| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| artifact_registry | Artifact Registry | protect | partial | T1190 | Exploit Public-Facing Application |
Comments
Once this control is deployed, it can detect known vulnerabilities in various Linux OS packages. This information can be used to patch, isolate, or remove vulnerable software and machines. This control does not directly protect against exploitation and is not effective against zero day attacks, vulnerabilities with no available patch, and other end-of-life packages.
References
|
| artifact_registry | Artifact Registry | protect | partial | T1068 | Exploitation for Privilege Escalation |
Comments
Once this control is deployed, it can detect known OS package vulnerabilities in various Linux OS packages (e.g., Debian, Ubuntu, Alpine, RHEL, CentOS, National Vulnerability Database)
References
|
| artifact_registry | Artifact Registry | protect | partial | T1203 | Exploitation for Client Execution |
Comments
Once this control is deployed, it can detect known vulnerabilities in various Linux OS packages. This information can be used to patch, isolate, or remove vulnerable software and machines. This control does not directly protect against exploitation and is not effective against zero day attacks, vulnerabilities with no available patch, and other end-of-life packages.
References
|
| artifact_registry | Artifact Registry | protect | partial | T1210 | Exploitation of Remote Services |
Comments
Once this control is deployed, it can detect known vulnerabilities in various Linux OS packages. This information can be used to patch, isolate, or remove vulnerable software and machines. This control does not directly protect against exploitation and is not effective against zero day attacks, vulnerabilities with no available patch, and other end-of-life packages.
References
|
| artifact_registry | Artifact Registry | protect | partial | T1525 | Implant Internal Image |
Comments
Once this control is deployed, it can detect known vulnerabilities in Docker containers. This information can be used to detect malicious implanted images in the environment. This control does not directly protect against exploitation.
References
|
| artifact_registry | Artifact Registry | protect | partial | T1610 | Deploy Container |
Comments
Once this control is deployed, it can detect known vulnerabilities in Docker containers. This information can be used to detect malicious implanted images in the environment. This control does not directly protect against exploitation.
References
|
| artifact_registry | Artifact Registry | protect | minimal | T1072 | Software Deployment Tools |
Comments
Once this control is deployed, it can detect variations to store system packages and container images.
References
|
| artifact_registry | Artifact Registry | protect | partial | T1211 | Exploitation for Defense Evasion |
Comments
Once this control is deployed, it can detect variations to store system packages and images stored in the repository, which adversaries may target to establish persistence while evading cyber defenses.
References
|
| artifact_registry | Artifact Registry | detect | significant | T1212 | Exploitation for Credential Access |
Comments
Once this control is deployed, it can detect known OS package vulnerabilities in various Linux OS packages that could be used to escalate privileges and execute adversary-controlled code (e.g., Debian, Ubuntu, Alpine, RHEL, CentOS, National Vulnerability Database)
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| artifact_registry | Artifact Registry | 9 |