Vendor: CatoNetworks

Product: Cato Cloud

Rules	Models	MITRE TTPs	Event Types	Parsers
103	53	23	6	6

Use-Case	Event Types/Parsers	MITRE TTP	Content
3rd Party Security Alerts	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	3 Rules 1 Models
Abnormal Application Access	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1078 - Valid Accounts T1110 - Brute Force	2 Rules 2 Models
Abnormal Authentication & Access	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1078 - Valid Accounts T1133 - External Remote Services	2 Rules
Abnormal Directory Services Activity	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1098 - Account Manipulation	3 Rules 3 Models
Abnormal Network Connections	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols	5 Rules 2 Models
Abnormal User Activity	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	13 Rules 9 Models
Abnormal VPN Access	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1133 - External Remote Services	1 Rules 1 Models
Abnormal Web Access	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1102 - Web Service T1550.002 - Use Alternate Authentication Material: Pass the Hash	30 Rules 13 Models
Access to Application Data	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1078 - Valid Accounts T1110 - Brute Force	2 Rules 2 Models
Account Manipulation	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	1 Rules 1 Models
Account Switch	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1003 - OS Credential Dumping	4 Rules 4 Models
Activity on Domain Controllers	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1102 - Web Service	1 Rules
Brute Force Attack	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1003 - OS Credential Dumping	4 Rules 4 Models
Compromised Asset	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools	5 Rules 4 Models
Cryptomining	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Data Exfiltration via DNS	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1568 - Dynamic Resolution	1 Rules
Data Exfiltration via Web	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1030 - Data Transfer Size Limits T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	3 Rules
Data Leak via Email	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	4 Rules 4 Models
Data Leak via Printer	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1052 - Exfiltration Over Physical Medium	1 Rules 1 Models
Data Leak via Removable Device	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB	1 Rules 1 Models
Data Leak via Web	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1030 - Data Transfer Size Limits T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	4 Rules 1 Models
Evasion	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy	4 Rules 1 Models
Malware	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1204 - User Execution T1550.002 - Use Alternate Authentication Material: Pass the Hash T1568.002 - Dynamic Resolution: Domain Generation Algorithms	30 Rules 8 Models
Membership and Permission Modifications	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	1 Rules 1 Models
Pass the Ticket	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting	2 Rules 2 Models
Permission Changes	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	1 Rules 1 Models
Phishing	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1566 - Phishing T1566.002 - Phishing: Spearphishing Link	3 Rules 2 Models
Privileged Process Execution	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1078 - Valid Accounts	1 Rules 1 Models
Ransomware	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071 - Application Layer Protocol T1078 - Valid Accounts	4 Rules
Risk of Attrition	network-alert ↳ cef-catonetworks-network-alert vpn-connection ↳ cef-catonetworks-web-activity vpn-login ↳ cef-catonetworks-vpn-login vpn-logout ↳ cef-catonetworks-vpn-end web-activity-allowed ↳ cef-catonetworks-web-activity web-activity-denied ↳ cef-catonetworks-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	3 Rules 2 Models

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Phishing	User Execution	External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Use Alternate Authentication Material Use Alternate Authentication Material: Pass the Hash Obfuscated Files or Information	OS Credential Dumping Brute Force Steal or Forge Kerberos Tickets Steal or Forge Kerberos Tickets: Kerberoasting		Use Alternate Authentication Material		Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol Exfiltration Over Physical Medium: Exfiltration over USB Data Transfer Size Limits Exfiltration Over Physical Medium Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_catonetworks_cato_cloud.md

ds_catonetworks_cato_cloud.md

Vendor: CatoNetworks

Product: Cato Cloud

ATT&CK Matrix for Enterprise

Files

ds_catonetworks_cato_cloud.md

Latest commit

History

ds_catonetworks_cato_cloud.md

File metadata and controls

Vendor: CatoNetworks

Product: Cato Cloud

ATT&CK Matrix for Enterprise