Last active
April 28, 2022 21:44
-
-
Save ssnkhan/3e9127f9beeb2745343c0682d2231fe9 to your computer and use it in GitHub Desktop.
An alphabetised list of Mitre ATT&CK Data Sources
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Data Source | Potential Techniques Detected | |
|---|---|---|
| Access Tokens | 1 | |
| Anti-Virus | 6 | |
| API Monitoring | 36 | |
| Application Logs | 5 | |
| Asset Management | 1 | |
| Authentication Logs | 28 | |
| Binary File Metadata | 17 | |
| BIOS | 2 | |
| Browser Extensions | 1 | |
| Data Loss Prevention | 16 | |
| Detonation Chamber | 2 | |
| Digital Certificate Logs | 1 | |
| DLL Monitoring | 16 | |
| DNS Records | 1 | |
| EFI | 1 | |
| Email Gateway | 3 | |
| Environment Variable | 2 | |
| File Monitoring | 86 | |
| Host Network Interface | 2 | |
| Kernel Drivers | 3 | |
| Loaded DLLs | 12 | |
| Mail Server | 2 | |
| Malware Reverse Engineering | 8 | |
| MBR | 2 | |
| Named Pipes | 1 | |
| Netflow/Enclave Netflow | 23 | |
| Network Device Logs | 4 | |
| Network Intrusion Detection System | 4 | |
| Network Protocol Analysis | 16 | |
| Packet Capture | 31 | |
| PowerShell Logs | 1 | |
| Process Command-line Parameters | 82 | |
| Process Monitoring | 99 | |
| Process Use of Network | 34 | |
| Sensor Health and Status | 1 | |
| Services | 3 | |
| SSL/TLS Inspection | 8 | |
| System Calls | 9 | |
| Third-party Application Logs | 3 | |
| User Interface | 4 | |
| VBR | 1 | |
| Web Application Firewall Logs | 1 | |
| Web Logs | 1 | |
| Web Proxy | 4 | |
| Windows Error Reporting | 4 | |
| Windows Event Logs | 14 | |
| Windows Registry | 34 | |
| WMI Objects | 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Access Tokens | |
| Anti-Virus | |
| API Monitoring | |
| Application Logs | |
| Asset Management | |
| Authentication Logs | |
| Binary File Metadata | |
| BIOS | |
| Browser Extensions | |
| Data Loss Prevention | |
| Detonation Chamber | |
| Digital Certificate Logs | |
| DLL Monitoring | |
| DNS Records | |
| EFI | |
| Email Gateway | |
| Environment Variable | |
| File Monitoring | |
| Host Network Interface | |
| Kernel Drivers | |
| Loaded DLLs | |
| Mail Server | |
| Malware Reverse Engineering | |
| MBR | |
| Named Pipes | |
| Netflow/Enclave Netflow | |
| Network Device Logs | |
| Network Intrusion Detection System | |
| Network Protocol Analysis | |
| Packet Capture | |
| PowerShell Logs | |
| Process Command-line Parameters | |
| Process Monitoring | |
| Process Use of Network | |
| Sensor Health and Status | |
| Services | |
| SSL/TLS Inspection | |
| System Calls | |
| Third-party Application Logs | |
| User Interface | |
| VBR | |
| Web Application Firewall Logs | |
| Web Logs | |
| Web Proxy | |
| Windows Error Reporting | |
| Windows Event Logs | |
| Windows Registry | |
| WMI Objects |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment