01_Introduction
02_Unified Cyber Defense Platform
03_The Stack
04_Features and capabilities
05_Operations
06_Architecture
- Architecture - Version 3
- Architecture - Version 4
07_Integration
- Cisco pxGrid Integration
- Threat Intel Sources
08_Use cases
- SIGMA Rules
  SIGMA Detection Attributes
  Understanding SIGMA Rule
  Creating SIGMA Rule
09_CaseHub
10_Active-Defense-Services
- Services (ADS - LIADS)
  Network Services
  Database Services
  Web-Apps
- Tokens (ADS - Tokens)
11_Data-Pipeline-Manager (DPM)
- Basic Concepts
- Getting Started
12_Deployment / Log Forwarding
13_MITRE ATT&CK
- MITRE ATT&CK Coverage by Tactic
- MITRE ATT&CK Coverage by Technique
14_BluArmour Endpoint Protection
- BluArmour For ICS / AirGapped Networks
15_BluGenie
16_Best Practices
17_Threat Hunt
18_Taxonomy
19_Product Videos
Appendix A

Powered by GitBook

On this page

Categories

This page lists all the categories used by BluSapphire.

Previous18_Taxonomy NextWeb Security Gateway

Last updated 2 months ago

Category

Description

Examples

Active Defence System (Deception)

Any deception tool

ams

Asset Management System

Tanium, BMS

Authorization/ 2FA, MFA

Cisco DUO, RSA

casb

Cloud Access Security Broker

TBD

Amazon Web Services

cloudtrail, cloudwatch

Microsoft Azure

MCAS, O365

cloud-gcp

Google Cloud Platform

gmail, gcs

container

Containers

Docker, Kubernates

db

Database

Oracle, SQL, MySQL, Postgres

dhcp

DHCP Servers

All DHCP Servers

dlp

Data Leakage Prevention

ForceScout, Symantec

dns

DNS Servers

All DNS Servers

ds

Directory Services

AD, LDAP, OpenLDAP

edr

Endpoint Detection

Carbon Black

epp

Endpoint Protection

Cisco AMP, Symantec, Crowdstrike, BluArmour, Sophos

erp

ERP

SAP

flow

Flow

Netflow, Sflow, IPFIX

fw

Firewall

Egle

ics

Industrial Control Systems

Scada

idam

Identity and Access Management

IBM Idam, Microsoft Idam, Oracle Im(oim)

iot

Internet of Things

ips

IDS/IPS

Snort, Firepower, Suricata

kerberos

Kerberos

Any Kerberos logs

lb

Load Balancer

F5, Nginx, Netscaler, Voltera, HA Proxy

linux-audit

Audit Logs

Auditd

linux-ssh

SSH Logs

SSH

linux-syslog

Linux Syslog

Any other syslog from Linux.

nac

Network Access Control

ISE, OpenNAC, ForceScout

nbad

Network Behavior Anomaly Detection

DarkTrace, Zeek, Damballa

network

Router, Switches

Any Routers any Switches

ngfw

Next-Gen Firewalls / UTMs

Sophos, Fortinet, ASA, Paloalto, Fireeye, Checkpoint

proxy-dns

DNS Proxy

Cisco Umbrella

proxy-mail

Mail Proxy

Cisco Ironport, Mimecast, Proofpoint

proxy-web

Web Proxy

Cisco Ironport, Zscaler and other proxy logs

ra

Remote Access

vpn, Netscaler, Microsoft VPN, Cisco VPN

rms

Risk Management System

Rapid7, ClearWater, Reciprocity

sftp

SFTP

Any FTP / SFTP Servers

th

Threat Hunt

Squirrel, BluGenie

ti

Threat Intel

TBD

virtual

Virtualization Hosts

Esx, Hypervisor, Nutanix

vms

Vulnerability Management System

Nessus, Nexpose, Qualys, OpenVAS

webserver

Application/Webserver

Tomcat, Apache, Weblogic, Websphere

windows

Microsoft Windows Logs

Application, Security, Powershell, System, WMI, Sysmon, ETW

wireless

Wireless Controllers

Wireless Controllers