Cloud Network Access Control List Deleted
|
|
N/A
|
Anomaly
|
AWS Network ACL Activity
|
2024-10-17
|
Detect Spike in Network ACL Activity
|
|
Disable or Modify Cloud Firewall
|
Anomaly
|
AWS Network ACL Activity
|
2024-10-17
|
Detect IPv6 Network Infrastructure Threats
|
|
Hardware Additions
Network Denial of Service
Adversary-in-the-Middle
ARP Cache Poisoning
|
TTP
|
Router and Infrastructure Security
|
2024-10-17
|
Detect Large Outbound ICMP Packets
|
Palo Alto Network Traffic
|
Non-Application Layer Protocol
|
TTP
|
Command And Control
|
2024-11-06
|
Detect Remote Access Software Usage Traffic
|
Palo Alto Network Traffic
|
Remote Access Software
|
Anomaly
|
Command And Control, Insider Threat, Ransomware
|
2024-09-30
|
Detect Software Download To Network Device
|
|
TFTP Boot
Pre-OS Boot
|
TTP
|
Router and Infrastructure Security
|
2024-10-17
|
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CISA AA24-241A, F5 BIG-IP Vulnerability CVE-2022-1388
|
2024-09-30
|
Hosts receiving high volume of network traffic from email server
|
|
Remote Email Collection
Email Collection
|
Anomaly
|
Collection and Staging
|
2024-10-17
|
Prohibited Network Traffic Allowed
|
|
Exfiltration Over Alternative Protocol
|
TTP
|
Command And Control, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2024-09-30
|
Remote Desktop Network Bruteforce
|
|
Remote Desktop Protocol
Remote Services
|
TTP
|
Ryuk Ransomware, SamSam Ransomware
|
2024-10-16
|
Remote Desktop Network Traffic
|
|
Remote Desktop Protocol
Remote Services
|
Anomaly
|
Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware
|
2024-10-16
|
TOR Traffic
|
Palo Alto Network Traffic
|
Proxy
Multi-hop Proxy
|
TTP
|
Command And Control, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2024-09-30
|
Citrix ADC Exploitation CVE-2023-3519
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
|
Hunting
|
CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519
|
2024-10-17
|
Confluence Unauthenticated Remote Code Execution CVE-2022-26134
|
Palo Alto Network Threat
|
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities
|
2024-09-30
|
Detect Remote Access Software Usage URL
|
Palo Alto Network Threat
|
Remote Access Software
|
Anomaly
|
CISA AA24-241A, Command And Control, Insider Threat, Ransomware
|
2024-09-30
|
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Fortinet FortiNAC CVE-2022-39952
|
2024-09-30
|
Fortinet Appliance Auth bypass
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CVE-2022-40684 Fortinet Appliance Auth bypass
|
2024-09-30
|
Juniper Networks Remote Code Execution Exploit Detection
|
Suricata
|
Exploit Public-Facing Application
Ingress Tool Transfer
Command and Scripting Interpreter
|
TTP
|
Juniper JunOS Remote Code Execution
|
2024-09-30
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
External Remote Services
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Privilege Escalation
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2024-09-30
|
VMware Server Side Template Injection Hunt
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Hunting
|
VMware Server Side Injection and Privilege Escalation
|
2024-10-17
|
VMware Workspace ONE Freemarker Server-side Template Injection
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
VMware Server Side Injection and Privilege Escalation
|
2024-09-30
|