T1046 Network Service Scanning Mappings

Adversaries may attempt to get a listing of services running on remote hosts, including those that may be vulnerable to remote software exploitation. Methods to acquire this information include port scans and vulnerability scans using tools that are brought onto a system.

Within cloud environments, adversaries may attempt to discover services running on other cloud hosts. Additionally, if the cloud environment is connected to a on-premises environment, adversaries may be able to identify services running on non-cloud systems as well.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-4 Information Flow Enforcement Protects T1046 Network Service Scanning
CA-7 Continuous Monitoring Protects T1046 Network Service Scanning
CM-2 Baseline Configuration Protects T1046 Network Service Scanning
CM-6 Configuration Settings Protects T1046 Network Service Scanning
CM-7 Least Functionality Protects T1046 Network Service Scanning
CM-8 System Component Inventory Protects T1046 Network Service Scanning
RA-5 Vulnerability Monitoring and Scanning Protects T1046 Network Service Scanning
SC-46 Cross Domain Policy Enforcement Protects T1046 Network Service Scanning
SC-7 Boundary Protection Protects T1046 Network Service Scanning
SI-3 Malicious Code Protection Protects T1046 Network Service Scanning
SI-4 System Monitoring Protects T1046 Network Service Scanning
network_security_groups Network Security Groups technique_scores T1046 Network Service Scanning
azure_sentinel Azure Sentinel technique_scores T1046 Network Service Scanning
azure_web_application_firewall Azure Web Application Firewall technique_scores T1046 Network Service Scanning
azure_web_application_firewall Azure Web Application Firewall technique_scores T1046 Network Service Scanning
azure_firewall Azure Firewall technique_scores T1046 Network Service Scanning
azure_network_traffic_analytics Azure Network Traffic Analytics technique_scores T1046 Network Service Scanning