Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)

Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Direct Network Flood - T1498.001 (0bda01d5-4c1d-4062-8ee2-6872334383c3)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	OS Exhaustion Flood - T1499.001 (0df05477-c572-4ed6-88a9-47c581f548f7)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Remote Access Software - T1219 (4061e78c-1284-44b4-9116-73e4ac3912f7)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Reflection Amplification - T1498.002 (36b2a1d7-e09e-49bf-b45e-477076c2ec01)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Data from Cloud Storage - T1530 (3298ce88-1628-43b1-87d9-0b5336b193d7)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Forced Authentication - T1187 (b77cf5f3-6060-475d-bd60-40ccbf28fdc2)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Lateral Tool Transfer - T1570 (bf90d72c-c00b-45e3-b3aa-68560560d4c5)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	BITS Jobs - T1197 (c8e87b83-edbb-48d4-9295-4974897525b7)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Port Knocking - T1205.001 (8868cb5b-d575-4a60-acb2-07d37389a2fd)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Non-Application Layer Protocol - T1095 (c21d5a77-d422-4a69-acd7-2c53c1faa34b)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Protocol Tunneling - T1572 (4fe28b27-b13c-453e-a386-c2ef362a573b)	Attack Pattern	1
Filter Network Traffic - M1037 (20f6a9df-37c4-4e20-9e47-025983b1b39d)	Course of Action	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	1
VNC - T1021.005 (01327cde-66c4-4123-bf34-5f258d59457b)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Direct Network Flood - T1498.001 (0bda01d5-4c1d-4062-8ee2-6872334383c3)	Attack Pattern	Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	2
DNS - T1071.004 (1996eef1-ced3-4d7f-bf94-33298cabbf72)	Attack Pattern	Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6)	Attack Pattern	2
OS Exhaustion Flood - T1499.001 (0df05477-c572-4ed6-88a9-47c581f548f7)	Attack Pattern	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	2
SMB/Windows Admin Shares - T1021.002 (4f9ca633-15c5-463c-9724-bdcd54fde541)	Attack Pattern	Remote Services - T1021 (54a649ff-439a-41a4-9856-8d144a2551ba)	Attack Pattern	2
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Socket Filters - T1205.002 (005cc321-08ce-4d17-b1ea-cb5275926520)	Attack Pattern	2
Network Device Configuration Dump - T1602.002 (52759bf1-fe12-4052-ace6-c5b0cf7dd7fd)	Attack Pattern	Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	LLMNR/NBT-NS Poisoning and SMB Relay - T1557.001 (650c784b-7504-4df7-ab2c-4ea882384d1e)	Attack Pattern	2
Exfiltration Over Symmetric Encrypted Non-C2 Protocol - T1048.001 (79a4052e-1a89-4b09-aea6-51f1d11fe19c)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Exfiltration Over Asymmetric Encrypted Non-C2 Protocol - T1048.002 (8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Exfiltration Over Unencrypted Non-C2 Protocol - T1048.003 (fb8d023d-45be-47e9-bc51-f56bcae6435b)	Attack Pattern	Exfiltration Over Alternative Protocol - T1048 (a19e86f8-1c0a-4fea-8407-23b73d615776)	Attack Pattern	2
Network Denial of Service - T1498 (d74c4a7e-ffbf-432f-9365-7ebf1f787cab)	Attack Pattern	Reflection Amplification - T1498.002 (36b2a1d7-e09e-49bf-b45e-477076c2ec01)	Attack Pattern	2
Service Exhaustion Flood - T1499.002 (38eb0c22-6caf-46ce-8869-5964bd735858)	Attack Pattern	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	2
System Binary Proxy Execution - T1218 (457c7820-d331-465a-915e-42f85500ccc4)	Attack Pattern	Verclsid - T1218.012 (808e6329-ca91-4b87-ac2d-8eadc5f8f327)	Attack Pattern	2
ARP Cache Poisoning - T1557.002 (cabe189c-a0e3-4965-a473-dcff00f17213)	Attack Pattern	Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	2
Network Boundary Bridging - T1599 (b8017880-4b1e-42de-ad10-ae7ac6705166)	Attack Pattern	Network Address Translation Traversal - T1599.001 (4ffc1794-ec3b-45be-9e52-42dbcb2af2de)	Attack Pattern	2
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea)	Attack Pattern	Multi-hop Proxy - T1090.003 (a782ebe2-daba-42c7-bc82-e8e9d923162d)	Attack Pattern	2
Application Exhaustion Flood - T1499.003 (18cffc21-3260-437e-80e4-4ab8bf2ba5e9)	Attack Pattern	Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	2
Unsecured Credentials - T1552 (435dfb86-2697-4867-85b5-2fef496c0517)	Attack Pattern	Cloud Instance Metadata API - T1552.005 (19bf235b-8620-4997-b5b4-94e0659ed7c3)	Attack Pattern	2
Data from Configuration Repository - T1602 (0ad7bc5c-235a-4048-944b-3b286676cb74)	Attack Pattern	SNMP (MIB Dump) - T1602.001 (ee7ff928-801c-4f34-8a99-3df965e581a5)	Attack Pattern	2
Traffic Signaling - T1205 (451a9977-d255-43c9-b431-66de80130c8c)	Attack Pattern	Port Knocking - T1205.001 (8868cb5b-d575-4a60-acb2-07d37389a2fd)	Attack Pattern	2
Adversary-in-the-Middle - T1557 (035bb001-ab69-4a0b-9f6c-2de8b09e1b9d)	Attack Pattern	DHCP Spoofing - T1557.003 (59ff91cd-1430-4075-8563-e6f15f4f9ff5)	Attack Pattern	2
Endpoint Denial of Service - T1499 (c675646d-e204-4aa8-978d-e3d6d65885c4)	Attack Pattern	Application or System Exploitation - T1499.004 (2bee5ffb-7a7a-4119-b1f2-158151b19ac0)	Attack Pattern	2