T1518 Software Discovery Mappings

Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Adversaries may attempt to enumerate software for a variety of reasons, such as figuring out what security measures are present or if the compromised system has a version of software that is vulnerable to Exploitation for Privilege Escalation.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
azure_sentinel Azure Sentinel technique_scores T1518 Software Discovery

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1518.001 Security Software Discovery 1