{
    "type": "bundle",
    "id": "bundle--66c16181-7ca0-4f8f-b444-eaba86636777",
    "spec_version": "2.0",
    "objects": [
        {
            "x_mitre_domains": [
                "enterprise-attack"
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "id": "course-of-action--2ace01f8-67c8-43eb-b7b1-a7b9f1fe67e1",
            "type": "course-of-action",
            "created": "2018-10-17T00:14:20.652Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "external_id": "T1083",
                    "url": "https://attack.mitre.org/mitigations/T1083",
                    "source_name": "mitre-attack"
                },
                {
                    "source_name": "Beechey 2010",
                    "description": "Beechey, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014.",
                    "url": "http://www.sans.org/reading-room/whitepapers/application/application-whitelisting-panacea-propaganda-33599"
                },
                {
                    "url": "http://blog.jpcert.or.jp/2016/01/windows-commands-abused-by-attackers.html",
                    "description": "Tomonaga, S. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016.",
                    "source_name": "Windows Commands JPCERT"
                },
                {
                    "url": "https://apps.nsa.gov/iaarchive/library/ia-guidance/tech-briefs/application-whitelisting-using-microsoft-applocker.cfm",
                    "description": "NSA Information Assurance Directorate. (2014, August). Application Whitelisting Using Microsoft AppLocker. Retrieved March 31, 2016.",
                    "source_name": "NSA MS AppLocker"
                },
                {
                    "source_name": "Corio 2008",
                    "description": "Corio, C., & Sayana, D. P. (2008, June). Application Lockdown with Software Restriction Policies. Retrieved November 18, 2014.",
                    "url": "http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx"
                },
                {
                    "source_name": "TechNet Applocker vs SRP",
                    "description": "Microsoft. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016.",
                    "url": "https://technet.microsoft.com/en-us/library/ee791851.aspx"
                }
            ],
            "modified": "2020-01-17T16:45:23.120Z",
            "name": "File and Directory Discovery Mitigation",
            "description": "File system activity is a common part of an operating system, so it is unlikely that mitigation would be appropriate for this technique. It may still be beneficial to identify and block unnecessary system utilities or potentially malicious software by using whitelisting (Citation: Beechey 2010) tools, like AppLocker, (Citation: Windows Commands JPCERT) (Citation: NSA MS AppLocker) or Software Restriction Policies (Citation: Corio 2008) where appropriate. (Citation: TechNet Applocker vs SRP)",
            "x_mitre_deprecated": true,
            "x_mitre_version": "1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}