Vendor: Zscaler Product: Zscaler Internet Access Rules Models MITRE TTPs Event Types Parsers 169 62 22 7 7 Use-Case Event Types/Parsers MITRE TTP Content Abnormal Authentication & Access database-update ↳zscaler-firewall dlp-alert ↳s-zscaler-web-activity ↳s-zscaler-web-activity-2 ↳s-zscaler-web-activity-3 ↳cef-zscaler-web-activity ↳s-zscaler-web-activity-1 ↳s-zscaler-web-activity-4 ↳s-zscaler-web-activity-5 ↳zscaler-proxy ↳q-zscaler-web-activity image-loaded ↳zscaler-network-connection-1 ↳zscaler-network-connection network-connection-failed ↳zscaler-activity ↳zscaler-firewall network-connection-successful ↳zscaler-status ↳zscaler-network-connection-1 ↳zscaler-network-connection web-activity-allowed ↳s-zscaler-web-activity ↳s-zscaler-web-activity-2 ↳s-zscaler-web-activity-3 ↳cef-zscaler-web-activity ↳s-zscaler-web-activity-1 ↳s-zscaler-web-activity-4 ↳s-zscaler-web-activity-5 ↳zscaler-proxy ↳q-zscaler-web-activity web-activity-denied ↳s-zscaler-dlp-alert ↳zscaler-dlp-alert-1 T1071.001 - Application Layer Protocol: Web Protocols 6 Rules6 Models Compromised Credentials database-update ↳zscaler-firewall dlp-alert ↳s-zscaler-web-activity ↳s-zscaler-web-activity-2 ↳s-zscaler-web-activity-3 ↳cef-zscaler-web-activity ↳s-zscaler-web-activity-1 ↳s-zscaler-web-activity-4 ↳s-zscaler-web-activity-5 ↳zscaler-proxy ↳q-zscaler-web-activity image-loaded ↳zscaler-network-connection-1 ↳zscaler-network-connection network-connection-failed ↳zscaler-activity ↳zscaler-firewall network-connection-successful ↳zscaler-status ↳zscaler-network-connection-1 ↳zscaler-network-connection web-activity-allowed ↳s-zscaler-web-activity ↳s-zscaler-web-activity-2 ↳s-zscaler-web-activity-3 ↳cef-zscaler-web-activity ↳s-zscaler-web-activity-1 ↳s-zscaler-web-activity-4 ↳s-zscaler-web-activity-5 ↳zscaler-proxy ↳q-zscaler-web-activity web-activity-denied ↳s-zscaler-dlp-alert ↳zscaler-dlp-alert-1 T1071.001 - Application Layer Protocol: Web ProtocolsT1102 - Web ServiceT1189 - Drive-by CompromiseT1204.001 - T1204.001T1566.002 - Phishing: Spearphishing LinkT1568.002 - Dynamic Resolution: Domain Generation Algorithms 41 Rules15 Models Next Page -->> ATT&CK Matrix for Enterprise Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact Phishing: Spearphishing LinkDrive-by CompromiseExploit Public Fasing ApplicationPhishing Windows Management InstrumentationScheduled Task/JobUser Execution Scheduled Task/JobTraffic Signaling Scheduled Task/Job Traffic Signaling Account Discovery Exploitation of Remote ServicesRemote ServicesRemote Services: SMB/Windows Admin Shares Web ServiceNon-Standard PortApplication Layer Protocol: Web ProtocolsDynamic ResolutionTraffic SignalingDynamic Resolution: Domain Generation AlgorithmsProxy: Multi-hop ProxyProxy: External ProxyApplication Layer ProtocolProxy Exfiltration Over Alternative ProtocolData Transfer Size LimitsAutomated ExfiltrationExfiltration Over Web Service: Exfiltration to Cloud StorageExfiltration Over Web Service Resource Hijacking