Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)

Use intrusion detection signatures to block traffic at network boundaries.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	1
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91)	Attack Pattern	1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd)	Attack Pattern	1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	1
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534)	Attack Pattern	1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)	Course of Action	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b)	Attack Pattern	Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597)	Attack Pattern	2
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b)	Attack Pattern	2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c)	Attack Pattern	Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235)	Attack Pattern	2
ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc)	Attack Pattern	Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada)	Attack Pattern	Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	2
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e)	Attack Pattern	TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec)	Attack Pattern	2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7)	Attack Pattern	2
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc)	Attack Pattern	Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755)	Attack Pattern	2
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd)	Attack Pattern	Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b)	Attack Pattern	2
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3)	Attack Pattern	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	2
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118)	Attack Pattern	Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8)	Attack Pattern	2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161)	Attack Pattern	2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665)	Attack Pattern	Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4)	Attack Pattern	2
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	2
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5)	Attack Pattern	Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9)	Attack Pattern	2
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f)	Attack Pattern	Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc)	Attack Pattern	2