| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1102.001 | Dead Drop Resolver |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1102.002 | Bidirectional Communication |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1102.003 | One-Way Communication |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1102 | Web Service |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1204.001 | Malicious Link |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1204.002 | Malicious File |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1204.003 | Malicious Image |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1204 | User Execution |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1029 | Scheduled Transfer |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1090.001 | Internal Proxy |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1090.002 | External Proxy |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1090 | Proxy |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1572 | Protocol Tunneling |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1542.005 | TFTP Boot |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1542.004 | ROMMONkit |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1571 | Non-Standard Port |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1095 | Non-Application Layer Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1104 | Multi-Stage Channels |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1570 | Lateral Tool Transfer |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1105 | Ingress Tool Transfer |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1008 | Fallback Channels |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1573.001 | Symmetric Cryptography |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1573 | Encrypted Channel |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1573.002 | Asymmetric Cryptography |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1568.002 | Domain Generation Algorithms |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1568 | Dynamic Resolution |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1030 | Data Transfer Size Limits |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1602.001 | SNMP (MIB Dump) |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1602.002 | Network Device Configuration Dump |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1602 | Data from Configuration Repository |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1041 | Exfiltration Over C2 Channel |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1048 | Exfiltration Over Alternative Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1048.001 | Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1132.002 | Non-Standard Encoding |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1132.001 | Standard Encoding |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1132 | Data Encoding |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071.005 | Publish/Subscribe Protocols |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071.001 | Web Protocols |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071.002 | File Transfer Protocols |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071.003 | Mail Protocols |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071.004 | DNS |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1071 | Application Layer Protocol |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1557.004 | Evil Twin |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1557.001 | LLMNR/NBT-NS Poisoning and SMB Relay |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1557.003 | DHCP Spoofing |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1557 | Adversary-in-the-Middle |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1557.002 | ARP Cache Poisoning |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1219 | Remote Access Software |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1218.015 | Electron Applications |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1218.010 | Regsvr32 |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1218.011 | Rundll32 |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1218 | System Binary Proxy Execution |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1210 | Exploitation of Remote Services |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1068 | Exploitation for Privilege Escalation |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1211 | Exploitation for Defense Evasion |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1212 | Exploitation for Credential Access |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1203 | Exploitation for Client Execution |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1189 | Drive-by Compromise |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1221 | Template Injection |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1080 | Taint Shared Content |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027.002 | Software Packing |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027.013 | Encrypted/Encoded File |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027.014 | Polymorphic Code |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1566 | Phishing |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1566.001 | Spearphishing Attachment |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1566.003 | Spearphishing via Service |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027 | Obfuscated Files or Information |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027.012 | LNK Icon Smuggling |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1027.009 | Embedded Payloads |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1036 | Masquerading |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1036.008 | Masquerade File Type |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1059.001 | PowerShell |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1059.005 | Visual Basic |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1059.006 | Python |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1059 | Command and Scripting Interpreter |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1001.002 | Steganography |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1001.001 | Junk Data |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1001.003 | Protocol or Service Impersonation |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| DE.AE-02.01 | Event analysis and detection | Mitigates | T1001 | Data Obfuscation |
Comments
This diagnostic statement provides for implementation of methods to block similar future attacks via security tools such as antivirus and IDS/IPS to provide protection against threats and exploitation attempts.
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| DE.AE-02.01 | Event analysis and detection | 81 |