Home
ATT&CK Techniques
T1114 Email Collection

T1114 Email Collection Mappings

Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-16	Security and Privacy Attributes	Protects	T1114	Email Collection
AC-17	Remote Access	Protects	T1114	Email Collection
AC-19	Access Control for Mobile Devices	Protects	T1114	Email Collection
AC-20	Use of External Systems	Protects	T1114	Email Collection
AC-3	Access Enforcement	Protects	T1114	Email Collection
AC-4	Information Flow Enforcement	Protects	T1114	Email Collection
CM-2	Baseline Configuration	Protects	T1114	Email Collection
CM-6	Configuration Settings	Protects	T1114	Email Collection
IA-2	Identification and Authentication (organizational Users)	Protects	T1114	Email Collection
IA-5	Authenticator Management	Protects	T1114	Email Collection
SC-7	Boundary Protection	Protects	T1114	Email Collection
SI-12	Information Management and Retention	Protects	T1114	Email Collection
SI-4	System Monitoring	Protects	T1114	Email Collection
SI-7	Software, Firmware, and Information Integrity	Protects	T1114	Email Collection

Azure Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
azure_sentinel	Azure Sentinel	technique_scores	T1114	Email Collection	Comments This control provides minimal coverage for all of this technique's sub-techniques, resulting in an overall score of Minimal. References https://docs.microsoft.com/en-us/azure/sentinel/overview https://docs.microsoft.com/en-us/azure/sentinel/hunting

ATT&CK Subtechniques

Technique ID	Technique Name	Number of Mappings
T1114.003	Email Forwarding Rule	10
T1114.001	Local Email Collection	9
T1114.002	Remote Email Collection	14