| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1498.002 | Reflection Amplification |
Comments
This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that induces a reflection attack by sending packets to reflectors with the spoofed address of the victim. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1498.001 | Direct Network Flood |
Comments
This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that target networks that send a high volume of network traffic to a target. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1498 | Network Denial of Service |
Comments
This diagnostic statement may block Network Denial of Service (DoS) attacks from occurring by adversaries that target resources to users via websites, email services, DNS, and web-based applications. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1499.004 | Application or System Exploitation |
Comments
This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that exploit software vulnerabilities that can cause crashing of a system or application. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1499.003 | Application Exhaustion Flood |
Comments
This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that target application features. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1499.002 | Service Exhaustion Flood |
Comments
This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring from adversaries that target DNS and web services. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1499.001 | OS Exhaustion Flood |
Comments
This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring by adversaries that target endpoint's operating system (OS). Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.
|
| DE.CM-01.02 | Network traffic volume monitoring | Mitigates | T1499 | Endpoint Denial of Service |
Comments
This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring via websites, email services, and web-based applications. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.
|