CRI Profile Detect: Continuous Monitoring Capability Group

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement protects user execution through the implementation of tools and measures to block unknown or unused files in transit.

This diagnostic statement protects against OS Credential Dumping through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against LSASS Memory through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Masquerading through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Invalid Code Signature through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Match Legitimate Name or Location through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Command and Scripting Interpreter through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against PowerShell through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against AppleScript through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Trusted Developer Utilities Proxy Execution through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against ClickOnce through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Browser Extensions through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Supply Chain Compromise through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Compromise Software Dependencies and Development Tools through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Malicious Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Customer Relationship Management Software through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Firmware Corruption through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Server Software Component through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against SQL Stored Procedures through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Transport Agent through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against IIS Components through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Implant Internal Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Transfer Data to Cloud Account through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Steal Web Session Cookie through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Pre-OS Boot through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against System Firmware through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Bootkit through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against ROMMONkit through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against TFTP Boot through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Create or Modify System Process through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Systemd Service through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Windows Service through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against LC_LOAD_DYLIB Addition through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against PowerShell Profile through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Authentication Package through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Security Support Provider through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against LSASS Driver through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against XDG Autostart Entries through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Code Signing Policy Modification through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Compromise Host Software Binary through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Modify Authentication Process through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Domain Controller Authentication through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Hijack Execution Flow through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against DLL Search Order Hijacking through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Modify System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Patch System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Downgrade System Image through the use of verifying integrity of software/firmware, loading software that is trusted, ensuring privileged process integrity and checking software signatures.

This diagnostic statement protects against Abuse Elevation Control Mechanism through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Bypass User Account Control through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Sudo and Sudo Caching through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against TCC Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Access Token Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Token Impersonation/Theft through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Create Process with Token through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Make and Impersonate Token through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Account Manipulation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Additional Cloud Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Additional Email Delegate Permissions through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Additional Cloud Roles through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud Administration Command through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against PowerShell through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Network Device CLI through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud API through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Container Administration Command through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Local Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Domain Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud Account through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Credentials from Password Stores through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud Secrets Management Stores through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Domain or Tenant Policy Modification through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Trust Modification through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Exploit Public-Facing Application through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Exploitation of Remote Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Forge Web Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against SAML Tokens through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Web Portal Capture through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Modify Authentication Process through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Domain Controller Authentication through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Pluggable Authentication Modules through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Network Device Authentication through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Hybrid Identity through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Network Boundary Bridging through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Network Address Translation Traversal through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against OS Credential Dumping through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against LSASS Memory through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Security Account Manager through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against NTDS through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against LSA Secrets through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cached Domain Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against DCSync through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Proc Filesystem through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against /etc/passwd and /etc/shadow through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Remote Service Session Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against SSH Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against RDP Hijacking through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Remote Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Remote Desktop Protocol through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against SMB/Windows Admin Shares through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Distributed Component Object Model through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Windows Remote Management through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Server Software Component through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Software Deployment Tools through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Steal or Forge Kerberos Tickets through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Golden Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Silver Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Kerberoasting through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against System Binary Proxy Execution through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against System Services through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Unsecured Credentials through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Credentials in Registry through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Container API through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Use Alternate Authentication Material through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Pass the Hash through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Pass the Ticket through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Valid Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Domain Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Local Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Cloud Accounts through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement protects against Windows Management Instrumentation through the use of privileged account management. Employing auditing, privilege access management, and just in time access protects against adversaries trying to obtain illicit access to critical systems.

This diagnostic statement provides protection from Disable or Modify Tools through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Replication Through Removable Media through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Pre-OS Boot through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Component Firmware through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Disable Crypto Hardware through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Firmware Corruption through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from System Firmware through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from Compromise Hardware Supply Chain through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.

This diagnostic statement provides protection from hardware additions through the use of tools to detect and block the use of unauthorized or unknown devices and accessories by endpoint security configuration and monitoring.

This diagnostic statement provides protection from exfiltration of data via a physical medium, such as a removable drive by using tools to detect and block the use of unauthorized devices.

This diagnostic statement provides protection from exfiltration of data via a physical medium, such as a removable drive by using tools to detect and block the use of unauthorized devices.

This diagnostic statement provides protection from Web Service by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Protocol Tunneling by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Non-Standard Port by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Multi-Stage Channels by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Fallback Channels by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Exfiltration Over C2 Channel by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Proxy by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Data Transfer Size Limits by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Non-Application Layer Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Network Boundary Bridging by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Exfiltration Over Unencrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Exfiltration Over Asymmetric Encrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Exfiltration Over Symmetric Encrypted Non-C2 Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This diagnostic statement provides protection from Exfiltration Over Alternative Protocol by using tools to detect and block the use of unauthorized devices and connections to prevent abuse by adversaries.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This Diagnostic Statement addresses measures for managing configuration integrity and unauthorized changes that can mitigate risks associated with adversary techniques attempting to make changes to how the hardware, software, and firmware operates.

This diagnostic statement protects adversaries from using tunneling to encapsulate a protocol within another protocol. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from infiltrating external proxies and taking over control of traffic between systems. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from infiltrating internal proxies and taking over control of traffic between systems. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects adversaries from redirecting network traffic between systems by infiltrating connection proxies. Traffic to known anonymity networks and C2 infrastructure can be blocked through the use of network allow and block lists.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses over web service channel.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses over web service channel.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware that can be used to mitigate malicious activity and identify adversaries that use web services to obfuscate domains or IP addresses.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate malicious activity and identify adversaries that can relay data from a compromised systems through websites, cloud service, or social media.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious images so those images can't lead to malicious code being executed.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious downloads and malicious activity.

In order to protect users from being victims of social engineering attacks, network intrusion prevention techniques can be used to scan and block malicious code from malicious downloads and malicious activity.

This diagnostic statement utilizes the tools such as network intrusion prevent systems to identify, scan and block malicious email attachments that can be clicked on by users in their emails. Also, anti-virus can be used to quarantine suspicious files.

Network/Host intrusion prevention systems, antivirus, and detonation chambers can be employed to prevent documents from fetching and/or executing malicious payloads that adversaries can steal in document templates.

This diagnostic statement utilizes the tools such as network intrusion prevent systems to identify, scan and block malicious email or links that can be clicked on by users in their emails. Also, anti-virus can be used to quarantine suspicious files.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to steal data and/or encrypt or obfuscate alternate channels.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to conceal C2 traffic with asymmetric encryption algorithms.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some activity at the network level, specifically adversaries known to conceal C2 traffic with symmetric encryption algorithms.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control traffic) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation (command and control) activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate some obfuscation command and control activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize DNS protocol to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as SMPT/S, POP3/S and IMAP, to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as SMB, FTP, FTPS, and TFPT, to abuse packets produced from these protocols. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as HTTPS and web socket, to blend in with existing traffic. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

This diagnostic statement protects against adversaries that may try to utilize different protocols, such as web browsing, transferring files, email, from attacking at the OSI level. Network intrusion detection and prevention systems that use network signatures to identify traffic for specific adversary malware can be used to mitigate activity at the network level.

Implementing methods similar to Wireless Intrusion prevention systems (WIPS) can identify and prevent adversary in the middle activity

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level, enabling to block adversaries from poisoning ARP caches.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

The use of network intrusion detection and prevention systems can identify and possibly bock traffic patterns, indicative of AiTM activity. If so, these patterns can be mitigated at the network level.

Implementing methods similar to Host Intrusion prevention (HIPS) can identify and prevent execution of malicious files and its metadata manipulated by adversaries.

Implementing methods similar to Host Intrusion prevention (HIPS) can identify and prevent execution of malicious files and its metadata manipulated by adversaries.

This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that induces a reflection attack by sending packets to reflectors with the spoofed address of the victim. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.

This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that target networks that send a high volume of network traffic to a target. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.

This diagnostic statement may block Network Denial of Service (DoS) attacks from occurring by adversaries that target resources to users via websites, email services, DNS, and web-based applications. Filtering boundary traffic can be used to intercept incoming traffic and filtering out the attack traffic from the original traffic.

This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that exploit software vulnerabilities that can cause crashing of a system or application. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.

This diagnostic statement may block Denial of Service (DoS) attacks from occurring by adversaries that target application features. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.

This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring from adversaries that target DNS and web services. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.

This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring by adversaries that target endpoint's operating system (OS). Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.

This diagnostic statement may block Endpoint Denial of Service (DoS) attacks from occurring via websites, email services, and web-based applications. Filtering boundary traffic can be used to block source addresses and block ports that are being targeted. It also blocks protocols being used for transport.

This diagnostic statement helps mitigate web service techniques through the implementation of tools and measures to detect and block access to unauthorized, inappropriate, or malicious websites and services.

This diagnostic statement helps mitigate web service techniques through the implementation of tools and measures to detect and block access to unauthorized, inappropriate, or malicious websites and services.

This diagnostic statement helps mitigate web service techniques through the implementation of tools and measures to detect and block access to unauthorized, inappropriate, or malicious websites and services.

This diagnostic statement helps mitigate web service techniques through the implementation of tools and measures to detect and block access to unauthorized, inappropriate, or malicious websites and services.

This diagnostic statement protects user execution through the implementation of tools and measures to block unknown or unused files in transit.

This diagnostic statement protects user execution through the implementation of tools and measures to block unknown or unused files in transit.

This diagnostic statement provides for implementing tools and measures for such as allowing/denying types of third-party applications which can help prevent adversary use of alternate authentication material.

This diagnostic statement can help prevent adversaries from abusing HTML files by implementing tools and measures to block download/transfer of uncommon file types known to be used in adversary campaigns.

This diagnostic statement can help prevent execution of malicious content with signed files or trusted binaries through tools and measures restricting or blocking certain websites, blocking downloads/attachments, and restricting browser extensions.

This diagnostic statement provides for implementing tools and measures for web-based content and browser security settings that can help prevent session cookie theft.

This diagnostic statement provides for implementing tools and measures such as disabling users from authorizing third-party apps and forcing administrative consent for all requests that can help prevent token theft.

This diagnostic statement provides for implementing tools and measures such as filtering messages and restricting certain websites or attachment types, which can help block phishing attempts.

This diagnostic statement provides for implementing tools and measures such as filtering messages and restricting certain websites or attachment types, which can help block phishing attempts.

This diagnostic statement provides for implementing tools and measures such as filtering messages and restricting certain websites or attachment types, which can help block phishing attempts.

This diagnostic statement provides for implementing tools and measures such as filtering messages and restricting certain websites or attachment types, which can help block phishing attempts.

This diagnostic statement helps mitigate drive-by compromise through the implementation of tools and measures such as adblockers to prevent and block malicious code execution and script blocking extensions to block execution of scripts.

This diagnostic statement provides for implementing tools and measures for web-based content and browser security settings that can help prevent session cookie theft.

This diagnostic statement provides for implementing tools and measures such as blocking download/transfer and execution of uncommon file types which can help prevent content injection.

This diagnostic statement prevents adversaries from abusing various implementation of JavaScript for execution by blocking the execution of scripts and malicious code that pop up via adblockers and ads.

This diagnostic statement prevents adversaries from abusing commands, scripts, or binaries by blocking the execution of scripts and malicious code that pop up via adblockers and ads.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement implements mechanisms and tools to mitigate potential misuse of privileged users and accounts. Continuous monitoring of role and attribute assignments and activity is essential to prevent and detect unauthorized access or misuse.

This diagnostic statement prevents adversaries from abusing commands, scripts, or binaries by blocking the execution of scripts and malicious code that pop up via adblockers and ads.