Vendor: Cisco

Product: Proxy Umbrella

Rules	Models	MITRE TTPs	Event Types	Parsers
135	53	18	3	3

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal Authentication & Access	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	36 Rules 20 Models
Account Manipulation	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Compromised Credentials	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1020 - Automated Exfiltration T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1102 - Web Service T1133 - External Remote Services T1189 - Drive-by Compromise T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	53 Rules 26 Models
Cryptomining	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols T1496 - Resource Hijacking	3 Rules
Data Access	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1078 - Valid Accounts	14 Rules 9 Models
Data Exfiltration	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1030 - Data Transfer Size Limits T1071.001 - Application Layer Protocol: Web Protocols T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage T1568 - Dynamic Resolution	6 Rules 2 Models
Data Leak	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1030 - Data Transfer Size Limits T1048 - Exfiltration Over Alternative Protocol T1052 - Exfiltration Over Physical Medium T1071.001 - Application Layer Protocol: Web Protocols T1114.003 - Email Collection: Email Forwarding Rule T1567.002 - Exfiltration Over Web Service: Exfiltration to Cloud Storage	12 Rules 5 Models
Evasion	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols T1090.003 - Proxy: Multi-hop Proxy	7 Rules 1 Models
Malware	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1090.003 - Proxy: Multi-hop Proxy T1189 - Drive-by Compromise T1204.001 - T1204.001 T1566.002 - Phishing: Spearphishing Link T1568.002 - Dynamic Resolution: Domain Generation Algorithms	29 Rules 8 Models
Phishing	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols T1566.002 - Phishing: Spearphishing Link	3 Rules
Privilege Abuse	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1078 - Valid Accounts T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	6 Rules 2 Models
Privilege Escalation	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1098.002 - Account Manipulation: Exchange Email Delegate Permissions	3 Rules 1 Models
Privileged Activity	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts T1098.002 - Account Manipulation: Exchange Email Delegate Permissions T1102 - Web Service	4 Rules
Ransomware	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071 - Application Layer Protocol T1071.001 - Application Layer Protocol: Web Protocols T1078 - Valid Accounts	3 Rules
Workforce Protection	app-activity ↳cisco-umbrella-proxy print-activity ↳cisco-umbrella-network-connection web-activity-allowed ↳cisco-umbrella-proxy	T1071.001 - Application Layer Protocol: Web Protocols	5 Rules 2 Models

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Phishing: Spearphishing Link External Remote Services Valid Accounts Drive-by Compromise Phishing	User Execution	External Remote Services Valid Accounts Account Manipulation Account Manipulation: Exchange Email Delegate Permissions	Valid Accounts	Valid Accounts	Brute Force			Email Collection Email Collection: Email Forwarding Rule	Web Service Application Layer Protocol: Web Protocols Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Alternative Protocol Data Transfer Size Limits Exfiltration Over Physical Medium Automated Exfiltration Exfiltration Over Web Service: Exfiltration to Cloud Storage Exfiltration Over Web Service	Resource Hijacking

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ds_cisco_proxy_umbrella.md

ds_cisco_proxy_umbrella.md

Vendor: Cisco

Product: Proxy Umbrella

ATT&CK Matrix for Enterprise

Files

ds_cisco_proxy_umbrella.md

Latest commit

History

ds_cisco_proxy_umbrella.md

File metadata and controls

Vendor: Cisco

Product: Proxy Umbrella

ATT&CK Matrix for Enterprise