1. Home
  2. ATT&CK Techniques
  3. T1213.001 Confluence

T1213.001 Confluence

Adversaries may leverage Confluence repositories to mine valuable information. Often found in development environments alongside Atlassian JIRA, Confluence is generally used to store development-related documentation, however, in general may contain more diverse categories of useful information, such as:

  • Policies, procedures, and standards
  • Physical / logical network diagrams
  • System architecture diagrams
  • Technical system documentation
  • Testing / development credentials
  • Work / project schedules
  • Source code snippets
  • Links to network shares and other internal resources
View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-2 Account Management Protects T1213.001 Confluence
AC-3 Access Enforcement Protects T1213.001 Confluence
AC-5 Separation of Duties Protects T1213.001 Confluence
AC-6 Least Privilege Protects T1213.001 Confluence
CA-8 Penetration Testing Protects T1213.001 Confluence
CM-5 Access Restrictions for Change Protects T1213.001 Confluence
CM-6 Configuration Settings Protects T1213.001 Confluence
CM-7 Least Functionality Protects T1213.001 Confluence
IA-2 Identification and Authentication (organizational Users) Protects T1213.001 Confluence
IA-4 Identifier Management Protects T1213.001 Confluence
IA-8 Identification and Authentication (non-organizational Users) Protects T1213.001 Confluence
RA-5 Vulnerability Monitoring and Scanning Protects T1213.001 Confluence
SI-4 System Monitoring Protects T1213.001 Confluence

Azure Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
cloud_app_security_policies Cloud App Security Policies technique_scores T1213.001 Confluence
Comments
This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.
References
    cloud_app_security_policies Cloud App Security Policies technique_scores T1213.001 Confluence
    Comments
    This control may detect anomalous user behavior wrt information repositories such as Sharepoint or Confluence.
    References