Adversaries may abuse legitimate extensible development features of servers to establish persistent access to systems. Enterprise server applications may include features that allow developers to write and install software or scripts to extend the functionality of the main application. Adversaries may install malicious components to extend and abuse server applications.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| azure_security_center_recommendations | Azure Security Center Recommendations | technique_scores | T1505 | Server Software Component |
Comments
This control's "Immutable (read-only) root filesystem should be enforced for containers" recommendation can mitigate a sub-technique of this technique. Due to its Minimal coverage, its score is assessed as Minimal.
References
|
| linux_auditd_alerts_and_log_analytics_agent_integration | Linux auditd alerts and Log Analytics agent integration | technique_scores | T1505 | Server Software Component |
Comments
This control provides coverage for the only sub-technique this control is relevant for, Web Shell, but that coverage is Minimal.
References
|
| azure_sentinel | Azure Sentinel | technique_scores | T1505 | Server Software Component |
Comments
This control provides partial coverage for only one of this technique's sub-techniques, resulting in overall coverage of Minimal.
References
|
| azure_policy | Azure Policy | technique_scores | T1505 | Server Software Component | |
| sql_vulnerability_assessment | SQL Vulnerability Assessment | technique_scores | T1505 | Server Software Component |
| Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1505.001 | SQL Stored Procedures | 23 |
| T1505.002 | Transport Agent | 21 |
| T1505.003 | Web Shell | 3 |