Use Case: Data Access

December 5, 2023 · View on GitHub

Use Case: Data Access

Vendor: AMD

Product	MITRE ATT&CK® TTP	Content
Pensando	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: AVI Networks

Product	MITRE ATT&CK® TTP	Content
AVI Networks Software Load Balancer	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Absolute

Product	MITRE ATT&CK® TTP	Content
Absolute DDS	T1003 - OS Credential Dumping T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Accellion

Product	MITRE ATT&CK® TTP	Content
Kiteworks	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Airlock

Product	MITRE ATT&CK® TTP	Content
Airlock Allowlisting	T1078 - Valid Accounts	19 Rules 11 Models
Airlock Security Access Hub	T1078 - Valid Accounts T1083 - File and Directory Discovery	30 Rules 17 Models

Vendor: Amazon

Product	MITRE ATT&CK® TTP	Content
AWS CloudTrail	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models
AWS GuardDuty	T1213 - Data from Information Repositories	10 Rules 5 Models
AWS Redshift	T1213 - Data from Information Repositories	18 Rules 10 Models
Amazon EKS	T1003 - OS Credential Dumping	1 Rules
Amazon RDS	T1003 - OS Credential Dumping T1213 - Data from Information Repositories	19 Rules 10 Models

Vendor: Apache

Product	MITRE ATT&CK® TTP	Content
Apache Subversion	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: AssetView

Product	MITRE ATT&CK® TTP	Content
AssetView	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Atlassian

Product	MITRE ATT&CK® TTP	Content
Atlassian BitBucket	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Auth0

Product	MITRE ATT&CK® TTP	Content
Auth0	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Banyan Security

Product	MITRE ATT&CK® TTP	Content
Banyan Security	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Barracuda

Product	MITRE ATT&CK® TTP	Content
Barracuda Cloudgen Firewall	T1078 - Valid Accounts	5 Rules 4 Models
Barracuda Email Security Gateway	T1078 - Valid Accounts	5 Rules 4 Models
Barracuda WAF	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: BeyondTrust

Product	MITRE ATT&CK® TTP	Content
BeyondInsight	T1003 - OS Credential Dumping T1078 - Valid Accounts T1213 - Data from Information Repositories	31 Rules 16 Models
BeyondTrust	T1003 - OS Credential Dumping T1078 - Valid Accounts	20 Rules 11 Models
BeyondTrust Privileged Identity	T1078 - Valid Accounts	19 Rules 11 Models
BeyondTrust Secure Remote Access	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Bitdefender

Product	MITRE ATT&CK® TTP	Content
GravityZone	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Bitglass

Product	MITRE ATT&CK® TTP	Content
Bitglass CASB	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Box

Product	MITRE ATT&CK® TTP	Content
Box Cloud Content Management	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Broadcom

Product	MITRE ATT&CK® TTP	Content
z/OS	T1078 - Valid Accounts	1 Rules

Vendor: CA Technologies

Product	MITRE ATT&CK® TTP	Content
CA Privileged Access Manager Server Control	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Check Point

Product	MITRE ATT&CK® TTP	Content
Check Point Endpoint Security	T1213 - Data from Information Repositories	10 Rules 5 Models
Check Point NGFW	T1078 - Valid Accounts T1110 - Brute Force T1213 - Data from Information Repositories	30 Rules 17 Models
Check Point Security Gateway	T1110 - Brute Force	1 Rules 1 Models

Vendor: Cisco

Product	MITRE ATT&CK® TTP	Content
AnyConnect	T1110 - Brute Force	1 Rules 1 Models
Cisco	T1078 - Valid Accounts	19 Rules 11 Models
Cisco ACS	T1003 - OS Credential Dumping	1 Rules
Cisco Adaptive Security Appliance	T1003 - OS Credential Dumping T1078 - Valid Accounts T1110 - Brute Force	21 Rules 12 Models
Cisco Firepower	T1003 - OS Credential Dumping T1078 - Valid Accounts T1110 - Brute Force	21 Rules 12 Models
Cisco IOS	T1003 - OS Credential Dumping	1 Rules
Cisco ISE	T1078 - Valid Accounts	19 Rules 11 Models
Cisco Meraki MX appliance	T1078 - Valid Accounts	5 Rules 4 Models
Cisco Secure Endpoint	T1078 - Valid Accounts	5 Rules 4 Models
Cisco Unified Communications Manager	T1078 - Valid Accounts	19 Rules 11 Models
Duo Access	T1078 - Valid Accounts	20 Rules 11 Models
IronPort Email	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Citrix

Product	MITRE ATT&CK® TTP	Content
Citrix Gateway	T1003 - OS Credential Dumping T1078 - Valid Accounts T1110 - Brute Force	21 Rules 12 Models
Citrix ShareFile	T1078 - Valid Accounts	20 Rules 11 Models
Citrix Virtual Apps	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Clearsense

Product	MITRE ATT&CK® TTP	Content
Clearsense	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Click Studios

Product	MITRE ATT&CK® TTP	Content
Passwordstate	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Cloudflare

Product	MITRE ATT&CK® TTP	Content
Cloudflare Insights	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Code42

Product	MITRE ATT&CK® TTP	Content
Code42 Incydr	T1078 - Valid Accounts T1083 - File and Directory Discovery	43 Rules 24 Models

Vendor: Cohesity

Product	MITRE ATT&CK® TTP	Content
Cohesity DataPlatform	T1003 - OS Credential Dumping	1 Rules

Vendor: CrowdStrike

Product	MITRE ATT&CK® TTP	Content
Falcon	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	45 Rules 24 Models

Vendor: CyberArk

Product	MITRE ATT&CK® TTP	Content
CyberArk Privilege Access Manager	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Cylance

Product	MITRE ATT&CK® TTP	Content
Cylance OPTICS	T1078 - Valid Accounts	5 Rules 4 Models
Cylance PROTECT	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Darktrace

Product	MITRE ATT&CK® TTP	Content
Darktrace	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Delinea

Product	MITRE ATT&CK® TTP	Content
Centrify Infrastructure Services	T1003 - OS Credential Dumping	1 Rules
Centrify Zero Trust Privilege Services	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Dell

Product	MITRE ATT&CK® TTP	Content
EMC Isilon	T1083 - File and Directory Discovery	24 Rules 13 Models
Sonicwall	T1078 - Valid Accounts T1110 - Brute Force	6 Rules 5 Models

Vendor: Digital Guardian

Product	MITRE ATT&CK® TTP	Content
Digital Guardian Endpoint Protection	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Dropbox

Product	MITRE ATT&CK® TTP	Content
Dropbox	T1078 - Valid Accounts T1083 - File and Directory Discovery T1110 - Brute Force	44 Rules 25 Models

Vendor: Dtex Systems

Product	MITRE ATT&CK® TTP	Content
DTEX InTERCEPT	T1003 - OS Credential Dumping	1 Rules

Vendor: ESET

Product	MITRE ATT&CK® TTP	Content
ESET Endpoint Security	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: ESector

Product	MITRE ATT&CK® TTP	Content
ESector DEFESA Logger	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Epic

Product	MITRE ATT&CK® TTP	Content
Epic SIEM	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Exabeam

Product	MITRE ATT&CK® TTP	Content
Audit Log	T1078 - Valid Accounts T1083 - File and Directory Discovery	43 Rules 24 Models
Search	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Extreme Networks

Product	MITRE ATT&CK® TTP	Content
Zebra WLAN Management	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: F5

Product	MITRE ATT&CK® TTP	Content
F5 Access Policy Manager	T1110 - Brute Force	1 Rules 1 Models
F5 Advanced Web Application Firewall	T1003 - OS Credential Dumping	1 Rules
F5 BIG-IP	T1078 - Valid Accounts T1110 - Brute Force	20 Rules 12 Models
F5 BIG-IP DNS	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: FTP

Product	MITRE ATT&CK® TTP	Content
FTP	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: FileAuditor

Product	MITRE ATT&CK® TTP	Content
FileAuditor	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Forcepoint

Product	MITRE ATT&CK® TTP	Content
Forcepoint CASB	T1078 - Valid Accounts	1 Rules

Vendor: Fortinet

Product	MITRE ATT&CK® TTP	Content
FortiGate	T1110 - Brute Force	1 Rules 1 Models
Fortinet UTM	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: GitHub

Product	MITRE ATT&CK® TTP	Content
GitHub	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: GoAnywhere

Product	MITRE ATT&CK® TTP	Content
GoAnywhere MFT	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Google

Product	MITRE ATT&CK® TTP	Content
Google Cloud Platform	T1078 - Valid Accounts T1213 - Data from Information Repositories	37 Rules 21 Models
Google Workspace	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: HP

Product	MITRE ATT&CK® TTP	Content
Aruba ClearPass Policy Manager	T1078 - Valid Accounts	5 Rules 4 Models
HP iLO	T1078 - Valid Accounts	5 Rules 4 Models
HPE Comware	T1003 - OS Credential Dumping T1083 - File and Directory Discovery	25 Rules 13 Models

Vendor: HashiCorp

Product	MITRE ATT&CK® TTP	Content
HashiCorp Vault	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: HelpSystems

Product	MITRE ATT&CK® TTP	Content
Powertech Identity and Access Manager	T1003 - OS Credential Dumping	1 Rules

Vendor: Huawei

Product	MITRE ATT&CK® TTP	Content
Huawei Unified Security Gateway	T1003 - OS Credential Dumping	1 Rules

Vendor: IBM

Product	MITRE ATT&CK® TTP	Content
Guardium	T1213 - Data from Information Repositories	18 Rules 10 Models
IBM Mainframe	T1003 - OS Credential Dumping T1078 - Valid Accounts	7 Rules 4 Models
IBM Resource Access Control Facility	T1078 - Valid Accounts T1213 - Data from Information Repositories	30 Rules 16 Models
Sterling B2B Integrator	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Imperva

Product	MITRE ATT&CK® TTP	Content
Imperva SecureSphere	T1078 - Valid Accounts T1213 - Data from Information Repositories	23 Rules 14 Models

Vendor: Imprivata

Product	MITRE ATT&CK® TTP	Content
Imprivata	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: InfoWatch

Product	MITRE ATT&CK® TTP	Content
InfoWatch DLP	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Infoblox

Product	MITRE ATT&CK® TTP	Content
BloxOne DDI	T1003 - OS Credential Dumping T1083 - File and Directory Discovery	25 Rules 13 Models
Infoblox NIOS	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Ipswitch

Product	MITRE ATT&CK® TTP	Content
MoveIt Transfer	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Ivanti

Product	MITRE ATT&CK® TTP	Content
Ivanti Pulse Secure	T1078 - Valid Accounts T1110 - Brute Force	20 Rules 12 Models

Vendor: Jumpcloud

Product	MITRE ATT&CK® TTP	Content
Jumpcloud	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Juniper Networks

Product	MITRE ATT&CK® TTP	Content
Juniper SRX Series	T1078 - Valid Accounts	5 Rules 4 Models
Junos OS	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Kemp

Product	MITRE ATT&CK® TTP	Content
Kemp LoadMaster	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: LanScope

Product	MITRE ATT&CK® TTP	Content
LanScope Cat	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: LastPass

Product	MITRE ATT&CK® TTP	Content
LastPass	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Lenel

Product	MITRE ATT&CK® TTP	Content
OnGuard	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: LiquidFiles

Product	MITRE ATT&CK® TTP	Content
LiquidFiles	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: LogRhythm

Product	MITRE ATT&CK® TTP	Content
LogRhythm	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: ManageEngine

Product	MITRE ATT&CK® TTP	Content
ADAuditPlus	T1078 - Valid Accounts	5 Rules 4 Models
ADSSP	T1078 - Valid Accounts	20 Rules 11 Models
PAM360	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: MariaDB

Product	MITRE ATT&CK® TTP	Content
MariaDB	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: MasterSAM

Product	MITRE ATT&CK® TTP	Content
MasterSAM PAM	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: McAfee

Product	MITRE ATT&CK® TTP	Content
McAfee DAM	T1213 - Data from Information Repositories	30 Rules 16 Models
McAfee Endpoint Security	T1083 - File and Directory Discovery	24 Rules 13 Models
McAfee Network Security Platform	T1078 - Valid Accounts	6 Rules 4 Models
Skyhigh Networks CASB	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Microsoft

Product	MITRE ATT&CK® TTP	Content
Azure	T1078 - Valid Accounts	19 Rules 11 Models
Azure AD Activity Logs	T1078 - Valid Accounts T1213 - Data from Information Repositories	37 Rules 21 Models
Azure AD Sign-In Logs	T1078 - Valid Accounts	5 Rules 4 Models
Azure ATP	T1078 - Valid Accounts T1213 - Data from Information Repositories	23 Rules 14 Models
Azure Event Hub	T1083 - File and Directory Discovery	24 Rules 13 Models
Azure MFA	T1078 - Valid Accounts	19 Rules 11 Models
Azure Monitor	T1078 - Valid Accounts T1083 - File and Directory Discovery T1213 - Data from Information Repositories	61 Rules 34 Models
Azure Monitor - VM Insights	T1003 - OS Credential Dumping	1 Rules
Event Viewer - ADFS	T1078 - Valid Accounts	19 Rules 11 Models
Event Viewer - Application	T1078 - Valid Accounts	5 Rules 4 Models
Event Viewer - Applocker	T1078 - Valid Accounts	5 Rules 4 Models
Event Viewer - AzureADPasswordProtection-DCAgent	T1083 - File and Directory Discovery	24 Rules 13 Models
Event Viewer - DHCP-Server	T1078 - Valid Accounts T1213 - Data from Information Repositories	30 Rules 16 Models
Event Viewer - DNSServer	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models
Event Viewer - PowerShell	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models
Event Viewer - Security	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery T1110 - Brute Force T1213 - Data from Information Repositories	55 Rules 30 Models
Event Viewer - System	T1003 - OS Credential Dumping T1078 - Valid Accounts	20 Rules 11 Models
Event Viewer - TaskScheduler	T1078 - Valid Accounts	19 Rules 11 Models
Event Viewer - TerminalServices-Gateway	T1078 - Valid Accounts	19 Rules 11 Models
Event Viewer - TerminalServices-LocalSessionManager	T1078 - Valid Accounts	19 Rules 11 Models
M365 Audit Logs	T1078 - Valid Accounts	19 Rules 11 Models
MSSQL	T1078 - Valid Accounts T1213 - Data from Information Repositories	24 Rules 14 Models
Microsoft 365	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	45 Rules 24 Models
Microsoft Advanced Threat Analytics	T1078 - Valid Accounts	5 Rules 4 Models
Microsoft CAS	T1078 - Valid Accounts T1083 - File and Directory Discovery	43 Rules 24 Models
Microsoft DHCP Log	T1078 - Valid Accounts T1083 - File and Directory Discovery	25 Rules 13 Models
Microsoft Defender for Cloud	T1213 - Data from Information Repositories	30 Rules 16 Models
Microsoft Defender for Endpoint	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	30 Rules 17 Models
Microsoft Exchange	T1078 - Valid Accounts	20 Rules 11 Models
Microsoft Intune	T1078 - Valid Accounts	19 Rules 11 Models
Microsoft WMI Log	T1003 - OS Credential Dumping	1 Rules
Sysmon	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models
Windows	T1078 - Valid Accounts	5 Rules 4 Models
Windows Defender Application Control	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Mimecast

Product	MITRE ATT&CK® TTP	Content
Mimecast Secure Email Gateway	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Mysql

Product	MITRE ATT&CK® TTP	Content
Mysql	T1213 - Data from Information Repositories	18 Rules 10 Models

Vendor: NCP

Product	MITRE ATT&CK® TTP	Content
NCP	T1110 - Brute Force	1 Rules 1 Models

Vendor: NNT

Product	MITRE ATT&CK® TTP	Content
NNT ChangeTracker	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Nasuni

Product	MITRE ATT&CK® TTP	Content
Nasuni	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: NetApp

Product	MITRE ATT&CK® TTP	Content
NetApp	T1078 - Valid Accounts T1083 - File and Directory Discovery	29 Rules 17 Models

Vendor: NetIQ

Product	MITRE ATT&CK® TTP	Content
Micro Focus NetIQ Identity Manager	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Netskope

Product	MITRE ATT&CK® TTP	Content
Netskope Security Cloud	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Netwrix

Product	MITRE ATT&CK® TTP	Content
Netwrix Auditor	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: NextDLP

Product	MITRE ATT&CK® TTP	Content
Reveal	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Nortel Contivity

Product	MITRE ATT&CK® TTP	Content
Nortel Contivity VPN	T1110 - Brute Force	1 Rules 1 Models

Vendor: Nutanix

Product	MITRE ATT&CK® TTP	Content
Nutanix Unified Storage	T1083 - File and Directory Discovery	24 Rules 13 Models

Vendor: Okta

Product	MITRE ATT&CK® TTP	Content
Okta Adaptive MFA	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: OneLogin

Product	MITRE ATT&CK® TTP	Content
OneLogin	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: OneWelcome

Product	MITRE ATT&CK® TTP	Content
OneWelcome Cloud Identity Platform	T1003 - OS Credential Dumping	1 Rules

Vendor: Open VPN

Product	MITRE ATT&CK® TTP	Content
Open VPN	T1110 - Brute Force	1 Rules 1 Models

Vendor: Oracle

Product	MITRE ATT&CK® TTP	Content
Oracle Access Management	T1078 - Valid Accounts	6 Rules 4 Models
Oracle Database	T1213 - Data from Information Repositories	18 Rules 10 Models
Oracle Public Cloud	T1078 - Valid Accounts T1213 - Data from Information Repositories	30 Rules 16 Models

Vendor: Osquery

Product	MITRE ATT&CK® TTP	Content
Osquery	T1078 - Valid Accounts T1213 - Data from Information Repositories	37 Rules 21 Models

Vendor: Palo Alto Networks

Product	MITRE ATT&CK® TTP	Content
Cortex XDR	T1213 - Data from Information Repositories	10 Rules 5 Models
GlobalProtect	T1078 - Valid Accounts T1110 - Brute Force T1213 - Data from Information Repositories	30 Rules 17 Models
Palo Alto NGFW	T1078 - Valid Accounts T1083 - File and Directory Discovery T1110 - Brute Force	44 Rules 25 Models
Traps Endpoint Security Manager	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Password Manager Pro

Product	MITRE ATT&CK® TTP	Content
Password Manager Pro	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Ping Identity

Product	MITRE ATT&CK® TTP	Content
Ping Identity	T1078 - Valid Accounts	20 Rules 11 Models
PingOne	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: PostgreSQL

Product	MITRE ATT&CK® TTP	Content
PostgreSQL	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: Proofpoint

Product	MITRE ATT&CK® TTP	Content
ObserveIT	T1003 - OS Credential Dumping	1 Rules
Proofpoint Email Protection	T1078 - Valid Accounts	5 Rules 4 Models
Proofpoint Enterprise Protection	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Quest Software

Product	MITRE ATT&CK® TTP	Content
Quest Change Auditor for Active Directory	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: RSA

Product	MITRE ATT&CK® TTP	Content
RSA Authentication Manager	T1078 - Valid Accounts	5 Rules 4 Models
SecurID	T1110 - Brute Force	1 Rules 1 Models

Vendor: RangerAudit

Product	MITRE ATT&CK® TTP	Content
RangerAudit	T1078 - Valid Accounts	1 Rules

Vendor: Riverbed Steelhead

Product	MITRE ATT&CK® TTP	Content
Riverbed Steelhead	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Rubrik

Product	MITRE ATT&CK® TTP	Content
Rubrik Cloud Data Management	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SAP

Product	MITRE ATT&CK® TTP	Content
SAP	T1078 - Valid Accounts T1083 - File and Directory Discovery	30 Rules 17 Models
SuccessFactors	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Safenet

Product	MITRE ATT&CK® TTP	Content
Thales	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Sailpoint

Product	MITRE ATT&CK® TTP	Content
IdentityNow	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Salesforce

Product	MITRE ATT&CK® TTP	Content
Salesforce	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: Secomea

Product	MITRE ATT&CK® TTP	Content
Secomea	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SecureAuth

Product	MITRE ATT&CK® TTP	Content
SecureAuth IDP	T1078 - Valid Accounts	19 Rules 11 Models
SecureAuth Login	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SecureLink

Product	MITRE ATT&CK® TTP	Content
SecureLink	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SecureNet

Product	MITRE ATT&CK® TTP	Content
SecureNet	T1110 - Brute Force	1 Rules 1 Models

Vendor: Semperis

Product	MITRE ATT&CK® TTP	Content
Semperis DSP	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: SentinelOne

Product	MITRE ATT&CK® TTP	Content
Event Viewer - Sentinelone	T1078 - Valid Accounts	5 Rules 4 Models
Singularity Platform	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models
Vigilance	T1078 - Valid Accounts	20 Rules 11 Models

Vendor: ServiceNow

Product	MITRE ATT&CK® TTP	Content
ServiceNow	T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Shibboleth

Product	MITRE ATT&CK® TTP	Content
Shibboleth	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Silverfort

Product	MITRE ATT&CK® TTP	Content
Silverfort Authentication Platform	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: SiteMinder

Product	MITRE ATT&CK® TTP	Content
Symantec SiteMinder	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SkySea

Product	MITRE ATT&CK® TTP	Content
SkySea ClientView	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models

Vendor: Skyformation

Product	MITRE ATT&CK® TTP	Content
Skyformation	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Snowflake

Product	MITRE ATT&CK® TTP	Content
Snowflake	T1213 - Data from Information Repositories	18 Rules 10 Models

Vendor: Sophos

Product	MITRE ATT&CK® TTP	Content
Sophos Endpoint Protection	T1083 - File and Directory Discovery	24 Rules 13 Models
Sophos XG Firewall	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: SunOne

Product	MITRE ATT&CK® TTP	Content
SunOne	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: Swift

Product	MITRE ATT&CK® TTP	Content
Swift	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Swivel

Product	MITRE ATT&CK® TTP	Content
Swivel	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Sybase

Product	MITRE ATT&CK® TTP	Content
Sybase	T1078 - Valid Accounts T1213 - Data from Information Repositories	15 Rules 9 Models

Vendor: Symantec

Product	MITRE ATT&CK® TTP	Content
Symantec Advanced Threat Protection	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery	44 Rules 24 Models
Symantec DLP	T1078 - Valid Accounts	5 Rules 4 Models
Symantec Endpoint Protection	T1078 - Valid Accounts T1083 - File and Directory Discovery	29 Rules 17 Models

Vendor: Tanium

Product	MITRE ATT&CK® TTP	Content
Tanium Cloud Platform	T1078 - Valid Accounts	20 Rules 11 Models
Tanium Core Platform	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models
Tanium Integrity Monitor	T1003 - OS Credential Dumping T1083 - File and Directory Discovery	25 Rules 13 Models

Vendor: Teradata

Product	MITRE ATT&CK® TTP	Content
Teradata RDBMS	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: Trend Micro

Product	MITRE ATT&CK® TTP	Content
Deep Discovery Inspector	T1078 - Valid Accounts	5 Rules 4 Models
Trend Micro ScanMail	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Tufin

Product	MITRE ATT&CK® TTP	Content
Tufin SecureTrack	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Tyco

Product	MITRE ATT&CK® TTP	Content
CCURE Building Management System	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Unix

Product	MITRE ATT&CK® TTP	Content
Auditbeat	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models
Unix	T1003 - OS Credential Dumping T1078 - Valid Accounts T1083 - File and Directory Discovery T1213 - Data from Information Repositories	40 Rules 22 Models
Unix Auditd	T1003 - OS Credential Dumping T1078 - Valid Accounts	6 Rules 4 Models
Unix Named	T1078 - Valid Accounts	5 Rules 4 Models
Unix dhcpd	T1078 - Valid Accounts	5 Rules 4 Models
rsyslog	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: VMware

Product	MITRE ATT&CK® TTP	Content
Carbon Black App Control	T1003 - OS Credential Dumping	1 Rules
Carbon Black CES	T1003 - OS Credential Dumping T1083 - File and Directory Discovery	25 Rules 13 Models
Carbon Black EDR	T1003 - OS Credential Dumping T1213 - Data from Information Repositories	11 Rules 5 Models
VMware AirWatch	T1078 - Valid Accounts	19 Rules 11 Models
VMware ESXi	T1078 - Valid Accounts T1213 - Data from Information Repositories	15 Rules 9 Models
VMware View	T1078 - Valid Accounts	5 Rules 4 Models
vCenter	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Vectra

Product	MITRE ATT&CK® TTP	Content
Vectra Cognito Stream	T1078 - Valid Accounts T1083 - File and Directory Discovery	29 Rules 17 Models

Vendor: ViaScope

Product	MITRE ATT&CK® TTP	Content
ViaScope IPScan	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Wiz

Product	MITRE ATT&CK® TTP	Content
Wiz	T1078 - Valid Accounts T1213 - Data from Information Repositories	15 Rules 9 Models

Vendor: Workday

Product	MITRE ATT&CK® TTP	Content
Workday	T1078 - Valid Accounts	5 Rules 4 Models

Vendor: Xceedium

Product	MITRE ATT&CK® TTP	Content
Xceedium	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Xiting

Product	MITRE ATT&CK® TTP	Content
XAMS	T1078 - Valid Accounts	6 Rules 4 Models

Vendor: Zeek

Product	MITRE ATT&CK® TTP	Content
Zeek	T1078 - Valid Accounts T1083 - File and Directory Discovery	43 Rules 24 Models

Vendor: Zendesk

Product	MITRE ATT&CK® TTP	Content
Zendesk	T1078 - Valid Accounts	19 Rules 11 Models

Vendor:

Vendor: iManage

Product	MITRE ATT&CK® TTP	Content
iManage	T1078 - Valid Accounts	19 Rules 11 Models

Vendor: jSONAR

Product	MITRE ATT&CK® TTP	Content
SonarG	T1213 - Data from Information Repositories	10 Rules 5 Models

Vendor: oVirt

Product	MITRE ATT&CK® TTP	Content
oVirt	T1078 - Valid Accounts	19 Rules 11 Models