{
    "type": "bundle",
    "id": "bundle--3007ab4e-b24a-4606-bf51-0407af48b424",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2023-03-30T20:55:19.604Z",
            "name": "Filter Network Traffic",
            "description": "Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.   Perform inline allow/denylisting of network messages based on the application layer (OSI Layer 7) protocol, especially for automation protocols. Application allowlists are beneficial when there are well-defined communication sequences, types, rates, or patterns needed during expected system operations. Application denylists may be needed if all acceptable communication sequences cannot be defined, but instead a set of known malicious uses can be denied (e.g., excessive communication  attempts, shutdown messages, invalid commands).  Devices performing these functions are often referred to as deep-packet inspection (DPI) firewalls, context-aware firewalls, or firewalls blocking specific automation/SCADA protocol aware firewalls. (Citation: Centre for the Protection of National Infrastructure February 2005)",
            "labels": [
                "IEC 62443-3-3:2013 - SR 5.1",
                "IEC 62443-4-2:2019 - CR 5.1",
                "NIST SP 800-53 Rev. 4 - AC-3; SC-7"
            ],
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "type": "course-of-action",
            "id": "course-of-action--11f242bc-3121-438c-84b2-5cbd46a4bb17",
            "created": "2019-06-11T16:33:55.337Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/mitigations/M0937",
                    "external_id": "M0937"
                },
                {
                    "source_name": "Centre for the Protection of National Infrastructure February 2005",
                    "description": "Centre for the Protection of National Infrastructure 2005, February FIREWALL DEPLOYMENT FOR SCADA AND PROCESS CONTROL NETWORKS Retrieved. 2020/09/17 ",
                    "url": "https://www.energy.gov/sites/prod/files/Good%20Practices%20Guide%20for%20Firewall%20Deployment.pdf"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ]
        }
    ]
}