{ "name": "NeuVector System Protection", "versions": { "attack": "9", "navigator": "4.3", "layer": "4.2" }, "domain": "enterprise-attack", "description": "", "filters": { "platforms": [ "Linux" ] }, "sorting": 0, "layout": { "layout": "flat", "aggregateFunction": "average", "showID": false, "showName": true, "showAggregateScores": false, "countUnscored": false }, "hideDisabled": false, "techniques": [ { "techniqueID": "T1548", "tactic": "privilege-escalation", "color": "#a1d99b", "comment": "1. Admission Control checks on volume mount and privileged container\n2. Privilege Escalation detection\n3. Image and Container Compliance Scan", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1548", "tactic": "defense-evasion", "color": "#a1d99b", "comment": "1. Admission Control checks on volume mount and privileged container\n2. Privilege Escalation detection\n3. Image and Container Compliance Scan", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1548.001", "tactic": "privilege-escalation", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1548.001", "tactic": "defense-evasion", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1548.003", "tactic": "privilege-escalation", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1548.003", "tactic": "defense-evasion", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1134", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1134", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1087", "tactic": "discovery", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1098", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1583", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1595", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1071", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1071.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1071.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1071.003", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1071.004", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1560", "tactic": "collection", "color": "#a1d99b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1560.001", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1560.002", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1560.003", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1020", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1547", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1547", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1037", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1037", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1110", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1059", "tactic": "execution", "color": "#a1d99b", "comment": "1. File Access Profile\n2. Privilege Escalation Detection\n3. Admission Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1059.004", "tactic": "execution", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1059.005", "tactic": "execution", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1059.006", "tactic": "execution", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1059.007", "tactic": "execution", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1092", "tactic": "command-and-control", "color": "#74c476", "comment": "1. Admission Control checks on volume mount \n2. Profile Profile\n3. File Access Profile", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1586", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1584", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1136", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1543", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1543", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1555", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1132", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1132.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1132.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1565", "tactic": "impact", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1001.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1001.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1001.003", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1074", "tactic": "collection", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1074.001", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1074.002", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1030", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1602", "tactic": "collection", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1213", "tactic": "collection", "color": "#fcf26b", "comment": "1. Admission Control\n2. File Access Profile", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1005", "tactic": "collection", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1039", "tactic": "collection", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1025", "tactic": "collection", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1491", "tactic": "impact", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1587", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1561", "tactic": "impact", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1484", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1484", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1568", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1568.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1568.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1568.003", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1114", "tactic": "collection", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1573", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1573.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1573.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1499", "tactic": "impact", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1585", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1546", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1546", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1480", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1048", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1048.001", "tactic": "exfiltration", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1048.002", "tactic": "exfiltration", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1048.003", "tactic": "exfiltration", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1041", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1011", "tactic": "exfiltration", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1052", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Admission Control checks on volume mount\n2. Profile Profile\n3. File Access Profile", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1052.001", "tactic": "exfiltration", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1567", "tactic": "exfiltration", "color": "#fcf26b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1567.001", "tactic": "exfiltration", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1567.002", "tactic": "exfiltration", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1210", "tactic": "lateral-movement", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1008", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1222", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1606", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1592", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1589", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1590", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1591", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1564", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1574", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1574", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1574", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1562", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1070", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1105", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control\n5. Process Profile", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1056", "tactic": "collection", "color": "#a1d99b", "comment": "1. Process Profile\n2. Privilege Escalation Detection\n3. Admission Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1056", "tactic": "credential-access", "color": "#a1d99b", "comment": "1. Process Profile\n2. Privilege Escalation Detection\n3. Admission Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1056.001", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1056.001", "tactic": "credential-access", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1056.003", "tactic": "collection", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1056.003", "tactic": "credential-access", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1559", "tactic": "execution", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1534", "tactic": "lateral-movement", "color": "#a1d99b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1570", "tactic": "lateral-movement", "color": "#a1d99b", "comment": "1. Network Policy\n2. Process Profile\n3. File Access Profile", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1557", "tactic": "credential-access", "color": "#fcf26b", "comment": "1. Network Policy\n2. Orchestration Integration", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1557", "tactic": "collection", "color": "#fcf26b", "comment": "1. Network Policy\n2. Orchestration Integration", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1557.002", "tactic": "credential-access", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1557.002", "tactic": "collection", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1036", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1556", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1556", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1556", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1578", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1601", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1104", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1599", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1498", "tactic": "impact", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1095", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1571", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1003", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1027", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1588", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1137", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1069", "tactic": "discovery", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1566", "tactic": "initial-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1598", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1542", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1542", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1055", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1055", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1572", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1090", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1090.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1090.002", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1090.003", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1090.004", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1563", "tactic": "lateral-movement", "color": "#a1d99b", "comment": "1. Network Policy\n2. Privilege Escalation Detection", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1563.001", "tactic": "lateral-movement", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1021", "tactic": "lateral-movement", "color": "#fcf26b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1021.004", "tactic": "lateral-movement", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1021.005", "tactic": "lateral-movement", "color": "#fcf26b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1053", "tactic": "execution", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1053", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1053", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1029", "tactic": "exfiltration", "color": "#a1d99b", "comment": "1. Network Policy\n2. Layer 7 Protocol Analysis\n3. Tunnel Detection\n4. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1597", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1596", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1593", "tactic": "reconnaissance", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1505", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1218", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1216", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1072", "tactic": "execution", "color": "#fcf26b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1072", "tactic": "lateral-movement", "color": "#fcf26b", "comment": "1. Network Policy", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1518", "tactic": "discovery", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1608", "tactic": "resource-development", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1558", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1553", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1195", "tactic": "initial-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1016", "tactic": "discovery", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1569", "tactic": "execution", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1205", "tactic": "defense-evasion", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1205", "tactic": "persistence", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1205", "tactic": "command-and-control", "color": "#a1d99b", "comment": "1. Network Policy\n2. Tunnel Detection\n3. Ingress/egress Control", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1205.001", "tactic": "defense-evasion", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1205.001", "tactic": "persistence", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1205.001", "tactic": "command-and-control", "color": "#a1d99b", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false }, { "techniqueID": "T1127", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1552", "tactic": "credential-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1550", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1550", "tactic": "lateral-movement", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1204", "tactic": "execution", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1078", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1078", "tactic": "persistence", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1078", "tactic": "privilege-escalation", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1078", "tactic": "initial-access", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1497", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1497", "tactic": "discovery", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1600", "tactic": "defense-evasion", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true }, { "techniqueID": "T1102", "tactic": "command-and-control", "color": "", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true } ], "gradient": { "colors": [ "#ff6666", "#ffe766", "#8ec843" ], "minValue": 0, "maxValue": 100 }, "legendItems": [], "metadata": [], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "selectSubtechniquesWithParent": false }