Detectsubtechnique

D3-SFASystem File Analysis

Definition

Monitoring system files such as authentication databases, configuration files, system logs, and system executables for modification or tampering.

Defends against16

TypeTargetConfidenceTier
SubTechniqueProc Memoryt1055.009100%live
SubTechniqueDynamic Linker Hijackingt1574.006100%live
TechniqueExploitation for Credential Accesst1212100%live
SubTechniquePluggable Authentication Modulest1556.003100%live
TechniqueSteal or Forge Authentication Certificatest1649100%live
SubTechniqueSudo and Sudo Cachingt1548.003100%live
SubTechniqueRename System Utilitiest1036.003100%live
TechniqueSoftware Deployment Toolst1072100%live
SubTechniqueProc Filesystemt1003.007100%live
SubTechniqueRun Virtual Instancet1564.006100%live
SubTechniqueExecutable Installer File Permissions Weaknesst1574.005100%live
TechniqueRemote System Discoveryt1018100%live
SubTechniqueClear Linux or Mac System Logst1070.002100%live
SubTechniqueServices File Permissions Weaknesst1574.010100%live
SubTechniqueWeb Portal Capturet1056.003100%live
SubTechniqueSystemd Servicet1543.002100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
System Call Analysis
Defence
System Init Config Analysis
Defence
File Integrity Monitoring
Defence
File Access Pattern Analysis
Defence
File Content Analysis
Defence
Emulated File Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.