Esc

Asset Inventory

Definition

Asset inventorying identifies and records the organization's assets and enriches each inventory item with knowledge about their vulnerabilities.

Synonyms: Asset Discovery, Asset Inventorying.

Artifact Relationships:

This defensive technique is related to specific artifacts. Click the artifact node for more information.

json

Technique Subclasses

There are 8 techniques in this category, Asset Inventory.

Name	ID	Definition	Synonyms
Asset Inventory	D3-AI	Asset inventorying identifies and records the organization's assets and enriches each inventory item with knowledge about their vulnerabilities.	Asset Discovery , and Asset Inventorying
- Software Inventory	D3-SWI	Software inventorying identifies and records the software items in the organization's architecture.	Software Discovery , and Software Inventorying
- Container Image Analysis	D3-CIA	Analyzing a Container Image with respect to a set of policies.	Container Image Scanning
- Asset Vulnerability Enumeration	D3-AVE	Asset vulnerability enumeration enriches inventory items with knowledge identifying their vulnerabilities.
- Configuration Inventory	D3-CI	Configuration inventory identifies and records the configuration of software and hardware and their components throughout the organization.
- Network Node Inventory	D3-NNI	Network node inventorying identifies and records all the network nodes (hosts, routers, switches, firewalls, etc.) in the organization's architecture.	System Inventorying , and System Discovery
- Data Inventory	D3-DI	Data inventorying identifies and records the schemas, formats, volumes, and locations of data stored and used on the organization's architecture.	Data Discovery , and Data Inventorying
- Hardware Component Inventory	D3-HCI	Hardware component inventorying identifies and records the hardware items in the organization's architecture.	Hardware Component Inventorying , and Hardware Component Discovery

Related ATT&CK Techniques:

These mappings are inferred, experimental, and will improve as the knowledge graph grows.

These offensive techniques are determined related because of the way this defensive technique,, , , and .

Lateral Movement

Software Deployment Tools

Internal Spearphishing

Replication Through Removable Media

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Elevated Execution with Prompt

Setuid and Setgid

Temporary Elevated Cloud Access

Event Triggered Execution

Image File Execution Options Injection

Screensaver

Netsh Helper DLL

Component Object Model Hijacking

AppInit DLLs

Change Default File Association

Emond

Accessibility Features

Application Shimming

AppCert DLLs

Boot or Logon Autostart Execution

Time Providers

Authentication Package

Registry Run Keys / Startup Folder

Port Monitors

LSASS Driver

Security Support Provider

Winlogon Helper DLL

Access Token Manipulation

SID-History Injection

Create or Modify System Process

Windows Service

Boot or Logon Initialization Scripts

Startup Items

RC Scripts

Hijack Execution Flow

COR_PROFILER

Services Registry Permissions Weakness

Services File Permissions Weakness

Executable Installer File Permissions Weakness

Domain or Tenant Policy Modification

Command And Control

Communication Through Removable Media

Impact

Inhibit System Recovery

Collection

Audio Capture

Video Capture

Data from Information Repositories

Code Repositories

Data from Removable Media

Input Capture

Keylogging

Web Portal Capture

Email Collection

Remote Email Collection

Email Forwarding Rule

Local Email Collection

Discovery

Cloud Service Dashboard

System Location Discovery

System Language Discovery

Software Discovery

Security Software Discovery

System Owner/User Discovery

Cloud Service Discovery

Query Registry

Cloud Storage Object Discovery

Group Policy Discovery

Virtualization/Sandbox Evasion

Time Based Checks

Persistence

Office Application Startup

Outlook Home Page

Office Template Macros

Implant Internal Image

Event Triggered Execution

Image File Execution Options Injection

Screensaver

Netsh Helper DLL

Component Object Model Hijacking

AppInit DLLs

Change Default File Association

Emond

Accessibility Features

Application Shimming

AppCert DLLs

Boot or Logon Autostart Execution

Time Providers

Authentication Package

Registry Run Keys / Startup Folder

Port Monitors

LSASS Driver

Security Support Provider

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Server Software Component

IIS Components

Transport Agent

Web Shell

SQL Stored Procedures

Boot or Logon Initialization Scripts

Startup Items

RC Scripts

Modify Authentication Process

Password Filter DLL

Conditional Access Policies

Hijack Execution Flow

COR_PROFILER

Services Registry Permissions Weakness

Services File Permissions Weakness

Executable Installer File Permissions Weakness

Pre-OS Boot

Software Extensions

Compromise Host Software Binary

Modify Registry

Initial Access

Phishing

Spearphishing Attachment

Spearphishing Link

Supply Chain Compromise

Compromise Software Dependencies and Development Tools

Compromise Hardware Supply Chain

Compromise Software Supply Chain

Replication Through Removable Media

Hardware Additions

Execution

Software Deployment Tools

Credential Access

Exploitation for Credential Access

Credentials from Password Stores

Keychain

Credentials from Web Browsers

Securityd Memory

Modify Authentication Process

Password Filter DLL

Conditional Access Policies

OS Credential Dumping

/etc/passwd and /etc/shadow

LSA Secrets

Security Account Manager

Unsecured Credentials

Credentials in Registry

Cloud Instance Metadata API

Group Policy Preferences

Multi-Factor Authentication Interception

Input Capture

Keylogging

Web Portal Capture

Steal or Forge Authentication Certificates

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Elevated Execution with Prompt

Setuid and Setgid

Temporary Elevated Cloud Access

System Binary Proxy Execution

Control Panel

Mshta

MMC

Impair Defenses

Disable or Modify Cloud Firewall

Disable or Modify System Firewall

Impair Command History Logging

Disable or Modify Network Device Firewall

Disable or Modify Cloud Logs

Safe Mode Boot

Disable Windows Event Logging

Access Token Manipulation

SID-History Injection

Hide Artifacts

Trusted Developer Utilities Proxy Execution

MSBuild

Modify Authentication Process

Password Filter DLL

Conditional Access Policies

Modify Cloud Compute Infrastructure

Create Cloud Instance

Delete Cloud Instance

Revert Cloud Instance

Modify Cloud Compute Configurations

Rogue Domain Controller

Hijack Execution Flow

COR_PROFILER

Services Registry Permissions Weakness

Services File Permissions Weakness

Executable Installer File Permissions Weakness

Rootkit

Pre-OS Boot

Modify Cloud Resource Hierarchy

File and Directory Permissions Modification

Subvert Trust Controls

SIP and Trust Provider Hijacking

Domain or Tenant Policy Modification

Modify Registry

Virtualization/Sandbox Evasion

Time Based Checks

Exfiltration

Exfiltration Over Physical Medium

Exfiltration over USB

D3FEND^™

A knowledge graph of cybersecurity countermeasures

1.4.0

−

Harden

Agent Authentication

Biometric Authentication

Certificate-based Authentication

Multi-factor Authentication

Password Authentication

Token-based Authentication

Application Hardening

Application Configuration Hardening

Control Flow Integrity

Dead Code Elimination

Exception Handler Pointer Validation

Pointer Authentication

Process Segment Execution Prevention

Segment Address Offset Randomization

Stack Frame Canary Validation

Strong Password Policy

Change Default Password

Token Binding

Message Hardening

Message Authentication

Bus Message Authentication

Message Encryption

Transfer Agent Authentication

Platform Hardening

Bootloader Authentication

Disk Encryption

Driver Load Integrity Checking

File Encryption

Hardware-based Write Protection

Physical Enclosure Hardening

Radiation Hardening

Electromagnetic Radiation Hardening

RF Shielding

Software Update

System Configuration Permissions

TPM Boot Integrity

Source Code Hardening

Credential Scrubbing

Domain Logic Validation

Operational Logic Validation

Integer Range Validation

Pointer Validation

Memory Block Start Validation

Null Pointer Checking

Reference Nullification

Trusted Library

Variable Initialization

Variable Type Validation

−

Detect

File Analysis

Dynamic Analysis

Emulated File Analysis

File Content Analysis

Identifier Activity Analysis

Identifier Reputation Analysis

Domain Name Reputation Analysis

File Hash Reputation Analysis

IP Reputation Analysis

URL Reputation Analysis

URL Analysis

Message Analysis

Sender MTA Reputation Analysis

Sender Reputation Analysis

Physical Access Monitoring

Electronic Lock Monitoring

Motion Sensor Monitoring

Proximity Sensor Monitoring

Video Surveillance

Process Analysis

Database Query String Analysis

File Access Pattern Analysis

Indirect Branch Call Analysis

Process Code Segment Verification

Process Self-Modification Detection

Process Spawn Analysis

Process Lineage Analysis

Script Execution Analysis

Shadow Stack Comparisons

System Call Analysis

File Creation Analysis

User Behavior Analysis

Authentication Event Thresholding

Authorization Event Thresholding

Credential Compromise Scope Analysis

Domain Account Monitoring

Job Function Access Pattern Analysis

Local Account Monitoring

Resource Access Pattern Analysis

Session Duration Analysis

User Data Transfer Analysis

User Geolocation Logon Pattern Analysis

Web Session Activity Analysis

−

Isolate

Access Mediation

Credential Transmission Scoping

IO Port Restriction

Network Access Mediation

LAN Access Mediation

Routing Access Mediation

Network Resource Access Mediation

Remote File Access Mediation

Web Session Access Mediation

Endpoint-based Web Server Access Mediation

Proxy-based Web Server Access Mediation

Operating Mode Restriction

OT Variable Access Restriction

Physical Access Mediation

Physical Locking

System Call Filtering

Local File Access Mediation

Access Policy Administration

Domain Trust Policy

Local File Permissions

User Account Permissions

User Group Permissions

Content Filtering

Content Modification

Content Excision

Content Format Conversion

File Format Verification

File Content Decompression Checking

File Internal Structure Verification

File Metadata Consistency Validation

File Metadata Value Verification

File Magic Byte Verification

Execution Isolation

Application-based Process Isolation

Executable Allowlisting

Executable Denylisting

Hardware-based Process Isolation

Kernel-based Process Isolation

Network Isolation

Broadcast Domain Isolation

Directional Network Link

DNS Allowlisting

DNS Denylisting

Forward Resolution Domain Denylisting

Hierarchical Domain Denylisting

Homoglyph Denylisting

Forward Resolution IP Denylisting

Reverse Resolution IP Denylisting

Encrypted Tunnels

Network Traffic Filtering

Inbound Traffic Filtering

Email Filtering

Outbound Traffic Filtering

−

Decoy Network Resource

Decoy Persona

Decoy Public Release

Decoy Session Token

Decoy User Credential

−

Restore

Restore Access

Reissue Credential

Restore Network Access

Restore User Account Access

Unlock Account

Restore Object

Restore Configuration

Asset Inventory

Definition

Artifact Relationships:

Technique Subclasses

Related ATT&CK Techniques:

D3FEND™

D3FEND^™