A network security system, running locally on an endpoint or remotely as a service (ex: cloud environment), that monitors and controls incoming/outgoing network traffic based on predefined rules[1]
Deactivation or stoppage of a cloud service (ex: Write/Delete entries within Azure Firewall Activity Logs)
Deactivation or stoppage of a cloud service (ex: Write/Delete entries within Azure Firewall Activity Logs)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1562 | Impair Defenses | |
| .004 | Disable or Modify System Firewall | ||
| .007 | Disable or Modify Cloud Firewall | ||
An extracted list of available firewalls and/or their associated settings/rules (ex: Azure Network Firewall CLI Show commands)
An extracted list of available firewalls and/or their associated settings/rules (ex: Azure Network Firewall CLI Show commands)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1518 | Software Discovery | |
| .001 | Security Software Discovery | ||
Contextual data about a firewall and activity around it such as name, policy, or status
Contextual data about a firewall and activity around it such as name, policy, or status
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1518 | Software Discovery | |
| .001 | Security Software Discovery | ||
Changes made to a firewall rule, typically to allow/block specific network traffic (ex: Windows EID 4950 or Write/Delete entries within Azure Firewall Rule Collection Activity Logs)
Changes made to a firewall rule, typically to allow/block specific network traffic (ex: Windows EID 4950 or Write/Delete entries within Azure Firewall Rule Collection Activity Logs)
| Domain | ID | Name | |
|---|---|---|---|
| Enterprise | T1562 | Impair Defenses | |
| .004 | Disable or Modify System Firewall | ||
| .007 | Disable or Modify Cloud Firewall | ||