Home
ATT&CK Techniques
T1562.001 Disable or Modify Tools

T1562.001 Disable or Modify Tools Mappings

Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-2	Account Management	Protects	T1562.001	Disable or Modify Tools
AC-3	Access Enforcement	Protects	T1562.001	Disable or Modify Tools
AC-5	Separation of Duties	Protects	T1562.001	Disable or Modify Tools
AC-6	Least Privilege	Protects	T1562.001	Disable or Modify Tools
CA-7	Continuous Monitoring	Protects	T1562.001	Disable or Modify Tools
CM-2	Baseline Configuration	Protects	T1562.001	Disable or Modify Tools
CM-5	Access Restrictions for Change	Protects	T1562.001	Disable or Modify Tools
CM-6	Configuration Settings	Protects	T1562.001	Disable or Modify Tools
CM-7	Least Functionality	Protects	T1562.001	Disable or Modify Tools
IA-2	Identification and Authentication (organizational Users)	Protects	T1562.001	Disable or Modify Tools
SI-3	Malicious Code Protection	Protects	T1562.001	Disable or Modify Tools
SI-4	System Monitoring	Protects	T1562.001	Disable or Modify Tools
SI-7	Software, Firmware, and Information Integrity	Protects	T1562.001	Disable or Modify Tools
alerts_for_windows_machines	Alerts for Windows Machines	technique_scores	T1562.001	Disable or Modify Tools
azure_defender_for_resource_manager	Azure Defender for Resource Manager	technique_scores	T1562.001	Disable or Modify Tools
azure_sentinel	Azure Sentinel	technique_scores	T1562.001	Disable or Modify Tools
file_integrity_monitoring	File Integrity Monitoring	technique_scores	T1562.001	Disable or Modify Tools