Benchmark: TA0010 Exfiltration

Overview

The adversary is trying to steal data.

Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-github-audit-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0010 Exfiltration.

Run this benchmark in your terminal:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0010

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run github_audit_log_detections.benchmark.mitre_attack_v161_ta0010 --share

Benchmarks

T1484 Domain or Tenant Policy Modification

Benchmark: TA0010 Exfiltration

Overview

Usage

Benchmarks

Tags