Skip to content

Latest commit

 

History

History
46 lines (44 loc) · 190 KB

ds_juniper_networks_juniper_vpn.md

File metadata and controls

46 lines (44 loc) · 190 KB
Raw

Vendor: Juniper Networks

Product: Juniper VPN

Rules Models MITRE TTPs Event Types Parsers
91 47 21 6 6
Use-Case Event Types/Parsers MITRE TTP Content
3rd Party Security Alerts account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
  • 3 Rules
  • 1 Models
Abnormal Application Access account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1078 - Valid Accounts
T1110 - Brute Force
  • 2 Rules
  • 2 Models
Abnormal Authentication & Access account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1078 - Valid Accounts
T1133 - External Remote Services
  • 2 Rules
Abnormal Directory Services Activity account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098 - Account Manipulation
  • 3 Rules
  • 3 Models
Abnormal User Activity account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1110 - Brute Force
T1133 - External Remote Services
  • 15 Rules
  • 9 Models
Abnormal VPN Access account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1133 - External Remote Services
  • 2 Rules
  • 1 Models
Abnormal Web Access account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1102 - Web Service
T1550.002 - Use Alternate Authentication Material: Pass the Hash
  • 26 Rules
  • 13 Models
Access to Application Data account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1078 - Valid Accounts
T1110 - Brute Force
  • 2 Rules
  • 2 Models
Account Creation Activity account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098 - Account Manipulation
  • 1 Rules
Account Deletion Activity account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098 - Account Manipulation
  • 1 Rules
Account Manipulation account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098 - Account Manipulation
T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 2 Rules
  • 1 Models
Account Switch account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1003 - OS Credential Dumping
  • 4 Rules
  • 4 Models
Activity on Domain Controllers account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1102 - Web Service
  • 1 Rules
Brute Force Attack account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1003 - OS Credential Dumping
  • 4 Rules
  • 4 Models
Cryptomining account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1496 - Resource Hijacking
  • 3 Rules
Data Exfiltration via DNS account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1568 - Dynamic Resolution
  • 1 Rules
Data Exfiltration via Web account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1030 - Data Transfer Size Limits
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 2 Rules
Data Leak via Email account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1048.003 - Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
  • 4 Rules
  • 4 Models
Data Leak via Printer account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1052 - Exfiltration Over Physical Medium
  • 1 Rules
  • 1 Models
Data Leak via Removable Device account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1052.001 - Exfiltration Over Physical Medium: Exfiltration over USB
  • 1 Rules
  • 1 Models
Data Leak via Web account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1030 - Data Transfer Size Limits
T1071.001 - Application Layer Protocol: Web Protocols
T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage
  • 3 Rules
  • 1 Models
Evasion account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1090.003 - Proxy: Multi-hop Proxy
  • 4 Rules
  • 1 Models
Malware account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1078 - Valid Accounts
T1090.003 - Proxy: Multi-hop Proxy
T1550.002 - Use Alternate Authentication Material: Pass the Hash
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 23 Rules
  • 6 Models
Membership and Permission Modifications account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 1 Rules
  • 1 Models
Pass the Ticket account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1558.003 - Steal or Forge Kerberos Tickets: Kerberoasting
  • 2 Rules
  • 2 Models
Permission Changes account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1098.002 - Account Manipulation: Exchange Email Delegate Permissions
  • 1 Rules
  • 1 Models
Phishing account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
T1566 - Phishing
T1566.002 - Phishing: Spearphishing Link
  • 3 Rules
  • 2 Models
Privileged Process Execution account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1078 - Valid Accounts
  • 1 Rules
  • 1 Models
Ransomware account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071 - Application Layer Protocol
T1078 - Valid Accounts
  • 3 Rules
Risk of Attrition account-deleted
cef-juniper-account-deleted

authentication-failed
raw-juniper-nwc-vpn-authfailed
cef-juniper-vpn-authfailed

authentication-successful
s-juniper-vpn-realm
syslog-juniper-vpn-realm
raw-juniper-nwc-vpn-authsuccess
raw-juniper-nwc-vpn-authsuccess-1

failed-vpn-login
raw-juniper-nwc-vpn-hostfailed
n-forwarded-juniper-failed-vpn-login
raw-juniper-failed-vpn-login
syslog-juniper-vpn-login-failed

vpn-login
syslog-juniper-vpn-connect
n-forwarded-juniper-vpn-login
s-juniper-nwc-vpn-resume
n-forwarded-juniper-vpn-realm-1
raw-juniper-nwc-vpn-start
cef-juniper-vpn-resume
cef-juniper-vpn-login
raw-juniper-nwc-vpn-resume
s-juniper-vpn-start
syslog-pulsesecure-vpn-connect
raw-vpn-start
juniper-access-control
n-forwarded-juniper-vpn-login-2
n-forwarded-juniper-vpn-realm
n-forwarded-cef-juniper-vpn-start
n-forwarded-juniper-vpn-login-3
syslog-juniper-vpn-realm-1
juniper-nwc-vpn-start
n-forwarded-cef-juniper-vpn-start-2
n-forwarded-juniper-vpn-open
raw-juniper-nwc-vpn-connected

vpn-logout
n-forwarded-cef-juniper-vpn-end-2
cef-juniper-vpn-relogin
s-juniper-vpn-timeout
juniper-nwc-vpn-end
raw-juniper-nwc-vpn-end
n-forwarded-cef-juniper-vpn-timeout
n-forwarded-cef-juniper-vpn-end
cef-juniper-vpn-end-1
cef-juniper-vpn-end
cef-juniper-vpn-timeout
cef-juniper-vpn-close-1
syslog-juniper-vpn-relogin
n-forwarded-juniper-vpn-close
raw-vpn-end
n-forwarded-juniper-vpn-logout
raw-juniper-nwc-vpn-terminated
s-juniper-vpn-end
cef-juniper-vpn-timeout-1
cef-juniper-vpn-logout
raw-vpn-timeout
juniper-vpn-close
cef-juniper-vpn-close

web-activity-allowed
juniper-web-activity-3
cef-juniper-proxy
juniper-web-activity-1
juniper-web-activity-2
 T1071.001 - Application Layer Protocol: Web Protocols
  • 3 Rules
  • 2 Models

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

External Remote Services

Valid Accounts

Phishing

 External Remote Services

Valid Accounts

Account Manipulation

Account Manipulation: Exchange Email Delegate Permissions

 Valid Accounts

 Valid Accounts

Use Alternate Authentication Material

Use Alternate Authentication Material: Pass the Hash

 OS Credential Dumping

Brute Force

Steal or Forge Kerberos Tickets

Steal or Forge Kerberos Tickets: Kerberoasting

 Use Alternate Authentication Material

 Web Service

Application Layer Protocol: Web Protocols

Dynamic Resolution

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol

Exfiltration Over Physical Medium: Exfiltration over USB

Data Transfer Size Limits

Exfiltration Over Physical Medium

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking