Skip to content

Commit 34dacc2

Browse files
author
root
committed
Update
1 parent cf92025 commit 34dacc2

File tree

5,863 files changed

+32431
-25162
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

5,863 files changed

+32431
-25162
lines changed

DataSources/AMAG/Symmetry_Access_Control/2_ds_amag_symmetry_access_control.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
1+
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
22
|:----:| ---- | ---- | ---- |
33
| [Privileged Activity](../../../UseCases/uc_privileged_activity.md) | failed-physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-failed-3](Ps/pC_cefamagbadgeaccessfailed3.md)<br> ↳[cef-amag-badge-access-failed-1](Ps/pC_cefamagbadgeaccessfailed1.md)<br> ↳[cef-amag-badge-access-failed-2](Ps/pC_cefamagbadgeaccessfailed2.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br><br> physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-2](Ps/pC_cefamagbadgeaccess2.md)<br> ↳[cef-amag-badge-access-1](Ps/pC_cefamagbadgeaccess1.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>1 Rules</li></ul>](RM/r_m_amag_symmetry_access_control_Privileged_Activity.md) |

DataSources/AMAG/Symmetry_Access_Control/RM/r_m_amag_symmetry_access_control_Abnormal_Authentication_&_Access.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: AMAG
33
### Product: [Symmetry Access Control](../ds_amag_symmetry_access_control.md)
44
### Use-Case: [Abnormal Authentication & Access](../../../../UseCases/uc_abnormal_authentication_&_access.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 3 | 2 | 1 | 1 | 1 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 3 | 2 | 1 | 1 | 1 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ---- |

DataSources/AMAG/Symmetry_Access_Control/RM/r_m_amag_symmetry_access_control_Physical_Security.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: AMAG
33
### Product: [Symmetry Access Control](../ds_amag_symmetry_access_control.md)
44
### Use-Case: [Physical Security](../../../../UseCases/uc_physical_security.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 9 | 4 | 1 | 1 | 1 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 9 | 4 | 1 | 1 | 1 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ---- |

DataSources/AMAG/Symmetry_Access_Control/RM/r_m_amag_symmetry_access_control_Privileged_Activity.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: AMAG
33
### Product: [Symmetry Access Control](../ds_amag_symmetry_access_control.md)
44
### Use-Case: [Privileged Activity](../../../../UseCases/uc_privileged_activity.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 1 | 0 | 1 | 1 | 1 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 1 | 0 | 1 | 1 | 1 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ------ |

DataSources/AMAG/Symmetry_Access_Control/ds_amag_symmetry_access_control.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,18 @@ Vendor: AMAG
22
============
33
Product: Symmetry Access Control
44
--------------------------------
5-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
6-
|:-----:|:------:|:----------:|:-----------:|:-------:|
7-
| 12 | 6 | 1 | 1 | 1 |
5+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
6+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
7+
| 12 | 6 | 1 | 1 | 1 |
88

9-
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
9+
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
1010
|:----:| ---- | ---- | ---- |
1111
| [Abnormal Authentication & Access](../../../UseCases/uc_abnormal_authentication_&_access.md) | failed-physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-failed-3](Ps/pC_cefamagbadgeaccessfailed3.md)<br> ↳[cef-amag-badge-access-failed-1](Ps/pC_cefamagbadgeaccessfailed1.md)<br> ↳[cef-amag-badge-access-failed-2](Ps/pC_cefamagbadgeaccessfailed2.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br><br> physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-2](Ps/pC_cefamagbadgeaccess2.md)<br> ↳[cef-amag-badge-access-1](Ps/pC_cefamagbadgeaccess1.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>3 Rules</li></ul><ul><li>2 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Abnormal_Authentication_&_Access.md) |
1212
| [Physical Security](../../../UseCases/uc_physical_security.md) | failed-physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-failed-3](Ps/pC_cefamagbadgeaccessfailed3.md)<br> ↳[cef-amag-badge-access-failed-1](Ps/pC_cefamagbadgeaccessfailed1.md)<br> ↳[cef-amag-badge-access-failed-2](Ps/pC_cefamagbadgeaccessfailed2.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br><br> physical-access<br> ↳[s-amag-badge-access](Ps/pC_samagbadgeaccess.md)<br> ↳[cef-amag-badge-access-2](Ps/pC_cefamagbadgeaccess2.md)<br> ↳[cef-amag-badge-access-1](Ps/pC_cefamagbadgeaccess1.md)<br> ↳[amag-badge-access](Ps/pC_amagbadgeaccess.md)<br> | T1078 - Valid Accounts<br> | [<ul><li>9 Rules</li></ul><ul><li>4 Models</li></ul>](RM/r_m_amag_symmetry_access_control_Physical_Security.md) |
1313
[Next Page -->>](2_ds_amag_symmetry_access_control.md)
1414

15-
ATT&CK Matrix for Enterprise
16-
----------------------------
15+
MITRE ATT&CK® Framework for Enterprise
16+
--------------------------------------
1717
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
1818
| ------------------------------------------------------------------- | --------- | ------------------------------------------------------------------- | ------------------------------------------------------------------- | ------------------------------------------------------------------- | ----------------- | --------- | ---------------- | ---------- | ------------------- | ------------ | ------ |
1919
| [Valid Accounts](https://attack.mitre.org/techniques/T1078)<br><br> | | [Valid Accounts](https://attack.mitre.org/techniques/T1078)<br><br> | [Valid Accounts](https://attack.mitre.org/techniques/T1078)<br><br> | [Valid Accounts](https://attack.mitre.org/techniques/T1078)<br><br> | | | | | | | |

DataSources/AMD/Pensando/RM/r_m_amd_pensando_Lateral_Movement.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: AMD
33
### Product: [Pensando](../ds_amd_pensando.md)
44
### Use-Case: [Lateral Movement](../../../../UseCases/uc_lateral_movement.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 56 | 20 | 5 | 2 | 2 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 56 | 20 | 5 | 2 | 2 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ---- |

DataSources/AMD/Pensando/RM/r_m_amd_pensando_Malware.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: AMD
33
### Product: [Pensando](../ds_amd_pensando.md)
44
### Use-Case: [Malware](../../../../UseCases/uc_malware.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 4 | 0 | 1 | 2 | 2 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 4 | 0 | 1 | 2 | 2 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ------ |

DataSources/AMD/Pensando/ds_amd_pensando.md

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,17 @@ Vendor: AMD
22
===========
33
Product: Pensando
44
-----------------
5-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
6-
|:-----:|:------:|:----------:|:-----------:|:-------:|
7-
| 56 | 20 | 5 | 2 | 2 |
5+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
6+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
7+
| 56 | 20 | 5 | 2 | 2 |
88

9-
| Use-Case | Event Types/Parsers | MITRE TTP | Content |
9+
| Use-Case | Event Types/Parsers | MITRE ATT&CK® TTP | Content |
1010
|:----:| ---- | ---- | ---- |
1111
| [Lateral Movement](../../../UseCases/uc_lateral_movement.md) | network-connection-failed<br> ↳[pensando-flow-create](Ps/pC_pensandoflowcreate.md)<br><br> network-connection-successful<br> ↳[pensando-flow-create](Ps/pC_pensandoflowcreate.md)<br> | T1071 - Application Layer Protocol<br>T1090.003 - Proxy: Multi-hop Proxy<br>T1190 - Exploit Public Fasing Application<br>TA0010 - TA0010<br>TA0011 - TA0011<br> | [<ul><li>56 Rules</li></ul><ul><li>20 Models</li></ul>](RM/r_m_amd_pensando_Lateral_Movement.md) |
1212
| [Malware](../../../UseCases/uc_malware.md) | network-connection-failed<br> ↳[pensando-flow-create](Ps/pC_pensandoflowcreate.md)<br><br> network-connection-successful<br> ↳[pensando-flow-create](Ps/pC_pensandoflowcreate.md)<br> | TA0011 - TA0011<br> | [<ul><li>4 Rules</li></ul>](RM/r_m_amd_pensando_Malware.md) |
1313

14-
ATT&CK Matrix for Enterprise
15-
----------------------------
14+
MITRE ATT&CK® Framework for Enterprise
15+
--------------------------------------
1616
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
1717
| -------------------------------------------------------------------------------------- | --------- | ----------- | -------------------- | --------------- | ----------------- | --------- | ---------------- | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------ | ------ |
1818
| [Exploit Public Fasing Application](https://attack.mitre.org/techniques/T1190)<br><br> | | | | | | | | | [Proxy: Multi-hop Proxy](https://attack.mitre.org/techniques/T1090/003)<br><br>[Application Layer Protocol](https://attack.mitre.org/techniques/T1071)<br><br>[Proxy](https://attack.mitre.org/techniques/T1090)<br><br> | | |

DataSources/APC/APC/RM/r_m_apc_apc_Abnormal_Authentication_&_Access.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: APC
33
### Product: [APC](../ds_apc_apc.md)
44
### Use-Case: [Abnormal Authentication & Access](../../../../UseCases/uc_abnormal_authentication_&_access.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 32 | 14 | 5 | 5 | 5 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 32 | 14 | 5 | 2 | 2 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ---- |

DataSources/APC/APC/RM/r_m_apc_apc_Compromised_Credentials.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Vendor: APC
33
### Product: [APC](../ds_apc_apc.md)
44
### Use-Case: [Compromised Credentials](../../../../UseCases/uc_compromised_credentials.md)
55

6-
| Rules | Models | MITRE TTPs | Event Types | Parsers |
7-
|:-----:|:------:|:----------:|:-----------:|:-------:|
8-
| 58 | 25 | 10 | 5 | 5 |
6+
| Rules | Models | MITRE ATT&CK® TTPs | Event Types | Parsers |
7+
|:-----:|:------:|:------------------:|:-----------:|:-------:|
8+
| 58 | 25 | 10 | 2 | 2 |
99

1010
| Event Type | Rules | Models |
1111
| ---- | ---- | ---- |

0 commit comments

Comments
 (0)