Professional Documents
Culture Documents
Mitre Overview 2021-01-16
Mitre Overview 2021-01-16
5alerts
Execution
1alerts
Persistence
1alerts
Privilege Escalation
1alerts
1alerts
Credential Access
1alerts
Reconnaissance
1alerts
Discovery
1alerts
2alerts
Collection
1alerts
3alerts
Exfiltration
1alerts
1 alerts
Amount of Alerts
20 Alerts
Data source
Authe...n logs
DLL ...itoring
DNS records
Data l...ention
Netflo...etflow Data Source 1 1 1 7 1 1 1 2 1 1 3
Netwo...alysis
Packet capture
Proce...itoring
Proce...twork
Web proxy
Windo...t logs
0 5 10 15 20 25
enabled DEMO: Account Discovery/Discovery DISCOVERY Account Discovery T1087 Process monitoring
enabled DEMO: Active Scanning/Reconnaissance RECONNAISSANCE Active Scanning T1595 Packet capture
enabled DEMO: Automated Exfiltration/Exfiltration EXFILTRATION Automated Exfiltration T1020 Process monitoring
enabled DEMO: Brute Force/Credential Access CREDENTIAL ACCESS Brute Force T1110 Authentication logs
enabled DEMO: Create Account/Persistence PERSISTENCE Create Account T1136 Windows event logs
enabled DEMO: Data Encrypted for Impact/Impact IMPACT Data Encrypted for Impact T1486 Process monitoring
enabled DEMO: Hardware Additions/Initial Access INITIAL ACCESS Hardware Additions T1200 Data loss prevention
enabled DEMO: Phishing/Initial Access INITIAL ACCESS Phishing T1566 Web proxy
enabled DEMO: Proxy/Command and Control COMMAND AND CONTROL Proxy T1090 Netflow/Enclave netflow
enabled DEMO: Valid Accounts/Initial Access INITIAL ACCESS Valid Accounts T1078 Authentication logs