forked from splunk/security_content
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdata_exfiltration.yml
More file actions
23 lines (23 loc) · 888 Bytes
/
data_exfiltration.yml
File metadata and controls
23 lines (23 loc) · 888 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
name: Data Exfiltration
id: 66b0fe0c-1351-11eb-adc1-0242ac120002
version: 1
date: '2020-10-21'
author: Shannon Davis, Splunk
description: The stealing of data by an adversary.
narrative: Exfiltration comes in many flavors. Adversaries can collect data over
encrypted or non-encrypted channels. They can utilise Command and Control channels
that are already in place to exfiltrate data. They can use both standard data transfer
protocols such as FTP, SCP, etc to exfiltrate data. Or they can use non-standard
protocols such as DNS, ICMP, etc with specially crafted fields to try and circumvent
security technologies in place.
references:
- https://attack.mitre.org/tactics/TA0010/
tags:
analytic_story: Data Exfiltration
category:
- Adversary Tactics
product:
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk Cloud
usecase: Advanced Threat Detection