Skip to content

Hide Navigation Hide TOC

Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c)

Use intrusion detection signatures to block traffic at network boundaries.

Cluster A Galaxy A Cluster B Galaxy B Level
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Template Injection - T1221 (dc31fe1e-d722-49da-8f5f-92c7b5aff534) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 1
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 1
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Scheduled Transfer - T1029 (4eeaf8a9-c86b-4954-a663-9555fb406466) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) Attack Pattern 1
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Fallback Channels - T1008 (f24faf46-3b26-4dbb-98f2-63460498e433) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Non-Standard Port - T1571 (b18eae87-b469-4e14-b454-b171b416bc18) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 1
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Service Discovery - T1046 (e3a12395-188d-4051-9a16-ea8e14d07b88) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Data Transfer Size Limits - T1030 (c3888c54-775d-4b2f-b759-75a2ececcbfd) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 1
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 1
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern Network Intrusion Prevention - M1031 (12241367-a8b7-49b4-b86e-2236901ba50c) Course of Action 1
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern One-Way Communication - T1102.003 (9c99724c-a483-4d60-ad9d-7f004e42e8e8) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern Bidirectional Communication - T1102.002 (be055942-6e63-49d7-9fa1-9cb7d8a8f3f4) Attack Pattern 2
SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5) Attack Pattern Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern 2
Malicious Link - T1204.001 (ef67e13e-5598-4adc-bdb2-998225874fa9) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5) Attack Pattern 2
Phishing - T1566 (a62a8db3-f23a-4d8f-afd6-9dbc77e7813b) Attack Pattern Spearphishing Attachment - T1566.001 (2e34237d-8574-43f6-aace-ae2915de8597) Attack Pattern 2
Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 2
Mail Protocols - T1071.003 (54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Steganography - T1001.002 (eec23884-3fa1-4d8a-ac50-6f104d51e235) Attack Pattern Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern 2
Standard Encoding - T1132.001 (04fd5427-79c7-44ea-ae13-11b24778ff1c) Attack Pattern Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern 2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern ROMMONkit - T1542.004 (a6557c75-798f-42e4-be70-ab4502e0a3bc) Attack Pattern 2
Asymmetric Cryptography - T1573.002 (bf176076-b789-408e-8cba-7275e81c0ada) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74) Attack Pattern Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e) Attack Pattern 2
Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c) Attack Pattern 2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Malicious Image - T1204.003 (b0c74ef9-c61e-4986-88cb-78da98a355ec) Attack Pattern User Execution - T1204 (8c32eb4d-805f-4fc5-bf60-c4d476c131b5) Attack Pattern 2
Pre-OS Boot - T1542 (7f0ca133-88c4-40c6-a62f-b3083a7fbc2e) Attack Pattern TFTP Boot - T1542.005 (28abec6c-4443-4b03-8206-07f2e264a6b4) Attack Pattern 2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b) Attack Pattern Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern File Transfer Protocols - T1071.002 (9a60a291-8960-4387-8a4a-2ab5c18bb50b) Attack Pattern 2
Dead Drop Resolver - T1102.001 (f7827069-0bf2-4764-af4f-23fae0d181b7) Attack Pattern Web Service - T1102 (830c9528-df21-472c-8c14-a036bf17d665) Attack Pattern 2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Junk Data - T1001.001 (f7c0689c-4dbd-489b-81be-7cb7c7079ade) Attack Pattern 2
Data Obfuscation - T1001 (ad255bfe-a9e6-4b52-a258-8d3462abe842) Attack Pattern Protocol Impersonation - T1001.003 (c325b232-d5bc-4dde-a3ec-71f3db9e8adc) Attack Pattern 2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d) Attack Pattern ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 2
Dynamic Resolution - T1568 (7bd9c723-2f78-4309-82c5-47cad406572b) Attack Pattern Domain Generation Algorithms - T1568.002 (118f61a5-eb3e-4fb6-931f-2096647f4ecd) Attack Pattern 2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern External Proxy - T1090.002 (69b8fd78-40e8-4600-ae4d-662c9d7afdb3) Attack Pattern 2