|
Cisco Duo Policy Allow Network Bypass 2FA
|
Cisco Duo Administrator
|
Modify Authentication Process
|
TTP
|
Cisco Duo Suspicious Activity
|
2025-07-09
|
|
Cisco NVM - Curl Execution With Insecure Flags
|
Cisco Network Visibility Module Flow Data
|
BITS Jobs
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco NVM - Installation of Typosquatted Python Package
|
Cisco Network Visibility Module Flow Data
|
Command and Scripting Interpreter
|
TTP
|
Cisco Network Visibility Module Analytics
|
2025-07-03
|
|
Cisco NVM - MSHTML or MSHTA Network Execution Without URL in CLI
|
Cisco Network Visibility Module Flow Data
|
Mshta
Visual Basic
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-03
|
|
Cisco NVM - Non-Network Binary Making Network Connection
|
Cisco Network Visibility Module Flow Data
|
Process Injection
Masquerading
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco NVM - Outbound Connection to Suspicious Port
|
Cisco Network Visibility Module Flow Data
|
Non-Standard Port
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco NVM - Rclone Execution With Network Activity
|
Cisco Network Visibility Module Flow Data
|
Exfiltration to Cloud Storage
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-03
|
|
Cisco NVM - Rundll32 Abuse of MSHTML.DLL for Payload Download
|
Cisco Network Visibility Module Flow Data
|
Mshta
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-03
|
|
Cisco NVM - Susp Script From Archive Triggering Network Activity
|
Cisco Network Visibility Module Flow Data
|
Visual Basic
Malicious File
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco NVM - Suspicious Download From File Sharing Website
|
Cisco Network Visibility Module Flow Data
|
BITS Jobs
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco NVM - Suspicious File Download via Headless Browser
|
Cisco Network Visibility Module Flow Data
|
Ingress Tool Transfer
Command and Scripting Interpreter
|
TTP
|
Cisco Network Visibility Module Analytics
|
2025-07-02
|
|
Cisco NVM - Suspicious Network Connection From Process With No Args
|
Cisco Network Visibility Module Flow Data
|
Process Injection
System Binary Proxy Execution
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-02
|
|
Cisco NVM - Suspicious Network Connection Initiated via MsXsl
|
Cisco Network Visibility Module Flow Data
|
XSL Script Processing
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-03
|
|
Cisco NVM - Suspicious Network Connection to IP Lookup Service API
|
Cisco Network Visibility Module Flow Data
|
IP Addresses
System Network Configuration Discovery
|
Anomaly
|
Cisco Network Visibility Module Analytics
|
2025-07-21
|
|
Cisco NVM - Webserver Download From File Sharing Website
|
Cisco Network Visibility Module Flow Data
|
Ingress Tool Transfer
Exploit Public-Facing Application
|
TTP
|
Cisco Network Visibility Module Analytics
|
2025-07-01
|
|
Cisco Secure Firewall - Bits Network Activity
|
Cisco Secure Firewall Threat Defense Connection Event
|
N/A
|
Anomaly
|
Cisco Secure Firewall Threat Defense Analytics
|
2025-07-10
|
|
Detect IPv6 Network Infrastructure Threats
|
|
Hardware Additions
Network Denial of Service
ARP Cache Poisoning
|
TTP
|
Router and Infrastructure Security
|
2025-05-02
|
|
Detect Large ICMP Traffic
|
Palo Alto Network Traffic
|
Non-Application Layer Protocol
|
TTP
|
Backdoor Pingpong, China-Nexus Threat Activity, Command And Control
|
2025-05-02
|
|
Detect Outbound LDAP Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Palo Alto Network Traffic
|
Exploit Public-Facing Application
Command and Scripting Interpreter
|
Hunting
|
Cisco Secure Firewall Threat Defense Analytics, Log4Shell CVE-2021-44228
|
2025-05-22
|
|
Detect Remote Access Software Usage Traffic
|
Palo Alto Network Traffic
|
Remote Access Tools
|
Anomaly
|
Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software
|
2025-05-30
|
|
Detect Software Download To Network Device
|
|
TFTP Boot
|
TTP
|
Router and Infrastructure Security
|
2025-05-02
|
|
F5 BIG-IP iControl REST Vulnerability CVE-2022-1388
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CISA AA24-241A, F5 BIG-IP Vulnerability CVE-2022-1388
|
2025-05-02
|
|
Hosts receiving high volume of network traffic from email server
|
|
Remote Email Collection
|
Anomaly
|
Collection and Staging
|
2025-05-02
|
|
Prohibited Network Traffic Allowed
|
Cisco Secure Firewall Threat Defense Connection Event
|
Exfiltration Over Alternative Protocol
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Command And Control, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2025-06-17
|
|
Remote Desktop Network Traffic
|
Zeek Conn
|
Remote Desktop Protocol
|
Anomaly
|
Active Directory Lateral Movement, Hidden Cobra Malware, Ryuk Ransomware, SamSam Ransomware
|
2025-05-02
|
|
TOR Traffic
|
Cisco Secure Firewall Threat Defense Connection Event, Palo Alto Network Traffic
|
Multi-hop Proxy
|
TTP
|
Cisco Secure Firewall Threat Defense Analytics, Command And Control, NOBELIUM Group, Prohibited Traffic Allowed or Protocol Mismatch, Ransomware
|
2025-05-27
|
|
Citrix ADC Exploitation CVE-2023-3519
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
|
Hunting
|
CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519
|
2025-05-02
|
|
Confluence Unauthenticated Remote Code Execution CVE-2022-26134
|
Palo Alto Network Threat
|
Server Software Component
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Atlassian Confluence Server and Data Center CVE-2022-26134, Confluence Data Center and Confluence Server Vulnerabilities
|
2025-05-02
|
|
Detect Remote Access Software Usage URL
|
Palo Alto Network Threat
|
Remote Access Tools
|
Anomaly
|
CISA AA24-241A, Command And Control, Insider Threat, Ransomware, Remote Monitoring and Management Software
|
2025-05-02
|
|
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
Fortinet FortiNAC CVE-2022-39952
|
2025-05-02
|
|
Fortinet Appliance Auth bypass
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
TTP
|
CVE-2022-40684 Fortinet Appliance Auth bypass
|
2025-05-02
|
|
Juniper Networks Remote Code Execution Exploit Detection
|
Suricata
|
Exploit Public-Facing Application
Ingress Tool Transfer
Command and Scripting Interpreter
|
TTP
|
Juniper JunOS Remote Code Execution
|
2025-05-02
|
|
VMWare Aria Operations Exploit Attempt
|
Palo Alto Network Threat
|
External Remote Services
Exploit Public-Facing Application
Exploitation of Remote Services
Exploitation for Privilege Escalation
|
TTP
|
VMware Aria Operations vRealize CVE-2023-20887
|
2025-05-02
|
|
VMware Server Side Template Injection Hunt
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Hunting
|
VMware Server Side Injection and Privilege Escalation
|
2025-05-02
|
|
VMware Workspace ONE Freemarker Server-side Template Injection
|
Palo Alto Network Threat
|
Exploit Public-Facing Application
External Remote Services
|
Anomaly
|
VMware Server Side Injection and Privilege Escalation
|
2025-05-02
|
