ds_imperva_imperva_securesphere.md

Vendor: Imperva

Product: Imperva SecureSphere

Rules	Models	MITRE TTPs	Event Types	Parsers
128	57	13	10	10

Use-Case	Event Types/Parsers	MITRE TTP	Content
Abnormal Authentication & Access	app-login ↳securesphere-db-login-2 ↳cef-securesphere-db-login ↳cef-syslog-securesphere-db-login ↳q-leef-securesphere-db-login ↳s-securesphere-db-login ↳securesphere-db-login ↳s-securesphere-db-login-1 ↳cef-securesphere-app-login-failed database-alert ↳cef-securesphere-db-alert database-delete ↳s-securesphere-db-alert ↳securesphere-db-alert ↳leef-securesphere-db-alert-1 ↳cef-syslog-securesphere-db-alert ↳securesphere-db-alert-2 ↳leef-securesphere-db-alert ↳cef-securesphere-db-alert-1 ↳cef-securesphere-db-alert database-failed-login ↳securesphere-db-json ↳securesphere-db-cuseqsv database-login ↳cef-securesphere-db-failed-login ↳securesphere-db-failed-login ↳securesphere-db-failed-login-1 ↳securesphere-db-failed-login-2 ↳securesphere-db-failed-login-3 ↳s-securesphere-db-login-1 database-query ↳securesphere-db-json ↳securesphere-db-cuseqsv ↳cef-securesphere-app-login ↳cef-securesphere-database-operations database-update ↳cef-securesphere-database-operations network-alert ↳q-leef-securesphere-db-query ↳cef-securesphere-db-query-2 ↳s-securesphere-db-query ↳securesphere-db-query ↳securesphere-db-query-2 ↳cef-securesphere-db-query ↳cef-syslog-securesphere-db-query ↳cef-securesphere-db-query-1 ↳cef-securesphere-database-operations print-activity ↳cef-securesphere-database-operations security-alert ↳securesphere-alert ↳securesphere-alert-1	T1078 - Valid Accounts T1110 - Brute Force T1133 - External Remote Services	26 Rules 12 Models
Compromised Credentials	app-login ↳securesphere-db-login-2 ↳cef-securesphere-db-login ↳cef-syslog-securesphere-db-login ↳q-leef-securesphere-db-login ↳s-securesphere-db-login ↳securesphere-db-login ↳s-securesphere-db-login-1 ↳cef-securesphere-app-login-failed database-alert ↳cef-securesphere-db-alert database-delete ↳s-securesphere-db-alert ↳securesphere-db-alert ↳leef-securesphere-db-alert-1 ↳cef-syslog-securesphere-db-alert ↳securesphere-db-alert-2 ↳leef-securesphere-db-alert ↳cef-securesphere-db-alert-1 ↳cef-securesphere-db-alert database-failed-login ↳securesphere-db-json ↳securesphere-db-cuseqsv database-login ↳cef-securesphere-db-failed-login ↳securesphere-db-failed-login ↳securesphere-db-failed-login-1 ↳securesphere-db-failed-login-2 ↳securesphere-db-failed-login-3 ↳s-securesphere-db-login-1 database-query ↳securesphere-db-json ↳securesphere-db-cuseqsv ↳cef-securesphere-app-login ↳cef-securesphere-database-operations database-update ↳cef-securesphere-database-operations network-alert ↳q-leef-securesphere-db-query ↳cef-securesphere-db-query-2 ↳s-securesphere-db-query ↳securesphere-db-query ↳securesphere-db-query-2 ↳cef-securesphere-db-query ↳cef-syslog-securesphere-db-query ↳cef-securesphere-db-query-1 ↳cef-securesphere-database-operations print-activity ↳cef-securesphere-database-operations security-alert ↳securesphere-alert ↳securesphere-alert-1	T1020 - Automated Exfiltration T1027.005 - Obfuscated Files or Information: Indicator Removal from Tools T1071 - Application Layer Protocol T1078 - Valid Accounts T1133 - External Remote Services T1213 - Data from Information Repositories	82 Rules 39 Models
Next Page -->>

ATT&CK Matrix for Enterprise

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
External Remote Services Valid Accounts	User Execution	External Remote Services Valid Accounts	Valid Accounts Exploitation for Privilege Escalation	Obfuscated Files or Information: Indicator Removal from Tools Valid Accounts Obfuscated Files or Information	Brute Force	Account Discovery	Remote Services Remote Services: SMB/Windows Admin Shares	Data from Information Repositories	Proxy: Multi-hop Proxy Application Layer Protocol Proxy	Exfiltration Over Physical Medium Automated Exfiltration