope IPScanT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Visma

ProductMITRE ATT&CK® TTPContent
MegaflexT1078 - Valid Accounts
  • 3 Rules
  • 2 Models

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Wazuh

ProductMITRE ATT&CK® TTPContent
WazuhT1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 19 Rules
  • 6 Models

Vendor: Weblogin

ProductMITRE ATT&CK® TTPContent
WebloginT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: XPS

ProductMITRE ATT&CK® TTPContent
XPST1078 - Valid Accounts
  • 1 Rules

Vendor: Xceedium

ProductMITRE ATT&CK® TTPContent
XceediumT1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: Xiting

ProductMITRE ATT&CK® TTPContent
XAMST1078 - Valid Accounts
T1133 - External Remote Services
  • 15 Rules
  • 4 Models

Vendor: YSoft

ProductMITRE ATT&CK® TTPContent
YSoftT1078 - Valid Accounts
  • 1 Rules

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1078.003 - Valid Accounts: Local Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 47 Rules
  • 23 Models

Vendor: Zendesk

ProductMITRE ATT&CK® TTPContent
ZendeskT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Internet AccessT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1133 - External Remote Services
  • 20 Rules
  • 10 Models
Zscaler Private AccessT1078 - Valid Accounts
T1133 - External Remote Services
  • 14 Rules
  • 4 Models

Vendor:

Vendor: hMail

ProductMITRE ATT&CK® TTPContent
hMailServerT1133 - External Remote Services
  • 3 Rules
  • 3 Models

Vendor: iManage

ProductMITRE ATT&CK® TTPContent
iManageT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: oVirt

ProductMITRE ATT&CK® TTPContent
oVirtT1078 - Valid Accounts
T1133 - External Remote Services
  • 12 Rules
  • 4 Models

Vendor: xPLAN

ProductMITRE ATT&CK® TTPContent
xPLANT1078 - Valid Accounts
  • 3 Rules
  • 2 Models