Skip to content

Hide Navigation Hide TOC

Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da)

Contextual information about an Internet-facing resource collected during a scan, including details such as open ports, running services, protocols, and versions. This metadata is typically derived from interpreting scan results and helps build a profile of the targeted system. Examples:

  • Port and Service Details:
    • Open ports (e.g., 22, 80, 443).
    • Identified services running on those ports (e.g., SSH, HTTP, HTTPS).
  • Service Versions: Detected software version information (e.g., Apache 2.4.41, OpenSSH 8.2).
  • Operating System Information: OS fingerprinting data (e.g., Linux Kernel 5.4.0).
  • TLS/SSL Certificate Data: Information about the TLS/SSL certificate, such as the expiration date, issuer, and cipher suites.

Data Collection Measures:

  • Scanning Tools:
    • Nmap: Collects port, service, and version information using commands like nmap -sV .
    • Masscan: High-speed scanning tool for discovering open ports and active services.
    • Zmap: Focused on large-scale Internet scanning, collecting metadata about discovered services.
    • Shodan API: Retrieves scan metadata for publicly exposed devices and services.
  • Network Logs:
    • Use logs from firewalls, intrusion detection systems (IDS), or intrusion prevention systems (IPS) to gather metadata from scan attempts. Example: Zeek or Suricata logs for incoming scan traffic.
  • OSINT Platforms: Platforms like Censys, GreyNoise, or Shodan provide aggregated metadata about Internet-facing resources.
  • Cloud Metadata Services: AWS Security Hub, Azure Monitor, or GCP Security Command Center can collect and centralize scan-related metadata for Internet-facing resources in cloud environments.
Cluster A Galaxy A Cluster B Galaxy B Level
Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component 1
Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern 1
Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 1
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component 1
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component 1
Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 1
Response Metadata (1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da) mitre-data-component Hide Infrastructure - T1665 (eb897572-8979-4242-a089-56f294f4c91d) Attack Pattern 1
Server - T1583.004 (60c4b628-4807-4b0b-bbf5-fdac8643c337) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Virtual Private Server - T1583.003 (79da0971-3147-4af6-a4f5-e8cd447cd795) Attack Pattern Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2) Attack Pattern 2
Virtual Private Server - T1584.003 (39cc9f64-cf74-4a48-a4d8-fe98c54a02e0) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2
Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern 2