|
Cisco Secure Firewall - Bits Network Activity
|
Cisco Secure Firewall Threat Defense Connection Event
|
N/A
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2025-05-02
|
|
Detect IPv6 Network Infrastructure Threats
|
|
Hardware Additions
Network Denial of Service
ARP Cache Poisoning
|
TTP
|
Router and Infrastructure Security
|
2025-05-02
|
|
Detect Large ICMP Traffic
|
Palo Alto Network Traffic
|
Non-Application Layer Protocol
|
TTP
|
Backdoor Pingpong, China-Nexus Threat Activity, Command And Control
|
2025-05-02
|
|
Detect Outbound LDAP Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Palo Alto Network Traffic
|
Exploit Public-Facing Application
Command and Scripting Interpreter
|
Hunting
|
Cisco Secure Firewall Threat Defense Analytics, Log4Shell CVE-2021-44228
|
2025-05-22
|
|
Detect Remote Access Software Usage Traffic
|
Palo Alto Network Traffic
|
Remote Access Tools
|
Anomaly
|
Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software
|
2025-05-30
|
|
Detect Software Download To Network Device
|
|
TFTP Boot
|
TTP
|
Router and Infrastructure Security
|
2025-05-02
|
|
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CISA AA24-241A, F5 BIG-IP Vulnerability CVE-2022-1388
|
2025-05-02
|
|
Hosts receiving high volume of network traffic from email server
|
|
Remote Email Collection
|
Anomaly
|
Collection and Staging
|
2025-05-02
|
|
Prohibited Network Traffic Allowed
|
Cisco Secure Firewall Threat Defense Connection Event
|
Exfiltration Over Alternative Protocol
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Command And Control, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2025-06-17
|
|
Remote Desktop Network Traffic
|
Zeek Conn
|
Remote Desktop Protocol
|
Anomaly
|
Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware
|
2025-05-02
|
|
TOR Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Palo Alto Network Traffic
|
Multi-hop Proxy
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Command And Control, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2025-05-27
|
|
Citrix ADC Exploitation CVE-2023-3519
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
|
Hunting
|
CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519
|
2025-05-02
|
|
Confluence Unauthenticated Remote Code Execution CVE-2022-26134
|
Palo Alto Network Threat
|
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities
|
2025-05-02
|
|
Detect Remote Access Software Usage URL
|
Palo Alto Network Threat
|
Remote Access Tools
|
Anomaly
|
CISA AA24-241A, Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software
|
2025-05-02
|
|
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Fortinet FortiNAC CVE-2022-39952
|
2025-05-02
|
|
Fortinet Appliance Auth bypass
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CVE-2022-40684 Fortinet Appliance Auth bypass
|
2025-05-02
|
|
Juniper Networks Remote Code Execution Exploit Detection
|
Suricata
|
Exploit Public-Facing Application
Ingress Tool Transfer
Command and Scripting Interpreter
|
TTP
|
Juniper JunOS Remote Code Execution
|
2025-05-02
|
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
External Remote Services
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Privilege Escalation
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2025-05-02
|
|
VMware Server Side Template Injection Hunt
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Hunting
|
VMware Server Side Injection and Privilege Escalation
|
2025-05-02
|
|
VMware Workspace ONE Freemarker Server-side Template Injection
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
VMware Server Side Injection and Privilege Escalation
|
2025-05-02
|