Initial Access

5alerts

Execution

1alerts

Persistence

1alerts

Privilege Escalation

1alerts

2021-01-16 00:27:33 India Standard Time

MITRE ATT&CK - Environmental coverage Page 1

Defense Evasion

1alerts

Credential Access

1alerts

Reconnaissance

1alerts

Discovery

1alerts

2021-01-16 00:27:33 India Standard Time

MITRE ATT&CK - Environmental coverage Page 2

Lateral Movement

2alerts

Collection

1alerts

Command & Control

3alerts

Exfiltration

1alerts

2021-01-16 00:27:33 India Standard Time

MITRE ATT&CK - Environmental coverage Page 3

Impact

1 alerts

Amount of Alerts

20 Alerts

Data source

Authe...n logs
DLL ...itoring
DNS records
Data l...ention
Netflo...etflow Data Source 1 1 1 7 1 1 1 2 1 1 3
Netwo...alysis
Packet capture
Proce...itoring
Proce...twork
Web proxy
Windo...t logs

0 5 10 15 20 25

2021-01-16 00:27:33 India Standard Time

MITRE ATT&CK - Environmental coverage Page 4

status title Tactics Technique TechniqueId Data Source

enabled DEMO: Account Discovery/Discovery DISCOVERY Account Discovery T1087 Process monitoring

enabled DEMO: Active Scanning/Reconnaissance RECONNAISSANCE Active Scanning T1595 Packet capture

enabled DEMO: Automated Exfiltration/Exfiltration EXFILTRATION Automated Exfiltration T1020 Process monitoring

enabled DEMO: Brute Force/Credential Access CREDENTIAL ACCESS Brute Force T1110 Authentication logs

enabled DEMO: Create Account/Persistence PERSISTENCE Create Account T1136 Windows event logs

enabled DEMO: Data Encrypted for Impact/Impact IMPACT Data Encrypted for Impact T1486 Process monitoring

DEMO: Data from Network Shared

enabled Drive/Collection COLLECTION Data from Network Shared Drive T1039 Process monitoring

DEMO: Data Obfuscation/Command

enabled and Control COMMAND AND CONTROL Data Obfuscation T1001 Process use of network

DEMO: Dynamic Resolution/Command

enabled and Control COMMAND AND CONTROL Dynamic Resolution T1568 DNS records

DEMO: Exploitation of Remote

enabled Services/Lateral Movement LATERAL MOVEMENT Exploitation of Remote Services T1210 Process monitoring

DEMO: External Remote Services/

enabled Initial Access INITIAL ACCESS External Remote Services T1133 Authentication logs

enabled DEMO: Hardware Additions/Initial Access INITIAL ACCESS Hardware Additions T1200 Data loss prevention

DEMO: Hijack Execution Flow/

enabled Privilege Escalation PRIVILEGE ESCALATION Hijack Execution Flow T1574 Process monitoring

DEMO: Indicator Removal on Host/

enabled Defense Evasion DEFENSE EVASION Indicator Removal on Host T1070 Process monitoring

DEMO: Inter-Process Communication/

enabled Execution EXECUTION Inter-Process Communication T1559 DLL monitoring

DEMO: Lateral Tool Transfer/Lateral

enabled Movement LATERAL MOVEMENT Lateral Tool Transfer T1570 Network protocol analysis

enabled DEMO: Phishing/Initial Access INITIAL ACCESS Phishing T1566 Web proxy

enabled DEMO: Proxy/Command and Control COMMAND AND CONTROL Proxy T1090 Netflow/Enclave netflow

DEMO: Replication Through

enabled Removable Media/Initial Access INITIAL ACCESS Replication Through Removable Media T1091 Data loss prevention

enabled DEMO: Valid Accounts/Initial Access INITIAL ACCESS Valid Accounts T1078 Authentication logs

2021-01-16 00:27:33 India Standard Time

MITRE ATT&CK - Environmental coverage Page 5