Use Case: Data Exfiltration

December 5, 2023 · View on GitHub

Use Case: Data Exfiltration

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock Security Access HubTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Cloud AkamaiT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudTrailT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
AWS CloudWatchT1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
AWS GuardDutyT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
AWS WAFT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Amazon EKST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Amazon RDST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
BeyondTrustT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: BlackBerry

ProductMITRE ATT&CK® TTPContent
BlackBerry ProtectT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Buildkite

ProductMITRE ATT&CK® TTPContent
BuildkiteT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point AvananT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Check Point NGFWT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Check Point Security GatewayT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
AnyConnectT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
Cisco ACST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Cisco Adaptive Security ApplianceT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 18 Rules
  • 6 Models
Cisco Cloud Web SecurityT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco FirepowerT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 19 Rules
  • 6 Models
Cisco IOST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
  • 14 Rules
  • 2 Models
Cisco Meraki MX applianceT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco NetflowT1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Cisco Secure Cloud AnalyticsT1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
Cisco Secure Web ApplianceT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Cisco UmbrellaT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Duo AccessT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 11 Rules
  • 4 Models
Citrix Web App FirewallT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare WAFT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models

Vendor: Code42

ProductMITRE ATT&CK® TTPContent
Code42 IncydrTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Privilege Access ManagerT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 9 Rules
  • 3 Models

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICSTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Infrastructure ServicesT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
SonicwallT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1133 - External Remote Services
TA0002 - TA0002
TA0010 - TA0010
  • 6 Rules
  • 5 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
  • 14 Rules
  • 2 Models

Vendor: ESector

ProductMITRE ATT&CK® TTPContent
ESector DEFESA LoggerTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Envoy

ProductMITRE ATT&CK® TTPContent
EnvoyT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Audit LogTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
ExtremeCloud IQT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Access Policy ManagerT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models
F5 Advanced Web Application FirewallT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
F5 BIG-IPT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: FileAuditor

ProductMITRE ATT&CK® TTPContent
FileAuditorTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint CASBT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Forcepoint DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Websense Security GatewayT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
FortiGateT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 12 Rules
  • 6 Models
Fortinet UTMT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Fortiweb Web Application FirewallT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Gigamon

ProductMITRE ATT&CK® TTPContent
GigaVUE-HC2T1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
Google Cloud PlatformT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Google WorkspaceT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 36 Rules
  • 19 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
HP iLOT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
HPE ComwareT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
IBM MainframeT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: InfoWatch

ProductMITRE ATT&CK® TTPContent
InfoWatch DLPT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 11 Rules
  • 6 Models

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Junos OST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
  • 14 Rules
  • 2 Models

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky AVTA0002 - TA0002
  • 2 Rules
  • 1 Models
Kaspersky Endpoint Security for BusinessT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 45 Rules
  • 20 Models

Vendor: Lenel

ProductMITRE ATT&CK® TTPContent
OnGuardTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
Advanced Threat DefenseT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee DAMTA0002 - TA0002
  • 2 Rules
  • 1 Models
McAfee DLP EndpointT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Endpoint SecurityT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
McAfee Enterprise Security ManagerT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Network Security PlatformT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee SiteAdvisorT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
McAfee Web GatewayT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
McAfee ePolicy OrchestratorT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Skyhigh Networks CASBT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Azure MonitorTA0002 - TA0002
  • 2 Rules
  • 1 Models
Azure Monitor - VM InsightsT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - ADFST1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Event Viewer - AzureADPasswordProtection-DCAgentTA0002 - TA0002
  • 2 Rules
  • 1 Models
Event Viewer - DNSServerT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - PowerShellT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Event Viewer - SecurityT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1133 - External Remote Services
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 20 Rules
  • 7 Models
Event Viewer - SystemT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 43 Rules
  • 19 Models
Microsoft 365T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 18 Models
Microsoft CAST1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Microsoft DHCP LogTA0002 - TA0002
  • 2 Rules
  • 1 Models
Microsoft Defender for CloudT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Microsoft Defender for EndpointT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 36 Rules
  • 17 Models
Microsoft ExchangeT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
Microsoft IIST1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models
Microsoft WMI LogT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
SysmonT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Windows Defender Application ControlTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Mimecast Targeted Threat Protection - URLT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Mvision

ProductMITRE ATT&CK® TTPContent
MvisionT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: NCP

ProductMITRE ATT&CK® TTPContent
NCPT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 39 Rules
  • 20 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 20 Models

Vendor: Nortel Contivity

ProductMITRE ATT&CK® TTPContent
Nortel Contivity VPNT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Nutanix

ProductMITRE ATT&CK® TTPContent
Nutanix Unified StorageTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Public CloudT1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XSOART1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 7 Rules
  • 2 Models
GlobalProtectT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 11 Rules
  • 6 Models
Palo Alto ApertureT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Palo Alto NGFWT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1133 - External Remote Services
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
TA0010 - TA0010
  • 43 Rules
  • 24 Models
Prisma CloudT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0010 - TA0010
  • 36 Rules
  • 17 Models
Targeted Attack PlatformT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
RSA NetWitness PlatformT1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1071.002 - Application Layer Protocol: File Transfer Protocols
  • 1 Rules
SecurIDT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Safend

ProductMITRE ATT&CK® TTPContent
Data Protection Suite (DPS)T1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1133 - External Remote Services
TA0010 - TA0010
  • 4 Rules
  • 4 Models

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Singularity PlatformT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 16 Rules
  • 3 Models

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Skyhigh Security CloudT1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 6 Rules
  • 2 Models

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0002 - TA0002
TA0010 - TA0010
  • 31 Rules
  • 18 Models
Sophos UTMT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 38 Rules
  • 18 Models
Symantec CloudSOCT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec DLPT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models
Symantec Endpoint ProtectionTA0002 - TA0002
  • 2 Rules
  • 1 Models
Symantec Web Security ServiceT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 8 Rules
  • 2 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Core PlatformT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
Tanium Integrity MonitorT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
OfficeScanT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 36 Rules
  • 19 Models

Vendor: Tripwire Enterprise

ProductMITRE ATT&CK® TTPContent
Tripwire EnterpriseTA0002 - TA0002
  • 2 Rules
  • 1 Models

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules
UnixT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Unix AuditdT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
  • 7 Rules

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black CEST1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models
Carbon Black EDRT1003 - OS Credential Dumping
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1572 - Protocol Tunneling
TA0002 - TA0002
  • 9 Rules
  • 1 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 36 Rules
  • 19 Models

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito StreamT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Virtru

ProductMITRE ATT&CK® TTPContent
VirtruT1020 - Automated Exfiltration
T1071 - Application Layer Protocol
TA0010 - TA0010
  • 29 Rules
  • 17 Models

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1041 - Exfiltration Over C2 Channel
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0002 - TA0002
  • 10 Rules
  • 3 Models

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Internet AccessT1020 - Automated Exfiltration
T1041 - Exfiltration Over C2 Channel
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
TA0010 - TA0010
  • 37 Rules
  • 19 Models

Vendor:

ProductMITRE ATT&CK® TTPContent
T1003 - OS Credential Dumping
T1020 - Automated Exfiltration
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1048 - Exfiltration Over Alternative Protocol
T1059 - Command and Scripting Interperter
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1071.002 - Application Layer Protocol: File Transfer Protocols
T1071.004 - Application Layer Protocol: DNS
T1552.001 - T1552.001
T1560 - Archive Collected Data
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
T1572 - Protocol Tunneling
TA0002 - TA0002
TA0010 - TA0010
  • 46 Rules
  • 20 Models