the-cso-companion.com
Reconnaissance
TA0043 - 0% (0/10)
Active Scanning
0
T1595 - 0% (0/4)
Gather Victim Host Information
0
T1592 - 0% (0/2)
Gather Victim Identity Information
0
T1589 - 0% (0/2)
Gather Victim Network Information
0
T1590 - 0% (0/2)
Gather Victim Org Information
0
T1591 - 0% (0/1)
Phishing for Information
0
T1598 - 0% (0/5)
Search Closed Sources
0
T1597 - 0% (0/1)
Search Open Technical Databases
0
T1596 - 0% (0/1)
Search Open Websites / Domains
0
T1593 - 0% (0/3)
Search Victim-Owned Websites
0
T1594 - 0% (0/2)
Resource Development
TA0042 - 0% (0/5)
Acquire Access
0
T1650 - 0% (0/1)
Acquire Infrastructure
0
T1583 - 0% (0/4)
Compromise Accounts
0
T1586 - 0% (0/2)
Compromise Infrastructure
0
T1584 - 0% (0/4)
Develop Capabilities
0
T1587 - 0% (0/2)
Establish Accounts
0
T1585 - 0% (0/2)
Obtain Capabilities
0
T1588 - 0% (0/2)
Stage Capabilities
0
T1608 - 0% (0/2)
Initial Access
TA0001 - 0% (0/35)
Content Injection
0
T1659 - 0% (0/5)
Drive-by Compromise
0
T1189 - 0% (0/9)
Exploit Public-Facing Application
0
T1190 - 0% (0/8)
External Remote Services
0
T1133 - 0% (0/8)
Hardware Additions
0
T1200 - 0% (0/4)
Phishing
0
T1566 - 0% (0/11)
Replication Through Removable Media
0
T1091 - 0% (0/6)
Supply Chain Compromise
0
T1195 - 0% (0/7)
Trusted Relationship
0
T1199 - 0% (0/6)
Valid Accounts
0
T1078 - 0% (0/10)
Execution
TA0002 - 0% (0/42)
Cloud Administration Command
0
T1651 - 0% (0/4)
Command and Scripting Interpreter
0
T1059 - 0% (0/16)
Container Administration Command
0
T1609 - 0% (0/7)
Deploy Container
0
T1610 - 0% (0/5)
Exploitation for Client Execution
0
T1203 - 0% (0/7)
Inter-Process Communication
0
T1559 - 0% (0/10)
Native API
0
T1106 - 0% (0/4)
Scheduled Task / Job
0
T1053 - 0% (0/11)
Serverless Execution
0
T1648 - 0% (0/4)
Shared Modules
0
T1129 - 0% (0/3)
Software Deployment Tools
0
T1072 - 0% (0/12)
System Services
0
T1569 - 0% (0/9)
User Execution
0
T1204 - 0% (0/13)
Windows Management Instrumentation
0
T1047 - 0% (0/7)
Persistence
TA0003 - 0% (0/53)
Account Manipulation
0
T1098 - 0% (0/14)
BITS Jobs
0
T1197 - 0% (0/6)
Boot or Logon Autostart Execution
0
T1547 - 0% (0/22)
Boot or Logon Initialization Scripts
0
T1037 - 0% (0/8)
Browser Extensions
0
T1176 - 0% (0/10)
Compromise Host Software Binary
0
T1554 - 0% (0/3)
Create Account
0
T1136 - 0% (0/6)
Create or Modify System Process
0
T1543 - 0% (0/18)
Event Triggered Execution
0
T1546 - 0% (0/21)
External Remote Services
0
T1133 - 0% (0/8)
Hijack Execution Flow
0
T1574 - 0% (0/18)
Implant Internal Image
0
T1525 - 0% (0/3)
Modify Authentication Process
0
T1556 - 0% (0/25)
Office Application Startup
0
T1137 - 0% (0/12)
Power Settings
0
T1653 - 0% (0/3)
Pre-OS Boot
0
T1542 - 0% (0/12)
Scheduled Task / Job
0
T1053 - 0% (0/11)
Server Software Component
0
T1505 - 0% (0/16)
Traffic Signaling
0
T1205 - 0% (0/6)
Valid Accounts
0
T1078 - 0% (0/10)
Privilege Escalation
TA0004 - 0% (0/49)
Abuse Elevation Control Mechanism
0
T1548 - 0% (0/15)
Access Token Manipulation
0
T1134 - 0% (0/8)
Account Manipulation
0
T1098 - 0% (0/14)
Boot or Logon Autostart Execution
0
T1547 - 0% (0/22)
Boot or Logon Initialization Scripts
0
T1037 - 0% (0/8)
Create or Modify System Process
0
T1543 - 0% (0/18)
Domain or Tenant Policy Modification
0
T1484 - 0% (0/7)
Escape to Host
0
T1611 - 0% (0/7)
Event Triggered Execution
0
T1546 - 0% (0/21)
Exploitation for Privilege Escalation
0
T1068 - 0% (0/7)
Hijack Execution Flow
0
T1574 - 0% (0/18)
Process Injection
0
T1055 - 0% (0/9)
Scheduled Task / Job
0
T1053 - 0% (0/11)
Valid Accounts
0
T1078 - 0% (0/10)
Defense Evasion
TA0005 - 0% (0/63)
Abuse Elevation Control Mechanism
0
T1548 - 0% (0/15)
Access Token Manipulation
0
T1134 - 0% (0/8)
BITS Jobs
0
T1197 - 0% (0/6)
Build Image on Host
0
T1612 - 0% (0/7)
Debugger Evasion
0
T1622 - 0% (0/4)
Deobfuscate / Decode Files or Information
0
T1140 - 0% (0/3)
Deploy Container
0
T1610 - 0% (0/5)
Direct Volume Access
0
T1006 - 0% (0/4)
Domain or Tenant Policy Modification
0
T1484 - 0% (0/7)
Execution Guardrails
0
T1480 - 0% (0/5)
Exploitation for Defense Evasion
0
T1211 - 0% (0/6)
File and Directory Permissions Modification
0
T1222 - 0% (0/5)
Hide Artifacts
0
T1564 - 0% (0/17)
Hijack Execution Flow
0
T1574 - 0% (0/18)
Impair Defenses
0
T1562 - 0% (0/23)
Impersonation
0
T1656 - 0% (0/3)
Indicator Removal
0
T1070 - 0% (0/15)
Indirect Command Execution
0
T1202 - 0% (0/2)
Masquerading
0
T1036 - 0% (0/15)
Modify Authentication Process
0
T1556 - 0% (0/25)
Modify Cloud Compute Infrastructure
0
T1578 - 0% (0/3)
Modify Cloud Resource Hierarchy
0
T1666 - 0% (0/4)
Modify Registry
0
T1112 - 0% (0/7)
Modify System Image
0
T1601 - 0% (0/7)
Network Boundary Bridging
0
T1599 - 0% (0/7)
Obfuscated Files or Information
0
T1027 - 0% (0/13)
Plist File Modification
0
T1647 - 0% (0/4)
Pre-OS Boot
0
T1542 - 0% (0/12)
Process Injection
0
T1055 - 0% (0/9)
Reflective Code Loading
0
T1620 - 0% (0/3)
Rogue Domain Controller
0
T1207 - 0% (0/4)
Rootkit
0
T1014 - 0% (0/3)
Subvert Trust Controls
0
T1553 - 0% (0/15)
System Binary Proxy Execution
0
T1218 - 0% (0/14)
System Script Proxy Execution
0
T1216 - 0% (0/5)
Template Injection
0
T1221 - 0% (0/7)
Traffic Signaling
0
T1205 - 0% (0/6)
Trusted Developer Utilities Proxy Execution
0
T1127 - 0% (0/8)
Unused / Unsupported Cloud Regions
0
T1535 - 0% (0/1)
Use Alternate Authentication Material
0
T1550 - 0% (0/15)
Valid Accounts
0
T1078 - 0% (0/10)
Virtualization / Sandbox Evasion
0
T1497 - 0% (0/3)
Weaken Encryption
0
T1600 - 0% (0/1)
XSL Script Processing
0
T1220 - 0% (0/3)
Credential Access
TA0006 - 0% (0/51)
Adversary-in-the-Middle
0
T1557 - 0% (0/11)
Brute Force
0
T1110 - 0% (0/8)
Credentials from Password Stores
0
T1555 - 0% (0/14)
Exploitation for Credential Access
0
T1212 - 0% (0/8)
Forced Authentication
0
T1187 - 0% (0/7)
Forge Web Credentials
0
T1606 - 0% (0/8)
Input Capture
0
T1056 - 0% (0/10)
Modify Authentication Process
0
T1556 - 0% (0/25)
Multi-Factor Authentication Interception
0
T1111 - 0% (0/4)
Multi-Factor Authentication Request Generation
0
T1621 - 0% (0/6)
Network Sniffing
0
T1040 - 0% (0/6)
OS Credential Dumping
0
T1003 - 0% (0/21)
Steal Application Access Token
0
T1528 - 0% (0/6)
Steal or Forge Authentication Certificates
0
T1649 - 0% (0/10)
Steal or Forge Kerberos Tickets
0
T1558 - 0% (0/8)
Steal Web Session Cookie
0
T1539 - 0% (0/8)
Unsecured Credentials
0
T1552 - 0% (0/20)
Discovery
TA0007 - 0% (0/29)
Account Discovery
0
T1087 - 0% (0/9)
Application Window Discovery
0
T1010 - 0% (0/3)
Browser Information Discovery
0
T1217 - 0% (0/3)
Cloud Infrastructure Discovery
0
T1580 - 0% (0/1)
Cloud Service Dashboard
0
T1538 - 0% (0/3)
Cloud Service Discovery
0
T1526 - 0% (0/2)
Cloud Storage Object Discovery
0
T1619 - 0% (0/1)
Container and Resource Discovery
0
T1613 - 0% (0/3)
Debugger Evasion
0
T1622 - 0% (0/4)
Device Driver Discovery
0
T1652 - 0% (0/4)
Domain Trust Discovery
0
T1482 - 0% (0/7)
File and Directory Discovery
0
T1083 - 0% (0/3)
Group Policy Discovery
0
T1615 - 0% (0/5)
Log Enumeration
0
T1654 - 0% (0/4)
Network Service Discovery
0
T1046 - 0% (0/6)
Network Share Discovery
0
T1135 - 0% (0/4)
Network Sniffing
0
T1040 - 0% (0/6)
Password Policy Discovery
0
T1201 - 0% (0/3)
Peripheral Device Discovery
0
T1120 - 0% (0/3)
Permission Groups Discovery
0
T1069 - 0% (0/6)
Process Discovery
0
T1057 - 0% (0/3)
Query Registry
0
T1012 - 0% (0/4)
Remote System Discovery
0
T1018 - 0% (0/4)
Software Discovery
0
T1518 - 0% (0/5)
System Information Discovery
0
T1082 - 0% (0/3)
System Location Discovery
0
T1614 - 0% (0/4)
System Network Configuration Discovery
0
T1016 - 0% (0/4)
System Network Connections Discovery
0
T1049 - 0% (0/3)
System Owner / User Discovery
0
T1033 - 0% (0/9)
System Service Discovery
0
T1007 - 0% (0/3)
System Time Discovery
0
T1124 - 0% (0/3)
Virtualization / Sandbox Evasion
0
T1497 - 0% (0/3)
Lateral Movement
TA0008 - 0% (0/44)
Exploitation of Remote Services
0
T1210 - 0% (0/10)
Internal Spearphishing
0
T1534 - 0% (0/3)
Lateral Tool Transfer
0
T1570 - 0% (0/8)
Remote Service Session Hijacking
0
T1563 - 0% (0/14)
Remote Services
0
T1021 - 0% (0/19)
Replication Through Removable Media
0
T1091 - 0% (0/6)
Software Deployment Tools
0
T1072 - 0% (0/12)
Taint Shared Content
0
T1080 - 0% (0/8)
Use Alternate Authentication Material
0
T1550 - 0% (0/15)
Collection
TA0009 - 0% (0/35)
Adversary-in-the-Middle
0
T1557 - 0% (0/11)
Archive Collected Data
0
T1560 - 0% (0/5)
Audio Capture
0
T1123 - 0% (0/2)
Automated Collection
0
T1119 - 0% (0/6)
Browser Session Hijacking
0
T1185 - 0% (0/4)
Clipboard Data
0
T1115 - 0% (0/2)
Data from Cloud Storage
0
T1530 - 0% (0/6)
Data from Configuration Repository
0
T1602 - 0% (0/8)
Data from Information Repositories
0
T1213 - 0% (0/9)
Data from Local System
0
T1005 - 0% (0/6)
Data from Network Shared Drive
0
T1039 - 0% (0/6)
Data from Removable Media
0
T1025 - 0% (0/3)
Data Staged
0
T1074 - 0% (0/4)
Email Collection
0
T1114 - 0% (0/10)
Input Capture
0
T1056 - 0% (0/10)
Screen Capture
0
T1113 - 0% (0/2)
Video Capture
0
T1125 - 0% (0/2)
Command and Control
TA0011 - 0% (0/18)
Application Layer Protocol
0
T1071 - 0% (0/4)
Communication Through Removable Media
0
T1092 - 0% (0/2)
Content Injection
0
T1659 - 0% (0/5)
Data Encoding
0
T1132 - 0% (0/2)
Data Obfuscation
0
T1001 - 0% (0/2)
Dynamic Resolution
0
T1568 - 0% (0/5)
Encrypted Channel
0
T1573 - 0% (0/3)
Fallback Channels
0
T1008 - 0% (0/3)
Hide Infrastructure
0
T1665 - 0% (0/4)
Ingress Tool Transfer
0
T1105 - 0% (0/6)
Multi-Stage Channels
0
T1104 - 0% (0/3)
Non-Application Layer Protocol
0
T1095 - 0% (0/5)
Non-Standard Port
0
T1571 - 0% (0/4)
Protocol Tunneling
0
T1572 - 0% (0/5)
Proxy
0
T1090 - 0% (0/6)
Remote Access Software
0
T1219 - 0% (0/8)
Traffic Signaling
0
T1205 - 0% (0/6)
Web Service
0
T1102 - 0% (0/5)
Exfiltration
TA0010 - 0% (0/20)
Automated Exfiltration
0
T1020 - 0% (0/9)
Data Transfer Size Limits
0
T1030 - 0% (0/3)
Exfiltration Over Alternative Protocol
0
T1048 - 0% (0/12)
Exfiltration Over C2 Channel
0
T1041 - 0% (0/7)
Exfiltration Over Other Network Medium
0
T1011 - 0% (0/7)
Exfiltration Over Physical Medium
0
T1052 - 0% (0/6)
Exfiltration Over Web Service
0
T1567 - 0% (0/8)
Scheduled Transfer
0
T1029 - 0% (0/3)
Transfer Data to Cloud Account
0
T1537 - 0% (0/6)
Impact
TA0040 - 0% (0/37)
Account Access Removal
0
T1531 - 0% (0/3)
Data Destruction
0
T1485 - 0% (0/6)
Data Encrypted for Impact
0
T1486 - 0% (0/7)
Data Manipulation
0
T1565 - 0% (0/9)
Defacement
0
T1491 - 0% (0/5)
Disk Wipe
0
T1561 - 0% (0/5)
Endpoint Denial of Service
0
T1499 - 0% (0/5)
Financial Theft
0
T1657 - 0% (0/3)
Firmware Corruption
0
T1495 - 0% (0/4)
Inhibit System Recovery
0
T1490 - 0% (0/7)
Network Denial of Service
0
T1498 - 0% (0/3)
Resource Hijacking
0
T1496 - 0% (0/10)
Service Stop
0
T1489 - 0% (0/10)
System Shutdown / Reboot
0
T1529 - 0% (0/3)
37%
Fit
100%
Coverage 100%
Coverage 75-99%
Coverage 50-74%

Coverage 25-49%
Coverage 1-24%
Coverage 0%
Total cost of the
implemented solutions
0
(3)
Average cost
per framework technic
0
(203)
Average cost
per framework measure
0
(83)
Average cost
per covered measure
0
(0)

No overlap
≥ 1 overlap
The information provided on this page is for informational purposes only and does not constitute any guarantee of compliance (regulations, standards, etc.).
Mitre Enterprise ATT&CK 16.1 - Configuration
X
Specify the solutions you have implemented and their cost.
# Name Cost
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
Specify how each required measure is coverd by the solutions you have implemented.
Type Id Name Nb tech.
Policies & Procedures
EDR (Endpoint Detection & Response) / Antivirus
NDR (Network Detection & Response)
Detection ? Command - Command Execution 101/203
Detection ? Process - Process Creation 95/203
Detection ? Network Traffic - Network Traffic Content 55/203
Detection ? Process - OS API Execution 53/203
Mitigation M1018 ? User Account Management 53/203
Detection ? Network Traffic - Network Traffic Flow 46/203
Detection ? Application Log - Application Log Content 44/203
Mitigation M1026 ? Privileged Account Management 42/203
Mitigation M1047 ? Audit 40/203
Detection ? File - File Creation 34/203
Detection ? File - File Modification 34/203
Mitigation M1042 ? Disable or Remove Feature or Program 32/203
Detection ? Network Traffic - Network Connection Creation 32/203
Mitigation M1031 ? Network Intrusion Prevention 26/203
Mitigation M1038 ? Execution Prevention 25/203
Detection ? File - File Access 25/203
Mitigation M1022 ? Restrict File and Directory Permissions 25/203
Mitigation M1017 ? User Training 24/203
Mitigation M1030 ? Network Segmentation 23/203
Mitigation M1028 ? Operating System Configuration 23/203
Mitigation M1051 ? Update Software 22/203
Detection ? Windows Registry - Windows Registry Key Modification 22/203
Mitigation M1037 ? Filter Network Traffic 20/203
Mitigation M1040 ? Behavior Prevention on Endpoint 18/203
Detection ? Module - Module Load 18/203
Mitigation M1032 ? Multi-factor Authentication 18/203
Detection ? Script - Script Execution 18/203
Mitigation M1054 ? Software Configuration 18/203
Mitigation M1056 ? Pre-compromise 17/203
Mitigation M1041 ? Encrypt Sensitive Information 16/203
Detection ? Logon Session - Logon Session Creation 15/203
Mitigation M1027 ? Password Policies 15/203
Mitigation M1021 ? Restrict Web-Based Content 14/203
Mitigation M1035 ? Limit Access to Resource Over Network 12/203
Detection ? User Account - User Account Authentication 12/203
Mitigation M1048 ? Application Isolation and Sandboxing 11/203
Detection ? Windows Registry - Windows Registry Key Creation 11/203
Detection ? Active Directory - Active Directory Object Modification 10/203
Mitigation M1013 ? Application Developer Guidance 10/203
Mitigation M1045 ? Code Signing 10/203
Mitigation M1024 ? Restrict Registry Permissions 10/203
Mitigation M1015 ? Active Directory Configuration 9/203
Mitigation M1050 ? Exploit Protection 9/203
Mitigation M1049 ? Antivirus/Antimalware 8/203
Mitigation M1057 ? Data Loss Prevention 8/203
Mitigation M1033 ? Limit Software Installation 8/203
Detection ? Process - Process Access 8/203
Detection ? Process - Process Metadata 8/203
Detection ? Cloud Service - Cloud Service Modification 7/203
Detection ? Driver - Driver Load 7/203
Detection ? Internet Scan - Response Content 7/203
Detection ? Windows Registry - Windows Registry Key Access 7/203
Detection ? Sensor Health - Host Status 6/203
Detection ? User Account - User Account Modification 6/203
Mitigation M1036 ? Account Use Policies 5/203
Mitigation M1046 ? Boot Integrity 5/203
Mitigation M1043 ? Credential Access Protection 5/203
Mitigation M1053 ? Data Backup 5/203
Detection ? Network Share - Network Share Access 5/203
Mitigation M1019 ? Threat Intelligence Program 5/203
Detection ? Firmware - Firmware Modification 4/203
Mitigation M1029 ? Remote Data Storage 4/203
Mitigation M1052 ? User Account Control 4/203
Detection ? Active Directory - Active Directory Object Access 3/203
Detection ? Active Directory - Active Directory Object Creation 3/203
Detection ? Cloud Service - Cloud Service Enumeration 3/203
Detection ? Domain Name - Domain Registration 3/203
Detection ? Drive - Drive Modification 3/203
Detection ? Internet Scan - Response Metadata 3/203
Mitigation M1034 ? Limit Hardware Installation 3/203
Mitigation M1060 ? Out-of-Band Communications Channel 3/203
Mitigation M1025 ? Privileged Process Integrity 3/203
Mitigation M1016 ? Vulnerability Scanning 3/203
Mitigation M1039 ? Environment Variable Permissions 2/203
Detection ? Group - Group Enumeration 2/203
Detection ? Kernel - Kernel Module Load 2/203
Mitigation M1044 ? Restrict Library Loading 2/203
Mitigation M1020 ? SSL/TLS Inspection 2/203
Detection ? User Account - User Account Deletion 2/203
Mitigation M1055 ? Do Not Mitigate 1/203
Detection ? Firewall - Firewall Enumeration 1/203
Detection ? Firewall - Firewall Metadata 1/203
Detection ? Group - Group Metadata 1/203
Specify the ID of the technics (ex. : "T1190;T1106;T1134;T1040;T1078;T1189;T1608;T1205;T1114;T1568;T1498").