Home/Compliance/Report
Threat-informed report

soc2-tsc - threat & detection coverage

Generated 2026-06-04 04:14 UTC from TTPI engine data
This report maps soc2-tsc controls to the MITRE ATT&CK techniques they address, then checks each technique against our detection corpus (Sigma, CAR, IDS, YARA, Falco). It shows, control by control, what attacks each control is meant to stop and whether those attacks are actually detectable today. Use it as the threat-informed backbone of an audit response or pentest report.

Coverage Summary

17
threat-mapped controls
242
ATT&CK techniques addressed
168
techniques we can detect
69%
detection coverage
Coverage = of the distinct techniques mapped to this framework, the share for which we hold at least one detection rule. Gaps below list controls with zero detection coverage - the priority remediation set.

Availability

8/12 techniques covered
A1.3 Recovers and restores the system after disruption to meet commitments 8/12 detectable
T1485 · Data Destruction ✓T1485.001 · Lifecycle-Triggered DeletionT1486 · Data Encrypted for Impact ✓T1490 · Inhibit System Recovery ✓T1491 · DefacementT1491.001 · Internal Defacement ✓T1491.002 · External DefacementT1561 · Disk WipeT1561.001 · Disk Content Wipe ✓T1561.002 · Disk Structure Wipe ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓

CC6 · Logical & Physical Access

200/288 techniques covered
CC6.1 Implements logical access security measures to authorized users 55/81 detectable
T1020.001 · Traffic DuplicationT1021 · Remote Services ✓T1021.001 · Remote Desktop Protocol ✓T1021.002 · SMB/Windows Admin Shares ✓T1021.003 · Distributed Component Object Model ✓T1021.004 · SSH ✓T1021.005 · VNC ✓T1021.006 · Windows Remote Management ✓T1021.008 · Direct Cloud VM ConnectionsT1037 · Boot or Logon Initialization Scripts ✓T1037.001 · Logon Script (Windows) ✓T1040 · Network Sniffing ✓T1047 · Windows Management Instrumentation ✓T1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1127.002 · ClickOnceT1133 · External Remote Services ✓T1137 · Office Application Startup ✓T1137.002 · Office Test ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.005 · Messaging ApplicationsT1219 · Remote Access Tools ✓T1505.004 · IIS Components ✓T1505.005 · Terminal Services DLL ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1543 · Create or Modify System Process ✓T1547.003 · Time Providers ✓T1547.004 · Winlogon Helper DLL ✓T1547.009 · Shortcut Modification ✓T1547.012 · Print ProcessorsT1547.013 · XDG Autostart EntriesT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.005 · Cloud Instance Metadata API ✓T1552.007 · Container API ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1563 · Remote Service Session HijackingT1563.001 · SSH HijackingT1563.002 · RDP Hijacking ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1567.003 · Exfiltration to Text Storage SitesT1567.004 · Exfiltration Over WebhookT1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1610 · Deploy Container ✓T1612 · Build Image on HostT1613 · Container and Resource Discovery ✓T1619 · Cloud Storage Object Discovery ✓T1647 · Plist File ModificationT1651 · Cloud Administration CommandT1659 · Content Injection
CC6.2 Prior to issuing credentials and granting access, registers and authorizes new users 59/85 detectable
T1020.001 · Traffic DuplicationT1021 · Remote Services ✓T1021.001 · Remote Desktop Protocol ✓T1021.002 · SMB/Windows Admin Shares ✓T1021.003 · Distributed Component Object Model ✓T1021.004 · SSH ✓T1021.005 · VNC ✓T1021.006 · Windows Remote Management ✓T1021.008 · Direct Cloud VM ConnectionsT1037 · Boot or Logon Initialization Scripts ✓T1037.001 · Logon Script (Windows) ✓T1040 · Network Sniffing ✓T1047 · Windows Management Instrumentation ✓T1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1127.002 · ClickOnceT1133 · External Remote Services ✓T1137 · Office Application Startup ✓T1137.002 · Office Test ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.005 · Messaging ApplicationsT1219 · Remote Access Tools ✓T1505.004 · IIS Components ✓T1505.005 · Terminal Services DLL ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1543 · Create or Modify System Process ✓T1547.003 · Time Providers ✓T1547.004 · Winlogon Helper DLL ✓T1547.009 · Shortcut Modification ✓T1547.012 · Print ProcessorsT1547.013 · XDG Autostart EntriesT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.005 · Cloud Instance Metadata API ✓T1552.007 · Container API ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1563 · Remote Service Session HijackingT1563.001 · SSH HijackingT1563.002 · RDP Hijacking ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1567.003 · Exfiltration to Text Storage SitesT1567.004 · Exfiltration Over WebhookT1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1610 · Deploy Container ✓T1612 · Build Image on HostT1613 · Container and Resource Discovery ✓T1619 · Cloud Storage Object Discovery ✓T1647 · Plist File ModificationT1651 · Cloud Administration CommandT1659 · Content Injection
CC6.3 Removes access to protected information when appropriate 4/4 detectable
T1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓
CC6.4 Restricts access to protected information using physical security controls 82/118 detectable
T1020.001 · Traffic DuplicationT1021 · Remote Services ✓T1021.001 · Remote Desktop Protocol ✓T1021.002 · SMB/Windows Admin Shares ✓T1021.003 · Distributed Component Object Model ✓T1021.004 · SSH ✓T1021.005 · VNC ✓T1021.006 · Windows Remote Management ✓T1021.007 · Cloud Services ✓T1021.008 · Direct Cloud VM ConnectionsT1037 · Boot or Logon Initialization Scripts ✓T1037.001 · Logon Script (Windows) ✓T1040 · Network Sniffing ✓T1041 · Exfiltration Over C2 Channel ✓T1047 · Windows Management Instrumentation ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1072 · Software Deployment Tools ✓T1078.002 · Domain Accounts ✓T1078.004 · Cloud Accounts ✓T1098.001 · Additional Cloud Credentials ✓T1098.002 · Additional Email Delegate PermissionsT1098.003 · Additional Cloud Roles ✓T1098.004 · SSH Authorized Keys ✓T1098.005 · Device Registration ✓T1110 · Brute Force ✓T1110.001 · Password Guessing ✓T1110.002 · Password Cracking ✓T1110.003 · Password SprayingT1110.004 · Credential StuffingT1111 · Multi-Factor Authentication InterceptionT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1127.002 · ClickOnceT1133 · External Remote Services ✓T1134.005 · SID-History Injection ✓T1136 · Create Account ✓T1136.001 · Local Account ✓T1136.002 · Domain Account ✓T1136.003 · Cloud Account ✓T1137 · Office Application Startup ✓T1137.002 · Office Test ✓T1200 · Hardware Additions ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.005 · Messaging ApplicationsT1219 · Remote Access Tools ✓T1505.004 · IIS Components ✓T1505.005 · Terminal Services DLL ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1539 · Steal Web Session Cookie ✓T1543 · Create or Modify System Process ✓T1547.003 · Time Providers ✓T1547.004 · Winlogon Helper DLL ✓T1547.009 · Shortcut Modification ✓T1547.012 · Print ProcessorsT1547.013 · XDG Autostart EntriesT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.002 · Credentials in Registry ✓T1552.004 · Private Keys ✓T1552.005 · Cloud Instance Metadata API ✓T1552.007 · Container API ✓T1555 · Credentials from Password Stores ✓T1556 · Modify Authentication Process ✓T1556.001 · Domain Controller AuthenticationT1556.003 · Pluggable Authentication ModulesT1556.004 · Network Device Authentication ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1563 · Remote Service Session HijackingT1563.001 · SSH HijackingT1563.002 · RDP Hijacking ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1567 · Exfiltration Over Web Service ✓T1567.001 · Exfiltration to Code Repository ✓T1567.002 · Exfiltration to Cloud Storage ✓T1567.003 · Exfiltration to Text Storage SitesT1567.004 · Exfiltration Over WebhookT1578.005 · Modify Cloud Compute ConfigurationsT1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1610 · Deploy Container ✓T1612 · Build Image on HostT1613 · Container and Resource Discovery ✓T1619 · Cloud Storage Object Discovery ✓T1647 · Plist File ModificationT1651 · Cloud Administration CommandT1659 · Content Injection

CC7 · System Operations

8/12 techniques covered
CC7.5 Identifies, develops, and implements activities to recover from identified security incidents 8/12 detectable
T1485 · Data Destruction ✓T1485.001 · Lifecycle-Triggered DeletionT1486 · Data Encrypted for Impact ✓T1490 · Inhibit System Recovery ✓T1491 · DefacementT1491.001 · Internal Defacement ✓T1491.002 · External DefacementT1561 · Disk WipeT1561.001 · Disk Content Wipe ✓T1561.002 · Disk Structure Wipe ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓

CC8 · Change Management

15/27 techniques covered
CC8.1 Authorizes, designs, develops or acquires, configures, documents, tests, approves, and implements changes 15/27 detectable
T1072 · Software Deployment Tools ✓T1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1195.001 · Compromise Software Dependencies and Development Tools ✓T1195.003 · Compromise Hardware Supply ChainT1213.003 · Code Repositories ✓T1495 · Firmware Corruption ✓T1505 · Server Software Component ✓T1505.001 · SQL Stored Procedures ✓T1505.002 · Transport Agent ✓T1505.004 · IIS Components ✓T1542 · Pre-OS BootT1542.001 · System Firmware ✓T1542.003 · Bootkit ✓T1542.004 · ROMMONkitT1542.005 · TFTP BootT1553 · Subvert Trust Controls ✓T1553.006 · Code Signing Policy ModificationT1559.003 · XPC ServicesT1564.009 · Resource ForkingT1574.002 · DLL Side-LoadingT1601 · Modify System ImageT1601.001 · Patch System ImageT1601.002 · Downgrade System ImageT1647 · Plist File Modification

Confidentiality

65/106 techniques covered
C1.1 Identifies and maintains confidential information to meet objectives related to confidentiality 26/42 detectable
T1003 · OS Credential Dumping ✓T1003.001 · LSASS Memory ✓T1003.002 · Security Account Manager ✓T1003.003 · NTDS ✓T1003.004 · LSA Secrets ✓T1003.005 · Cached Domain Credentials ✓T1003.006 · DCSync ✓T1003.007 · Proc FilesystemT1003.008 · /etc/passwd and /etc/shadowT1005 · Data from Local System ✓T1025 · Data from Removable MediaT1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.004 · Customer Relationship Management SoftwareT1213.005 · Messaging ApplicationsT1530 · Data from Cloud StorageT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.003 · Shell History ✓T1552.004 · Private Keys ✓T1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.003 · Runtime Data ManipulationT1567 · Exfiltration Over Web Service ✓T1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
C1.2 Disposes of confidential information to meet objectives related to confidentiality 39/64 detectable
T1003 · OS Credential Dumping ✓T1003.001 · LSASS Memory ✓T1003.002 · Security Account Manager ✓T1003.003 · NTDS ✓T1003.004 · LSA Secrets ✓T1003.005 · Cached Domain Credentials ✓T1003.006 · DCSync ✓T1003.007 · Proc FilesystemT1003.008 · /etc/passwd and /etc/shadowT1005 · Data from Local System ✓T1020.001 · Traffic DuplicationT1025 · Data from Removable MediaT1040 · Network Sniffing ✓T1041 · Exfiltration Over C2 Channel ✓T1048 · Exfiltration Over Alternative Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1052 · Exfiltration Over Physical MediumT1052.001 · Exfiltration over USBT1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1078 · Valid Accounts ✓T1078.001 · Default Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓T1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213 · Data from Information Repositories ✓T1213.001 · ConfluenceT1213.002 · SharepointT1213.004 · Customer Relationship Management SoftwareT1213.005 · Messaging ApplicationsT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.001 · Credentials In Files ✓T1552.002 · Credentials in Registry ✓T1552.003 · Shell History ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1565.003 · Runtime Data ManipulationT1567 · Exfiltration Over Web Service ✓T1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump

Privacy

224/312 techniques covered
P3.2 Collects personal information using methods consistent with commitments to data subjects 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
P4.2 Retains personal information consistent with entity's privacy commitments 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
P4.3 Disposes of personal information consistent with entity's privacy commitments 20/34 detectable
T1003 · OS Credential Dumping ✓T1003.003 · NTDS ✓T1020.001 · Traffic DuplicationT1040 · Network Sniffing ✓T1070 · Indicator Removal ✓T1070.001 · Clear Windows Event Logs ✓T1070.002 · Clear Linux or Mac System LogsT1070.008 · Clear Mailbox DataT1114 · Email Collection ✓T1114.001 · Local Email Collection ✓T1114.002 · Remote Email CollectionT1114.003 · Email Forwarding Rule ✓T1119 · Automated Collection ✓T1213.004 · Customer Relationship Management SoftwareT1530 · Data from Cloud StorageT1548 · Abuse Elevation Control Mechanism ✓T1548.004 · Elevated Execution with PromptT1550.001 · Application Access Token ✓T1552 · Unsecured Credentials ✓T1552.004 · Private Keys ✓T1557 · Adversary-in-the-Middle ✓T1557.002 · ARP Cache Poisoning ✓T1557.004 · Evil TwinT1558 · Steal or Forge Kerberos Tickets ✓T1558.002 · Silver TicketT1558.003 · Kerberoasting ✓T1558.004 · AS-REP RoastingT1558.005 · Ccache FilesT1565 · Data Manipulation ✓T1565.001 · Stored Data Manipulation ✓T1565.002 · Transmitted Data Manipulation ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration Dump
P5.1 Grants data subjects the ability to access their personal information 4/4 detectable
T1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓
P5.2 Corrects or amends personal information upon request 78/101 detectable
T1021.002 · SMB/Windows Admin Shares ✓T1021.005 · VNC ✓T1027.010 · Command Obfuscation ✓T1036 · Masquerading ✓T1036.005 · Match Legitimate Resource Name or Location ✓T1036.008 · Masquerade File TypeT1048 · Exfiltration Over Alternative Protocol ✓T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1071.004 · DNS ✓T1080 · Taint Shared ContentT1090 · Proxy ✓T1090.003 · Multi-hop Proxy ✓T1095 · Non-Application Layer Protocol ✓T1127 · Trusted Developer Utilities Proxy Execution ✓T1127.002 · ClickOnceT1129 · Shared Modules ✓T1176 · Software ExtensionsT1187 · Forced Authentication ✓T1190 · Exploit Public-Facing Application ✓T1197 · BITS Jobs ✓T1204 · User Execution ✓T1204.002 · Malicious File ✓T1216 · System Script Proxy Execution ✓T1216.001 · PubPrn ✓T1218 · System Binary Proxy Execution ✓T1218.001 · Compiled HTML File ✓T1218.002 · Control Panel ✓T1218.003 · CMSTP ✓T1218.004 · InstallUtilT1218.005 · Mshta ✓T1218.008 · Odbcconf ✓T1218.009 · Regsvcs/Regasm ✓T1218.010 · Regsvr32 ✓T1218.011 · Rundll32 ✓T1218.012 · VerclsidT1218.013 · Mavinject ✓T1218.014 · MMC ✓T1218.015 · Electron ApplicationsT1219 · Remote Access Tools ✓T1220 · XSL Script Processing ✓T1221 · Template Injection ✓T1498 · Network Denial of Service ✓T1498.001 · Direct Network FloodT1498.002 · Reflection AmplificationT1499 · Endpoint Denial of Service ✓T1499.001 · OS Exhaustion Flood ✓T1499.002 · Service Exhaustion FloodT1499.003 · Application Exhaustion FloodT1499.004 · Application or System Exploitation ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1546.002 · Screensaver ✓T1546.006 · LC_LOAD_DYLIB AdditionT1546.008 · Accessibility Features ✓T1546.009 · AppCert DLLs ✓T1546.010 · AppInit DLLs ✓T1547.004 · Winlogon Helper DLL ✓T1547.006 · Kernel Modules and Extensions ✓T1548.006 · TCC ManipulationT1552 · Unsecured Credentials ✓T1552.005 · Cloud Instance Metadata API ✓T1553 · Subvert Trust Controls ✓T1553.001 · Gatekeeper Bypass ✓T1553.003 · SIP and Trust Provider Hijacking ✓T1553.005 · Mark-of-the-Web Bypass ✓T1557 · Adversary-in-the-Middle ✓T1557.001 · Name Resolution Poisoning and SMB Relay ✓T1557.002 · ARP Cache Poisoning ✓T1557.003 · DHCP Spoofing ✓T1564.003 · Hidden Window ✓T1564.006 · Run Virtual Instance ✓T1564.009 · Resource ForkingT1570 · Lateral Tool Transfer ✓T1572 · Protocol Tunneling ✓T1574 · Hijack Execution Flow ✓T1574.001 · DLL ✓T1574.006 · Dynamic Linker Hijacking ✓T1574.007 · Path Interception by PATH Environment Variable ✓T1574.008 · Path Interception by Search Order Hijacking ✓T1574.009 · Path Interception by Unquoted Path ✓T1574.012 · COR_PROFILER ✓T1574.013 · KernelCallbackTableT1574.014 · AppDomainManagerT1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1622 · Debugger Evasion ✓
P7.1 Collects and maintains accurate, up-to-date, complete, and relevant personal information 78/101 detectable
T1021.002 · SMB/Windows Admin Shares ✓T1021.005 · VNC ✓T1027.010 · Command Obfuscation ✓T1036 · Masquerading ✓T1036.005 · Match Legitimate Resource Name or Location ✓T1036.008 · Masquerade File TypeT1048 · Exfiltration Over Alternative Protocol ✓T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1071.004 · DNS ✓T1080 · Taint Shared ContentT1090 · Proxy ✓T1090.003 · Multi-hop Proxy ✓T1095 · Non-Application Layer Protocol ✓T1127 · Trusted Developer Utilities Proxy Execution ✓T1127.002 · ClickOnceT1129 · Shared Modules ✓T1176 · Software ExtensionsT1187 · Forced Authentication ✓T1190 · Exploit Public-Facing Application ✓T1197 · BITS Jobs ✓T1204 · User Execution ✓T1204.002 · Malicious File ✓T1216 · System Script Proxy Execution ✓T1216.001 · PubPrn ✓T1218 · System Binary Proxy Execution ✓T1218.001 · Compiled HTML File ✓T1218.002 · Control Panel ✓T1218.003 · CMSTP ✓T1218.004 · InstallUtilT1218.005 · Mshta ✓T1218.008 · Odbcconf ✓T1218.009 · Regsvcs/Regasm ✓T1218.010 · Regsvr32 ✓T1218.011 · Rundll32 ✓T1218.012 · VerclsidT1218.013 · Mavinject ✓T1218.014 · MMC ✓T1218.015 · Electron ApplicationsT1219 · Remote Access Tools ✓T1220 · XSL Script Processing ✓T1221 · Template Injection ✓T1498 · Network Denial of Service ✓T1498.001 · Direct Network FloodT1498.002 · Reflection AmplificationT1499 · Endpoint Denial of Service ✓T1499.001 · OS Exhaustion Flood ✓T1499.002 · Service Exhaustion FloodT1499.003 · Application Exhaustion FloodT1499.004 · Application or System Exploitation ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1546.002 · Screensaver ✓T1546.006 · LC_LOAD_DYLIB AdditionT1546.008 · Accessibility Features ✓T1546.009 · AppCert DLLs ✓T1546.010 · AppInit DLLs ✓T1547.004 · Winlogon Helper DLL ✓T1547.006 · Kernel Modules and Extensions ✓T1548.006 · TCC ManipulationT1552 · Unsecured Credentials ✓T1552.005 · Cloud Instance Metadata API ✓T1553 · Subvert Trust Controls ✓T1553.001 · Gatekeeper Bypass ✓T1553.003 · SIP and Trust Provider Hijacking ✓T1553.005 · Mark-of-the-Web Bypass ✓T1557 · Adversary-in-the-Middle ✓T1557.001 · Name Resolution Poisoning and SMB Relay ✓T1557.002 · ARP Cache Poisoning ✓T1557.003 · DHCP Spoofing ✓T1564.003 · Hidden Window ✓T1564.006 · Run Virtual Instance ✓T1564.009 · Resource ForkingT1570 · Lateral Tool Transfer ✓T1572 · Protocol Tunneling ✓T1574 · Hijack Execution Flow ✓T1574.001 · DLL ✓T1574.006 · Dynamic Linker Hijacking ✓T1574.007 · Path Interception by PATH Environment Variable ✓T1574.008 · Path Interception by Search Order Hijacking ✓T1574.009 · Path Interception by Unquoted Path ✓T1574.012 · COR_PROFILER ✓T1574.013 · KernelCallbackTableT1574.014 · AppDomainManagerT1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1622 · Debugger Evasion ✓
P8.1 Provides data subjects with an accounting of personal information held and corrects errors 4/4 detectable
T1078 · Valid Accounts ✓T1078.002 · Domain Accounts ✓T1078.003 · Local Accounts ✓T1078.004 · Cloud Accounts ✓

Processing Integrity

78/101 techniques covered
PI1.2 Implements policies and procedures over system inputs, including controls over completeness and accuracy 78/101 detectable
T1021.002 · SMB/Windows Admin Shares ✓T1021.005 · VNC ✓T1027.010 · Command Obfuscation ✓T1036 · Masquerading ✓T1036.005 · Match Legitimate Resource Name or Location ✓T1036.008 · Masquerade File TypeT1048 · Exfiltration Over Alternative Protocol ✓T1048.001 · Exfiltration Over Symmetric Encrypted Non-C2 Protocol ✓T1048.002 · Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1048.003 · Exfiltration Over Unencrypted Non-C2 Protocol ✓T1059 · Command and Scripting Interpreter ✓T1059.001 · PowerShell ✓T1059.002 · AppleScript ✓T1059.003 · Windows Command Shell ✓T1059.004 · Unix Shell ✓T1059.005 · Visual Basic ✓T1059.006 · Python ✓T1059.007 · JavaScript ✓T1059.008 · Network Device CLIT1071.004 · DNS ✓T1080 · Taint Shared ContentT1090 · Proxy ✓T1090.003 · Multi-hop Proxy ✓T1095 · Non-Application Layer Protocol ✓T1127 · Trusted Developer Utilities Proxy Execution ✓T1127.002 · ClickOnceT1129 · Shared Modules ✓T1176 · Software ExtensionsT1187 · Forced Authentication ✓T1190 · Exploit Public-Facing Application ✓T1197 · BITS Jobs ✓T1204 · User Execution ✓T1204.002 · Malicious File ✓T1216 · System Script Proxy Execution ✓T1216.001 · PubPrn ✓T1218 · System Binary Proxy Execution ✓T1218.001 · Compiled HTML File ✓T1218.002 · Control Panel ✓T1218.003 · CMSTP ✓T1218.004 · InstallUtilT1218.005 · Mshta ✓T1218.008 · Odbcconf ✓T1218.009 · Regsvcs/Regasm ✓T1218.010 · Regsvr32 ✓T1218.011 · Rundll32 ✓T1218.012 · VerclsidT1218.013 · Mavinject ✓T1218.014 · MMC ✓T1218.015 · Electron ApplicationsT1219 · Remote Access Tools ✓T1220 · XSL Script Processing ✓T1221 · Template Injection ✓T1498 · Network Denial of Service ✓T1498.001 · Direct Network FloodT1498.002 · Reflection AmplificationT1499 · Endpoint Denial of Service ✓T1499.001 · OS Exhaustion Flood ✓T1499.002 · Service Exhaustion FloodT1499.003 · Application Exhaustion FloodT1499.004 · Application or System Exploitation ✓T1530 · Data from Cloud StorageT1537 · Transfer Data to Cloud Account ✓T1546.002 · Screensaver ✓T1546.006 · LC_LOAD_DYLIB AdditionT1546.008 · Accessibility Features ✓T1546.009 · AppCert DLLs ✓T1546.010 · AppInit DLLs ✓T1547.004 · Winlogon Helper DLL ✓T1547.006 · Kernel Modules and Extensions ✓T1548.006 · TCC ManipulationT1552 · Unsecured Credentials ✓T1552.005 · Cloud Instance Metadata API ✓T1553 · Subvert Trust Controls ✓T1553.001 · Gatekeeper Bypass ✓T1553.003 · SIP and Trust Provider Hijacking ✓T1553.005 · Mark-of-the-Web Bypass ✓T1557 · Adversary-in-the-Middle ✓T1557.001 · Name Resolution Poisoning and SMB Relay ✓T1557.002 · ARP Cache Poisoning ✓T1557.003 · DHCP Spoofing ✓T1564.003 · Hidden Window ✓T1564.006 · Run Virtual Instance ✓T1564.009 · Resource ForkingT1570 · Lateral Tool Transfer ✓T1572 · Protocol Tunneling ✓T1574 · Hijack Execution Flow ✓T1574.001 · DLL ✓T1574.006 · Dynamic Linker Hijacking ✓T1574.007 · Path Interception by PATH Environment Variable ✓T1574.008 · Path Interception by Search Order Hijacking ✓T1574.009 · Path Interception by Unquoted Path ✓T1574.012 · COR_PROFILER ✓T1574.013 · KernelCallbackTableT1574.014 · AppDomainManagerT1599 · Network Boundary BridgingT1599.001 · Network Address Translation Traversal ✓T1602 · Data from Configuration RepositoryT1602.001 · SNMP (MIB Dump)T1602.002 · Network Device Configuration DumpT1609 · Container Administration Command ✓T1622 · Debugger Evasion ✓
Switch framework: NIST 800-53 · NIST CSF · CIS v8.1 · OWASP Web
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin