Hide Navigation Hide TOC Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Block users or groups from installing unapproved software. Cluster A Galaxy A Cluster B Galaxy B Level Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Browser Extensions - T1176 (389735f1-f21c-4208-b8f0-f8031e7169b8) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Software Deployment Tools - T1072 (92a78814-b191-47ca-909c-1ccfe3777414) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 1 Limit Software Installation - M1033 (23843cff-f7b9-4659-a7b7-713ef347f547) Course of Action Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 1 Supply Chain Compromise - T1195 (3f18edba-28f4-4bb9-82c3-8aa60dcac5f7) Attack Pattern Compromise Software Dependencies and Development Tools - T1195.001 (191cc6af-1bb2-4344-ab5f-28e496638720) Attack Pattern 2 Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern Systemd Service - T1543.002 (dfefe2ed-4389-4318-8762-f0272b350a1b) Attack Pattern 2 Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern XDG Autostart Entries - T1547.013 (e0232cb0-ded5-4c2e-9dc7-2893142a5c11) Attack Pattern 2 Hide Artifacts - T1564 (22905430-4901-4c2a-84f6-98243cb173f8) Attack Pattern Hidden Window - T1564.003 (cbb66055-0325-4111-aca0-40547b6ad5b0) Attack Pattern 2 Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba) Attack Pattern VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b) Attack Pattern 2 Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Python - T1059.006 (cc3502b5-30cc-4473-ad48-42d51a6ef6d1) Attack Pattern 2