Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.
Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems as well.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-4 | Information Flow Enforcement | Protects | T1046 | Network Service Scanning |
| CA-7 | Continuous Monitoring | Protects | T1046 | Network Service Scanning |
| CM-2 | Baseline Configuration | Protects | T1046 | Network Service Scanning |
| CM-6 | Configuration Settings | Protects | T1046 | Network Service Scanning |
| CM-7 | Least Functionality | Protects | T1046 | Network Service Scanning |
| CM-8 | System Component Inventory | Protects | T1046 | Network Service Scanning |
| RA-5 | Vulnerability Monitoring and Scanning | Protects | T1046 | Network Service Scanning |
| SC-46 | Cross Domain Policy Enforcement | Protects | T1046 | Network Service Scanning |
| SC-7 | Boundary Protection | Protects | T1046 | Network Service Scanning |
| SI-3 | Malicious Code Protection | Protects | T1046 | Network Service Scanning |
| SI-4 | System Monitoring | Protects | T1046 | Network Service Scanning |