T1114 Email Collection Mappings

Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-16 Security and Privacy Attributes Protects T1114 Email Collection
AC-17 Remote Access Protects T1114 Email Collection
AC-19 Access Control for Mobile Devices Protects T1114 Email Collection
AC-20 Use of External Systems Protects T1114 Email Collection
AC-3 Access Enforcement Protects T1114 Email Collection
AC-4 Information Flow Enforcement Protects T1114 Email Collection
CM-2 Baseline Configuration Protects T1114 Email Collection
CM-6 Configuration Settings Protects T1114 Email Collection
IA-2 Identification and Authentication (organizational Users) Protects T1114 Email Collection
IA-5 Authenticator Management Protects T1114 Email Collection
SC-7 Boundary Protection Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-4 System Monitoring Protects T1114 Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114 Email Collection
azure_sentinel Azure Sentinel technique_scores T1114 Email Collection

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1114.003 Email Forwarding Rule 10
T1114.001 Local Email Collection 9
T1114.002 Remote Email Collection 14