Product | Event Types | MITRE TTP | Content |
---|---|---|---|
APC |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
AWS Bastion |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Axway SFTP |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Barracuda Firewall |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
BeyondTrust |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
BeyondTrust PasswordSafe |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
BeyondTrust Privilege Management |
|
T1078 - Valid Accounts |
|
BeyondTrust Privileged Identity |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
CA Privileged Access Manager Server Control |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
CDS |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Cato Cloud |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Centrify Authentication Service |
|
T1078 - Valid Accounts |
|
Centrify Zero Trust Privilege Services |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Check Point Identity Awareness |
|
T1003 - OS Credential Dumping |
|
Check Point NGFW |
|
T1078 - Valid Accounts |
|
Check Point Security Gateway |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
AnyConnect |
|
T1003 - OS Credential Dumping |
|
Cisco Adaptive Security Appliance |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
Cisco ISE |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
Cisco Meraki MX appliances |
|
T1003 - OS Credential Dumping |
|
Cisco Umbrella |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Citrix Endpoint Management |
|
T1078 - Valid Accounts |
|
Citrix Netscaler |
|
T1003 - OS Credential Dumping |
|
Citrix Netscaler VPN |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
Citrix XenApp |
|
T1078 - Valid Accounts |
|
Citrix XenDesktop |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Falcon |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
CyberArk Vault |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Privileged Session Manager |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Dell EMC Isilon |
|
T1078 - Valid Accounts |
|
One Identity Manager |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
SonicWALL Aventail |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Digital Guardian Endpoint Protection |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
DTEX InTERCEPT |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
F5 BIG-IP |
|
T1078 - Valid Accounts |
|
F5 BIG-IP Access Policy Manager (APM) |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Fortinet VPN |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
HP |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Powertech Identity Access Manager (BoKs) |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
IBM DB2 |
|
T1078 - Valid Accounts |
|
IBM Sterling B2B Integrator |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Infoblox |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Juniper SRX |
|
T1003 - OS Credential Dumping |
|
Juniper VPN |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Kemp LoadMaster |
|
T1078 - Valid Accounts |
|
Load Balancer |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
LanScope Cat |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
SSH |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
RemotelyAnywhere |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
McAfee Endpoint Security |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Microsoft Office 365 |
|
T1078 - Valid Accounts |
|
Microsoft Windows |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Web Application Proxy |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
NCP |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
NetMotion Wireless |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Nortel Contivity VPN |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
ObserveIT |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
GlobalProtect |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
NGFW |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Password Manager Pro |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Change Auditor |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
SecurID |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
SAP |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
SSL Open VPN |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
SecureNet |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Sonicwall |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Sophos Endpoint Protection |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Symantec Critical System Protection |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Thycotic Secret Server |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Unix |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Unix Auditd |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Unix Privilege Management |
|
T1003 - OS Credential Dumping T1078 - Valid Accounts T1098 - Account Manipulation |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
VMware Carbon Black App Control |
|
T1078 - Valid Accounts |
|
VMware ESXi |
|
T1078 - Valid Accounts |
|
VMware Horizon |
|
T1078 - Valid Accounts |
|
VMware VCenter |
|
T1078 - Valid Accounts |
|
VMware View |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Vectra Cognito Stream |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Zeek Network Security Monitor |
|
T1078 - Valid Accounts |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
Zscaler Private Access |
|
T1003 - OS Credential Dumping |
|
Product | Event Types | MITRE TTP | Content |
---|---|---|---|
xsuite |
|
T1078 - Valid Accounts |
|