Skip to content

Latest commit

 

History

History
19 lines (17 loc) · 12.2 KB

ds_zscaler_zscaler_internet_access.md

File metadata and controls

19 lines (17 loc) · 12.2 KB
Raw

Vendor: Zscaler

Product: Zscaler Internet Access

Rules Models MITRE TTPs Event Types Parsers
169 62 22 7 7
Use-Case Event Types/Parsers MITRE TTP Content
Abnormal Authentication & Access database-update
zscaler-firewall

dlp-alert
s-zscaler-web-activity
s-zscaler-web-activity-2
s-zscaler-web-activity-3
cef-zscaler-web-activity
s-zscaler-web-activity-1
s-zscaler-web-activity-4
s-zscaler-web-activity-5
zscaler-proxy
q-zscaler-web-activity

image-loaded
zscaler-network-connection-1
zscaler-network-connection

network-connection-failed
zscaler-activity
zscaler-firewall

network-connection-successful
zscaler-status
zscaler-network-connection-1
zscaler-network-connection

web-activity-allowed
s-zscaler-web-activity
s-zscaler-web-activity-2
s-zscaler-web-activity-3
cef-zscaler-web-activity
s-zscaler-web-activity-1
s-zscaler-web-activity-4
s-zscaler-web-activity-5
zscaler-proxy
q-zscaler-web-activity

web-activity-denied
s-zscaler-dlp-alert
zscaler-dlp-alert-1
 T1071.001 - Application Layer Protocol: Web Protocols
  • 6 Rules
  • 6 Models
Compromised Credentials database-update
zscaler-firewall

dlp-alert
s-zscaler-web-activity
s-zscaler-web-activity-2
s-zscaler-web-activity-3
cef-zscaler-web-activity
s-zscaler-web-activity-1
s-zscaler-web-activity-4
s-zscaler-web-activity-5
zscaler-proxy
q-zscaler-web-activity

image-loaded
zscaler-network-connection-1
zscaler-network-connection

network-connection-failed
zscaler-activity
zscaler-firewall

network-connection-successful
zscaler-status
zscaler-network-connection-1
zscaler-network-connection

web-activity-allowed
s-zscaler-web-activity
s-zscaler-web-activity-2
s-zscaler-web-activity-3
cef-zscaler-web-activity
s-zscaler-web-activity-1
s-zscaler-web-activity-4
s-zscaler-web-activity-5
zscaler-proxy
q-zscaler-web-activity

web-activity-denied
s-zscaler-dlp-alert
zscaler-dlp-alert-1
 T1071.001 - Application Layer Protocol: Web Protocols
T1102 - Web Service
T1189 - Drive-by Compromise
T1204.001 - T1204.001
T1566.002 - Phishing: Spearphishing Link
T1568.002 - Dynamic Resolution: Domain Generation Algorithms
  • 41 Rules
  • 15 Models
Next Page -->>

ATT&CK Matrix for Enterprise

Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact
Phishing: Spearphishing Link

Drive-by Compromise

Exploit Public Fasing Application

Phishing

 Windows Management Instrumentation

Scheduled Task/Job

User Execution

 Scheduled Task/Job

Traffic Signaling

 Scheduled Task/Job

 Traffic Signaling

 Account Discovery

 Exploitation of Remote Services

Remote Services

Remote Services: SMB/Windows Admin Shares

 Web Service

Non-Standard Port

Application Layer Protocol: Web Protocols

Dynamic Resolution

Traffic Signaling

Dynamic Resolution: Domain Generation Algorithms

Proxy: Multi-hop Proxy

Proxy: External Proxy

Application Layer Protocol

Proxy

 Exfiltration Over Alternative Protocol

Data Transfer Size Limits

Automated Exfiltration

Exfiltration Over Web Service: Exfiltration to Cloud Storage

Exfiltration Over Web Service

 Resource Hijacking