{
    "type": "bundle",
    "id": "bundle--8945758e-f5e0-4e1d-9cfd-fe0a81215fed",
    "spec_version": "2.0",
    "objects": [
        {
            "id": "attack-pattern--04e93ca1-8415-4a46-8549-73b7c84f8dc3",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "name": "Identify security defensive capabilities",
            "description": "This object is deprecated as its content has been merged into the enterprise domain. Please see the [PRE](http://attack.mitre.org/matrices/enterprise/pre/) matrix for its replacement. The prior content of this page has been preserved [here](https://attack.mitre.org/versions/v7/techniques/T1263).\n\nSecurity defensive capabilities are designed to stop or limit unauthorized network traffic or other types of accesses. (Citation: OSFingerprinting2014) (Citation: NMAP WAF NSE)",
            "external_references": [
                {
                    "source_name": "mitre-pre-attack",
                    "url": "https://attack.mitre.org/techniques/T1263",
                    "external_id": "T1263"
                },
                {
                    "source_name": "OSFingerprinting2014",
                    "description": "InfoSec Institute. (2014, June 19). What You Must Know About OS Fingerprinting. Retrieved March 1, 2017."
                },
                {
                    "source_name": "NMAP WAF NSE",
                    "description": "Paulino Calderon. (n.d.). http-waf-detect. Retrieved April 2, 2017."
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_detectable_by_common_defenses": "Yes",
            "x_mitre_detectable_by_common_defenses_explanation": "Technically, the defender has the ability to detect.  However, this is typically not performed as this type of traffic would likely not prompt the defender to take any actionable defense.  In addition, this would require the defender to closely review their access logs for any suspicious activity (if the activity is even logged).",
            "x_mitre_difficulty_for_adversary": "No",
            "x_mitre_difficulty_for_adversary_explanation": "The adversary will have some insight into defenses based on dropped traffic or filtered responses.  It is more difficult to pinpoint which defenses are implemented (e.g., [https://www.fireeye.com FireEye] WMPS, [https://www.hpe.com Hewlett Packard Enterprise] Tipping Point IPS).",
            "x_mitre_version": "1.0",
            "x_mitre_old_attack_id": "PRE-T1040",
            "type": "attack-pattern",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "mitre-pre-attack",
                    "phase_name": "technical-information-gathering"
                }
            ],
            "modified": "2020-10-26T13:42:49.342Z",
            "created": "2017-12-14T16:46:06.044Z",
            "x_mitre_deprecated": true
        }
    ]
}