| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1548 | Abuse Elevation Control Mechanism |
Comments
This diagnostic statement protects against Abuse Elevation Control Mechanism through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1548.002 | Bypass User Account Control |
Comments
This diagnostic statement protects against Bypass User Account Control through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1548.003 | Sudo and Sudo Caching |
Comments
This diagnostic statement protects against Sudo and Sudo Caching through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1548.006 | TCC Manipulation |
Comments
This diagnostic statement protects against TCC Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1134 | Access Token Manipulation |
Comments
This diagnostic statement protects against Access Token Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1134.001 | Token Impersonation/Theft |
Comments
This diagnostic statement protects against Token Impersonation/Theft through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1134.002 | Create Process with Token |
Comments
This diagnostic statement protects against Create Process with Token through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1134.003 | Make and Impersonate Token |
Comments
This diagnostic statement protects against Make and Impersonate Token through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1098 | Account Manipulation |
Comments
This diagnostic statement protects against Account Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1098.001 | Additional Cloud Credentials |
Comments
This diagnostic statement protects against Additional Cloud Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1098.002 | Additional Email Delegate Permissions |
Comments
This diagnostic statement protects against Additional Email Delegate Permissions through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1098.003 | Additional Cloud Roles |
Comments
This diagnostic statement protects against Additional Cloud Roles through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1651 | Cloud Administration Command |
Comments
This diagnostic statement protects against Cloud Administration Command through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement protects against PowerShell through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1059.008 | Network Device CLI |
Comments
This diagnostic statement protects against Network Device CLI through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1059.009 | Cloud API |
Comments
This diagnostic statement protects against Cloud API through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement protects against Container Administration Command through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1136.001 | Local Account |
Comments
This diagnostic statement protects against Local Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1136.002 | Domain Account |
Comments
This diagnostic statement protects against Domain Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1136.003 | Cloud Account |
Comments
This diagnostic statement protects against Cloud Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1555 | Credentials from Password Stores |
Comments
This diagnostic statement protects against Credentials from Password Stores through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1555.006 | Cloud Secrets Management Stores |
Comments
This diagnostic statement protects against Cloud Secrets Management Stores through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1484 | Domain or Tenant Policy Modification |
Comments
This diagnostic statement protects against Domain or Tenant Policy Modification through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1484.002 | Trust Modification |
Comments
This diagnostic statement protects against Trust Modification through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1190 | Exploit Public-Facing Application |
Comments
This diagnostic statement protects against Exploit Public-Facing Application through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1210 | Exploitation of Remote Services |
Comments
This diagnostic statement protects against Exploitation of Remote Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1606 | Forge Web Credentials |
Comments
This diagnostic statement protects against Forge Web Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1606.002 | SAML Tokens |
Comments
This diagnostic statement protects against SAML Tokens through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1056.003 | Web Portal Capture |
Comments
This diagnostic statement protects against Web Portal Capture through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1556 | Modify Authentication Process |
Comments
This diagnostic statement protects against Modify Authentication Process through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1556.001 | Domain Controller Authentication |
Comments
This diagnostic statement protects against Domain Controller Authentication through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1556.003 | Pluggable Authentication Modules |
Comments
This diagnostic statement protects against Pluggable Authentication Modules through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1556.004 | Network Device Authentication |
Comments
This diagnostic statement protects against Network Device Authentication through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1556.007 | Hybrid Identity |
Comments
This diagnostic statement protects against Hybrid Identity through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1599 | Network Boundary Bridging |
Comments
This diagnostic statement protects against Network Boundary Bridging through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1599.001 | Network Address Translation Traversal |
Comments
This diagnostic statement protects against Network Address Translation Traversal through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003 | OS Credential Dumping |
Comments
This diagnostic statement protects against OS Credential Dumping through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.001 | LSASS Memory |
Comments
This diagnostic statement protects against LSASS Memory through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.002 | Security Account Manager |
Comments
This diagnostic statement protects against Security Account Manager through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.003 | NTDS |
Comments
This diagnostic statement protects against NTDS through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.004 | LSA Secrets |
Comments
This diagnostic statement protects against LSA Secrets through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.005 | Cached Domain Credentials |
Comments
This diagnostic statement protects against Cached Domain Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.006 | DCSync |
Comments
This diagnostic statement protects against DCSync through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.007 | Proc Filesystem |
Comments
This diagnostic statement protects against Proc Filesystem through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1003.008 | /etc/passwd and /etc/shadow |
Comments
This diagnostic statement protects against /etc/passwd and /etc/shadow through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement protects against Remote Service Session Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1563.001 | SSH Hijacking |
Comments
This diagnostic statement protects against SSH Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement protects against RDP Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement protects against Remote Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement protects against Remote Desktop Protocol through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021.002 | SMB/Windows Admin Shares |
Comments
This diagnostic statement protects against SMB/Windows Admin Shares through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021.003 | Distributed Component Object Model |
Comments
This diagnostic statement protects against Distributed Component Object Model through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021.006 | Windows Remote Management |
Comments
This diagnostic statement protects against Windows Remote Management through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1021.007 | Cloud Services |
Comments
This diagnostic statement protects against Cloud Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1505 | Server Software Component |
Comments
This diagnostic statement protects against Server Software Component through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1072 | Software Deployment Tools |
Comments
This diagnostic statement protects against Software Deployment Tools through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1558 | Steal or Forge Kerberos Tickets |
Comments
This diagnostic statement protects against Steal or Forge Kerberos Tickets through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1558.001 | Golden Ticket |
Comments
This diagnostic statement protects against Golden Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1558.002 | Silver Ticket |
Comments
This diagnostic statement protects against Silver Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1558.003 | Kerberoasting |
Comments
This diagnostic statement protects against Kerberoasting through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1218 | System Binary Proxy Execution |
Comments
This diagnostic statement protects against System Binary Proxy Execution through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1569 | System Services |
Comments
This diagnostic statement protects against System Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement protects against Unsecured Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1552.002 | Credentials in Registry |
Comments
This diagnostic statement protects against Credentials in Registry through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement protects against Container API through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1550 | Use Alternate Authentication Material |
Comments
This diagnostic statement protects against Use Alternate Authentication Material through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1550.002 | Pass the Hash |
Comments
This diagnostic statement protects against Pass the Hash through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1550.003 | Pass the Ticket |
Comments
This diagnostic statement protects against Pass the Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1078 | Valid Accounts |
Comments
This diagnostic statement protects against Valid Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1078.002 | Domain Accounts |
Comments
This diagnostic statement protects against Domain Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1078.003 | Local Accounts |
Comments
This diagnostic statement protects against Local Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1078.004 | Cloud Accounts |
Comments
This diagnostic statement protects against Cloud Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|
| DE.CM-06.02 | Third-party access monitoring | Mitigates | T1047 | Windows Management Instrumentation |
Comments
This diagnostic statement protects against Windows Management Instrumentation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.
|