File size: 1,634 Bytes

5fe70fd

{
    "type": "bundle",
    "id": "bundle--2eaf09e1-84be-4ea0-9177-1f00128cdb36",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "relationship",
            "id": "relationship--08a4f730-bc3f-4050-973f-1ef2847db4e7",
            "created": "2022-05-11T16:22:58.804Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2022-10-14T16:57:47.375Z",
            "description": "Monitor and analyze traffic patterns and packet inspection associated to protocol(s) that do not follow the expected protocol standards and traffic flows (e.g., extraneous packets that do not belong to established flows, gratuitous or anomalous traffic patterns, anomalous syntax, or structure). Consider correlation with process monitoring and command line to detect anomalous processes execution and command line arguments associated to traffic patterns (e.g., monitor anomalies in use of files that do not normally initiate connections for respective protocol(s)).",
            "relationship_type": "detects",
            "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
            "target_ref": "attack-pattern--d67adac8-e3b9-44f9-9e6d-6c2a7d69dbe4",
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}