Use Case: Privileged Activity

December 5, 2023 · View on GitHub

Use Case: Privileged Activity

Vendor: APC

ProductMITRE ATT&CK® TTPContent
APCT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: AVI Networks

ProductMITRE ATT&CK® TTPContent
AVI Networks Software Load BalancerT1078 - Valid Accounts
  • 1 Rules

Vendor: Absolute

ProductMITRE ATT&CK® TTPContent
Absolute DDST1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models

Vendor: Accellion

ProductMITRE ATT&CK® TTPContent
KiteworksT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Admin By Request

ProductMITRE ATT&CK® TTPContent
Admin By RequestTA0002 - TA0002
  • 10 Rules
  • 7 Models

Vendor: Airlock

ProductMITRE ATT&CK® TTPContent
Airlock AllowlistingT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Airlock Security Access HubT1078 - Valid Accounts
  • 2 Rules

Vendor: Akamai

ProductMITRE ATT&CK® TTPContent
Akamai SIEMT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cloud AkamaiT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Amazon

ProductMITRE ATT&CK® TTPContent
AWS CloudTrailT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 4 Rules
  • 1 Models
AWS GuardDutyT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
AWS WAFT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Amazon EKST1482 - Domain Trust Discovery
  • 1 Rules
Amazon RDST1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules

Vendor: Apache

ProductMITRE ATT&CK® TTPContent
ApacheT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Apache SubversionT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Arista Networks

ProductMITRE ATT&CK® TTPContent
Awake SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Armis

ProductMITRE ATT&CK® TTPContent
Armis PlatformT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Armorblox

ProductMITRE ATT&CK® TTPContent
ArmorbloxT1078 - Valid Accounts
  • 1 Rules

Vendor: AssetView

ProductMITRE ATT&CK® TTPContent
AssetViewT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Atlassian

ProductMITRE ATT&CK® TTPContent
Atlassian BitBucketT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Auth0

ProductMITRE ATT&CK® TTPContent
Auth0T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models

Vendor: Axway

ProductMITRE ATT&CK® TTPContent
Axway GatewayT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Badge

ProductMITRE ATT&CK® TTPContent
BadgeT1078 - Valid Accounts
  • 1 Rules

Vendor: Banyan Security

ProductMITRE ATT&CK® TTPContent
Banyan SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: Barracuda

ProductMITRE ATT&CK® TTPContent
Barracuda Cloudgen FirewallT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models
Barracuda Email Security GatewayT1078 - Valid Accounts
  • 1 Rules
Barracuda WAFT1078 - Valid Accounts
  • 1 Rules

Vendor: BeyondTrust

ProductMITRE ATT&CK® TTPContent
BeyondInsightT1078 - Valid Accounts
T1482 - Domain Trust Discovery
TA0002 - TA0002
  • 14 Rules
  • 8 Models
BeyondTrustT1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 15 Rules
  • 6 Models
BeyondTrust Privileged IdentityT1078 - Valid Accounts
TA0002 - TA0002
  • 13 Rules
  • 8 Models
BeyondTrust Secure Remote AccessT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Bitdefender

ProductMITRE ATT&CK® TTPContent
GravityZoneT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Bitglass

ProductMITRE ATT&CK® TTPContent
Bitglass CASBT1078 - Valid Accounts
  • 1 Rules

Vendor: Box

ProductMITRE ATT&CK® TTPContent
Box Cloud Content ManagementT1078 - Valid Accounts
  • 2 Rules

Vendor: Broadcom

ProductMITRE ATT&CK® TTPContent
z/OST1078 - Valid Accounts
  • 1 Rules

Vendor: CA Technologies

ProductMITRE ATT&CK® TTPContent
CA Privileged Access Manager Server ControlT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models

Vendor: CDS

ProductMITRE ATT&CK® TTPContent
CDST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models

Vendor: Check Point

ProductMITRE ATT&CK® TTPContent
Check Point Anti-MalwareT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Check Point AvananT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Check Point NGFWT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 19 Rules
  • 8 Models

Vendor: Cisco

ProductMITRE ATT&CK® TTPContent
CiscoT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cisco ACST1482 - Domain Trust Discovery
  • 1 Rules
Cisco Adaptive Security ApplianceT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 20 Rules
  • 8 Models
Cisco Cloud Web SecurityT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Cognitive Threat AnalyticsT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cisco FirepowerT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 6 Rules
  • 1 Models
Cisco IOST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 18 Rules
  • 7 Models
Cisco ISET1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 18 Rules
  • 8 Models
Cisco Meraki MX applianceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Cisco Secure EmailT1078 - Valid Accounts
  • 1 Rules
Cisco Secure EndpointT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Cisco Secure Web ApplianceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco SourceFireT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Cisco UmbrellaT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Cisco Unified Communications ManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Duo AccessT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
IronPort EmailT1078 - Valid Accounts
  • 1 Rules

Vendor: Citrix

ProductMITRE ATT&CK® TTPContent
Citrix GatewayT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
  • 1 Models
Citrix ShareFileT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Citrix Virtual AppsT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Citrix Web App FirewallT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Claroty

ProductMITRE ATT&CK® TTPContent
CTDT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
ClarotyT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Clearsense

ProductMITRE ATT&CK® TTPContent
ClearsenseT1078 - Valid Accounts
  • 1 Rules

Vendor: Click Studios

ProductMITRE ATT&CK® TTPContent
PasswordstateT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: Cloudflare

ProductMITRE ATT&CK® TTPContent
Cloudflare InsightsT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Cloudflare WAFT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Code42

ProductMITRE ATT&CK® TTPContent
Code42 IncydrT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Cofense

ProductMITRE ATT&CK® TTPContent
Cofense PhishmeT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Cohesity

ProductMITRE ATT&CK® TTPContent
Cohesity DataPlatformT1482 - Domain Trust Discovery
  • 1 Rules

Vendor: CrowdStrike

ProductMITRE ATT&CK® TTPContent
FalconT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 23 Rules
  • 8 Models

Vendor: CyberArk

ProductMITRE ATT&CK® TTPContent
CyberArk Endpoint Privilege ManagerTA0002 - TA0002
  • 10 Rules
  • 7 Models
CyberArk Privilege Access ManagerT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 22 Rules
  • 8 Models

Vendor: Cybereason

ProductMITRE ATT&CK® TTPContent
CybereasonT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Cylance

ProductMITRE ATT&CK® TTPContent
Cylance OPTICST1078 - Valid Accounts
  • 2 Rules
Cylance PROTECTT1078 - Valid Accounts
  • 1 Rules

Vendor: Damballa

ProductMITRE ATT&CK® TTPContent
Damballa FailsafeT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Darktrace

ProductMITRE ATT&CK® TTPContent
DarktraceT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: DataWatch Systems

ProductMITRE ATT&CK® TTPContent
DataWatchT1078 - Valid Accounts
  • 1 Rules

Vendor: Delinea

ProductMITRE ATT&CK® TTPContent
Centrify Infrastructure ServicesT1482 - Domain Trust Discovery
  • 1 Rules
Centrify Zero Trust Privilege ServicesT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Dell

ProductMITRE ATT&CK® TTPContent
EMC IsilonT1078 - Valid Accounts
  • 1 Rules
One Identity ManagerT1078 - Valid Accounts
  • 1 Rules
SonicwallT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: Digital Guardian

ProductMITRE ATT&CK® TTPContent
Digital Guardian Endpoint ProtectionT1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 15 Rules
  • 6 Models
Digital Guardian Network DLPT1078 - Valid Accounts
  • 1 Rules

Vendor: Dropbox

ProductMITRE ATT&CK® TTPContent
DropboxT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Dtex Systems

ProductMITRE ATT&CK® TTPContent
DTEX InTERCEPTT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 14 Rules
  • 5 Models

Vendor: ESET

ProductMITRE ATT&CK® TTPContent
ESET Endpoint SecurityT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: ESector

ProductMITRE ATT&CK® TTPContent
ESector DEFESA LoggerT1078 - Valid Accounts
  • 1 Rules

Vendor: Envoy

ProductMITRE ATT&CK® TTPContent
EnvoyT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Epic

ProductMITRE ATT&CK® TTPContent
Epic SIEMT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Exabeam

ProductMITRE ATT&CK® TTPContent
Advanced AnalyticsT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Audit LogT1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Correlation RuleT1068 - Exploitation for Privilege Escalation
  • 1 Rules
SearchT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Extrahop

ProductMITRE ATT&CK® TTPContent
Extrahop Reveal(x)T1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Extreme Networks

ProductMITRE ATT&CK® TTPContent
ExtremeCloud IQT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Zebra WLAN ManagementT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: F5

ProductMITRE ATT&CK® TTPContent
F5 Advanced Firewall ManagerT1068 - Exploitation for Privilege Escalation
  • 1 Rules
F5 Advanced Web Application FirewallT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
F5 Application Security ManagerT1068 - Exploitation for Privilege Escalation
  • 1 Rules
F5 BIG-IPT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models
F5 BIG-IP DNST1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: FTP

ProductMITRE ATT&CK® TTPContent
FTPT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: FileAuditor

ProductMITRE ATT&CK® TTPContent
FileAuditorT1078 - Valid Accounts
  • 1 Rules

Vendor: FireEye

ProductMITRE ATT&CK® TTPContent
FireEye CMST1068 - Exploitation for Privilege Escalation
  • 1 Rules
FireEye ETPT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
FireEye Endpoint Security (HX)T1068 - Exploitation for Privilege Escalation
  • 1 Rules
FireEye Web MPST1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Forcepoint

ProductMITRE ATT&CK® TTPContent
Forcepoint CASBT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
Forcepoint DLPT1078 - Valid Accounts
  • 1 Rules
Forcepoint Email SecurityT1078 - Valid Accounts
  • 1 Rules
Forcepoint Email Security GatewayT1078 - Valid Accounts
  • 1 Rules
Websense Security GatewayT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Fortinet

ProductMITRE ATT&CK® TTPContent
EnSiloT1068 - Exploitation for Privilege Escalation
  • 1 Rules
FortiGateT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Fortinet UTMT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Fortiweb Web Application FirewallT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Gamma

ProductMITRE ATT&CK® TTPContent
GammaT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Generic Badge Access

ProductMITRE ATT&CK® TTPContent
Generic Badge AccessT1078 - Valid Accounts
  • 1 Rules

Vendor: Genetec

ProductMITRE ATT&CK® TTPContent
Genetec BadgeT1078 - Valid Accounts
  • 1 Rules

Vendor: Gigamon

ProductMITRE ATT&CK® TTPContent
GigaVUE-HC2T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: GitHub

ProductMITRE ATT&CK® TTPContent
GitHubT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: GoAnywhere

ProductMITRE ATT&CK® TTPContent
GoAnywhere MFTT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models

Vendor: Google

ProductMITRE ATT&CK® TTPContent
Google Cloud PlatformT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Google WorkspaceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: HP

ProductMITRE ATT&CK® TTPContent
Aruba ClearPass Policy ManagerT1078 - Valid Accounts
  • 1 Rules
Aruba Mobility MasterT1078 - Valid Accounts
  • 1 Rules
HP iLOT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules
HPE ComwareT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules

Vendor: HashiCorp

ProductMITRE ATT&CK® TTPContent
HashiCorp VaultT1078 - Valid Accounts
  • 1 Rules

Vendor: HelpSystems

ProductMITRE ATT&CK® TTPContent
Powertech Identity and Access ManagerT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules

Vendor: Honeywell

ProductMITRE ATT&CK® TTPContent
Honeywell Pro-WatchT1078 - Valid Accounts
  • 1 Rules

Vendor: Hornet

ProductMITRE ATT&CK® TTPContent
Hornetsecurity Cloud Email Security ServicesT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Huawei

ProductMITRE ATT&CK® TTPContent
Huawei Unified Security GatewayT1482 - Domain Trust Discovery
  • 1 Rules

Vendor: IBM

ProductMITRE ATT&CK® TTPContent
IBM MainframeT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
IBM Resource Access Control FacilityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
IBM SenseT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Sterling B2B IntegratorT1078 - Valid Accounts
  • 1 Rules

Vendor: IMSS

ProductMITRE ATT&CK® TTPContent
IMSST1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: IMSVA

ProductMITRE ATT&CK® TTPContent
IMSVAT1078 - Valid Accounts
  • 1 Rules

Vendor: Identiv

ProductMITRE ATT&CK® TTPContent
IdentivT1078 - Valid Accounts
  • 1 Rules

Vendor: Imperva

ProductMITRE ATT&CK® TTPContent
Imperva IncapsulaT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Imperva SecureSphereT1078 - Valid Accounts
  • 1 Rules

Vendor: Imprivata

ProductMITRE ATT&CK® TTPContent
ImprivataT1078 - Valid Accounts
  • 1 Rules

Vendor: InfoWatch

ProductMITRE ATT&CK® TTPContent
InfoWatch DLPT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: Infoblox

ProductMITRE ATT&CK® TTPContent
BloxOne DDIT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 17 Rules
  • 7 Models
Infoblox NIOST1078 - Valid Accounts
  • 2 Rules

Vendor: Ipswitch

ProductMITRE ATT&CK® TTPContent
MoveIt TransferT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Ivanti

ProductMITRE ATT&CK® TTPContent
Ivanti Pulse SecureT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models

Vendor: Jumpcloud

ProductMITRE ATT&CK® TTPContent
JumpcloudT1078 - Valid Accounts
  • 1 Rules

Vendor: Juniper Networks

ProductMITRE ATT&CK® TTPContent
Juniper Advanced Threat ProtectionT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Juniper SRX SeriesT1078 - Valid Accounts
  • 1 Rules
Junos OST1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 4 Rules

Vendor: Kasada

ProductMITRE ATT&CK® TTPContent
KasadaT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Kaspersky

ProductMITRE ATT&CK® TTPContent
Kaspersky AVT1078 - Valid Accounts
  • 1 Rules
Kaspersky Endpoint Security for BusinessT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Kemp

ProductMITRE ATT&CK® TTPContent
Kemp LoadMasterT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: LanScope

ProductMITRE ATT&CK® TTPContent
LanScope CatT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 17 Rules
  • 6 Models

Vendor: LastPass

ProductMITRE ATT&CK® TTPContent
LastPassT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Lenel

ProductMITRE ATT&CK® TTPContent
OnGuardT1078 - Valid Accounts
  • 2 Rules

Vendor: LiquidFiles

ProductMITRE ATT&CK® TTPContent
LiquidFilesT1078 - Valid Accounts
  • 1 Rules

Vendor: LogRhythm

ProductMITRE ATT&CK® TTPContent
LogRhythmT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Malwarebytes

ProductMITRE ATT&CK® TTPContent
Malwarebytes Endpoint Detection and ResponseT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Malwarebytes Endpoint ProtectionT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Malwarebytes Incident ResponseT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: ManageEngine

ProductMITRE ATT&CK® TTPContent
ADAuditPlusT1078 - Valid Accounts
  • 1 Rules
ADSSPT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PAM360T1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 8 Models

Vendor: McAfee

ProductMITRE ATT&CK® TTPContent
McAfee Application ControlT1068 - Exploitation for Privilege Escalation
  • 1 Rules
McAfee DLP EndpointT1078 - Valid Accounts
  • 1 Rules
McAfee DLP PreventT1078 - Valid Accounts
  • 1 Rules
McAfee Email ProtectionT1078 - Valid Accounts
  • 1 Rules
McAfee Endpoint SecurityT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
McAfee Network Security PlatformT1078 - Valid Accounts
  • 1 Rules
McAfee Web GatewayT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
McAfee ePolicy OrchestratorT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Skyhigh Networks CASBT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models

Vendor: Microsoft

ProductMITRE ATT&CK® TTPContent
Active Directory Federation ServicesT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
AzureT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure AD Activity LogsT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
Azure AD Identity ProtectionT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Azure AD Sign-In LogsT1078 - Valid Accounts
  • 1 Rules
Azure ATPT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Azure Event HubT1078 - Valid Accounts
  • 1 Rules
Azure MFAT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Azure MonitorT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Azure Monitor - VM InsightsT1482 - Domain Trust Discovery
  • 1 Rules
Azure SentinelT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Event Viewer - ADFST1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 19 Rules
  • 8 Models
Event Viewer - ApplicationT1078 - Valid Accounts
  • 1 Rules
Event Viewer - ApplockerT1078 - Valid Accounts
  • 1 Rules
Event Viewer - AzureADPasswordProtection-DCAgentT1078 - Valid Accounts
  • 1 Rules
Event Viewer - DHCP-ServerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - DNSServerT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
Event Viewer - NTLMT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 2 Models
Event Viewer - PowerShellT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
Event Viewer - SecurityT1003.006 - OS Credential Dumping: DCSync
T1021 - Remote Services
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1207 - Rogue Domain Controller
T1482 - Domain Trust Discovery
T1484 - Group Policy Modification
T1543.003 - Create or Modify System Process: Windows Service
TA0002 - TA0002
  • 46 Rules
  • 17 Models
Event Viewer - SystemT1053.005 - Scheduled Task/Job: Scheduled Task
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
T1543.003 - Create or Modify System Process: Windows Service
  • 7 Rules
  • 3 Models
Event Viewer - TaskSchedulerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - TerminalServices-GatewayT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Event Viewer - TerminalServices-LocalSessionManagerT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
M365 Audit LogsT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
MSSQLT1078 - Valid Accounts
  • 1 Rules
Microsoft 365T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Microsoft Advanced Threat AnalyticsT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Microsoft CAST1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 4 Rules
  • 1 Models
Microsoft DHCP LogT1078 - Valid Accounts
  • 2 Rules
Microsoft Defender for CloudT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Microsoft Defender for EndpointT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 23 Rules
  • 7 Models
Microsoft ExchangeT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 5 Rules
  • 1 Models
Microsoft IIST1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Microsoft IntuneT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Microsoft WMI LogT1482 - Domain Trust Discovery
  • 1 Rules
SysmonT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 19 Rules
  • 8 Models
WindowsT1078 - Valid Accounts
  • 1 Rules
Windows Defender Application ControlT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Mimecast

ProductMITRE ATT&CK® TTPContent
Mimecast Secure Email GatewayT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Mimecast Targeted Threat Protection - URLT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: MobileIron

ProductMITRE ATT&CK® TTPContent
MobileIronT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: NNT

ProductMITRE ATT&CK® TTPContent
NNT ChangeTrackerT1078 - Valid Accounts
  • 1 Rules

Vendor: Nagios

ProductMITRE ATT&CK® TTPContent
NagiosT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Namespace rDirectory

ProductMITRE ATT&CK® TTPContent
Namespace rDirectoryT1003.006 - OS Credential Dumping: DCSync
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 7 Rules
  • 2 Models

Vendor: Nasuni

ProductMITRE ATT&CK® TTPContent
NasuniT1078 - Valid Accounts
  • 1 Rules

Vendor: NetApp

ProductMITRE ATT&CK® TTPContent
NetAppT1078 - Valid Accounts
  • 2 Rules

Vendor: NetIQ

ProductMITRE ATT&CK® TTPContent
Micro Focus NetIQ Identity ManagerT1078 - Valid Accounts
  • 1 Rules

Vendor: Netskope

ProductMITRE ATT&CK® TTPContent
Netskope Security CloudT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 20 Rules
  • 8 Models

Vendor: Netwrix

ProductMITRE ATT&CK® TTPContent
Netwrix AuditorT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules

Vendor: NextDLP

ProductMITRE ATT&CK® TTPContent
RevealT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 18 Rules
  • 7 Models

Vendor: Novell

ProductMITRE ATT&CK® TTPContent
eDirectoryT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Nozomi Networks

ProductMITRE ATT&CK® TTPContent
Nozomi Networks GuardianT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Nutanix

ProductMITRE ATT&CK® TTPContent
Nutanix Unified StorageT1078 - Valid Accounts
  • 1 Rules

Vendor: OSSEC

ProductMITRE ATT&CK® TTPContent
OSSECT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Okta

ProductMITRE ATT&CK® TTPContent
Okta Adaptive MFAT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
TA0002 - TA0002
  • 15 Rules
  • 8 Models

Vendor: Onapsis

ProductMITRE ATT&CK® TTPContent
OnapsisT1068 - Exploitation for Privilege Escalation
TA0002 - TA0002
  • 11 Rules
  • 7 Models

Vendor: OneLogin

ProductMITRE ATT&CK® TTPContent
OneLoginT1078 - Valid Accounts
TA0002 - TA0002
  • 12 Rules
  • 8 Models

Vendor: OneWelcome

ProductMITRE ATT&CK® TTPContent
OneWelcome Cloud Identity PlatformT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules

Vendor: Open VPN

ProductMITRE ATT&CK® TTPContent
Open VPNTA0002 - TA0002
  • 10 Rules
  • 7 Models

Vendor: Oracle

ProductMITRE ATT&CK® TTPContent
Oracle Access ManagementT1078 - Valid Accounts
TA0002 - TA0002
  • 11 Rules
  • 7 Models
Oracle Audit Vault and Database FirewallTA0002 - TA0002
  • 10 Rules
  • 7 Models
Oracle DatabaseT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
TA0002 - TA0002
  • 25 Rules
  • 14 Models
Oracle Public CloudT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Osquery

ProductMITRE ATT&CK® TTPContent
OsqueryT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Palo Alto Networks

ProductMITRE ATT&CK® TTPContent
Cortex XSOART1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
GlobalProtectT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
  • 1 Models
Palo Alto ApertureT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Palo Alto NGFWT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 21 Rules
  • 8 Models
Palo Alto WildFireT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Prisma CloudT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
Traps Endpoint Security ManagerT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Password Manager Pro

ProductMITRE ATT&CK® TTPContent
Password Manager ProT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor: Ping Identity

ProductMITRE ATT&CK® TTPContent
Ping IdentityT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
PingOneT1078 - Valid Accounts
  • 1 Rules

Vendor: Postfix

ProductMITRE ATT&CK® TTPContent
PostfixT1078 - Valid Accounts
  • 1 Rules

Vendor: Progress

ProductMITRE ATT&CK® TTPContent
Progress DatabaseT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Proofpoint

ProductMITRE ATT&CK® TTPContent
ObserveITT1068 - Exploitation for Privilege Escalation
T1482 - Domain Trust Discovery
TA0002 - TA0002
  • 12 Rules
  • 7 Models
Proofpoint Email ProtectionT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Proofpoint Enterprise ProtectionT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Targeted Attack PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: Quest Software

ProductMITRE ATT&CK® TTPContent
Quest Change Auditor for Active DirectoryT1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 8 Rules
  • 2 Models

Vendor: RS2 Technologies

ProductMITRE ATT&CK® TTPContent
RS2 TechnologiesT1078 - Valid Accounts
  • 1 Rules

Vendor: RSA

ProductMITRE ATT&CK® TTPContent
RSA Authentication ManagerT1078 - Valid Accounts
  • 1 Rules
RSA DLPT1078 - Valid Accounts
  • 1 Rules
RSA ECATT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: RangerAudit

ProductMITRE ATT&CK® TTPContent
RangerAuditT1078 - Valid Accounts
  • 1 Rules

Vendor: Rapid7

ProductMITRE ATT&CK® TTPContent
Rapid7 InsightVMT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Riverbed Steelhead

ProductMITRE ATT&CK® TTPContent
Riverbed SteelheadT1078 - Valid Accounts
  • 1 Rules

Vendor: Rubrik

ProductMITRE ATT&CK® TTPContent
Rubrik Cloud Data ManagementT1078 - Valid Accounts
  • 1 Rules

Vendor: SAP

ProductMITRE ATT&CK® TTPContent
SAPT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 17 Rules
  • 7 Models
SuccessFactorsT1078 - Valid Accounts
  • 1 Rules

Vendor: SIGSCI

ProductMITRE ATT&CK® TTPContent
SIGSCIT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: SafeSend

ProductMITRE ATT&CK® TTPContent
SafeSendT1078 - Valid Accounts
  • 1 Rules

Vendor: Safenet

ProductMITRE ATT&CK® TTPContent
ThalesT1078 - Valid Accounts
  • 1 Rules

Vendor: Sailpoint

ProductMITRE ATT&CK® TTPContent
IdentityNowT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Salesforce

ProductMITRE ATT&CK® TTPContent
SalesforceT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Secomea

ProductMITRE ATT&CK® TTPContent
SecomeaT1078 - Valid Accounts
  • 1 Rules

Vendor: SecureAuth

ProductMITRE ATT&CK® TTPContent
SecureAuth IDPT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
SecureAuth LoginT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
ProductMITRE ATT&CK® TTPContent
SecureLinkT1078 - Valid Accounts
  • 1 Rules

Vendor: SecurityExpert

ProductMITRE ATT&CK® TTPContent
SecurityExpertT1078 - Valid Accounts
  • 1 Rules

Vendor: Semperis

ProductMITRE ATT&CK® TTPContent
Semperis DSPT1003.006 - OS Credential Dumping: DCSync
T1078 - Valid Accounts
T1207 - Rogue Domain Controller
T1484 - Group Policy Modification
  • 8 Rules
  • 2 Models

Vendor: Sensormatik

ProductMITRE ATT&CK® TTPContent
SensormatikT1078 - Valid Accounts
  • 1 Rules

Vendor: SentinelOne

ProductMITRE ATT&CK® TTPContent
Event Viewer - SentineloneT1078 - Valid Accounts
  • 1 Rules
Singularity PlatformT1021 - Remote Services
T1053.005 - Scheduled Task/Job: Scheduled Task
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
T1482 - Domain Trust Discovery
T1543.003 - Create or Modify System Process: Windows Service
  • 23 Rules
  • 8 Models
VigilanceT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: ServiceNow

ProductMITRE ATT&CK® TTPContent
ServiceNowT1078 - Valid Accounts
  • 3 Rules
  • 1 Models

Vendor: Shibboleth

ProductMITRE ATT&CK® TTPContent
ShibbolethT1078 - Valid Accounts
  • 1 Rules

Vendor: Silverfort

ProductMITRE ATT&CK® TTPContent
Silverfort Authentication PlatformT1078 - Valid Accounts
  • 1 Rules

Vendor: SiteMinder

ProductMITRE ATT&CK® TTPContent
Symantec SiteMinderT1078 - Valid Accounts
  • 1 Rules

Vendor: SkySea

ProductMITRE ATT&CK® TTPContent
SkySea ClientViewT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
T1482 - Domain Trust Discovery
  • 7 Rules
  • 1 Models

Vendor: Skyformation

ProductMITRE ATT&CK® TTPContent
SkyformationT1078 - Valid Accounts
  • 1 Rules

Vendor: Skyhigh Security

ProductMITRE ATT&CK® TTPContent
Skyhigh Security CloudT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Sophos

ProductMITRE ATT&CK® TTPContent
Sophos Endpoint ProtectionT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
Sophos UTMT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules
Sophos XG FirewallT1078 - Valid Accounts
  • 1 Rules

Vendor: Squid

ProductMITRE ATT&CK® TTPContent
SquidT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: StealthBits

ProductMITRE ATT&CK® TTPContent
StealthBits Stealth DefendT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: SunOne

ProductMITRE ATT&CK® TTPContent
SunOneT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Swift

ProductMITRE ATT&CK® TTPContent
SwiftT1078 - Valid Accounts
  • 1 Rules

Vendor: Swipes

ProductMITRE ATT&CK® TTPContent
SwipesT1078 - Valid Accounts
  • 1 Rules

Vendor: Swivel

ProductMITRE ATT&CK® TTPContent
SwivelT1078 - Valid Accounts
  • 1 Rules

Vendor: Sybase

ProductMITRE ATT&CK® TTPContent
SybaseT1078 - Valid Accounts
  • 1 Rules

Vendor: Symantec

ProductMITRE ATT&CK® TTPContent
Symantec Advanced Threat ProtectionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 5 Rules
  • 1 Models
Symantec Content Analysis SystemT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Symantec Critical System ProtectionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
Symantec DLPT1078 - Valid Accounts
  • 1 Rules
Symantec Email SecurityT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Symantec Endpoint ProtectionT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
Symantec Managed Security ServicesT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Symantec Web Security ServiceT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Tanium

ProductMITRE ATT&CK® TTPContent
Tanium Cloud PlatformT1078 - Valid Accounts
  • 2 Rules
  • 1 Models
Tanium Core PlatformT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
Tanium Integrity MonitorT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
Tanium Threat ResponseT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 15 Rules
  • 7 Models

Vendor: Tenable.io

ProductMITRE ATT&CK® TTPContent
Tenable.ioT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tessian

ProductMITRE ATT&CK® TTPContent
Tessian Cloud Email SecurityT1078 - Valid Accounts
  • 1 Rules

Vendor: Trend Micro

ProductMITRE ATT&CK® TTPContent
Deep Discovery InspectorT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Deep SecurityT1068 - Exploitation for Privilege Escalation
  • 1 Rules
OfficeScanT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 4 Rules
Trend Micro ScanMailT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules
Vision OneT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Tripwire Enterprise

ProductMITRE ATT&CK® TTPContent
Tripwire EnterpriseT1078 - Valid Accounts
  • 1 Rules

Vendor: Tufin

ProductMITRE ATT&CK® TTPContent
Tufin SecureTrackT1078 - Valid Accounts
  • 1 Rules

Vendor: Tyco

ProductMITRE ATT&CK® TTPContent
CCURE Building Management SystemT1078 - Valid Accounts
  • 2 Rules

Vendor: Ubiquiti

ProductMITRE ATT&CK® TTPContent
Unifi Access PointT1078 - Valid Accounts
  • 1 Rules

Vendor: Unix

ProductMITRE ATT&CK® TTPContent
AuditbeatT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
UnixT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 20 Rules
  • 7 Models
Unix AuditdT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 19 Rules
  • 7 Models
Unix NamedT1078 - Valid Accounts
  • 1 Rules
Unix Privilege ManagementT1078 - Valid Accounts
  • 1 Rules
Unix SendmailT1078 - Valid Accounts
  • 1 Rules
Unix dhcpdT1078 - Valid Accounts
  • 1 Rules
rsyslogT1078 - Valid Accounts
  • 1 Rules

Vendor: VBCorp

ProductMITRE ATT&CK® TTPContent
VBCorpT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: VMS Software

ProductMITRE ATT&CK® TTPContent
OpenVMSTA0002 - TA0002
  • 10 Rules
  • 7 Models

Vendor: VMware

ProductMITRE ATT&CK® TTPContent
Carbon Black App ControlT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
T1482 - Domain Trust Discovery
  • 14 Rules
  • 5 Models
Carbon Black CEST1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 3 Rules
Carbon Black EDRT1078 - Valid Accounts
T1482 - Domain Trust Discovery
  • 2 Rules
VMware AirWatchT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 3 Rules
  • 1 Models
VMware ESXiT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
T1078.002 - T1078.002
  • 16 Rules
  • 7 Models
VMware ViewT1078 - Valid Accounts
  • 1 Rules
vCenterT1078 - Valid Accounts
  • 1 Rules

Vendor: Varonis

ProductMITRE ATT&CK® TTPContent
Varonis Data Security PlatformT1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 2 Rules

Vendor: Vectra

ProductMITRE ATT&CK® TTPContent
Vectra Cognito DetectT1068 - Exploitation for Privilege Escalation
  • 1 Rules
Vectra Cognito StreamT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 7 Rules
  • 2 Models

Vendor: Verizon

ProductMITRE ATT&CK® TTPContent
Verizon NDRT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: ViaScope

ProductMITRE ATT&CK® TTPContent
ViaScope IPScanT1078 - Valid Accounts
  • 1 Rules

Vendor: Visma

ProductMITRE ATT&CK® TTPContent
MegaflexT1078 - Valid Accounts
  • 1 Rules

Vendor: Wazuh

ProductMITRE ATT&CK® TTPContent
WazuhT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Wiz

ProductMITRE ATT&CK® TTPContent
WizT1068 - Exploitation for Privilege Escalation
T1078 - Valid Accounts
  • 2 Rules

Vendor: Workday

ProductMITRE ATT&CK® TTPContent
WorkdayT1078 - Valid Accounts
  • 1 Rules

Vendor: Xceedium

ProductMITRE ATT&CK® TTPContent
XceediumT1078 - Valid Accounts
  • 1 Rules

Vendor: Xiting

ProductMITRE ATT&CK® TTPContent
XAMST1078 - Valid Accounts
  • 1 Rules

Vendor: Zeek

ProductMITRE ATT&CK® TTPContent
ZeekT1021 - Remote Services
T1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1078.002 - T1078.002
T1102 - Web Service
  • 25 Rules
  • 8 Models

Vendor: Zendesk

ProductMITRE ATT&CK® TTPContent
ZendeskT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: Zimperium

ProductMITRE ATT&CK® TTPContent
Zimperium MTDT1068 - Exploitation for Privilege Escalation
  • 1 Rules

Vendor: Zscaler

ProductMITRE ATT&CK® TTPContent
Zscaler Internet AccessT1068 - Exploitation for Privilege Escalation
T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1102 - Web Service
  • 3 Rules

Vendor:

Vendor: iManage

ProductMITRE ATT&CK® TTPContent
iManageT1078 - Valid Accounts
  • 2 Rules
  • 1 Models

Vendor: oVirt

ProductMITRE ATT&CK® TTPContent
oVirtT1078 - Valid Accounts
TA0002 - TA0002
  • 12 Rules
  • 8 Models

Vendor: xPLAN

ProductMITRE ATT&CK® TTPContent
xPLANT1078 - Valid Accounts
  • 1 Rules