GCP firewalls Mappings

Google Cloud VPC Firewalls can allow or deny traffic based on the traffic's protocol, destination ports, sources, and destinations and. VPC firewalls are stateful and exist not only between your instances and other networks, but also between individual instances within the same network. Connections are allowed or denied on a per-instance basis. Firewall activity can be captured via Firewall rules logging and analyzed with Firewall Insights.

Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
firewalls	Firewalls	protect	partial	T1008	Fallback Channels
firewalls	Firewalls	protect	partial	T1018	Remote System Discovery
firewalls	Firewalls	protect	partial	T1021	Remote Services
firewalls	Firewalls	protect	partial	T1041	Exfiltration Over C2 Channel
firewalls	Firewalls	protect	partial	T1046	Network Service Scanning
firewalls	Firewalls	protect	partial	T1048	Exfiltration Over Alternative Protocol
firewalls	Firewalls	protect	significant	T1071	Application Layer Protocol
firewalls	Firewalls	protect	partial	T1090	Proxy
firewalls	Firewalls	protect	significant	T1095	Non-Application Layer Protocol
firewalls	Firewalls	protect	partial	T1104	Multi-Stage Channels
firewalls	Firewalls	protect	partial	T1133	External Remote Services
firewalls	Firewalls	protect	significant	T1187	Forced Authentication
firewalls	Firewalls	protect	partial	T1205	Traffic Signaling
firewalls	Firewalls	protect	partial	T1219	Remote Access Software
firewalls	Firewalls	protect	minimal	T1498	Network Denial of Service
firewalls	Firewalls	protect	partial	T1499	Endpoint Denial of Service
firewalls	Firewalls	protect	partial	T1530	Data from Cloud Storage Object
firewalls	Firewalls	protect	minimal	T1542	Pre-OS Boot
firewalls	Firewalls	protect	significant	T1571	Non-Standard Port
firewalls	Firewalls	protect	partial	T1572	Protocol Tunneling
firewalls	Firewalls	protect	partial	T1590	Gather Victim Network Information
firewalls	Firewalls	protect	partial	T1595	Active Scanning