Home
ATT&CK Techniques
T1213.001 Confluence

T1213.001 Confluence

Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:

Policies, procedures, and standards
Physical / logical network diagrams
System architecture diagrams
Technical system documentation
Testing / development credentials (i.e., Unsecured Credentials)
Work / project schedules
Source code snippets
Links to network shares and other internal resources

View in MITRE ATT&CK®

CRI Profile Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
PR.PS-01.01	Configuration baselines	Mitigates	T1213.001	Confluence	Comments This diagnostic statement provides for securely configuring production systems. This includes hardening default configurations and making security-focused setting adjustments to reduce the attack surface, enforce best practices, and protect sensitive data thereby mitigating adversary exploitation. References
PR.PS-01.02	Least functionality	Mitigates	T1213.001	Confluence	Comments This diagnostic statement provides for limiting unnecessary software, services, ports, protocols, etc. Ensuring systems only have installed and enabled what is essential for their operation reduces the attack surface and minimizes vulnerabilities, which mitigates a wide range of techniques. References
PR.AA-01.01	Identity and credential management	Mitigates	T1213.001	Confluence	Comments This diagnostic statement protects against Confluence through the use of hardened access control policies, secure defaults, password complexity requirements, multifactor authentication requirements, and removal of terminated accounts. References

NIST 800-53 Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
CA-07	Continuous Monitoring	mitigates	T1213.001	Confluence
CM-06	Configuration Settings	mitigates	T1213.001	Confluence
CM-05	Access Restrictions for Change	mitigates	T1213.001	Confluence
AC-17	Remote Access	mitigates	T1213.001	Confluence
IA-08	Identification and Authentication (Non-Organizational Users)	mitigates	T1213.001	Confluence
AC-21	Information Sharing	mitigates	T1213.001	Confluence
AC-23	Data Mining Protection	mitigates	T1213.001	Confluence
IA-04	Identifier Management	mitigates	T1213.001	Confluence
SC-28	Protection of Information at Rest	mitigates	T1213.001	Confluence
RA-05	Vulnerability Monitoring and Scanning	mitigates	T1213.001	Confluence
CM-08	System Component Inventory	mitigates	T1213.001	Confluence
SI-07	Software, Firmware, and Information Integrity	mitigates	T1213.001	Confluence
AC-16	Security and Privacy Attributes	mitigates	T1213.001	Confluence
CM-02	Baseline Configuration	mitigates	T1213.001	Confluence
CM-02	Baseline Configuration	mitigates	T1213.001	Confluence
IA-02	Identification and Authentication (Organizational Users)	mitigates	T1213.001	Confluence
CM-07	Least Functionality	mitigates	T1213.001	Confluence
SI-04	System Monitoring	mitigates	T1213.001	Confluence
AC-02	Account Management	mitigates	T1213.001	Confluence
AC-03	Access Enforcement	mitigates	T1213.001	Confluence
AC-04	Information Flow Enforcement	mitigates	T1213.001	Confluence
AC-05	Separation of Duties	mitigates	T1213.001	Confluence
AC-06	Least Privilege	mitigates	T1213.001	Confluence
CM-03	Configuration Change Control	mitigates	T1213.001	Confluence

VERIS Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
action.malware.variety.Capture stored data	Capture data stored on system disk	related-to	T1213.001	Confluence
attribute.confidentiality.data_disclosure	None	related-to	T1213.001	Confluence