Sensor Health

Information from host telemetry providing insights about system status, errors, or other notable functional activity

ID: DS0013

ⓘ

Platforms: Linux, Windows, macOS

ⓘ

Collection Layer: Host

Contributors: Center for Threat-Informed Defense (CTID)

Version: 1.0

Created: 20 October 2021

Last Modified: 10 November 2021

Data Components

Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)

Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)

Domain	ID		Name
Enterprise	T1499		Endpoint Denial of Service
		.001	OS Exhaustion Flood
		.002	Service Exhaustion Flood
		.003	Application Exhaustion Flood
		.004	Application or System Exploitation
Enterprise	T1562		Impair Defenses
		.001	Disable or Modify Tools
		.002	Disable Windows Event Logging
		.003	Impair Command History Logging
		.006	Indicator Blocking
Enterprise	T1498		Network Denial of Service
		.001	Direct Network Flood
		.002	Reflection Amplification
Enterprise	T1496		Resource Hijacking
Enterprise	T1529		System Shutdown/Reboot