|
CA-07
|
Continuous Monitoring
| mitigates |
T1001
|
Data Obfuscation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001.001
|
Junk Data
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001.003
|
Protocol or Service Impersonation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003
|
OS Credential Dumping
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.001
|
LSASS Memory
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.005
|
Cached Domain Credentials
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.007
|
Proc Filesystem
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1036
|
Masquerading
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037
|
Boot or Logon Initialization Scripts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1056.002
|
GUI Input Capture
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059
|
Command and Scripting Interpreter
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059.010
|
AutoHotKey & AutoIT
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.001
|
Clear Windows Event Logs
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.003
|
Clear Command History
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071
|
Application Layer Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.002
|
File Transfer Protocols
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.003
|
Mail Protocols
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1072
|
Software Deployment Tools
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078
|
Valid Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.001
|
Default Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.003
|
Local Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1078.004
|
Cloud Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1090.003
|
Multi-hop Proxy
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1102
|
Web Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1105
|
Ingress Tool Transfer
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110
|
Brute Force
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1176
|
Browser Extensions
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1203
|
Exploitation for Client Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204
|
User Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204.002
|
Malicious File
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213
|
Data from Information Repositories
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.001
|
Confluence
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.002
|
Sharepoint
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.003
|
Code Repositories
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.004
|
Customer Relationship Management Software
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1213.005
|
Messaging Applications
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218
|
System Binary Proxy Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.011
|
Rundll32
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.015
|
Electron Applications
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1219
|
Remote Access Software
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1489
|
Service Stop
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1528
|
Steal Application Access Token
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1530
|
Data from Cloud Storage
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1537
|
Transfer Data to Cloud Account
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1539
|
Steal Web Session Cookie
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1543
|
Create or Modify System Process
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1543.002
|
Systemd Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.003
|
Windows Management Instrumentation Event Subscription
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.016
|
Installer Packages
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1547.003
|
Time Providers
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1548
|
Abuse Elevation Control Mechanism
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1548.006
|
TCC Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552
|
Unsecured Credentials
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.001
|
Credentials In Files
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.004
|
Private Keys
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1555
|
Credentials from Password Stores
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1555.002
|
Securityd Memory
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1556
|
Modify Authentication Process
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1556.001
|
Domain Controller Authentication
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557
|
Adversary-in-the-Middle
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557.004
|
Evil Twin
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558
|
Steal or Forge Kerberos Tickets
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558.005
|
Ccache Files
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562
|
Impair Defenses
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.004
|
Disable or Modify System Firewall
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.006
|
Indicator Blocking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1564.004
|
NTFS File Attributes
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1565
|
Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566
|
Phishing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.001
|
Spearphishing Attachment
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.002
|
Spearphishing Link
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1566.003
|
Spearphishing via Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1572
|
Protocol Tunneling
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1573
|
Encrypted Channel
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.014
|
AppDomainManager
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1598.003
|
Spearphishing Link
|
|
CA-03
|
Information Exchange
| mitigates |
T1020.001
|
Traffic Duplication
|
|
CA-02
|
Control Assessments
| mitigates |
T1190
|
Exploit Public-Facing Application
|
|
CA-02
|
Control Assessments
| mitigates |
T1195
|
Supply Chain Compromise
|
|
CA-02
|
Control Assessments
| mitigates |
T1195.001
|
Compromise Software Dependencies and Development Tools
|
|
CA-03
|
Information Exchange
| mitigates |
T1078
|
Valid Accounts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1001.002
|
Steganography
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.002
|
Security Account Manager
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.003
|
NTDS
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.004
|
LSA Secrets
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.006
|
DCSync
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1003.008
|
/etc/passwd and /etc/shadow
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1008
|
Fallback Channels
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1021.002
|
SMB/Windows Admin Shares
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1021.005
|
VNC
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1029
|
Scheduled Transfer
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1030
|
Data Transfer Size Limits
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1036.003
|
Rename System Utilities
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1036.005
|
Match Legitimate Name or Location
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1036.007
|
Double File Extension
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037.002
|
Login Hook
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037.003
|
Network Logon Script
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037.004
|
RC Scripts
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1037.005
|
Startup Items
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1041
|
Exfiltration Over C2 Channel
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1046
|
Network Service Discovery
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1048.001
|
Exfiltration Over Symmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1052
|
Exfiltration Over Physical Medium
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1052.001
|
Exfiltration over USB
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1053.006
|
Systemd Timers
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1055.009
|
Proc Memory
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059.005
|
Visual Basic
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1059.007
|
JavaScript
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1068
|
Exploitation for Privilege Escalation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070
|
Indicator Removal
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.002
|
Clear Linux or Mac System Logs
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.007
|
Clear Network Connection History and Configurations
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.008
|
Clear Mailbox Data
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1070.009
|
Clear Persistence
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.001
|
Web Protocols
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1071.004
|
DNS
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1080
|
Taint Shared Content
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1090
|
Proxy
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1090.001
|
Internal Proxy
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1090.002
|
External Proxy
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1095
|
Non-Application Layer Protocol
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1102.001
|
Dead Drop Resolver
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1102.002
|
Bidirectional Communication
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1102.003
|
One-Way Communication
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1104
|
Multi-Stage Channels
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110.001
|
Password Guessing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110.002
|
Password Cracking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110.003
|
Password Spraying
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1110.004
|
Credential Stuffing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1111
|
Multi-Factor Authentication Interception
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1132
|
Data Encoding
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1132.001
|
Standard Encoding
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1132.002
|
Non-Standard Encoding
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1185
|
Browser Session Hijacking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1187
|
Forced Authentication
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1189
|
Drive-by Compromise
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1195.002
|
Compromise Software Supply Chain
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1197
|
BITS Jobs
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1201
|
Password Policy Discovery
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204.001
|
Malicious Link
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1204.003
|
Malicious Image
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1205
|
Traffic Signaling
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1205.001
|
Port Knocking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1210
|
Exploitation of Remote Services
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1211
|
Exploitation for Defense Evasion
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1212
|
Exploitation for Credential Access
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.002
|
Control Panel
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.010
|
Regsvr32
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1218.012
|
Verclsid
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1221
|
Template Injection
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1222
|
File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1222.001
|
Windows File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1222.002
|
Linux and Mac File and Directory Permissions Modification
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1498
|
Network Denial of Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1498.001
|
Direct Network Flood
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1498.002
|
Reflection Amplification
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1499
|
Endpoint Denial of Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1499.001
|
OS Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1499.002
|
Service Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1499.003
|
Application Exhaustion Flood
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1499.004
|
Application or System Exploitation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1542.004
|
ROMMONkit
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1542.005
|
TFTP Boot
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.004
|
Unix Shell Configuration Modification
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1546.013
|
PowerShell Profile
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1547.013
|
XDG Autostart Entries
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1548.003
|
Sudo and Sudo Caching
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1550.003
|
Pass the Ticket
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.002
|
Credentials in Registry
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1552.005
|
Cloud Instance Metadata API
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1553.003
|
SIP and Trust Provider Hijacking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1555.001
|
Keychain
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557.001
|
LLMNR/NBT-NS Poisoning and SMB Relay
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557.002
|
ARP Cache Poisoning
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1557.003
|
DHCP Spoofing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558.002
|
Silver Ticket
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558.003
|
Kerberoasting
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1558.004
|
AS-REP Roasting
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.001
|
Disable or Modify Tools
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1562.002
|
Disable Windows Event Logging
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1563.001
|
SSH Hijacking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1564.010
|
Process Argument Spoofing
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1565.001
|
Stored Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1565.003
|
Runtime Data Manipulation
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1567
|
Exfiltration Over Web Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1568
|
Dynamic Resolution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1568.002
|
Domain Generation Algorithms
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1569
|
System Services
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1569.002
|
Service Execution
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1570
|
Lateral Tool Transfer
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1571
|
Non-Standard Port
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1573.001
|
Symmetric Cryptography
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1573.002
|
Asymmetric Cryptography
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574
|
Hijack Execution Flow
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.004
|
Dylib Hijacking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.007
|
Path Interception by PATH Environment Variable
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.008
|
Path Interception by Search Order Hijacking
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.009
|
Path Interception by Unquoted Path
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1574.013
|
KernelCallbackTable
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1598
|
Phishing for Information
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1598.001
|
Spearphishing Service
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1598.002
|
Spearphishing Attachment
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1599
|
Network Boundary Bridging
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1599.001
|
Network Address Translation Traversal
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1602
|
Data from Configuration Repository
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1602.001
|
SNMP (MIB Dump)
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1602.002
|
Network Device Configuration Dump
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1622
|
Debugger Evasion
|
|
CA-07
|
Continuous Monitoring
| mitigates |
T1647
|
Plist File Modification
|
|
CA-02
|
Control Assessments
| mitigates |
T1195.002
|
Compromise Software Supply Chain
|
|
CA-02
|
Control Assessments
| mitigates |
T1210
|
Exploitation of Remote Services
|
|
CA-03
|
Information Exchange
| mitigates |
T1041
|
Exfiltration Over C2 Channel
|
|
CA-03
|
Information Exchange
| mitigates |
T1048
|
Exfiltration Over Alternative Protocol
|
|
CA-03
|
Information Exchange
| mitigates |
T1048.002
|
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
|
|
CA-03
|
Information Exchange
| mitigates |
T1048.003
|
Exfiltration Over Unencrypted Non-C2 Protocol
|
|
CA-03
|
Information Exchange
| mitigates |
T1567
|
Exfiltration Over Web Service
|
