Enterprise Framework

MITRE ATT&CK Mapping

Real-time DLP voqealarini Tactics (TA*) va Techniques (T*) bilan bog'laydi. STIX 2.1 dataset to'g'ridan-to'g'ri MITRE'ning rasmiy mitre/cti repo'sidan yuklab olinadi.

Eng ko'p uchraydigan DLP Techniques

T1078

Valid Accounts

Insider tahdid: qonuniy hisob bilan kirish va tashqaridagi destinatsiyaga ma'lumot uzatish.

TA0001, TA0003, TA0004, TA0005

T1041

Exfiltration Over C2 Channel

C2 kanali orqali ma'lumot chiqarish.

TA0010

T1567

Exfiltration Over Web Service

Cloud xizmatlar (Drive, Dropbox) orqali ma'lumot uzatish.

TA0010

T1048

Exfiltration Over Alternative Protocol

Standartdan tashqari protokol orqali (FTP, ICMP, DNS).

TA0010

T1119

Automated Collection

Avtomatlashtirilgan ma'lumot yig'ish (script).

TA0009

T1213

Data from Information Repositories

Confluence, SharePoint, Wiki kabi ichki bilim bazalaridan.

TA0009

T1530

Data from Cloud Storage

S3, Azure Blob, GCS dan ma'lumot olish.

TA0009

T1110

Brute Force

Parolni topishga urinishlar.

TA0006

T1071

Application Layer Protocol

HTTP/HTTPS/DNS orqali yashirin C2 trafik.

TA0011

Mapping misolari

DLP context → MITRE TTP

Foydalanuvchi: employee Network: external Data: confidential (passport)

→

T1078 T1041 TA0001, TA0010

Destination: *.s3.amazonaws.com Bytes: 1.2 GB

→

T1567 T1530 TA0010, TA0009

Vaqt: 03:45 (off-hours) Volume: avtomatik scraping

→

T1119 TA0009

Contextual risk: 0.85 Pattern: beaconing

→

T1071 TA0011 (C2)

MITRE ATT&CK Mapping

14 Tactics

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Eng ko'p uchraydigan DLP Techniques

Valid Accounts

Exfiltration Over C2 Channel

Exfiltration Over Web Service

Exfiltration Over Alternative Protocol

Automated Collection

Data from Information Repositories

Data from Cloud Storage

Brute Force

Application Layer Protocol

Mapping misolari