T1562.001 Disable or Modify Tools Mappings

Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1562.001 Disable or Modify Tools
AC-3 Access Enforcement Protects T1562.001 Disable or Modify Tools
AC-5 Separation of Duties Protects T1562.001 Disable or Modify Tools
AC-6 Least Privilege Protects T1562.001 Disable or Modify Tools
CA-7 Continuous Monitoring Protects T1562.001 Disable or Modify Tools
CM-2 Baseline Configuration Protects T1562.001 Disable or Modify Tools
CM-5 Access Restrictions for Change Protects T1562.001 Disable or Modify Tools
CM-6 Configuration Settings Protects T1562.001 Disable or Modify Tools
CM-7 Least Functionality Protects T1562.001 Disable or Modify Tools
IA-2 Identification and Authentication (organizational Users) Protects T1562.001 Disable or Modify Tools
SI-3 Malicious Code Protection Protects T1562.001 Disable or Modify Tools
SI-4 System Monitoring Protects T1562.001 Disable or Modify Tools
SI-7 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
alerts_for_windows_machines Alerts for Windows Machines technique_scores T1562.001 Disable or Modify Tools
azure_defender_for_resource_manager Azure Defender for Resource Manager technique_scores T1562.001 Disable or Modify Tools
azure_sentinel Azure Sentinel technique_scores T1562.001 Disable or Modify Tools
file_integrity_monitoring File Integrity Monitoring technique_scores T1562.001 Disable or Modify Tools