Use Case: Lateral Movement

December 5, 2023 · View on GitHub

Use Case: Lateral Movement

Vendor: AMD

ProductMITRE ATT&CK® TTPContent
PensandoT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules

Vendor: AVI Networks

ProductMITRE ATT&CK® TTPContent
AVI Networks Software Load BalancerT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Airlock Security Access HubT1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 20 Models

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai SIEMT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Cloud AkamaiT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: AlgoSec

ProductMITRE ATT&CK® TTPContent
AlgoSec Firewall AnalyzerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudTrailT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 42 Rules
  • 8 Models
AWS CloudWatchT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 52 Rules
  • 21 Models
AWS GuardDutyT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
AWS WAFT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Amazon EKST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Amazon RDST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Apache GuacamoleT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Apache SubversionT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Apache TomcatT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Arista Networks

ProductMITRE ATT&CK® TTPContent
Awake SecurityT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Armis

ProductMITRE ATT&CK® TTPContent
Armis PlatformT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
Atlassian BitBucketT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Attivo

ProductMITRE ATT&CK® TTPContent
BOTsinkT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 13 Models

Vendor: Avaya

ProductMITRE ATT&CK® TTPContent
Avaya Ethernet Routing SwitchT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Axway

ProductMITRE ATT&CK® TTPContent
Axway GatewayT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Banyan Security

ProductMITRE ATT&CK® TTPContent
Banyan SecurityT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 40 Rules
  • 17 Models

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 97 Rules
  • 33 Models
Barracuda Email Security GatewayT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Barracuda WAFT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
BeyondTrustT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
BeyondTrust Privileged IdentityT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
BeyondTrust Secure Remote AccessT1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 19 Rules
  • 7 Models

Vendor: Bitdefender

ProductMITRE ATT&CK® TTPContent
GravityZoneT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Broadcom

ProductMITRE ATT&CK® TTPContent
z/OST1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 29 Rules
  • 12 Models

Vendor: CDS

ProductMITRE ATT&CK® TTPContent
CDST1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models

Vendor: CHCOM

ProductMITRE ATT&CK® TTPContent
CHCOMT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point Anti-MalwareT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Check Point AvananT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Check Point Identity AwarenessT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 57 Rules
  • 20 Models
Check Point NGFWT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 103 Rules
  • 37 Models
Check Point Security GatewayT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 12 Rules
  • 5 Models
Check Point Threat EmulationT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
AnyConnectT1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 67 Rules
  • 25 Models
CiscoT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Cisco ACIT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Cisco ACST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models
Cisco Adaptive Security ApplianceT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 108 Rules
  • 35 Models
Cisco Cloud Web SecurityT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Cisco Cognitive Threat AnalyticsT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Cisco FirepowerT1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 98 Rules
  • 26 Models
Cisco IOST1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
  • 57 Rules
  • 13 Models
Cisco ISET1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 45 Rules
  • 15 Models
Cisco Meraki MX applianceT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Cisco NetflowT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 51 Rules
  • 21 Models
Cisco PIXT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Cisco Secure Cloud AnalyticsT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 51 Rules
  • 21 Models
Cisco Secure EndpointT1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 8 Rules
  • 2 Models
Cisco Secure Web ApplianceT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Cisco SourceFireT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Cisco UmbrellaT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Cisco Unified Communications ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Duo AccessT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
IronPort EmailT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
  • 31 Rules
  • 4 Models
Citrix ShareFileT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Citrix Virtual AppsT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 29 Rules
  • 12 Models
Citrix Web App FirewallT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 62 Rules
  • 20 Models

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1021.001 - Remote Services: Remote Desktop Protocol
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 15 Rules
  • 1 Models
ClarotyT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Clearsense

ProductMITRE ATT&CK® TTPContent
ClearsenseT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Cloudflare WAFT1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 62 Rules
  • 20 Models

Vendor: Code42

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Cofense

ProductMITRE ATT&CK® TTPContent
Cofense PhishmeT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 122 Rules
  • 38 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Endpoint Privilege ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
CyberArk Privilege Access ManagerT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 48 Rules
  • 13 Models

Vendor: Cybereason

ProductMITRE ATT&CK® TTPContent
CybereasonT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICST1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 43 Rules
  • 19 Models
Cylance PROTECTT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: DXC

ProductMITRE ATT&CK® TTPContent
DXC TechnologyT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Damballa

ProductMITRE ATT&CK® TTPContent
Damballa FailsafeT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Authentication ServiceT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Centrify Infrastructure ServicesT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Centrify Zero Trust Privilege ServicesT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
SonicwallT1018 - Remote System Discovery
T1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 45 Rules
  • 15 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 18 Models

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563.002 - T1563.002
  • 30 Rules
  • 1 Models

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: Entrust

ProductMITRE ATT&CK® TTPContent
Entrust Identity EnterpriseT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Envoy

ProductMITRE ATT&CK® TTPContent
EnvoyT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Advanced AnalyticsT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Audit LogT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Correlation RuleT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
SearchT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Extrahop

ProductMITRE ATT&CK® TTPContent
Extrahop Reveal(x)T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
ExtremeCloud IQT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules
Zebra WLAN ManagementT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: F-Secure

ProductMITRE ATT&CK® TTPContent
F-Secure Policy ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: F5

ProductMITRE ATT&CK® TTPContent
BIG-IP F5 LBRT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
F5 Access Policy ManagerT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 13 Rules
  • 5 Models
F5 Advanced Firewall ManagerT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 59 Rules
  • 20 Models
F5 Advanced Web Application FirewallT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 79 Rules
  • 21 Models
F5 Application Security ManagerT1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 7 Rules
  • 2 Models
F5 BIG-IPT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 24 Models
F5 BIG-IP DNST1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
F5 Local Traffic ManagerT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
F5 SilverlineT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Fast Enterprises

ProductMITRE ATT&CK® TTPContent
Fast Enterprises GenTaxT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: FileAuditor

ProductMITRE ATT&CK® TTPContent
FileAuditorT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: FireEye

ProductMITRE ATT&CK® TTPContent
FireEye CMST1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye ETPT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye Endpoint Security (HX)T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FireEye Web MPST1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint CASBT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Forcepoint Next-Gen FirewallT1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 57 Rules
  • 20 Models
Websense Security GatewayT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Forescout

ProductMITRE ATT&CK® TTPContent
EyeInspectT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Forescout CounterACTT1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 44 Rules
  • 19 Models

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
EnSiloT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
FortiGateT1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 54 Rules
  • 20 Models
Fortinet Enterprise FirewallT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
Fortinet UTMT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 11 Rules
Fortiweb Web Application FirewallT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: GTB

ProductMITRE ATT&CK® TTPContent
GTB Technologies DLPT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Gamma

ProductMITRE ATT&CK® TTPContent
GammaT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Gigamon

ProductMITRE ATT&CK® TTPContent
GigaVUE-HC2T1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 41 Rules
  • 17 Models

Vendor: GoAnywhere

ProductMITRE ATT&CK® TTPContent
GoAnywhere MFTT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 40 Rules
  • 13 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
Google Cloud PlatformT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Google WorkspaceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 6 Rules
  • 2 Models
Aruba Mobility MasterT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Aruba Wireless controllerT1021 - Remote Services
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 44 Rules
  • 19 Models
HP Virtual Connect Enterprise ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
HP iLOT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules
HPE 3PAR StoreServT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
HPE ComwareT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models

Vendor: HashiCorp

ProductMITRE ATT&CK® TTPContent
HashiCorp VaultT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Enterprise Network FirewallT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
Huawei Unified Security GatewayT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
DB2T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
HCL NotesT1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 40 Rules
  • 17 Models
IBM DatapowerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
IBM MainframeT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
IBM Resource Access Control FacilityT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
IBM SenseT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Sterling B2B IntegratorT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: IPTables

ProductMITRE ATT&CK® TTPContent
IPTables FWT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Illumio

ProductMITRE ATT&CK® TTPContent
Illumio CoreT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Imperva SecureSphereT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: InfoWatch

ProductMITRE ATT&CK® TTPContent
InfoWatch DLPT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
  • 50 Rules
  • 13 Models
Infoblox NIOST1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 34 Rules
  • 10 Models

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper Advanced Threat ProtectionT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Juniper SRX SeriesT1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 58 Rules
  • 20 Models
Junos OST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 30 Rules
  • 1 Models

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky Endpoint Security for BusinessT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 71 Rules
  • 20 Models

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Magento

ProductMITRE ATT&CK® TTPContent
Magento WAFT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Malwarebytes

ProductMITRE ATT&CK® TTPContent
Malwarebytes Endpoint Detection and ResponseT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malwarebytes Endpoint ProtectionT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Malwarebytes Incident ResponseT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
ADSSPT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
PAM360T1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: MariaDB

ProductMITRE ATT&CK® TTPContent
MariaDBT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: MasterSAM

ProductMITRE ATT&CK® TTPContent
MasterSAM PAMT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Application ControlT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
McAfee Endpoint SecurityT1018 - Remote System Discovery
T1021 - Remote Services
T1021.003 - T1021.003
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 33 Rules
  • 13 Models
McAfee Network Security PlatformT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
McAfee Web GatewayT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
McAfee ePolicy OrchestratorT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Skyhigh Networks CASBT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: MicroFocus ArcSight

ProductMITRE ATT&CK® TTPContent
MicroFocus ArcSightT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules
AzureT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure AD Activity LogsT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
Azure AD Identity ProtectionT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Azure AD Sign-In LogsT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure ATPT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Azure MFAT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Azure MonitorT1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 22 Models
Azure Monitor - VM InsightsT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Azure SentinelT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Event Viewer - ADFST1018 - Remote System Discovery
T1021 - Remote Services
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 36 Rules
  • 12 Models
Event Viewer - ApplicationT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 6 Rules
  • 2 Models
Event Viewer - ApplockerT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - AzureADPasswordProtection-DCAgentT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - CertificateServicesClientT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - DFS-ReplicationT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - DHCP-ServerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Event Viewer - DNSServerT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models
Event Viewer - Directory-ServiceT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - Kernel-IOT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - KnownFoldersT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - Licensing-PlatformT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - LiveIdT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - NPST1021 - Remote Services
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
Event Viewer - NTLMT1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 21 Rules
  • 5 Models
Event Viewer - PowerShellT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
Event Viewer - SecurityT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 144 Rules
  • 45 Models
Event Viewer - SystemT1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 80 Rules
  • 24 Models
Event Viewer - TaskSchedulerT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - TerminalServices-GatewayT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Event Viewer - TerminalServices-LocalSessionManagerT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
M365 Audit LogsT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
MSSQLT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 4 Rules
Microsoft 365T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 26 Rules
  • 1 Models
Microsoft Advanced Threat AnalyticsT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Microsoft CAST1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Microsoft DHCP LogT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Microsoft Defender for CloudT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Microsoft Defender for EndpointT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 114 Rules
  • 34 Models
Microsoft ExchangeT1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 15 Rules
  • 2 Models
Microsoft IIST1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Microsoft IntuneT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Microsoft Network Policy ServerT1021 - Remote Services
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
Microsoft RRAST1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Microsoft WMI LogT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 22 Rules
  • 1 Models
Network Security Group Flow LogsT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
SysmonT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 92 Rules
  • 32 Models
WindowsT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Windows Defender Application ControlT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Mimecast Secure Email GatewayT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Mimecast Targeted Threat Protection - URLT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: MobileIron

ProductMITRE ATT&CK® TTPContent
MobileIronT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: MuleSoft

ProductMITRE ATT&CK® TTPContent
MuleSoft Anypoint PlatformT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: NCP

ProductMITRE ATT&CK® TTPContent
NCPT1021 - Remote Services
T1078 - Valid Accounts
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 7 Rules
  • 3 Models

Vendor: NNT

ProductMITRE ATT&CK® TTPContent
NNT ChangeTrackerT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Nagios

ProductMITRE ATT&CK® TTPContent
NagiosT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: NetIQ

ProductMITRE ATT&CK® TTPContent
Micro Focus NetIQ Identity ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope CASBT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
Netskope Security CloudT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 92 Rules
  • 32 Models

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 14 Rules
  • 1 Models

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 41 Rules
  • 14 Models

Vendor: Nortel Contivity

ProductMITRE ATT&CK® TTPContent
Nortel Contivity VPNT1021 - Remote Services
T1078 - Valid Accounts
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 7 Rules
  • 3 Models

Vendor: Novell

ProductMITRE ATT&CK® TTPContent
eDirectoryT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Nozomi Networks

ProductMITRE ATT&CK® TTPContent
Nozomi Networks GuardianT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: OSSEC

ProductMITRE ATT&CK® TTPContent
OSSECT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 11 Rules

Vendor: Onapsis

ProductMITRE ATT&CK® TTPContent
OnapsisT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: OneSpan

ProductMITRE ATT&CK® TTPContent
Digipass for AppsT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 5 Rules
  • 2 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 23 Rules
  • 1 Models

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: OpenDJ

ProductMITRE ATT&CK® TTPContent
OpenDJT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Access ManagementT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Oracle DatabaseT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Oracle Public CloudT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 53 Rules
  • 21 Models

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XSOART1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules
GlobalProtectT1021 - Remote Services
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 70 Rules
  • 23 Models
Palo Alto ApertureT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Palo Alto NGFWT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 111 Rules
  • 36 Models
Palo Alto WildFireT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Prisma AccessT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models
Prisma CloudT1021.001 - Remote Services: Remote Desktop Protocol
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 24 Rules
  • 1 Models
Traps Endpoint Security ManagerT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 8 Rules

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
Ping IdentityT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
PingOneT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress DatabaseT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 24 Rules
  • 1 Models
Proofpoint Email ProtectionT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
Proofpoint Enterprise ProtectionT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 30 Rules
  • 12 Models

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Adaptive AuthenticationT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
RSA Authentication ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
RSA ECATT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
RSA NetWitness PlatformT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1046 - Network Service Scanning
T1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 51 Rules
  • 21 Models
SecurIDT1021 - Remote Services
T1078 - Valid Accounts
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 7 Rules
  • 3 Models

Vendor: RStudio

ProductMITRE ATT&CK® TTPContent
RStudio ServerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Radware

ProductMITRE ATT&CK® TTPContent
AlteonT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: RangerAudit

ProductMITRE ATT&CK® TTPContent
RangerAuditT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Rapid7

ProductMITRE ATT&CK® TTPContent
Rapid7 InsightVMT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Riverbed Steelhead

ProductMITRE ATT&CK® TTPContent
Riverbed SteelheadT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Ruckus

ProductMITRE ATT&CK® TTPContent
RuckusT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Rundeck

ProductMITRE ATT&CK® TTPContent
RundeckT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 29 Rules
  • 12 Models
SuccessFactorsT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: Safenet

ProductMITRE ATT&CK® TTPContent
ThalesT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 20 Rules
  • 7 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Secomea

ProductMITRE ATT&CK® TTPContent
SecomeaT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecurEnvoy

ProductMITRE ATT&CK® TTPContent
SecurEnvoy Multi-Factor AuthenticationT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth IDPT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
SecureAuth LoginT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models
ProductMITRE ATT&CK® TTPContent
SecureLinkT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SecureNet

ProductMITRE ATT&CK® TTPContent
SecureNetT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 8 Rules
  • 3 Models

Vendor: Semperis

ProductMITRE ATT&CK® TTPContent
Semperis DSPT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Event Viewer - SentineloneT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Singularity PlatformT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 117 Rules
  • 35 Models
VigilanceT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Shibboleth

ProductMITRE ATT&CK® TTPContent
ShibbolethT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Silverfort

ProductMITRE ATT&CK® TTPContent
Silverfort Authentication PlatformT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: SiteMinder

ProductMITRE ATT&CK® TTPContent
Symantec SiteMinderT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071.001 - Application Layer Protocol: Web Protocols
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 40 Rules
  • 5 Models

Vendor: Skyformation

ProductMITRE ATT&CK® TTPContent
SkyformationT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Skyhigh Security CloudT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 48 Rules
  • 19 Models
Sophos UTMT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules
Sophos XG FirewallT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 57 Rules
  • 20 Models

Vendor: Splunk

ProductMITRE ATT&CK® TTPContent
Splunk EST1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 39 Rules
  • 17 Models

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 9 Rules

Vendor: StealthBits

ProductMITRE ATT&CK® TTPContent
StealthBits Stealth DefendT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: SunOne

ProductMITRE ATT&CK® TTPContent
SunOneT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Swivel

ProductMITRE ATT&CK® TTPContent
SwivelT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Sybase

ProductMITRE ATT&CK® TTPContent
SybaseT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 18 Models
Symantec Content Analysis SystemT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec Critical System ProtectionT1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models
Symantec DLPT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Symantec Email SecurityT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec Endpoint ProtectionT1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 63 Rules
  • 22 Models
Symantec Managed Security ServicesT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Symantec VIPT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
Symantec Web Security ServiceT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 25 Rules
  • 7 Models

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Cloud PlatformT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
Tanium Core PlatformT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
  • 26 Rules
  • 1 Models
Tanium Integrity MonitorT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 78 Rules
  • 21 Models
Tanium Threat ResponseT1018 - Remote System Discovery
T1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 28 Rules
  • 12 Models

Vendor: Tenable.io

ProductMITRE ATT&CK® TTPContent
Tenable.ioT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules

Vendor: Thales Group

ProductMITRE ATT&CK® TTPContent
Gemalto MFAT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: ThreatBlockr

ProductMITRE ATT&CK® TTPContent
ThreatBlockrT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep Discovery InspectorT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
Deep SecurityT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 59 Rules
  • 20 Models
OfficeScanT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 10 Rules
Trend Micro ScanMailT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1090.003 - Proxy: Multi-hop Proxy
  • 3 Rules
Vision OneT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Tufin

ProductMITRE ATT&CK® TTPContent
Tufin SecureTrackT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Tyco

ProductMITRE ATT&CK® TTPContent
CCURE Building Management SystemT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 71 Rules
  • 22 Models
UnixT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 87 Rules
  • 23 Models
Unix AuditdT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1078 - Valid Accounts
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
T1563.002 - T1563.002
  • 68 Rules
  • 16 Models
Unix NamedT1021 - Remote Services
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 6 Rules
  • 2 Models
Unix dhcpdT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
rsyslogT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 20 Rules
  • 7 Models

Vendor: VBCorp

ProductMITRE ATT&CK® TTPContent
VBCorpT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1090 - Proxy
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1563.002 - T1563.002
  • 25 Rules
  • 1 Models
Carbon Black CEST1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 18 Models
Carbon Black EDRT1021.001 - Remote Services: Remote Desktop Protocol
T1021.003 - T1021.003
T1021.006 - T1021.006
T1047 - Windows Management Instrumentation
T1059.001 - Command and Scripting Interperter: PowerShell
T1071 - Application Layer Protocol
T1090 - Proxy
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1210 - Exploitation of Remote Services
T1219 - Remote Access Software
T1563.002 - T1563.002
TA0008 - TA0008
TA0010 - TA0010
TA0011 - TA0011
  • 82 Rules
  • 23 Models
LastlineT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
NSX Distributed FirewallT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
VMware AirWatchT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 22 Rules
  • 7 Models
VMware ESXiT1018 - Remote System Discovery
T1021 - Remote Services
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 30 Rules
  • 12 Models
VMware HorizonT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
VMware Identity ManagerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules
VMware NSXT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models
VMware ViewT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules
vCenterT1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 19 Rules
  • 7 Models

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
  • 7 Rules

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules
Vectra Cognito StreamT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 19 Rules
  • 4 Models

Vendor: Verizon

ProductMITRE ATT&CK® TTPContent
Verizon NDRT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: ViaScope

ProductMITRE ATT&CK® TTPContent
ViaScope IPScanT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Watchguard

ProductMITRE ATT&CK® TTPContent
WatchguardT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Wazuh

ProductMITRE ATT&CK® TTPContent
WazuhT1021.001 - Remote Services: Remote Desktop Protocol
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
  • 13 Rules
  • 1 Models

Vendor: Weblogin

ProductMITRE ATT&CK® TTPContent
WebloginT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 59 Rules
  • 20 Models

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Xceedium

ProductMITRE ATT&CK® TTPContent
XceediumT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Xiting

ProductMITRE ATT&CK® TTPContent
XAMST1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 2 Rules

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1018 - Remote System Discovery
T1021 - Remote Services
T1021.001 - Remote Services: Remote Desktop Protocol
T1021.002 - Remote Services: SMB/Windows Admin Shares
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1110 - Brute Force
T1110.003 - T1110.003
T1190 - Exploit Public Fasing Application
T1550 - Use Alternate Authentication Material
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1550.003 - Use Alternate Authentication Material: Pass the Ticket
T1558 - Steal or Forge Kerberos Tickets
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
TA0010 - TA0010
TA0011 - TA0011
  • 125 Rules
  • 42 Models

Vendor: Zendesk

ProductMITRE ATT&CK® TTPContent
ZendeskT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: Zimperium

ProductMITRE ATT&CK® TTPContent
Zimperium MTDT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
  • 2 Rules

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Internet AccessT1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
T1071 - Application Layer Protocol
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 64 Rules
  • 20 Models
Zscaler Private AccessT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor:

Vendor: hMail

ProductMITRE ATT&CK® TTPContent
hMailServerT1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: iManage

ProductMITRE ATT&CK® TTPContent
iManageT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: oVirt

ProductMITRE ATT&CK® TTPContent
oVirtT1090.003 - Proxy: Multi-hop Proxy
  • 1 Rules

Vendor: pfSense

ProductMITRE ATT&CK® TTPContent
pfSenseT1071 - Application Layer Protocol
T1090.003 - Proxy: Multi-hop Proxy
T1190 - Exploit Public Fasing Application
TA0010 - TA0010
TA0011 - TA0011
  • 56 Rules
  • 20 Models