Detecttechnique

D3-ANAAAdministrative Network Activity Analysis

Administrative Network Activity Analysis

Definition

Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline.

Defends against8

TypeTargetConfidenceTier
SubTechniqueAccessibility Featurest1546.008100%live
SubTechniqueCredential Stuffingt1110.004100%live
TechniqueWindows Management Instrumentationt1047100%live
SubTechniqueWindows Management Instrumentation Event Subscriptiont1546.003100%live
SubTechniqueAdditional Cloud Credentialst1098.001100%live
SubTechniquePassword Sprayingt1110.003100%live
TechniqueRogue Domain Controllert1207100%live
SubTechniqueDCSynct1003.006100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
Connection Attempt Analysis
Defence
Application Protocol Command Analysis
Defence
Network Traffic Analysis
Defence
Network Traffic Signature Analysis
Defence
Identifier Activity Analysis
Defence
Web Session Activity Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.