T1595.002 Vulnerability Scanning Mappings

Before compromising a victim, adversaries may scan victims for vulnerabilities that can be used during targeting. Vulnerability scans typically check if the configuration of a target host/application (ex: software and version) potentially aligns with the target of a specific exploit the adversary may seek to use.

These scans may also include more broad attempts to Gather Victim Host Information that can be used to identify more commonly known, exploitable vulnerabilities. Vulnerability scans typically harvest running software and version numbers via server banners, listening ports, or other network artifacts.(Citation: OWASP Vuln Scanning) Information from these scans may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Search Open Technical Databases), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: Exploit Public-Facing Application).

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
azure_sentinel Azure Sentinel technique_scores T1595.002 Vulnerability Scanning
azure_defender_for_app_service Azure Defender for App Service technique_scores T1595.002 Vulnerability Scanning
azure_web_application_firewall Azure Web Application Firewall technique_scores T1595.002 Vulnerability Scanning
azure_web_application_firewall Azure Web Application Firewall technique_scores T1595.002 Vulnerability Scanning
azure_firewall Azure Firewall technique_scores T1595.002 Vulnerability Scanning