CA-07 |
Continuous Monitoring |
Protects |
T1001 |
Data Obfuscation |
CA-07 |
Continuous Monitoring |
Protects |
T1001.001 |
Junk Data |
CA-07 |
Continuous Monitoring |
Protects |
T1001.002 |
Steganography |
CA-07 |
Continuous Monitoring |
Protects |
T1001.003 |
Protocol Impersonation |
CA-07 |
Continuous Monitoring |
Protects |
T1003 |
OS Credential Dumping |
CA-07 |
Continuous Monitoring |
Protects |
T1003.003 |
NTDS |
CA-07 |
Continuous Monitoring |
Protects |
T1003.004 |
LSA Secrets |
CA-07 |
Continuous Monitoring |
Protects |
T1003.005 |
Cached Domain Credentials |
CA-07 |
Continuous Monitoring |
Protects |
T1003.006 |
DCSync |
CA-07 |
Continuous Monitoring |
Protects |
T1003.008 |
/etc/passwd and /etc/shadow |
CA-07 |
Continuous Monitoring |
Protects |
T1008 |
Fallback Channels |
CA-07 |
Continuous Monitoring |
Protects |
T1021.005 |
VNC |
CA-08 |
Penetration Testing |
Protects |
T1021.005 |
VNC |
CA-07 |
Continuous Monitoring |
Protects |
T1029 |
Scheduled Transfer |
CA-07 |
Continuous Monitoring |
Protects |
T1030 |
Data Transfer Size Limits |
CA-07 |
Continuous Monitoring |
Protects |
T1036.003 |
Rename System Utilities |
CA-07 |
Continuous Monitoring |
Protects |
T1036.007 |
Double File Extension |
CA-07 |
Continuous Monitoring |
Protects |
T1037.002 |
Login Hook |
CA-07 |
Continuous Monitoring |
Protects |
T1037.003 |
Network Logon Script |
CA-07 |
Continuous Monitoring |
Protects |
T1037.004 |
RC Scripts |
CA-07 |
Continuous Monitoring |
Protects |
T1037.005 |
Startup Items |
CA-07 |
Continuous Monitoring |
Protects |
T1048.001 |
Exfiltration Over Symmetric Encrypted Non-C2 Protocol |
CA-03 |
Information Exchange |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1048.002 |
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1052 |
Exfiltration Over Physical Medium |
CA-07 |
Continuous Monitoring |
Protects |
T1052.001 |
Exfiltration over USB |
CA-08 |
Penetration Testing |
Protects |
T1053.003 |
Cron |
CA-07 |
Continuous Monitoring |
Protects |
T1055.009 |
Proc Memory |
CA-07 |
Continuous Monitoring |
Protects |
T1056.002 |
GUI Input Capture |
CA-07 |
Continuous Monitoring |
Protects |
T1059 |
Command and Scripting Interpreter |
CA-08 |
Penetration Testing |
Protects |
T1059 |
Command and Scripting Interpreter |
CA-07 |
Continuous Monitoring |
Protects |
T1059.005 |
Visual Basic |
CA-07 |
Continuous Monitoring |
Protects |
T1059.007 |
JavaScript |
CA-07 |
Continuous Monitoring |
Protects |
T1070.002 |
Clear Linux or Mac System Logs |
CA-07 |
Continuous Monitoring |
Protects |
T1071.003 |
Mail Protocols |
CA-07 |
Continuous Monitoring |
Protects |
T1071.004 |
DNS |
CA-07 |
Continuous Monitoring |
Protects |
T1078.001 |
Default Accounts |
CA-07 |
Continuous Monitoring |
Protects |
T1078.003 |
Local Accounts |
CA-07 |
Continuous Monitoring |
Protects |
T1090 |
Proxy |
CA-07 |
Continuous Monitoring |
Protects |
T1090.001 |
Internal Proxy |
CA-07 |
Continuous Monitoring |
Protects |
T1090.002 |
External Proxy |
CA-07 |
Continuous Monitoring |
Protects |
T1090.003 |
Multi-hop Proxy |
CA-07 |
Continuous Monitoring |
Protects |
T1102 |
Web Service |
CA-07 |
Continuous Monitoring |
Protects |
T1102.001 |
Dead Drop Resolver |
CA-07 |
Continuous Monitoring |
Protects |
T1102.002 |
Bidirectional Communication |
CA-07 |
Continuous Monitoring |
Protects |
T1102.003 |
One-Way Communication |
CA-07 |
Continuous Monitoring |
Protects |
T1104 |
Multi-Stage Channels |
CA-07 |
Continuous Monitoring |
Protects |
T1110.001 |
Password Guessing |
CA-07 |
Continuous Monitoring |
Protects |
T1110.002 |
Password Cracking |
CA-07 |
Continuous Monitoring |
Protects |
T1110.003 |
Password Spraying |
CA-07 |
Continuous Monitoring |
Protects |
T1110.004 |
Credential Stuffing |
CA-07 |
Continuous Monitoring |
Protects |
T1132.002 |
Non-Standard Encoding |
CA-07 |
Continuous Monitoring |
Protects |
T1176 |
Browser Extensions |
CA-08 |
Penetration Testing |
Protects |
T1176 |
Browser Extensions |
CA-07 |
Continuous Monitoring |
Protects |
T1185 |
Browser Session Hijacking |
CA-02 |
Control Assessments |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
CA-07 |
Continuous Monitoring |
Protects |
T1195.001 |
Compromise Software Dependencies and Development Tools |
CA-02 |
Control Assessments |
Protects |
T1195.002 |
Compromise Software Supply Chain |
CA-07 |
Continuous Monitoring |
Protects |
T1195.002 |
Compromise Software Supply Chain |
CA-08 |
Penetration Testing |
Protects |
T1195.003 |
Compromise Hardware Supply Chain |
CA-07 |
Continuous Monitoring |
Protects |
T1201 |
Password Policy Discovery |
CA-07 |
Continuous Monitoring |
Protects |
T1203 |
Exploitation for Client Execution |
CA-07 |
Continuous Monitoring |
Protects |
T1204 |
User Execution |
CA-07 |
Continuous Monitoring |
Protects |
T1204.001 |
Malicious Link |
CA-07 |
Continuous Monitoring |
Protects |
T1204.002 |
Malicious File |
CA-07 |
Continuous Monitoring |
Protects |
T1204.003 |
Malicious Image |
CA-08 |
Penetration Testing |
Protects |
T1204.003 |
Malicious Image |
CA-07 |
Continuous Monitoring |
Protects |
T1205 |
Traffic Signaling |
CA-07 |
Continuous Monitoring |
Protects |
T1205.001 |
Port Knocking |
CA-02 |
Control Assessments |
Protects |
T1210 |
Exploitation of Remote Services |
CA-07 |
Continuous Monitoring |
Protects |
T1210 |
Exploitation of Remote Services |
CA-08 |
Penetration Testing |
Protects |
T1210 |
Exploitation of Remote Services |
CA-07 |
Continuous Monitoring |
Protects |
T1213 |
Data from Information Repositories |
CA-08 |
Penetration Testing |
Protects |
T1213 |
Data from Information Repositories |
CA-07 |
Continuous Monitoring |
Protects |
T1213.001 |
Confluence |
CA-08 |
Penetration Testing |
Protects |
T1213.001 |
Confluence |
CA-07 |
Continuous Monitoring |
Protects |
T1213.002 |
Sharepoint |
CA-08 |
Penetration Testing |
Protects |
T1213.002 |
Sharepoint |
CA-07 |
Continuous Monitoring |
Protects |
T1213.003 |
Code Repositories |
CA-07 |
Continuous Monitoring |
Protects |
T1218 |
System Binary Proxy Execution |
CA-07 |
Continuous Monitoring |
Protects |
T1218.002 |
Control Panel |
CA-07 |
Continuous Monitoring |
Protects |
T1218.010 |
Regsvr32 |
CA-07 |
Continuous Monitoring |
Protects |
T1218.011 |
Rundll32 |
CA-07 |
Continuous Monitoring |
Protects |
T1218.012 |
Verclsid |
CA-07 |
Continuous Monitoring |
Protects |
T1221 |
Template Injection |
CA-07 |
Continuous Monitoring |
Protects |
T1222 |
File and Directory Permissions Modification |
CA-07 |
Continuous Monitoring |
Protects |
T1222.001 |
Windows File and Directory Permissions Modification |
CA-07 |
Continuous Monitoring |
Protects |
T1222.002 |
Linux and Mac File and Directory Permissions Modification |
CA-08 |
Penetration Testing |
Protects |
T1482 |
Domain Trust Discovery |
CA-08 |
Penetration Testing |
Protects |
T1484 |
Domain Policy Modification |
CA-07 |
Continuous Monitoring |
Protects |
T1489 |
Service Stop |
CA-08 |
Penetration Testing |
Protects |
T1495 |
Firmware Corruption |
CA-07 |
Continuous Monitoring |
Protects |
T1498 |
Network Denial of Service |
CA-07 |
Continuous Monitoring |
Protects |
T1498.001 |
Direct Network Flood |
CA-07 |
Continuous Monitoring |
Protects |
T1498.002 |
Reflection Amplification |
CA-07 |
Continuous Monitoring |
Protects |
T1499.003 |
Application Exhaustion Flood |
CA-07 |
Continuous Monitoring |
Protects |
T1499.004 |
Application or System Exploitation |
CA-08 |
Penetration Testing |
Protects |
T1505 |
Server Software Component |
CA-08 |
Penetration Testing |
Protects |
T1505.001 |
SQL Stored Procedures |
CA-08 |
Penetration Testing |
Protects |
T1505.002 |
Transport Agent |
CA-08 |
Penetration Testing |
Protects |
T1505.004 |
IIS Components |
CA-08 |
Penetration Testing |
Protects |
T1525 |
Implant Internal Image |
CA-07 |
Continuous Monitoring |
Protects |
T1528 |
Steal Application Access Token |
CA-08 |
Penetration Testing |
Protects |
T1528 |
Steal Application Access Token |
CA-07 |
Continuous Monitoring |
Protects |
T1537 |
Transfer Data to Cloud Account |
CA-08 |
Penetration Testing |
Protects |
T1542 |
Pre-OS Boot |
CA-07 |
Continuous Monitoring |
Protects |
T1542.004 |
ROMMONkit |
CA-08 |
Penetration Testing |
Protects |
T1542.004 |
ROMMONkit |
CA-07 |
Continuous Monitoring |
Protects |
T1542.005 |
TFTP Boot |
CA-08 |
Penetration Testing |
Protects |
T1542.005 |
TFTP Boot |
CA-07 |
Continuous Monitoring |
Protects |
T1543 |
Create or Modify System Process |
CA-08 |
Penetration Testing |
Protects |
T1543 |
Create or Modify System Process |
CA-07 |
Continuous Monitoring |
Protects |
T1546.003 |
Windows Management Instrumentation Event Subscription |
CA-07 |
Continuous Monitoring |
Protects |
T1546.004 |
Unix Shell Configuration Modification |
CA-07 |
Continuous Monitoring |
Protects |
T1546.013 |
PowerShell Profile |
CA-07 |
Continuous Monitoring |
Protects |
T1546.016 |
Installer Packages |
CA-07 |
Continuous Monitoring |
Protects |
T1547.003 |
Time Providers |
CA-08 |
Penetration Testing |
Protects |
T1548.002 |
Bypass User Account Control |
CA-07 |
Continuous Monitoring |
Protects |
T1548.003 |
Sudo and Sudo Caching |
CA-07 |
Continuous Monitoring |
Protects |
T1550.003 |
Pass the Ticket |
CA-08 |
Penetration Testing |
Protects |
T1552.006 |
Group Policy Preferences |
CA-08 |
Penetration Testing |
Protects |
T1553 |
Subvert Trust Controls |
CA-07 |
Continuous Monitoring |
Protects |
T1553.003 |
SIP and Trust Provider Hijacking |
CA-08 |
Penetration Testing |
Protects |
T1553.006 |
Code Signing Policy Modification |
CA-07 |
Continuous Monitoring |
Protects |
T1555.001 |
Keychain |
CA-07 |
Continuous Monitoring |
Protects |
T1555.002 |
Securityd Memory |
CA-07 |
Continuous Monitoring |
Protects |
T1556.001 |
Domain Controller Authentication |
CA-07 |
Continuous Monitoring |
Protects |
T1557.001 |
LLMNR/NBT-NS Poisoning and SMB Relay |
CA-07 |
Continuous Monitoring |
Protects |
T1557.002 |
ARP Cache Poisoning |
CA-07 |
Continuous Monitoring |
Protects |
T1557.003 |
DHCP Spoofing |
CA-07 |
Continuous Monitoring |
Protects |
T1558 |
Steal or Forge Kerberos Tickets |
CA-07 |
Continuous Monitoring |
Protects |
T1558.002 |
Silver Ticket |
CA-07 |
Continuous Monitoring |
Protects |
T1558.003 |
Kerberoasting |
CA-07 |
Continuous Monitoring |
Protects |
T1558.004 |
AS-REP Roasting |
CA-08 |
Penetration Testing |
Protects |
T1558.004 |
AS-REP Roasting |
CA-08 |
Penetration Testing |
Protects |
T1560 |
Archive Collected Data |
CA-08 |
Penetration Testing |
Protects |
T1563 |
Remote Service Session Hijacking |
CA-07 |
Continuous Monitoring |
Protects |
T1563.001 |
SSH Hijacking |
CA-07 |
Continuous Monitoring |
Protects |
T1564.004 |
NTFS File Attributes |
CA-07 |
Continuous Monitoring |
Protects |
T1564.010 |
Process Argument Spoofing |
CA-07 |
Continuous Monitoring |
Protects |
T1565 |
Data Manipulation |
CA-07 |
Continuous Monitoring |
Protects |
T1565.001 |
Stored Data Manipulation |
CA-07 |
Continuous Monitoring |
Protects |
T1565.003 |
Runtime Data Manipulation |
CA-07 |
Continuous Monitoring |
Protects |
T1566.001 |
Spearphishing Attachment |
CA-07 |
Continuous Monitoring |
Protects |
T1566.003 |
Spearphishing via Service |
CA-07 |
Continuous Monitoring |
Protects |
T1568 |
Dynamic Resolution |
CA-07 |
Continuous Monitoring |
Protects |
T1568.002 |
Domain Generation Algorithms |
CA-07 |
Continuous Monitoring |
Protects |
T1569 |
System Services |
CA-07 |
Continuous Monitoring |
Protects |
T1572 |
Protocol Tunneling |
CA-07 |
Continuous Monitoring |
Protects |
T1573 |
Encrypted Channel |
CA-07 |
Continuous Monitoring |
Protects |
T1573.001 |
Symmetric Cryptography |
CA-07 |
Continuous Monitoring |
Protects |
T1573.002 |
Asymmetric Cryptography |
CA-07 |
Continuous Monitoring |
Protects |
T1574 |
Hijack Execution Flow |
CA-08 |
Penetration Testing |
Protects |
T1574 |
Hijack Execution Flow |
CA-08 |
Penetration Testing |
Protects |
T1574.001 |
DLL Search Order Hijacking |
CA-07 |
Continuous Monitoring |
Protects |
T1574.004 |
Dylib Hijacking |
CA-08 |
Penetration Testing |
Protects |
T1574.005 |
Executable Installer File Permissions Weakness |
CA-07 |
Continuous Monitoring |
Protects |
T1574.008 |
Path Interception by Search Order Hijacking |
CA-08 |
Penetration Testing |
Protects |
T1574.008 |
Path Interception by Search Order Hijacking |
CA-07 |
Continuous Monitoring |
Protects |
T1574.009 |
Path Interception by Unquoted Path |
CA-08 |
Penetration Testing |
Protects |
T1574.009 |
Path Interception by Unquoted Path |
CA-08 |
Penetration Testing |
Protects |
T1574.010 |
Services File Permissions Weakness |
CA-07 |
Continuous Monitoring |
Protects |
T1574.013 |
KernelCallbackTable |
CA-08 |
Penetration Testing |
Protects |
T1574.013 |
KernelCallbackTable |
CA-08 |
Penetration Testing |
Protects |
T1578.001 |
Create Snapshot |
CA-08 |
Penetration Testing |
Protects |
T1578.002 |
Create Cloud Instance |
CA-08 |
Penetration Testing |
Protects |
T1578.003 |
Delete Cloud Instance |
CA-07 |
Continuous Monitoring |
Protects |
T1598.001 |
Spearphishing Service |
CA-07 |
Continuous Monitoring |
Protects |
T1598.002 |
Spearphishing Attachment |
CA-07 |
Continuous Monitoring |
Protects |
T1599 |
Network Boundary Bridging |
CA-07 |
Continuous Monitoring |
Protects |
T1599.001 |
Network Address Translation Traversal |
CA-08 |
Penetration Testing |
Protects |
T1601 |
Modify System Image |
CA-08 |
Penetration Testing |
Protects |
T1601.001 |
Patch System Image |
CA-08 |
Penetration Testing |
Protects |
T1601.002 |
Downgrade System Image |
CA-07 |
Continuous Monitoring |
Protects |
T1602 |
Data from Configuration Repository |
CA-07 |
Continuous Monitoring |
Protects |
T1602.001 |
SNMP (MIB Dump) |
CA-07 |
Continuous Monitoring |
Protects |
T1602.002 |
Network Device Configuration Dump |
CA-07 |
Continuous Monitoring |
Protects |
T1622 |
Debugger Evasion |
CA-07 |
Continuous Monitoring |
Protects |
T1647 |
Plist File Modification |
CA-08 |
Penetration Testing |
Protects |
T1612 |
Build Image on Host |
CA-07 |
Continuous Monitoring |
Protects |
T1598.003 |
Spearphishing Link |
CA-07 |
Continuous Monitoring |
Protects |
T1598 |
Phishing for Information |
CA-07 |
Continuous Monitoring |
Protects |
T1574.007 |
Path Interception by PATH Environment Variable |
CA-08 |
Penetration Testing |
Protects |
T1574.007 |
Path Interception by PATH Environment Variable |
CA-07 |
Continuous Monitoring |
Protects |
T1571 |
Non-Standard Port |
CA-07 |
Continuous Monitoring |
Protects |
T1570 |
Lateral Tool Transfer |
CA-07 |
Continuous Monitoring |
Protects |
T1566.002 |
Spearphishing Link |
CA-07 |
Continuous Monitoring |
Protects |
T1566 |
Phishing |
CA-07 |
Continuous Monitoring |
Protects |
T1562.006 |
Indicator Blocking |
CA-07 |
Continuous Monitoring |
Protects |
T1562.002 |
Disable Windows Event Logging |
CA-07 |
Continuous Monitoring |
Protects |
T1562.001 |
Disable or Modify Tools |
CA-08 |
Penetration Testing |
Protects |
T1560.001 |
Archive via Utility |
CA-07 |
Continuous Monitoring |
Protects |
T1557 |
Adversary-in-the-Middle |
CA-08 |
Penetration Testing |
Protects |
T1554 |
Compromise Client Software Binary |
CA-07 |
Continuous Monitoring |
Protects |
T1552.004 |
Private Keys |
CA-08 |
Penetration Testing |
Protects |
T1552.004 |
Private Keys |
CA-08 |
Penetration Testing |
Protects |
T1550.001 |
Application Access Token |
CA-07 |
Continuous Monitoring |
Protects |
T1547.013 |
XDG Autostart Entries |
CA-07 |
Continuous Monitoring |
Protects |
T1543.002 |
Systemd Service |
CA-07 |
Continuous Monitoring |
Protects |
T1530 |
Data from Cloud Storage |
CA-08 |
Penetration Testing |
Protects |
T1530 |
Data from Cloud Storage |
CA-07 |
Continuous Monitoring |
Protects |
T1219 |
Remote Access Software |
CA-07 |
Continuous Monitoring |
Protects |
T1211 |
Exploitation for Defense Evasion |
CA-08 |
Penetration Testing |
Protects |
T1211 |
Exploitation for Defense Evasion |
CA-02 |
Control Assessments |
Protects |
T1190 |
Exploit Public-Facing Application |
CA-07 |
Continuous Monitoring |
Protects |
T1190 |
Exploit Public-Facing Application |
CA-07 |
Continuous Monitoring |
Protects |
T1189 |
Drive-by Compromise |
CA-07 |
Continuous Monitoring |
Protects |
T1111 |
Multi-Factor Authentication Interception |
CA-07 |
Continuous Monitoring |
Protects |
T1105 |
Ingress Tool Transfer |
CA-07 |
Continuous Monitoring |
Protects |
T1095 |
Non-Application Layer Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1070.009 |
Clear Persistence |
CA-07 |
Continuous Monitoring |
Protects |
T1070.001 |
Clear Windows Event Logs |
CA-07 |
Continuous Monitoring |
Protects |
T1552.002 |
Credentials in Registry |
CA-08 |
Penetration Testing |
Protects |
T1552.002 |
Credentials in Registry |
CA-07 |
Continuous Monitoring |
Protects |
T1552.001 |
Credentials In Files |
CA-08 |
Penetration Testing |
Protects |
T1552.001 |
Credentials In Files |
CA-08 |
Penetration Testing |
Protects |
T1542.003 |
Bootkit |
CA-07 |
Continuous Monitoring |
Protects |
T1499.002 |
Service Exhaustion Flood |
CA-07 |
Continuous Monitoring |
Protects |
T1499.001 |
OS Exhaustion Flood |
CA-07 |
Continuous Monitoring |
Protects |
T1499 |
Endpoint Denial of Service |
CA-07 |
Continuous Monitoring |
Protects |
T1197 |
BITS Jobs |
CA-02 |
Control Assessments |
Protects |
T1195 |
Supply Chain Compromise |
CA-07 |
Continuous Monitoring |
Protects |
T1195 |
Supply Chain Compromise |
CA-07 |
Continuous Monitoring |
Protects |
T1187 |
Forced Authentication |
CA-07 |
Continuous Monitoring |
Protects |
T1132 |
Data Encoding |
CA-07 |
Continuous Monitoring |
Protects |
T1110 |
Brute Force |
CA-07 |
Continuous Monitoring |
Protects |
T1070.003 |
Clear Command History |
CA-07 |
Continuous Monitoring |
Protects |
T1046 |
Network Service Discovery |
CA-03 |
Information Exchange |
Protects |
T1041 |
Exfiltration Over C2 Channel |
CA-07 |
Continuous Monitoring |
Protects |
T1041 |
Exfiltration Over C2 Channel |
CA-07 |
Continuous Monitoring |
Protects |
T1037 |
Boot or Logon Initialization Scripts |
CA-07 |
Continuous Monitoring |
Protects |
T1068 |
Exploitation for Privilege Escalation |
CA-08 |
Penetration Testing |
Protects |
T1068 |
Exploitation for Privilege Escalation |
CA-07 |
Continuous Monitoring |
Protects |
T1070 |
Indicator Removal |
CA-07 |
Continuous Monitoring |
Protects |
T1003.001 |
LSASS Memory |
CA-07 |
Continuous Monitoring |
Protects |
T1003.002 |
Security Account Manager |
CA-08 |
Penetration Testing |
Protects |
T1021.001 |
Remote Desktop Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1021.002 |
SMB/Windows Admin Shares |
CA-07 |
Continuous Monitoring |
Protects |
T1036.005 |
Match Legitimate Name or Location |
CA-08 |
Penetration Testing |
Protects |
T1053.002 |
At |
CA-08 |
Penetration Testing |
Protects |
T1053.005 |
Scheduled Task |
CA-03 |
Information Exchange |
Protects |
T1567 |
Exfiltration Over Web Service |
CA-07 |
Continuous Monitoring |
Protects |
T1567 |
Exfiltration Over Web Service |
CA-07 |
Continuous Monitoring |
Protects |
T1569.002 |
Service Execution |
CA-08 |
Penetration Testing |
Protects |
T1578 |
Modify Cloud Compute Infrastructure |
CA-07 |
Continuous Monitoring |
Protects |
T1562.004 |
Disable or Modify System Firewall |
CA-07 |
Continuous Monitoring |
Protects |
T1556 |
Modify Authentication Process |
CA-07 |
Continuous Monitoring |
Protects |
T1552 |
Unsecured Credentials |
CA-08 |
Penetration Testing |
Protects |
T1552 |
Unsecured Credentials |
CA-07 |
Continuous Monitoring |
Protects |
T1548 |
Abuse Elevation Control Mechanism |
CA-08 |
Penetration Testing |
Protects |
T1548 |
Abuse Elevation Control Mechanism |
CA-03 |
Information Exchange |
Protects |
T1078 |
Valid Accounts |
CA-07 |
Continuous Monitoring |
Protects |
T1070.008 |
Clear Mailbox Data |
CA-03 |
Information Exchange |
Protects |
T1048 |
Exfiltration Over Alternative Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1048 |
Exfiltration Over Alternative Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1562 |
Impair Defenses |
CA-08 |
Penetration Testing |
Protects |
T1562 |
Impair Defenses |
CA-07 |
Continuous Monitoring |
Protects |
T1555 |
Credentials from Password Stores |
CA-07 |
Continuous Monitoring |
Protects |
T1552.005 |
Cloud Instance Metadata API |
CA-07 |
Continuous Monitoring |
Protects |
T1212 |
Exploitation for Credential Access |
CA-08 |
Penetration Testing |
Protects |
T1212 |
Exploitation for Credential Access |
CA-07 |
Continuous Monitoring |
Protects |
T1078 |
Valid Accounts |
CA-07 |
Continuous Monitoring |
Protects |
T1078.004 |
Cloud Accounts |
CA-07 |
Continuous Monitoring |
Protects |
T1072 |
Software Deployment Tools |
CA-07 |
Continuous Monitoring |
Protects |
T1036 |
Masquerading |
CA-07 |
Continuous Monitoring |
Protects |
T1003.007 |
Proc Filesystem |
CA-03 |
Information Exchange |
Protects |
T1020.001 |
Traffic Duplication |
CA-03 |
Information Exchange |
Protects |
T1048.003 |
Exfiltration Over Unencrypted Non-C2 Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1048.003 |
Exfiltration Over Unencrypted Non-C2 Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1053.006 |
Systemd Timers |
CA-07 |
Continuous Monitoring |
Protects |
T1070.007 |
Clear Network Connection History and Configurations |
CA-07 |
Continuous Monitoring |
Protects |
T1071 |
Application Layer Protocol |
CA-07 |
Continuous Monitoring |
Protects |
T1071.001 |
Web Protocols |
CA-07 |
Continuous Monitoring |
Protects |
T1071.002 |
File Transfer Protocols |
CA-07 |
Continuous Monitoring |
Protects |
T1080 |
Taint Shared Content |
CA-07 |
Continuous Monitoring |
Protects |
T1132.001 |
Standard Encoding |
CA-07 |
Continuous Monitoring |
Protects |
T1539 |
Steal Web Session Cookie |