T1114 Email Collection Mappings

Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-17 Remote Access Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114 Email Collection
AC-03 Access Enforcement Protects T1114 Email Collection
AC-04 Information Flow Enforcement Protects T1114 Email Collection
CM-02 Baseline Configuration Protects T1114 Email Collection
CM-06 Configuration Settings Protects T1114 Email Collection
IA-02 Identification and Authentication (organizational Users) Protects T1114 Email Collection
IA-05 Authenticator Management Protects T1114 Email Collection
SC-07 Boundary Protection Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-04 System Monitoring Protects T1114 Email Collection
SI-07 Software, Firmware, and Information Integrity Protects T1114 Email Collection
PUR-AS-E5 Audit Solutions Technique Scores T1114 Email Collection
EOP-MFR-E3 Mail Flow Rules Technique Scores T1114 Email Collection
ME-CAE-E3 Conditional Access Evaluation Technique Scores T1114 Email Collection
DEF-SecScore-E3 Secure Score Technique Scores T1114 Email Collection
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1114 Email Collection
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1114 Email Collection

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1114.001 Local Email Collection 8
T1114.003 Email Forwarding Rule 16
T1114.002 Remote Email Collection 19