T1562 Impair Defenses Mappings

Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators.

Adversaries could also target event aggregation and analysis mechanisms, or otherwise disrupt these procedures by altering other system components.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
resourcemanager ResourceManager technique_scores T1562 Impair Defenses
identityplatform IdentityPlatform technique_scores T1562 Impair Defenses
security_command_center Security Command Center technique_scores T1562 Impair Defenses
policy_intelligence Policy Intelligence technique_scores T1562 Impair Defenses

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1562.008 Disable Cloud Logs 4
T1562.002 Disable Windows Event Logging 1
T1562.007 Disable or Modify Cloud Firewall 3
T1562.004 Disable or Modify System Firewall 1
T1562.001 Disable or Modify Tools 1