Vendor: Cisco

Product: Cisco Secure Web Appliance

Rules	Models	MITRE TTPs	Event Types	Parsers
81	25	11	2	2

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal Authentication & Access	web-activity-allowed ↳syslog-cisco-wsa-web-activity ↳cisco-w3c-proxy ↳elk-cisco-wsa-web-activity ↳cisco-wsa-squid-proxy ↳q-wsa-proxy ↳cisco-wsa-web-activity web-activity-denied ↳syslog-cisco-wsa-web-activity ↳cisco-w3c-proxy ↳elk-cisco-wsa-web-activity ↳cisco-wsa-squid-proxy ↳q-wsa-proxy ↳cisco-wsa-web-activity	T1071.001 - Application Layer Protocol: Web Protocols	6 Rules 6 Models
Compromised Credentials	web-activity-allowed ↳syslog-cisco-wsa-web-activity ↳cisco-w3c-proxy ↳elk-cisco-wsa-web-activity ↳cisco-wsa-squid-proxy ↳q-wsa-proxy ↳cisco-wsa-web-activity web-activity-denied ↳syslog-cisco-wsa-web-activity ↳cisco-w3c-proxy ↳elk-cisco-wsa-web-activity ↳cisco-wsa-squid-proxy ↳q-wsa-proxy ↳cisco-wsa-web-activity	T1071.001 - Application Layer Protocol: Web Protocols T1102 - Web Service T1189 - Drive-by Compromise T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	41 Rules 15 Models
Next Page -->>

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link Drive-by Compromise Phishing	User Execution								Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Data Transfer Size Limits Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking