| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027 | Obfuscated Files or Information |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.002 | Software Packing |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.009 | Embedded Payloads |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.010 | Command Obfuscation |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.012 | LNK Icon Smuggling |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.013 | Encrypted/Encoded File |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.014 | Polymorphic Code |
Comments
This diagnostic statement provides protections for endpoints from obfuscated files or information through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1036 | Masquerading |
Comments
This diagnostic statement provides protections for endpoints from masquerading or manipulated artifacts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1036.008 | Masquerade File Type |
Comments
This diagnostic statement provides protections for endpoints from masquerading or manipulated artifacts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
This diagnostic statement protects endpoints from abuse of commands and scripts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement protects endpoints from abuse of commands and scripts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.005 | Visual Basic |
Comments
This diagnostic statement protects endpoints from abuse of commands and scripts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.006 | Python |
Comments
This diagnostic statement protects endpoints from abuse of commands and scripts through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1091 | Replication Through Removable Media |
Comments
This diagnostic statement protects endpoints from untrusted files on removable drives through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1200 | Hardware Additions |
Comments
This diagnostic statement protects endpoints from introduction of hardware additions through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574 | Hijack Execution Flow |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.001 | DLL Search Order Hijacking |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.002 | DLL Side-Loading |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.006 | Dynamic Linker Hijacking |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.006 | Dynamic Linker Hijacking |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.007 | Path Interception by PATH Environment Variable |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.008 | Path Interception by Search Order Hijacking |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.009 | Path Interception by Unquoted Path |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.012 | COR_PROFILER |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1574.013 | KernelCallbackTable |
Comments
This diagnostic statement protects endpoints from certain types of behaviors related to process injection/memory tampering through configuration requirements, connection requirements, and other mechanisms to protect network, application, and data integrity.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1021 | Remote Services |
Comments
This diagnostic statement protects against Remote Services through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1021.001 | Remote Desktop Protocol |
Comments
This diagnostic statement protects against Remote Desktop Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1021.002 | SMB/Windows Admin Shares |
Comments
This diagnostic statement protects against SMB/Windows Admin Shares through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1021.005 | VNC |
Comments
This diagnostic statement protects against VNC through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027 | Obfuscated Files or Information |
Comments
This diagnostic statement protects against Obfuscated Files or Information through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.002 | Software Packing |
Comments
This diagnostic statement protects against Software Packing through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.009 | Embedded Payloads |
Comments
This diagnostic statement protects against Embedded Payloads through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.010 | Command Obfuscation |
Comments
This diagnostic statement protects against Command Obfuscation through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.012 | LNK Icon Smuggling |
Comments
This diagnostic statement protects against LNK Icon Smuggling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.013 | Encrypted/Encoded File |
Comments
This diagnostic statement protects against Encrypted/Encoded File through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1027.014 | Polymorphic Code |
Comments
This diagnostic statement protects against Polymorphic Code through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1036 | Masquerading |
Comments
This diagnostic statement protects against Masquerading through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1036.008 | Masquerade File Type |
Comments
This diagnostic statement protects against Masquerade File Type through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
This diagnostic statement protects against Exfiltration Over Alternative Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement protects against Exfiltration Over Symmetric Encrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement protects against Exfiltration Over Asymmetric Encrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
This diagnostic statement protects against Exfiltration Over Unencrypted Non-C2 Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1052 | Exfiltration Over Physical Medium |
Comments
This diagnostic statement protects against Exfiltration Over Physical Medium through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1052.001 | Exfiltration over USB |
Comments
This diagnostic statement protects against Exfiltration over USB through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
This diagnostic statement protects against Command and Scripting Interpreter through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement protects against PowerShell through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.005 | Visual Basic |
Comments
This diagnostic statement protects against Visual Basic through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1059.006 | Python |
Comments
This diagnostic statement protects against Python through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1071 | Application Layer Protocol |
Comments
This diagnostic statement protects against Application Layer Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1071.004 | DNS |
Comments
This diagnostic statement protects against DNS through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1071.005 | Publish/Subscribe Protocols |
Comments
This diagnostic statement protects against Publish/Subscribe Protocols through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1080 | Taint Shared Content |
Comments
This diagnostic statement protects against Taint Shared Content through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1090 | Proxy |
Comments
This diagnostic statement protects against Proxy through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1090.003 | Multi-hop Proxy |
Comments
This diagnostic statement protects against Multi-hop Proxy through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1091 | Replication Through Removable Media |
Comments
This diagnostic statement protects against Replication Through Removable Media through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1095 | Non-Application Layer Protocol |
Comments
This diagnostic statement protects against Non-Application Layer Protocol through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1133 | External Remote Services |
Comments
This diagnostic statement protects against External Remote Services through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1187 | Forced Authentication |
Comments
This diagnostic statement protects against Forced Authentication through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1190 | Exploit Public-Facing Application |
Comments
This diagnostic statement protects against Exploit Public-Facing Application through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1197 | BITS Jobs |
Comments
This diagnostic statement protects against BITS Jobs through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1200 | Hardware Additions |
Comments
This diagnostic statement protects against Hardware Additions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1205 | Traffic Signaling |
Comments
This diagnostic statement protects against Traffic Signaling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1205.001 | Port Knocking |
Comments
This diagnostic statement protects against Port Knocking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1205.002 | Socket Filters |
Comments
This diagnostic statement protects against Socket Filters through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1218 | System Binary Proxy Execution |
Comments
This diagnostic statement protects against System Binary Proxy Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1218.012 | Verclsid |
Comments
This diagnostic statement protects against Verclsid through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1219 | Remote Access Software |
Comments
This diagnostic statement protects against Remote Access Software through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1221 | Template Injection |
Comments
This diagnostic statement protects against Template Injection through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1498 | Network Denial of Service |
Comments
This diagnostic statement protects against Network Denial of Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1498.001 | Direct Network Flood |
Comments
This diagnostic statement protects against Direct Network Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1498.002 | Reflection Amplification |
Comments
This diagnostic statement protects against Reflection Amplification through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1499 | Endpoint Denial of Service |
Comments
This diagnostic statement protects against Endpoint Denial of Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1499.001 | OS Exhaustion Flood |
Comments
This diagnostic statement protects against OS Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1499.002 | Service Exhaustion Flood |
Comments
This diagnostic statement protects against Service Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1499.003 | Application Exhaustion Flood |
Comments
This diagnostic statement protects against Application Exhaustion Flood through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1499.004 | Application or System Exploitation |
Comments
This diagnostic statement protects against Application or System Exploitation through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1530 | Data from Cloud Storage |
Comments
This diagnostic statement protects against Data from Cloud Storage through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1537 | Transfer Data to Cloud Account |
Comments
This diagnostic statement protects against Transfer Data to Cloud Account through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1542 | Pre-OS Boot |
Comments
This diagnostic statement protects against Pre-OS Boot through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement protects against TFTP Boot through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1546 | Event Triggered Execution |
Comments
This diagnostic statement protects against Event Triggered Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1546.008 | Accessibility Features |
Comments
This diagnostic statement protects against Accessibility Features through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1547 | Boot or Logon Autostart Execution |
Comments
This diagnostic statement protects against Boot or Logon Autostart Execution through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1547.006 | Kernel Modules and Extensions |
Comments
This diagnostic statement protects against Kernel Modules and Extensions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1552 | Unsecured Credentials |
Comments
This diagnostic statement protects against Unsecured Credentials through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1552.005 | Cloud Instance Metadata API |
Comments
This diagnostic statement protects against Cloud Instance Metadata API through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1552.007 | Container API |
Comments
This diagnostic statement protects against Container API through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement protects against Adversary-in-the-Middle through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay |
Comments
This diagnostic statement protects against LLMNR/NBT-NS Poisoning and SMB Relay through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement protects against ARP Cache Poisoning through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1557.003 | DHCP Spoofing |
Comments
This diagnostic statement protects against DHCP Spoofing through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1563 | Remote Service Session Hijacking |
Comments
This diagnostic statement protects against Remote Service Session Hijacking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1563.002 | RDP Hijacking |
Comments
This diagnostic statement protects against RDP Hijacking through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1564 | Hide Artifacts |
Comments
This diagnostic statement protects against Hide Artifacts through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1564.012 | File/Path Exclusions |
Comments
This diagnostic statement protects against File/Path Exclusions through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1566.001 | Spearphishing Attachment |
Comments
This diagnostic statement protects against Spearphishing Attachment through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1566.003 | Spearphishing via Service |
Comments
This diagnostic statement protects against Spearphishing via Service through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1570 | Lateral Tool Transfer |
Comments
This diagnostic statement protects against Lateral Tool Transfer through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1572 | Protocol Tunneling |
Comments
This diagnostic statement protects against Protocol Tunneling through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1599 | Network Boundary Bridging |
Comments
This diagnostic statement protects against Network Boundary Bridging through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1599.001 | Network Address Translation Traversal |
Comments
This diagnostic statement protects against Network Address Translation Traversal through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement protects against Data from Configuration Repository through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement protects against SNMP (MIB Dump) through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement protects against Network Device Configuration Dump through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1609 | Container Administration Command |
Comments
This diagnostic statement protects against Container Administration Command through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1610 | Deploy Container |
Comments
This diagnostic statement protects against Deploy Container through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1612 | Build Image on Host |
Comments
This diagnostic statement protects against Build Image on Host through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|
| PR.PS-01.08 | End-user device protection | Mitigates | T1613 | Container and Resource Discovery |
Comments
This diagnostic statement protects against Container and Resource Discovery through the use of limiting access to resources to only authorized devices, management of personal computing devices, network intrusion prevention, and the use of antimalware.
|