3rd Party Security Alerts |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols
|
|
Abnormal Application Access |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1078 - Valid Accounts T1110 - Brute Force
|
|
Abnormal Authentication & Access |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1078 - Valid Accounts T1133 - External Remote Services
|
|
Abnormal Directory Services Activity |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1098 - Account Manipulation
|
|
Abnormal Network Connections |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols
|
|
Abnormal User Activity |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services
|
|
Abnormal VPN Access |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1133 - External Remote Services
|
|
Abnormal Web Access |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1102 - Web Service T1550.002 - Use Alternate Authentication Material: Pass the Hash
|
|
Access to Application Data |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1078 - Valid Accounts T1110 - Brute Force
|
|
Account Manipulation |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Account Switch |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1003 - OS Credential Dumping
|
|
Activity on Domain Controllers |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1102 - Web Service
|
|
Brute Force Attack |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1003 - OS Credential Dumping
|
|
Compromised Asset |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools
|
|
Cryptomining |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking
|
|
Data Exfiltration via DNS |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1568 - Dynamic Resolution
|
|
Data Exfiltration via Web |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1030 - Data Transfer Size Limits T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
|
|
Data Leak via Email |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
|
|
Data Leak via Printer |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1052 - Exfiltration Over Physical Medium
|
|
Data Leak via Removable Device |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
|
|
Data Leak via Web |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1030 - Data Transfer Size Limits T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
|
|
Evasion |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy
|
|
Malware |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1204 - User Execution T1550.002 - Use Alternate Authentication Material: Pass the Hash T1568.002 - Dynamic Resolution: Domain Generation Algorithms
|
|
Membership and Permission Modifications |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Pass the Ticket |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
|
|
Permission Changes |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
|
|
Phishing |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols T1566 - Phishing T1566.002 - Phishing: Spearphishing Link
|
|
Privileged Process Execution |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1078 - Valid Accounts
|
|
Ransomware |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071 - Application Layer Protocol T1078 - Valid Accounts
|
|
Risk of Attrition |
network-alert ↳ cef-catonetworks-network-alert
vpn-connection ↳ cef-catonetworks-web-activity
vpn-login ↳ cef-catonetworks-vpn-login
vpn-logout ↳ cef-catonetworks-vpn-end
web-activity-allowed ↳ cef-catonetworks-web-activity
web-activity-denied ↳ cef-catonetworks-web-activity
|
T1071.001 - Application Layer Protocol: Web Protocols
|
|