NIST 800-53 System and Information Integrity Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SI-10 Information Input Validation Protects T1021.002 SMB/Windows Admin Shares
SI-10 Information Input Validation Protects T1021.005 VNC
SI-10 Information Input Validation Protects T1036 Masquerading
SI-10 Information Input Validation Protects T1036.005 Match Legitimate Name or Location
SI-10 Information Input Validation Protects T1048 Exfiltration Over Alternative Protocol
SI-10 Information Input Validation Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-10 Information Input Validation Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-10 Information Input Validation Protects T1059 Command and Scripting Interpreter
SI-10 Information Input Validation Protects T1059.002 AppleScript
SI-10 Information Input Validation Protects T1059.003 Windows Command Shell
SI-10 Information Input Validation Protects T1059.004 Unix Shell
SI-10 Information Input Validation Protects T1059.005 Visual Basic
SI-10 Information Input Validation Protects T1059.006 Python
SI-10 Information Input Validation Protects T1059.007 JavaScript
SI-10 Information Input Validation Protects T1059.008 Network Device CLI
SI-10 Information Input Validation Protects T1071.004 DNS
SI-10 Information Input Validation Protects T1080 Taint Shared Content
SI-10 Information Input Validation Protects T1090 Proxy
SI-10 Information Input Validation Protects T1090.003 Multi-hop Proxy
SI-10 Information Input Validation Protects T1095 Non-Application Layer Protocol
SI-10 Information Input Validation Protects T1127 Trusted Developer Utilities Proxy Execution
SI-10 Information Input Validation Protects T1129 Shared Modules
SI-10 Information Input Validation Protects T1176 Browser Extensions
SI-10 Information Input Validation Protects T1187 Forced Authentication
SI-10 Information Input Validation Protects T1190 Exploit Public-Facing Application
SI-10 Information Input Validation Protects T1197 BITS Jobs
SI-10 Information Input Validation Protects T1204 User Execution
SI-10 Information Input Validation Protects T1204.002 Malicious File
SI-10 Information Input Validation Protects T1216 Signed Script Proxy Execution
SI-10 Information Input Validation Protects T1216.001 PubPrn
SI-10 Information Input Validation Protects T1218 Signed Binary Proxy Execution
SI-10 Information Input Validation Protects T1218.001 Compiled HTML File
SI-10 Information Input Validation Protects T1218.002 Control Panel
SI-10 Information Input Validation Protects T1218.003 CMSTP
SI-10 Information Input Validation Protects T1218.004 InstallUtil
SI-10 Information Input Validation Protects T1218.005 Mshta
SI-10 Information Input Validation Protects T1218.008 Odbcconf
SI-10 Information Input Validation Protects T1218.009 Regsvcs/Regasm
SI-10 Information Input Validation Protects T1218.010 Regsvr32
SI-10 Information Input Validation Protects T1218.011 Rundll32
SI-10 Information Input Validation Protects T1218.012 Verclsid
SI-10 Information Input Validation Protects T1219 Remote Access Software
SI-10 Information Input Validation Protects T1220 XSL Script Processing
SI-10 Information Input Validation Protects T1221 Template Injection
SI-10 Information Input Validation Protects T1498 Network Denial of Service
SI-10 Information Input Validation Protects T1498.001 Direct Network Flood
SI-10 Information Input Validation Protects T1498.002 Reflection Amplification
SI-10 Information Input Validation Protects T1499 Endpoint Denial of Service
SI-10 Information Input Validation Protects T1499.001 OS Exhaustion Flood
SI-10 Information Input Validation Protects T1499.002 Service Exhaustion Flood
SI-10 Information Input Validation Protects T1499.003 Application Exhaustion Flood
SI-10 Information Input Validation Protects T1499.004 Application or System Exploitation
SI-10 Information Input Validation Protects T1530 Data from Cloud Storage Object
SI-10 Information Input Validation Protects T1537 Transfer Data to Cloud Account
SI-10 Information Input Validation Protects T1546.002 Screensaver
SI-10 Information Input Validation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-10 Information Input Validation Protects T1546.008 Accessibility Features
SI-10 Information Input Validation Protects T1546.009 AppCert DLLs
SI-10 Information Input Validation Protects T1546.010 AppInit DLLs
SI-10 Information Input Validation Protects T1547.004 Winlogon Helper DLL
SI-10 Information Input Validation Protects T1547.006 Kernel Modules and Extensions
SI-10 Information Input Validation Protects T1552 Unsecured Credentials
SI-10 Information Input Validation Protects T1552.005 Cloud Instance Metadata API
SI-10 Information Input Validation Protects T1553 Subvert Trust Controls
SI-10 Information Input Validation Protects T1553.001 Gatekeeper Bypass
SI-10 Information Input Validation Protects T1553.003 SIP and Trust Provider Hijacking
SI-10 Information Input Validation Protects T1553.005 Mark-of-the-Web Bypass
SI-10 Information Input Validation Protects T1557 Man-in-the-Middle
SI-10 Information Input Validation Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-10 Information Input Validation Protects T1557.002 ARP Cache Poisoning
SI-10 Information Input Validation Protects T1564.003 Hidden Window
SI-10 Information Input Validation Protects T1564.006 Run Virtual Instance
SI-10 Information Input Validation Protects T1570 Lateral Tool Transfer
SI-10 Information Input Validation Protects T1572 Protocol Tunneling
SI-10 Information Input Validation Protects T1574 Hijack Execution Flow
SI-10 Information Input Validation Protects T1574.001 DLL Search Order Hijacking
SI-10 Information Input Validation Protects T1574.006 Dynamic Linker Hijacking
SI-10 Information Input Validation Protects T1574.007 Path Interception by PATH Environment Variable
SI-10 Information Input Validation Protects T1574.008 Path Interception by Search Order Hijacking
SI-10 Information Input Validation Protects T1574.009 Path Interception by Unquoted Path
SI-10 Information Input Validation Protects T1574.012 COR_PROFILER
SI-10 Information Input Validation Protects T1599 Network Boundary Bridging
SI-10 Information Input Validation Protects T1599.001 Network Address Translation Traversal
SI-10 Information Input Validation Protects T1602 Data from Configuration Repository
SI-10 Information Input Validation Protects T1602.001 SNMP (MIB Dump)
SI-10 Information Input Validation Protects T1602.002 Network Device Configuration Dump
SI-10 Information Input Validation Protects T1609 Container Administration Command
SI-12 Information Management and Retention Protects T1003 OS Credential Dumping
SI-12 Information Management and Retention Protects T1003.003 NTDS
SI-12 Information Management and Retention Protects T1020.001 Traffic Duplication
SI-12 Information Management and Retention Protects T1040 Network Sniffing
SI-12 Information Management and Retention Protects T1070 Indicator Removal on Host
SI-12 Information Management and Retention Protects T1070.001 Clear Windows Event Logs
SI-12 Information Management and Retention Protects T1070.002 Clear Linux or Mac System Logs
SI-12 Information Management and Retention Protects T1114 Email Collection
SI-12 Information Management and Retention Protects T1114.001 Local Email Collection
SI-12 Information Management and Retention Protects T1114.002 Remote Email Collection
SI-12 Information Management and Retention Protects T1114.003 Email Forwarding Rule
SI-12 Information Management and Retention Protects T1119 Automated Collection
SI-12 Information Management and Retention Protects T1530 Data from Cloud Storage Object
SI-12 Information Management and Retention Protects T1548 Abuse Elevation Control Mechanism
SI-12 Information Management and Retention Protects T1548.004 Elevated Execution with Prompt
SI-12 Information Management and Retention Protects T1550.001 Application Access Token
SI-12 Information Management and Retention Protects T1552 Unsecured Credentials
SI-12 Information Management and Retention Protects T1552.004 Private Keys
SI-12 Information Management and Retention Protects T1557 Man-in-the-Middle
SI-12 Information Management and Retention Protects T1557.002 ARP Cache Poisoning
SI-12 Information Management and Retention Protects T1558 Steal or Forge Kerberos Tickets
SI-12 Information Management and Retention Protects T1558.002 Silver Ticket
SI-12 Information Management and Retention Protects T1558.003 Kerberoasting
SI-12 Information Management and Retention Protects T1558.004 AS-REP Roasting
SI-12 Information Management and Retention Protects T1565 Data Manipulation
SI-12 Information Management and Retention Protects T1565.001 Stored Data Manipulation
SI-12 Information Management and Retention Protects T1565.002 Transmitted Data Manipulation
SI-12 Information Management and Retention Protects T1602 Data from Configuration Repository
SI-12 Information Management and Retention Protects T1602.001 SNMP (MIB Dump)
SI-12 Information Management and Retention Protects T1602.002 Network Device Configuration Dump
SI-15 Information Output Filtering Protects T1021.002 SMB/Windows Admin Shares
SI-15 Information Output Filtering Protects T1021.005 VNC
SI-15 Information Output Filtering Protects T1048 Exfiltration Over Alternative Protocol
SI-15 Information Output Filtering Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-15 Information Output Filtering Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-15 Information Output Filtering Protects T1071.004 DNS
SI-15 Information Output Filtering Protects T1090 Proxy
SI-15 Information Output Filtering Protects T1090.003 Multi-hop Proxy
SI-15 Information Output Filtering Protects T1095 Non-Application Layer Protocol
SI-15 Information Output Filtering Protects T1187 Forced Authentication
SI-15 Information Output Filtering Protects T1197 BITS Jobs
SI-15 Information Output Filtering Protects T1205 Traffic Signaling
SI-15 Information Output Filtering Protects T1205.001 Port Knocking
SI-15 Information Output Filtering Protects T1218.012 Verclsid
SI-15 Information Output Filtering Protects T1219 Remote Access Software
SI-15 Information Output Filtering Protects T1498 Network Denial of Service
SI-15 Information Output Filtering Protects T1498.001 Direct Network Flood
SI-15 Information Output Filtering Protects T1498.002 Reflection Amplification
SI-15 Information Output Filtering Protects T1499 Endpoint Denial of Service
SI-15 Information Output Filtering Protects T1499.001 OS Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.002 Service Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.003 Application Exhaustion Flood
SI-15 Information Output Filtering Protects T1499.004 Application or System Exploitation
SI-15 Information Output Filtering Protects T1530 Data from Cloud Storage Object
SI-15 Information Output Filtering Protects T1537 Transfer Data to Cloud Account
SI-15 Information Output Filtering Protects T1552 Unsecured Credentials
SI-15 Information Output Filtering Protects T1552.005 Cloud Instance Metadata API
SI-15 Information Output Filtering Protects T1557 Man-in-the-Middle
SI-15 Information Output Filtering Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-15 Information Output Filtering Protects T1557.002 ARP Cache Poisoning
SI-15 Information Output Filtering Protects T1570 Lateral Tool Transfer
SI-15 Information Output Filtering Protects T1572 Protocol Tunneling
SI-15 Information Output Filtering Protects T1599 Network Boundary Bridging
SI-15 Information Output Filtering Protects T1599.001 Network Address Translation Traversal
SI-15 Information Output Filtering Protects T1602 Data from Configuration Repository
SI-15 Information Output Filtering Protects T1602.001 SNMP (MIB Dump)
SI-15 Information Output Filtering Protects T1602.002 Network Device Configuration Dump
SI-16 Memory Protection Protects T1055.009 Proc Memory
SI-16 Memory Protection Protects T1543 Create or Modify System Process
SI-16 Memory Protection Protects T1543.002 Systemd Service
SI-16 Memory Protection Protects T1548 Abuse Elevation Control Mechanism
SI-16 Memory Protection Protects T1548.004 Elevated Execution with Prompt
SI-16 Memory Protection Protects T1565 Data Manipulation
SI-16 Memory Protection Protects T1565.001 Stored Data Manipulation
SI-16 Memory Protection Protects T1565.003 Runtime Data Manipulation
SI-16 Memory Protection Protects T1611 Escape to Host
SI-2 Flaw Remediation Protects T1027 Obfuscated Files or Information
SI-2 Flaw Remediation Protects T1027.002 Software Packing
SI-2 Flaw Remediation Protects T1055 Process Injection
SI-2 Flaw Remediation Protects T1055.001 Dynamic-link Library Injection
SI-2 Flaw Remediation Protects T1055.002 Portable Executable Injection
SI-2 Flaw Remediation Protects T1055.003 Thread Execution Hijacking
SI-2 Flaw Remediation Protects T1055.004 Asynchronous Procedure Call
SI-2 Flaw Remediation Protects T1055.005 Thread Local Storage
SI-2 Flaw Remediation Protects T1055.008 Ptrace System Calls
SI-2 Flaw Remediation Protects T1055.009 Proc Memory
SI-2 Flaw Remediation Protects T1055.011 Extra Window Memory Injection
SI-2 Flaw Remediation Protects T1055.012 Process Hollowing
SI-2 Flaw Remediation Protects T1055.013 Process Doppelgänging
SI-2 Flaw Remediation Protects T1055.014 VDSO Hijacking
SI-2 Flaw Remediation Protects T1059 Command and Scripting Interpreter
SI-2 Flaw Remediation Protects T1059.001 PowerShell
SI-2 Flaw Remediation Protects T1059.005 Visual Basic
SI-2 Flaw Remediation Protects T1059.006 Python
SI-2 Flaw Remediation Protects T1068 Exploitation for Privilege Escalation
SI-2 Flaw Remediation Protects T1072 Software Deployment Tools
SI-2 Flaw Remediation Protects T1137 Office Application Startup
SI-2 Flaw Remediation Protects T1137.003 Outlook Forms
SI-2 Flaw Remediation Protects T1137.004 Outlook Home Page
SI-2 Flaw Remediation Protects T1137.005 Outlook Rules
SI-2 Flaw Remediation Protects T1189 Drive-by Compromise
SI-2 Flaw Remediation Protects T1190 Exploit Public-Facing Application
SI-2 Flaw Remediation Protects T1195 Supply Chain Compromise
SI-2 Flaw Remediation Protects T1195.001 Compromise Software Dependencies and Development Tools
SI-2 Flaw Remediation Protects T1195.002 Compromise Software Supply Chain
SI-2 Flaw Remediation Protects T1195.003 Compromise Hardware Supply Chain
SI-2 Flaw Remediation Protects T1204 User Execution
SI-2 Flaw Remediation Protects T1204.001 Malicious Link
SI-2 Flaw Remediation Protects T1204.003 Malicious Image
SI-2 Flaw Remediation Protects T1210 Exploitation of Remote Services
SI-2 Flaw Remediation Protects T1211 Exploitation for Defense Evasion
SI-2 Flaw Remediation Protects T1212 Exploitation for Credential Access
SI-2 Flaw Remediation Protects T1221 Template Injection
SI-2 Flaw Remediation Protects T1495 Firmware Corruption
SI-2 Flaw Remediation Protects T1525 Implant Internal Image
SI-2 Flaw Remediation Protects T1542 Pre-OS Boot
SI-2 Flaw Remediation Protects T1542.001 System Firmware
SI-2 Flaw Remediation Protects T1542.003 Bootkit
SI-2 Flaw Remediation Protects T1542.004 ROMMONkit
SI-2 Flaw Remediation Protects T1542.005 TFTP Boot
SI-2 Flaw Remediation Protects T1546.006 LC_LOAD_DYLIB Addition
SI-2 Flaw Remediation Protects T1546.010 AppInit DLLs
SI-2 Flaw Remediation Protects T1546.011 Application Shimming
SI-2 Flaw Remediation Protects T1547.006 Kernel Modules and Extensions
SI-2 Flaw Remediation Protects T1548.002 Bypass User Account Control
SI-2 Flaw Remediation Protects T1550.002 Pass the Hash
SI-2 Flaw Remediation Protects T1552 Unsecured Credentials
SI-2 Flaw Remediation Protects T1552.006 Group Policy Preferences
SI-2 Flaw Remediation Protects T1553 Subvert Trust Controls
SI-2 Flaw Remediation Protects T1553.006 Code Signing Policy Modification
SI-2 Flaw Remediation Protects T1555.005 Password Managers
SI-2 Flaw Remediation Protects T1559 Inter-Process Communication
SI-2 Flaw Remediation Protects T1559.002 Dynamic Data Exchange
SI-2 Flaw Remediation Protects T1566 Phishing
SI-2 Flaw Remediation Protects T1566.001 Spearphishing Attachment
SI-2 Flaw Remediation Protects T1566.003 Spearphishing via Service
SI-2 Flaw Remediation Protects T1574 Hijack Execution Flow
SI-2 Flaw Remediation Protects T1574.002 DLL Side-Loading
SI-2 Flaw Remediation Protects T1601 Modify System Image
SI-2 Flaw Remediation Protects T1601.001 Patch System Image
SI-2 Flaw Remediation Protects T1601.002 Downgrade System Image
SI-2 Flaw Remediation Protects T1611 Escape to Host
SI-23 Information Fragmentation Protects T1070 Indicator Removal on Host
SI-23 Information Fragmentation Protects T1070.001 Clear Windows Event Logs
SI-23 Information Fragmentation Protects T1070.002 Clear Linux or Mac System Logs
SI-23 Information Fragmentation Protects T1072 Software Deployment Tools
SI-23 Information Fragmentation Protects T1119 Automated Collection
SI-23 Information Fragmentation Protects T1565 Data Manipulation
SI-23 Information Fragmentation Protects T1565.001 Stored Data Manipulation
SI-3 Malicious Code Protection Protects T1001 Data Obfuscation
SI-3 Malicious Code Protection Protects T1001.001 Junk Data
SI-3 Malicious Code Protection Protects T1001.002 Steganography
SI-3 Malicious Code Protection Protects T1001.003 Protocol Impersonation
SI-3 Malicious Code Protection Protects T1003 OS Credential Dumping
SI-3 Malicious Code Protection Protects T1003.001 LSASS Memory
SI-3 Malicious Code Protection Protects T1003.002 Security Account Manager
SI-3 Malicious Code Protection Protects T1003.003 NTDS
SI-3 Malicious Code Protection Protects T1003.004 LSA Secrets
SI-3 Malicious Code Protection Protects T1003.005 Cached Domain Credentials
SI-3 Malicious Code Protection Protects T1003.006 DCSync
SI-3 Malicious Code Protection Protects T1003.007 Proc Filesystem
SI-3 Malicious Code Protection Protects T1003.008 /etc/passwd and /etc/shadow
SI-3 Malicious Code Protection Protects T1008 Fallback Channels
SI-3 Malicious Code Protection Protects T1011.001 Exfiltration Over Bluetooth
SI-3 Malicious Code Protection Protects T1021.003 Distributed Component Object Model
SI-3 Malicious Code Protection Protects T1021.005 VNC
SI-3 Malicious Code Protection Protects T1027 Obfuscated Files or Information
SI-3 Malicious Code Protection Protects T1027.002 Software Packing
SI-3 Malicious Code Protection Protects T1029 Scheduled Transfer
SI-3 Malicious Code Protection Protects T1030 Data Transfer Size Limits
SI-3 Malicious Code Protection Protects T1036 Masquerading
SI-3 Malicious Code Protection Protects T1036.003 Rename System Utilities
SI-3 Malicious Code Protection Protects T1036.005 Match Legitimate Name or Location
SI-3 Malicious Code Protection Protects T1037 Boot or Logon Initialization Scripts
SI-3 Malicious Code Protection Protects T1037.002 Logon Script (Mac)
SI-3 Malicious Code Protection Protects T1037.003 Network Logon Script
SI-3 Malicious Code Protection Protects T1037.004 RC Scripts
SI-3 Malicious Code Protection Protects T1037.005 Startup Items
SI-3 Malicious Code Protection Protects T1041 Exfiltration Over C2 Channel
SI-3 Malicious Code Protection Protects T1046 Network Service Scanning
SI-3 Malicious Code Protection Protects T1048 Exfiltration Over Alternative Protocol
SI-3 Malicious Code Protection Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-3 Malicious Code Protection Protects T1052 Exfiltration Over Physical Medium
SI-3 Malicious Code Protection Protects T1052.001 Exfiltration over USB
SI-3 Malicious Code Protection Protects T1055 Process Injection
SI-3 Malicious Code Protection Protects T1055.001 Dynamic-link Library Injection
SI-3 Malicious Code Protection Protects T1055.002 Portable Executable Injection
SI-3 Malicious Code Protection Protects T1055.003 Thread Execution Hijacking
SI-3 Malicious Code Protection Protects T1055.004 Asynchronous Procedure Call
SI-3 Malicious Code Protection Protects T1055.005 Thread Local Storage
SI-3 Malicious Code Protection Protects T1055.008 Ptrace System Calls
SI-3 Malicious Code Protection Protects T1055.009 Proc Memory
SI-3 Malicious Code Protection Protects T1055.011 Extra Window Memory Injection
SI-3 Malicious Code Protection Protects T1055.012 Process Hollowing
SI-3 Malicious Code Protection Protects T1055.013 Process Doppelgänging
SI-3 Malicious Code Protection Protects T1055.014 VDSO Hijacking
SI-3 Malicious Code Protection Protects T1056.002 GUI Input Capture
SI-3 Malicious Code Protection Protects T1059 Command and Scripting Interpreter
SI-3 Malicious Code Protection Protects T1059.001 PowerShell
SI-3 Malicious Code Protection Protects T1059.005 Visual Basic
SI-3 Malicious Code Protection Protects T1059.006 Python
SI-3 Malicious Code Protection Protects T1059.007 JavaScript
SI-3 Malicious Code Protection Protects T1068 Exploitation for Privilege Escalation
SI-3 Malicious Code Protection Protects T1070 Indicator Removal on Host
SI-3 Malicious Code Protection Protects T1070.001 Clear Windows Event Logs
SI-3 Malicious Code Protection Protects T1070.002 Clear Linux or Mac System Logs
SI-3 Malicious Code Protection Protects T1070.003 Clear Command History
SI-3 Malicious Code Protection Protects T1071 Application Layer Protocol
SI-3 Malicious Code Protection Protects T1071.001 Web Protocols
SI-3 Malicious Code Protection Protects T1071.002 File Transfer Protocols
SI-3 Malicious Code Protection Protects T1071.003 Mail Protocols
SI-3 Malicious Code Protection Protects T1071.004 DNS
SI-3 Malicious Code Protection Protects T1072 Software Deployment Tools
SI-3 Malicious Code Protection Protects T1080 Taint Shared Content
SI-3 Malicious Code Protection Protects T1090 Proxy
SI-3 Malicious Code Protection Protects T1090.001 Internal Proxy
SI-3 Malicious Code Protection Protects T1090.002 External Proxy
SI-3 Malicious Code Protection Protects T1091 Replication Through Removable Media
SI-3 Malicious Code Protection Protects T1092 Communication Through Removable Media
SI-3 Malicious Code Protection Protects T1095 Non-Application Layer Protocol
SI-3 Malicious Code Protection Protects T1098.004 SSH Authorized Keys
SI-3 Malicious Code Protection Protects T1102 Web Service
SI-3 Malicious Code Protection Protects T1102.001 Dead Drop Resolver
SI-3 Malicious Code Protection Protects T1102.002 Bidirectional Communication
SI-3 Malicious Code Protection Protects T1102.003 One-Way Communication
SI-3 Malicious Code Protection Protects T1104 Multi-Stage Channels
SI-3 Malicious Code Protection Protects T1105 Ingress Tool Transfer
SI-3 Malicious Code Protection Protects T1111 Two-Factor Authentication Interception
SI-3 Malicious Code Protection Protects T1132 Data Encoding
SI-3 Malicious Code Protection Protects T1132.001 Standard Encoding
SI-3 Malicious Code Protection Protects T1132.002 Non-Standard Encoding
SI-3 Malicious Code Protection Protects T1137 Office Application Startup
SI-3 Malicious Code Protection Protects T1137.001 Office Template Macros
SI-3 Malicious Code Protection Protects T1176 Browser Extensions
SI-3 Malicious Code Protection Protects T1185 Man in the Browser
SI-3 Malicious Code Protection Protects T1189 Drive-by Compromise
SI-3 Malicious Code Protection Protects T1190 Exploit Public-Facing Application
SI-3 Malicious Code Protection Protects T1201 Password Policy Discovery
SI-3 Malicious Code Protection Protects T1203 Exploitation for Client Execution
SI-3 Malicious Code Protection Protects T1204 User Execution
SI-3 Malicious Code Protection Protects T1204.001 Malicious Link
SI-3 Malicious Code Protection Protects T1204.002 Malicious File
SI-3 Malicious Code Protection Protects T1204.003 Malicious Image
SI-3 Malicious Code Protection Protects T1210 Exploitation of Remote Services
SI-3 Malicious Code Protection Protects T1211 Exploitation for Defense Evasion
SI-3 Malicious Code Protection Protects T1212 Exploitation for Credential Access
SI-3 Malicious Code Protection Protects T1218.002 Control Panel
SI-3 Malicious Code Protection Protects T1219 Remote Access Software
SI-3 Malicious Code Protection Protects T1221 Template Injection
SI-3 Malicious Code Protection Protects T1485 Data Destruction
SI-3 Malicious Code Protection Protects T1486 Data Encrypted for Impact
SI-3 Malicious Code Protection Protects T1490 Inhibit System Recovery
SI-3 Malicious Code Protection Protects T1491 Defacement
SI-3 Malicious Code Protection Protects T1491.001 Internal Defacement
SI-3 Malicious Code Protection Protects T1491.002 External Defacement
SI-3 Malicious Code Protection Protects T1525 Implant Internal Image
SI-3 Malicious Code Protection Protects T1539 Steal Web Session Cookie
SI-3 Malicious Code Protection Protects T1543 Create or Modify System Process
SI-3 Malicious Code Protection Protects T1543.002 Systemd Service
SI-3 Malicious Code Protection Protects T1546.002 Screensaver
SI-3 Malicious Code Protection Protects T1546.004 Unix Shell Configuration Modification
SI-3 Malicious Code Protection Protects T1546.006 LC_LOAD_DYLIB Addition
SI-3 Malicious Code Protection Protects T1546.013 PowerShell Profile
SI-3 Malicious Code Protection Protects T1546.014 Emond
SI-3 Malicious Code Protection Protects T1547.002 Authentication Package
SI-3 Malicious Code Protection Protects T1547.005 Security Support Provider
SI-3 Malicious Code Protection Protects T1547.006 Kernel Modules and Extensions
SI-3 Malicious Code Protection Protects T1547.007 Re-opened Applications
SI-3 Malicious Code Protection Protects T1547.008 LSASS Driver
SI-3 Malicious Code Protection Protects T1547.013 XDG Autostart Entries
SI-3 Malicious Code Protection Protects T1548 Abuse Elevation Control Mechanism
SI-3 Malicious Code Protection Protects T1548.004 Elevated Execution with Prompt
SI-3 Malicious Code Protection Protects T1553.003 SIP and Trust Provider Hijacking
SI-3 Malicious Code Protection Protects T1557 Man-in-the-Middle
SI-3 Malicious Code Protection Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-3 Malicious Code Protection Protects T1557.002 ARP Cache Poisoning
SI-3 Malicious Code Protection Protects T1558 Steal or Forge Kerberos Tickets
SI-3 Malicious Code Protection Protects T1558.002 Silver Ticket
SI-3 Malicious Code Protection Protects T1558.003 Kerberoasting
SI-3 Malicious Code Protection Protects T1558.004 AS-REP Roasting
SI-3 Malicious Code Protection Protects T1559 Inter-Process Communication
SI-3 Malicious Code Protection Protects T1559.001 Component Object Model
SI-3 Malicious Code Protection Protects T1559.002 Dynamic Data Exchange
SI-3 Malicious Code Protection Protects T1560 Archive Collected Data
SI-3 Malicious Code Protection Protects T1560.001 Archive via Utility
SI-3 Malicious Code Protection Protects T1561 Disk Wipe
SI-3 Malicious Code Protection Protects T1561.001 Disk Content Wipe
SI-3 Malicious Code Protection Protects T1561.002 Disk Structure Wipe
SI-3 Malicious Code Protection Protects T1562 Impair Defenses
SI-3 Malicious Code Protection Protects T1562.001 Disable or Modify Tools
SI-3 Malicious Code Protection Protects T1562.002 Disable Windows Event Logging
SI-3 Malicious Code Protection Protects T1562.004 Disable or Modify System Firewall
SI-3 Malicious Code Protection Protects T1562.006 Indicator Blocking
SI-3 Malicious Code Protection Protects T1564.004 NTFS File Attributes
SI-3 Malicious Code Protection Protects T1566 Phishing
SI-3 Malicious Code Protection Protects T1566.001 Spearphishing Attachment
SI-3 Malicious Code Protection Protects T1566.002 Spearphishing Link
SI-3 Malicious Code Protection Protects T1566.003 Spearphishing via Service
SI-3 Malicious Code Protection Protects T1568 Dynamic Resolution
SI-3 Malicious Code Protection Protects T1568.002 Domain Generation Algorithms
SI-3 Malicious Code Protection Protects T1569 System Services
SI-3 Malicious Code Protection Protects T1569.002 Service Execution
SI-3 Malicious Code Protection Protects T1570 Lateral Tool Transfer
SI-3 Malicious Code Protection Protects T1571 Non-Standard Port
SI-3 Malicious Code Protection Protects T1572 Protocol Tunneling
SI-3 Malicious Code Protection Protects T1573 Encrypted Channel
SI-3 Malicious Code Protection Protects T1573.001 Symmetric Cryptography
SI-3 Malicious Code Protection Protects T1573.002 Asymmetric Cryptography
SI-3 Malicious Code Protection Protects T1574 Hijack Execution Flow
SI-3 Malicious Code Protection Protects T1574.001 DLL Search Order Hijacking
SI-3 Malicious Code Protection Protects T1574.004 Dylib Hijacking
SI-3 Malicious Code Protection Protects T1574.007 Path Interception by PATH Environment Variable
SI-3 Malicious Code Protection Protects T1574.008 Path Interception by Search Order Hijacking
SI-3 Malicious Code Protection Protects T1574.009 Path Interception by Unquoted Path
SI-3 Malicious Code Protection Protects T1598 Phishing for Information
SI-3 Malicious Code Protection Protects T1598.001 Spearphishing Service
SI-3 Malicious Code Protection Protects T1598.002 Spearphishing Attachment
SI-3 Malicious Code Protection Protects T1598.003 Spearphishing Link
SI-3 Malicious Code Protection Protects T1602 Data from Configuration Repository
SI-3 Malicious Code Protection Protects T1602.001 SNMP (MIB Dump)
SI-3 Malicious Code Protection Protects T1602.002 Network Device Configuration Dump
SI-3 Malicious Code Protection Protects T1611 Escape to Host
SI-4 System Monitoring Protects T1001 Data Obfuscation
SI-4 System Monitoring Protects T1001.001 Junk Data
SI-4 System Monitoring Protects T1001.002 Steganography
SI-4 System Monitoring Protects T1001.003 Protocol Impersonation
SI-4 System Monitoring Protects T1003 OS Credential Dumping
SI-4 System Monitoring Protects T1003.001 LSASS Memory
SI-4 System Monitoring Protects T1003.002 Security Account Manager
SI-4 System Monitoring Protects T1003.003 NTDS
SI-4 System Monitoring Protects T1003.004 LSA Secrets
SI-4 System Monitoring Protects T1003.005 Cached Domain Credentials
SI-4 System Monitoring Protects T1003.006 DCSync
SI-4 System Monitoring Protects T1003.007 Proc Filesystem
SI-4 System Monitoring Protects T1003.008 /etc/passwd and /etc/shadow
SI-4 System Monitoring Protects T1008 Fallback Channels
SI-4 System Monitoring Protects T1011 Exfiltration Over Other Network Medium
SI-4 System Monitoring Protects T1011.001 Exfiltration Over Bluetooth
SI-4 System Monitoring Protects T1020.001 Traffic Duplication
SI-4 System Monitoring Protects T1021 Remote Services
SI-4 System Monitoring Protects T1021.001 Remote Desktop Protocol
SI-4 System Monitoring Protects T1021.002 SMB/Windows Admin Shares
SI-4 System Monitoring Protects T1021.003 Distributed Component Object Model
SI-4 System Monitoring Protects T1021.004 SSH
SI-4 System Monitoring Protects T1021.005 VNC
SI-4 System Monitoring Protects T1021.006 Windows Remote Management
SI-4 System Monitoring Protects T1027 Obfuscated Files or Information
SI-4 System Monitoring Protects T1027.002 Software Packing
SI-4 System Monitoring Protects T1029 Scheduled Transfer
SI-4 System Monitoring Protects T1030 Data Transfer Size Limits
SI-4 System Monitoring Protects T1036 Masquerading
SI-4 System Monitoring Protects T1036.001 Invalid Code Signature
SI-4 System Monitoring Protects T1036.003 Rename System Utilities
SI-4 System Monitoring Protects T1036.005 Match Legitimate Name or Location
SI-4 System Monitoring Protects T1037 Boot or Logon Initialization Scripts
SI-4 System Monitoring Protects T1037.002 Logon Script (Mac)
SI-4 System Monitoring Protects T1037.003 Network Logon Script
SI-4 System Monitoring Protects T1037.004 RC Scripts
SI-4 System Monitoring Protects T1037.005 Startup Items
SI-4 System Monitoring Protects T1040 Network Sniffing
SI-4 System Monitoring Protects T1041 Exfiltration Over C2 Channel
SI-4 System Monitoring Protects T1046 Network Service Scanning
SI-4 System Monitoring Protects T1048 Exfiltration Over Alternative Protocol
SI-4 System Monitoring Protects T1048.001 Exfiltration Over Symmetric Encrypted Non-C2 Protocol
SI-4 System Monitoring Protects T1048.002 Exfiltration Over Asymmetric Encrypted Non-C2 Protocol
SI-4 System Monitoring Protects T1048.003 Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
SI-4 System Monitoring Protects T1052 Exfiltration Over Physical Medium
SI-4 System Monitoring Protects T1052.001 Exfiltration over USB
SI-4 System Monitoring Protects T1053 Scheduled Task/Job
SI-4 System Monitoring Protects T1053.001 At (Linux)
SI-4 System Monitoring Protects T1053.002 At (Windows)
SI-4 System Monitoring Protects T1053.003 Cron
SI-4 System Monitoring Protects T1053.004 Launchd
SI-4 System Monitoring Protects T1053.005 Scheduled Task
SI-4 System Monitoring Protects T1053.006 Systemd Timers
SI-4 System Monitoring Protects T1055 Process Injection
SI-4 System Monitoring Protects T1055.001 Dynamic-link Library Injection
SI-4 System Monitoring Protects T1055.002 Portable Executable Injection
SI-4 System Monitoring Protects T1055.003 Thread Execution Hijacking
SI-4 System Monitoring Protects T1055.004 Asynchronous Procedure Call
SI-4 System Monitoring Protects T1055.005 Thread Local Storage
SI-4 System Monitoring Protects T1055.008 Ptrace System Calls
SI-4 System Monitoring Protects T1055.009 Proc Memory
SI-4 System Monitoring Protects T1055.011 Extra Window Memory Injection
SI-4 System Monitoring Protects T1055.012 Process Hollowing
SI-4 System Monitoring Protects T1055.013 Process Doppelgänging
SI-4 System Monitoring Protects T1055.014 VDSO Hijacking
SI-4 System Monitoring Protects T1056.002 GUI Input Capture
SI-4 System Monitoring Protects T1059 Command and Scripting Interpreter
SI-4 System Monitoring Protects T1059.001 PowerShell
SI-4 System Monitoring Protects T1059.002 AppleScript
SI-4 System Monitoring Protects T1059.003 Windows Command Shell
SI-4 System Monitoring Protects T1059.004 Unix Shell
SI-4 System Monitoring Protects T1059.005 Visual Basic
SI-4 System Monitoring Protects T1059.006 Python
SI-4 System Monitoring Protects T1059.007 JavaScript
SI-4 System Monitoring Protects T1059.008 Network Device CLI
SI-4 System Monitoring Protects T1068 Exploitation for Privilege Escalation
SI-4 System Monitoring Protects T1070 Indicator Removal on Host
SI-4 System Monitoring Protects T1070.001 Clear Windows Event Logs
SI-4 System Monitoring Protects T1070.002 Clear Linux or Mac System Logs
SI-4 System Monitoring Protects T1070.003 Clear Command History
SI-4 System Monitoring Protects T1071 Application Layer Protocol
SI-4 System Monitoring Protects T1071.001 Web Protocols
SI-4 System Monitoring Protects T1071.002 File Transfer Protocols
SI-4 System Monitoring Protects T1071.003 Mail Protocols
SI-4 System Monitoring Protects T1071.004 DNS
SI-4 System Monitoring Protects T1072 Software Deployment Tools
SI-4 System Monitoring Protects T1078 Valid Accounts
SI-4 System Monitoring Protects T1078.001 Default Accounts
SI-4 System Monitoring Protects T1078.002 Domain Accounts
SI-4 System Monitoring Protects T1078.003 Local Accounts
SI-4 System Monitoring Protects T1078.004 Cloud Accounts
SI-4 System Monitoring Protects T1080 Taint Shared Content
SI-4 System Monitoring Protects T1087 Account Discovery
SI-4 System Monitoring Protects T1087.001 Local Account
SI-4 System Monitoring Protects T1087.002 Domain Account
SI-4 System Monitoring Protects T1090 Proxy
SI-4 System Monitoring Protects T1090.001 Internal Proxy
SI-4 System Monitoring Protects T1090.002 External Proxy
SI-4 System Monitoring Protects T1091 Replication Through Removable Media
SI-4 System Monitoring Protects T1092 Communication Through Removable Media
SI-4 System Monitoring Protects T1095 Non-Application Layer Protocol
SI-4 System Monitoring Protects T1098 Account Manipulation
SI-4 System Monitoring Protects T1098.001 Additional Cloud Credentials
SI-4 System Monitoring Protects T1098.002 Exchange Email Delegate Permissions
SI-4 System Monitoring Protects T1098.003 Add Office 365 Global Administrator Role
SI-4 System Monitoring Protects T1098.004 SSH Authorized Keys
SI-4 System Monitoring Protects T1102 Web Service
SI-4 System Monitoring Protects T1102.001 Dead Drop Resolver
SI-4 System Monitoring Protects T1102.002 Bidirectional Communication
SI-4 System Monitoring Protects T1102.003 One-Way Communication
SI-4 System Monitoring Protects T1104 Multi-Stage Channels
SI-4 System Monitoring Protects T1105 Ingress Tool Transfer
SI-4 System Monitoring Protects T1110 Brute Force
SI-4 System Monitoring Protects T1110.001 Password Guessing
SI-4 System Monitoring Protects T1110.002 Password Cracking
SI-4 System Monitoring Protects T1110.003 Password Spraying
SI-4 System Monitoring Protects T1110.004 Credential Stuffing
SI-4 System Monitoring Protects T1111 Two-Factor Authentication Interception
SI-4 System Monitoring Protects T1114 Email Collection
SI-4 System Monitoring Protects T1114.001 Local Email Collection
SI-4 System Monitoring Protects T1114.002 Remote Email Collection
SI-4 System Monitoring Protects T1114.003 Email Forwarding Rule
SI-4 System Monitoring Protects T1119 Automated Collection
SI-4 System Monitoring Protects T1127 Trusted Developer Utilities Proxy Execution
SI-4 System Monitoring Protects T1127.001 MSBuild
SI-4 System Monitoring Protects T1129 Shared Modules
SI-4 System Monitoring Protects T1132 Data Encoding
SI-4 System Monitoring Protects T1132.001 Standard Encoding
SI-4 System Monitoring Protects T1132.002 Non-Standard Encoding
SI-4 System Monitoring Protects T1133 External Remote Services
SI-4 System Monitoring Protects T1135 Network Share Discovery
SI-4 System Monitoring Protects T1136 Create Account
SI-4 System Monitoring Protects T1136.001 Local Account
SI-4 System Monitoring Protects T1136.002 Domain Account
SI-4 System Monitoring Protects T1136.003 Cloud Account
SI-4 System Monitoring Protects T1137 Office Application Startup
SI-4 System Monitoring Protects T1137.001 Office Template Macros
SI-4 System Monitoring Protects T1176 Browser Extensions
SI-4 System Monitoring Protects T1185 Man in the Browser
SI-4 System Monitoring Protects T1187 Forced Authentication
SI-4 System Monitoring Protects T1189 Drive-by Compromise
SI-4 System Monitoring Protects T1190 Exploit Public-Facing Application
SI-4 System Monitoring Protects T1197 BITS Jobs
SI-4 System Monitoring Protects T1201 Password Policy Discovery
SI-4 System Monitoring Protects T1203 Exploitation for Client Execution
SI-4 System Monitoring Protects T1204 User Execution
SI-4 System Monitoring Protects T1204.001 Malicious Link
SI-4 System Monitoring Protects T1204.002 Malicious File
SI-4 System Monitoring Protects T1204.003 Malicious Image
SI-4 System Monitoring Protects T1205 Traffic Signaling
SI-4 System Monitoring Protects T1205.001 Port Knocking
SI-4 System Monitoring Protects T1210 Exploitation of Remote Services
SI-4 System Monitoring Protects T1211 Exploitation for Defense Evasion
SI-4 System Monitoring Protects T1212 Exploitation for Credential Access
SI-4 System Monitoring Protects T1213 Data from Information Repositories
SI-4 System Monitoring Protects T1213.001 Confluence
SI-4 System Monitoring Protects T1213.002 Sharepoint
SI-4 System Monitoring Protects T1216 Signed Script Proxy Execution
SI-4 System Monitoring Protects T1216.001 PubPrn
SI-4 System Monitoring Protects T1218 Signed Binary Proxy Execution
SI-4 System Monitoring Protects T1218.001 Compiled HTML File
SI-4 System Monitoring Protects T1218.002 Control Panel
SI-4 System Monitoring Protects T1218.003 CMSTP
SI-4 System Monitoring Protects T1218.004 InstallUtil
SI-4 System Monitoring Protects T1218.005 Mshta
SI-4 System Monitoring Protects T1218.008 Odbcconf
SI-4 System Monitoring Protects T1218.009 Regsvcs/Regasm
SI-4 System Monitoring Protects T1218.010 Regsvr32
SI-4 System Monitoring Protects T1218.011 Rundll32
SI-4 System Monitoring Protects T1218.012 Verclsid
SI-4 System Monitoring Protects T1219 Remote Access Software
SI-4 System Monitoring Protects T1220 XSL Script Processing
SI-4 System Monitoring Protects T1221 Template Injection
SI-4 System Monitoring Protects T1222 File and Directory Permissions Modification
SI-4 System Monitoring Protects T1222.001 Windows File and Directory Permissions Modification
SI-4 System Monitoring Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-4 System Monitoring Protects T1484 Domain Policy Modification
SI-4 System Monitoring Protects T1485 Data Destruction
SI-4 System Monitoring Protects T1486 Data Encrypted for Impact
SI-4 System Monitoring Protects T1489 Service Stop
SI-4 System Monitoring Protects T1490 Inhibit System Recovery
SI-4 System Monitoring Protects T1491 Defacement
SI-4 System Monitoring Protects T1491.001 Internal Defacement
SI-4 System Monitoring Protects T1491.002 External Defacement
SI-4 System Monitoring Protects T1499 Endpoint Denial of Service
SI-4 System Monitoring Protects T1499.001 OS Exhaustion Flood
SI-4 System Monitoring Protects T1499.002 Service Exhaustion Flood
SI-4 System Monitoring Protects T1499.003 Application Exhaustion Flood
SI-4 System Monitoring Protects T1499.004 Application or System Exploitation
SI-4 System Monitoring Protects T1505 Server Software Component
SI-4 System Monitoring Protects T1505.001 SQL Stored Procedures
SI-4 System Monitoring Protects T1505.002 Transport Agent
SI-4 System Monitoring Protects T1525 Implant Internal Image
SI-4 System Monitoring Protects T1528 Steal Application Access Token
SI-4 System Monitoring Protects T1530 Data from Cloud Storage Object
SI-4 System Monitoring Protects T1537 Transfer Data to Cloud Account
SI-4 System Monitoring Protects T1539 Steal Web Session Cookie
SI-4 System Monitoring Protects T1542.004 ROMMONkit
SI-4 System Monitoring Protects T1542.005 TFTP Boot
SI-4 System Monitoring Protects T1543 Create or Modify System Process
SI-4 System Monitoring Protects T1543.002 Systemd Service
SI-4 System Monitoring Protects T1543.003 Windows Service
SI-4 System Monitoring Protects T1546.002 Screensaver
SI-4 System Monitoring Protects T1546.004 Unix Shell Configuration Modification
SI-4 System Monitoring Protects T1546.006 LC_LOAD_DYLIB Addition
SI-4 System Monitoring Protects T1546.008 Accessibility Features
SI-4 System Monitoring Protects T1546.013 PowerShell Profile
SI-4 System Monitoring Protects T1546.014 Emond
SI-4 System Monitoring Protects T1547.002 Authentication Package
SI-4 System Monitoring Protects T1547.003 Time Providers
SI-4 System Monitoring Protects T1547.004 Winlogon Helper DLL
SI-4 System Monitoring Protects T1547.005 Security Support Provider
SI-4 System Monitoring Protects T1547.006 Kernel Modules and Extensions
SI-4 System Monitoring Protects T1547.007 Re-opened Applications
SI-4 System Monitoring Protects T1547.008 LSASS Driver
SI-4 System Monitoring Protects T1547.009 Shortcut Modification
SI-4 System Monitoring Protects T1547.011 Plist Modification
SI-4 System Monitoring Protects T1547.012 Print Processors
SI-4 System Monitoring Protects T1547.013 XDG Autostart Entries
SI-4 System Monitoring Protects T1548 Abuse Elevation Control Mechanism
SI-4 System Monitoring Protects T1548.001 Setuid and Setgid
SI-4 System Monitoring Protects T1548.002 Bypass User Account Control
SI-4 System Monitoring Protects T1548.003 Sudo and Sudo Caching
SI-4 System Monitoring Protects T1548.004 Elevated Execution with Prompt
SI-4 System Monitoring Protects T1550.001 Application Access Token
SI-4 System Monitoring Protects T1550.003 Pass the Ticket
SI-4 System Monitoring Protects T1552 Unsecured Credentials
SI-4 System Monitoring Protects T1552.001 Credentials In Files
SI-4 System Monitoring Protects T1552.002 Credentials in Registry
SI-4 System Monitoring Protects T1552.003 Bash History
SI-4 System Monitoring Protects T1552.004 Private Keys
SI-4 System Monitoring Protects T1552.005 Cloud Instance Metadata API
SI-4 System Monitoring Protects T1552.006 Group Policy Preferences
SI-4 System Monitoring Protects T1553 Subvert Trust Controls
SI-4 System Monitoring Protects T1553.001 Gatekeeper Bypass
SI-4 System Monitoring Protects T1553.003 SIP and Trust Provider Hijacking
SI-4 System Monitoring Protects T1553.004 Install Root Certificate
SI-4 System Monitoring Protects T1553.005 Mark-of-the-Web Bypass
SI-4 System Monitoring Protects T1555 Credentials from Password Stores
SI-4 System Monitoring Protects T1555.001 Keychain
SI-4 System Monitoring Protects T1555.002 Securityd Memory
SI-4 System Monitoring Protects T1555.004 Windows Credential Manager
SI-4 System Monitoring Protects T1555.005 Password Managers
SI-4 System Monitoring Protects T1556 Modify Authentication Process
SI-4 System Monitoring Protects T1556.001 Domain Controller Authentication
SI-4 System Monitoring Protects T1556.002 Password Filter DLL
SI-4 System Monitoring Protects T1556.003 Pluggable Authentication Modules
SI-4 System Monitoring Protects T1556.004 Network Device Authentication
SI-4 System Monitoring Protects T1557 Man-in-the-Middle
SI-4 System Monitoring Protects T1557.001 LLMNR/NBT-NS Poisoning and SMB Relay
SI-4 System Monitoring Protects T1557.002 ARP Cache Poisoning
SI-4 System Monitoring Protects T1558 Steal or Forge Kerberos Tickets
SI-4 System Monitoring Protects T1558.002 Silver Ticket
SI-4 System Monitoring Protects T1558.003 Kerberoasting
SI-4 System Monitoring Protects T1558.004 AS-REP Roasting
SI-4 System Monitoring Protects T1559 Inter-Process Communication
SI-4 System Monitoring Protects T1559.002 Dynamic Data Exchange
SI-4 System Monitoring Protects T1560 Archive Collected Data
SI-4 System Monitoring Protects T1560.001 Archive via Utility
SI-4 System Monitoring Protects T1561 Disk Wipe
SI-4 System Monitoring Protects T1561.001 Disk Content Wipe
SI-4 System Monitoring Protects T1561.002 Disk Structure Wipe
SI-4 System Monitoring Protects T1562 Impair Defenses
SI-4 System Monitoring Protects T1562.001 Disable or Modify Tools
SI-4 System Monitoring Protects T1562.002 Disable Windows Event Logging
SI-4 System Monitoring Protects T1562.003 Impair Command History Logging
SI-4 System Monitoring Protects T1562.004 Disable or Modify System Firewall
SI-4 System Monitoring Protects T1562.006 Indicator Blocking
SI-4 System Monitoring Protects T1563 Remote Service Session Hijacking
SI-4 System Monitoring Protects T1563.001 SSH Hijacking
SI-4 System Monitoring Protects T1563.002 RDP Hijacking
SI-4 System Monitoring Protects T1564.002 Hidden Users
SI-4 System Monitoring Protects T1564.004 NTFS File Attributes
SI-4 System Monitoring Protects T1564.006 Run Virtual Instance
SI-4 System Monitoring Protects T1564.007 VBA Stomping
SI-4 System Monitoring Protects T1565 Data Manipulation
SI-4 System Monitoring Protects T1565.001 Stored Data Manipulation
SI-4 System Monitoring Protects T1565.002 Transmitted Data Manipulation
SI-4 System Monitoring Protects T1565.003 Runtime Data Manipulation
SI-4 System Monitoring Protects T1566 Phishing
SI-4 System Monitoring Protects T1566.001 Spearphishing Attachment
SI-4 System Monitoring Protects T1566.002 Spearphishing Link
SI-4 System Monitoring Protects T1566.003 Spearphishing via Service
SI-4 System Monitoring Protects T1568 Dynamic Resolution
SI-4 System Monitoring Protects T1568.002 Domain Generation Algorithms
SI-4 System Monitoring Protects T1569 System Services
SI-4 System Monitoring Protects T1569.002 Service Execution
SI-4 System Monitoring Protects T1570 Lateral Tool Transfer
SI-4 System Monitoring Protects T1571 Non-Standard Port
SI-4 System Monitoring Protects T1572 Protocol Tunneling
SI-4 System Monitoring Protects T1573 Encrypted Channel
SI-4 System Monitoring Protects T1573.001 Symmetric Cryptography
SI-4 System Monitoring Protects T1573.002 Asymmetric Cryptography
SI-4 System Monitoring Protects T1574 Hijack Execution Flow
SI-4 System Monitoring Protects T1574.001 DLL Search Order Hijacking
SI-4 System Monitoring Protects T1574.004 Dylib Hijacking
SI-4 System Monitoring Protects T1574.005 Executable Installer File Permissions Weakness
SI-4 System Monitoring Protects T1574.007 Path Interception by PATH Environment Variable
SI-4 System Monitoring Protects T1574.008 Path Interception by Search Order Hijacking
SI-4 System Monitoring Protects T1574.009 Path Interception by Unquoted Path
SI-4 System Monitoring Protects T1574.010 Services File Permissions Weakness
SI-4 System Monitoring Protects T1578 Modify Cloud Compute Infrastructure
SI-4 System Monitoring Protects T1578.001 Create Snapshot
SI-4 System Monitoring Protects T1578.002 Create Cloud Instance
SI-4 System Monitoring Protects T1578.003 Delete Cloud Instance
SI-4 System Monitoring Protects T1598 Phishing for Information
SI-4 System Monitoring Protects T1598.001 Spearphishing Service
SI-4 System Monitoring Protects T1598.002 Spearphishing Attachment
SI-4 System Monitoring Protects T1598.003 Spearphishing Link
SI-4 System Monitoring Protects T1599 Network Boundary Bridging
SI-4 System Monitoring Protects T1599.001 Network Address Translation Traversal
SI-4 System Monitoring Protects T1601 Modify System Image
SI-4 System Monitoring Protects T1601.001 Patch System Image
SI-4 System Monitoring Protects T1601.002 Downgrade System Image
SI-4 System Monitoring Protects T1602 Data from Configuration Repository
SI-4 System Monitoring Protects T1602.001 SNMP (MIB Dump)
SI-4 System Monitoring Protects T1602.002 Network Device Configuration Dump
SI-4 System Monitoring Protects T1610 Deploy Container
SI-4 System Monitoring Protects T1611 Escape to Host
SI-4 System Monitoring Protects T1612 Build Image on Host
SI-4 System Monitoring Protects T1613 Container and Resource Discovery
SI-5 Security Alerts, Advisories, and Directives Protects T1068 Exploitation for Privilege Escalation
SI-5 Security Alerts, Advisories, and Directives Protects T1210 Exploitation of Remote Services
SI-5 Security Alerts, Advisories, and Directives Protects T1211 Exploitation for Defense Evasion
SI-5 Security Alerts, Advisories, and Directives Protects T1212 Exploitation for Credential Access
SI-7 Software, Firmware, and Information Integrity Protects T1003 OS Credential Dumping
SI-7 Software, Firmware, and Information Integrity Protects T1003.003 NTDS
SI-7 Software, Firmware, and Information Integrity Protects T1020.001 Traffic Duplication
SI-7 Software, Firmware, and Information Integrity Protects T1027 Obfuscated Files or Information
SI-7 Software, Firmware, and Information Integrity Protects T1027.002 Software Packing
SI-7 Software, Firmware, and Information Integrity Protects T1036 Masquerading
SI-7 Software, Firmware, and Information Integrity Protects T1036.001 Invalid Code Signature
SI-7 Software, Firmware, and Information Integrity Protects T1036.005 Match Legitimate Name or Location
SI-7 Software, Firmware, and Information Integrity Protects T1037 Boot or Logon Initialization Scripts
SI-7 Software, Firmware, and Information Integrity Protects T1037.002 Logon Script (Mac)
SI-7 Software, Firmware, and Information Integrity Protects T1037.003 Network Logon Script
SI-7 Software, Firmware, and Information Integrity Protects T1037.004 RC Scripts
SI-7 Software, Firmware, and Information Integrity Protects T1037.005 Startup Items
SI-7 Software, Firmware, and Information Integrity Protects T1040 Network Sniffing
SI-7 Software, Firmware, and Information Integrity Protects T1053.006 Systemd Timers
SI-7 Software, Firmware, and Information Integrity Protects T1056.002 GUI Input Capture
SI-7 Software, Firmware, and Information Integrity Protects T1059 Command and Scripting Interpreter
SI-7 Software, Firmware, and Information Integrity Protects T1059.001 PowerShell
SI-7 Software, Firmware, and Information Integrity Protects T1059.002 AppleScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.003 Windows Command Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.004 Unix Shell
SI-7 Software, Firmware, and Information Integrity Protects T1059.005 Visual Basic
SI-7 Software, Firmware, and Information Integrity Protects T1059.006 Python
SI-7 Software, Firmware, and Information Integrity Protects T1059.007 JavaScript
SI-7 Software, Firmware, and Information Integrity Protects T1059.008 Network Device CLI
SI-7 Software, Firmware, and Information Integrity Protects T1068 Exploitation for Privilege Escalation
SI-7 Software, Firmware, and Information Integrity Protects T1070 Indicator Removal on Host
SI-7 Software, Firmware, and Information Integrity Protects T1070.001 Clear Windows Event Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.002 Clear Linux or Mac System Logs
SI-7 Software, Firmware, and Information Integrity Protects T1070.003 Clear Command History
SI-7 Software, Firmware, and Information Integrity Protects T1072 Software Deployment Tools
SI-7 Software, Firmware, and Information Integrity Protects T1080 Taint Shared Content
SI-7 Software, Firmware, and Information Integrity Protects T1098.001 Additional Cloud Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1098.002 Exchange Email Delegate Permissions
SI-7 Software, Firmware, and Information Integrity Protects T1098.003 Add Office 365 Global Administrator Role
SI-7 Software, Firmware, and Information Integrity Protects T1114 Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.001 Local Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.002 Remote Email Collection
SI-7 Software, Firmware, and Information Integrity Protects T1114.003 Email Forwarding Rule
SI-7 Software, Firmware, and Information Integrity Protects T1119 Automated Collection
SI-7 Software, Firmware, and Information Integrity Protects T1127 Trusted Developer Utilities Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1129 Shared Modules
SI-7 Software, Firmware, and Information Integrity Protects T1133 External Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1136 Create Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.001 Local Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.002 Domain Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.003 Cloud Account
SI-7 Software, Firmware, and Information Integrity Protects T1176 Browser Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1185 Man in the Browser
SI-7 Software, Firmware, and Information Integrity Protects T1189 Drive-by Compromise
SI-7 Software, Firmware, and Information Integrity Protects T1190 Exploit Public-Facing Application
SI-7 Software, Firmware, and Information Integrity Protects T1195.003 Compromise Hardware Supply Chain
SI-7 Software, Firmware, and Information Integrity Protects T1203 Exploitation for Client Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204 User Execution
SI-7 Software, Firmware, and Information Integrity Protects T1204.002 Malicious File
SI-7 Software, Firmware, and Information Integrity Protects T1204.003 Malicious Image
SI-7 Software, Firmware, and Information Integrity Protects T1210 Exploitation of Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1211 Exploitation for Defense Evasion
SI-7 Software, Firmware, and Information Integrity Protects T1212 Exploitation for Credential Access
SI-7 Software, Firmware, and Information Integrity Protects T1213 Data from Information Repositories
SI-7 Software, Firmware, and Information Integrity Protects T1213.001 Confluence
SI-7 Software, Firmware, and Information Integrity Protects T1213.002 Sharepoint
SI-7 Software, Firmware, and Information Integrity Protects T1216 Signed Script Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1216.001 PubPrn
SI-7 Software, Firmware, and Information Integrity Protects T1218 Signed Binary Proxy Execution
SI-7 Software, Firmware, and Information Integrity Protects T1218.001 Compiled HTML File
SI-7 Software, Firmware, and Information Integrity Protects T1218.002 Control Panel
SI-7 Software, Firmware, and Information Integrity Protects T1218.003 CMSTP
SI-7 Software, Firmware, and Information Integrity Protects T1218.004 InstallUtil
SI-7 Software, Firmware, and Information Integrity Protects T1218.005 Mshta
SI-7 Software, Firmware, and Information Integrity Protects T1218.008 Odbcconf
SI-7 Software, Firmware, and Information Integrity Protects T1218.009 Regsvcs/Regasm
SI-7 Software, Firmware, and Information Integrity Protects T1218.010 Regsvr32
SI-7 Software, Firmware, and Information Integrity Protects T1218.011 Rundll32
SI-7 Software, Firmware, and Information Integrity Protects T1218.012 Verclsid
SI-7 Software, Firmware, and Information Integrity Protects T1219 Remote Access Software
SI-7 Software, Firmware, and Information Integrity Protects T1220 XSL Script Processing
SI-7 Software, Firmware, and Information Integrity Protects T1221 Template Injection
SI-7 Software, Firmware, and Information Integrity Protects T1222 File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.001 Windows File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1222.002 Linux and Mac File and Directory Permissions Modification
SI-7 Software, Firmware, and Information Integrity Protects T1485 Data Destruction
SI-7 Software, Firmware, and Information Integrity Protects T1486 Data Encrypted for Impact
SI-7 Software, Firmware, and Information Integrity Protects T1490 Inhibit System Recovery
SI-7 Software, Firmware, and Information Integrity Protects T1491 Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.001 Internal Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1495 Firmware Corruption
SI-7 Software, Firmware, and Information Integrity Protects T1505 Server Software Component
SI-7 Software, Firmware, and Information Integrity Protects T1505.001 SQL Stored Procedures
SI-7 Software, Firmware, and Information Integrity Protects T1505.002 Transport Agent
SI-7 Software, Firmware, and Information Integrity Protects T1525 Implant Internal Image
SI-7 Software, Firmware, and Information Integrity Protects T1530 Data from Cloud Storage Object
SI-7 Software, Firmware, and Information Integrity Protects T1542 Pre-OS Boot
SI-7 Software, Firmware, and Information Integrity Protects T1542.001 System Firmware
SI-7 Software, Firmware, and Information Integrity Protects T1542.003 Bootkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.004 ROMMONkit
SI-7 Software, Firmware, and Information Integrity Protects T1542.005 TFTP Boot
SI-7 Software, Firmware, and Information Integrity Protects T1543 Create or Modify System Process
SI-7 Software, Firmware, and Information Integrity Protects T1543.002 Systemd Service
SI-7 Software, Firmware, and Information Integrity Protects T1546 Event Triggered Execution
SI-7 Software, Firmware, and Information Integrity Protects T1546.002 Screensaver
SI-7 Software, Firmware, and Information Integrity Protects T1546.004 Unix Shell Configuration Modification
SI-7 Software, Firmware, and Information Integrity Protects T1546.006 LC_LOAD_DYLIB Addition
SI-7 Software, Firmware, and Information Integrity Protects T1546.008 Accessibility Features
SI-7 Software, Firmware, and Information Integrity Protects T1546.009 AppCert DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.010 AppInit DLLs
SI-7 Software, Firmware, and Information Integrity Protects T1546.013 PowerShell Profile
SI-7 Software, Firmware, and Information Integrity Protects T1547.002 Authentication Package
SI-7 Software, Firmware, and Information Integrity Protects T1547.003 Time Providers
SI-7 Software, Firmware, and Information Integrity Protects T1547.004 Winlogon Helper DLL
SI-7 Software, Firmware, and Information Integrity Protects T1547.005 Security Support Provider
SI-7 Software, Firmware, and Information Integrity Protects T1547.006 Kernel Modules and Extensions
SI-7 Software, Firmware, and Information Integrity Protects T1547.008 LSASS Driver
SI-7 Software, Firmware, and Information Integrity Protects T1547.011 Plist Modification
SI-7 Software, Firmware, and Information Integrity Protects T1547.013 XDG Autostart Entries
SI-7 Software, Firmware, and Information Integrity Protects T1548 Abuse Elevation Control Mechanism
SI-7 Software, Firmware, and Information Integrity Protects T1548.004 Elevated Execution with Prompt
SI-7 Software, Firmware, and Information Integrity Protects T1550.001 Application Access Token
SI-7 Software, Firmware, and Information Integrity Protects T1550.004 Web Session Cookie
SI-7 Software, Firmware, and Information Integrity Protects T1552 Unsecured Credentials
SI-7 Software, Firmware, and Information Integrity Protects T1552.004 Private Keys
SI-7 Software, Firmware, and Information Integrity Protects T1553 Subvert Trust Controls
SI-7 Software, Firmware, and Information Integrity Protects T1553.001 Gatekeeper Bypass
SI-7 Software, Firmware, and Information Integrity Protects T1553.003 SIP and Trust Provider Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1553.005 Mark-of-the-Web Bypass
SI-7 Software, Firmware, and Information Integrity Protects T1553.006 Code Signing Policy Modification
SI-7 Software, Firmware, and Information Integrity Protects T1554 Compromise Client Software Binary
SI-7 Software, Firmware, and Information Integrity Protects T1556 Modify Authentication Process
SI-7 Software, Firmware, and Information Integrity Protects T1556.001 Domain Controller Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1556.003 Pluggable Authentication Modules
SI-7 Software, Firmware, and Information Integrity Protects T1556.004 Network Device Authentication
SI-7 Software, Firmware, and Information Integrity Protects T1557 Man-in-the-Middle
SI-7 Software, Firmware, and Information Integrity Protects T1557.002 ARP Cache Poisoning
SI-7 Software, Firmware, and Information Integrity Protects T1558 Steal or Forge Kerberos Tickets
SI-7 Software, Firmware, and Information Integrity Protects T1558.002 Silver Ticket
SI-7 Software, Firmware, and Information Integrity Protects T1558.003 Kerberoasting
SI-7 Software, Firmware, and Information Integrity Protects T1558.004 AS-REP Roasting
SI-7 Software, Firmware, and Information Integrity Protects T1561 Disk Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.001 Disk Content Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1561.002 Disk Structure Wipe
SI-7 Software, Firmware, and Information Integrity Protects T1562 Impair Defenses
SI-7 Software, Firmware, and Information Integrity Protects T1562.001 Disable or Modify Tools
SI-7 Software, Firmware, and Information Integrity Protects T1562.002 Disable Windows Event Logging
SI-7 Software, Firmware, and Information Integrity Protects T1562.004 Disable or Modify System Firewall
SI-7 Software, Firmware, and Information Integrity Protects T1562.006 Indicator Blocking
SI-7 Software, Firmware, and Information Integrity Protects T1564.003 Hidden Window
SI-7 Software, Firmware, and Information Integrity Protects T1564.004 NTFS File Attributes
SI-7 Software, Firmware, and Information Integrity Protects T1564.006 Run Virtual Instance
SI-7 Software, Firmware, and Information Integrity Protects T1565 Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.001 Stored Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1565.002 Transmitted Data Manipulation
SI-7 Software, Firmware, and Information Integrity Protects T1569 System Services
SI-7 Software, Firmware, and Information Integrity Protects T1569.002 Service Execution
SI-7 Software, Firmware, and Information Integrity Protects T1574 Hijack Execution Flow
SI-7 Software, Firmware, and Information Integrity Protects T1574.001 DLL Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.004 Dylib Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.006 Dynamic Linker Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.007 Path Interception by PATH Environment Variable
SI-7 Software, Firmware, and Information Integrity Protects T1574.008 Path Interception by Search Order Hijacking
SI-7 Software, Firmware, and Information Integrity Protects T1574.009 Path Interception by Unquoted Path
SI-7 Software, Firmware, and Information Integrity Protects T1574.012 COR_PROFILER
SI-7 Software, Firmware, and Information Integrity Protects T1599 Network Boundary Bridging
SI-7 Software, Firmware, and Information Integrity Protects T1599.001 Network Address Translation Traversal
SI-7 Software, Firmware, and Information Integrity Protects T1601 Modify System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.001 Patch System Image
SI-7 Software, Firmware, and Information Integrity Protects T1601.002 Downgrade System Image
SI-7 Software, Firmware, and Information Integrity Protects T1602 Data from Configuration Repository
SI-7 Software, Firmware, and Information Integrity Protects T1602.001 SNMP (MIB Dump)
SI-7 Software, Firmware, and Information Integrity Protects T1602.002 Network Device Configuration Dump
SI-7 Software, Firmware, and Information Integrity Protects T1609 Container Administration Command
SI-7 Software, Firmware, and Information Integrity Protects T1611 Escape to Host
SI-8 Spam Protection Protects T1204 User Execution
SI-8 Spam Protection Protects T1204.001 Malicious Link
SI-8 Spam Protection Protects T1204.002 Malicious File
SI-8 Spam Protection Protects T1204.003 Malicious Image
SI-8 Spam Protection Protects T1221 Template Injection
SI-8 Spam Protection Protects T1566 Phishing
SI-8 Spam Protection Protects T1566.001 Spearphishing Attachment
SI-8 Spam Protection Protects T1566.002 Spearphishing Link
SI-8 Spam Protection Protects T1566.003 Spearphishing via Service
SI-8 Spam Protection Protects T1598 Phishing for Information
SI-8 Spam Protection Protects T1598.001 Spearphishing Service
SI-8 Spam Protection Protects T1598.002 Spearphishing Attachment
SI-8 Spam Protection Protects T1598.003 Spearphishing Link

Capabilities

Capability ID Capability Name Number of Mappings
SI-4 System Monitoring 321
SI-23 Information Fragmentation 7
SI-15 Information Output Filtering 38
SI-7 Software, Firmware, and Information Integrity 172
SI-5 Security Alerts, Advisories, and Directives 4
SI-10 Information Input Validation 88
SI-8 Spam Protection 13
SI-16 Memory Protection 9
SI-3 Malicious Code Protection 175
SI-12 Information Management and Retention 30
SI-2 Flaw Remediation 66