Home > CAPEC List > CAPEC-571: Block Logging to Central Repository (Version 2.11)  

CAPEC-571: Block Logging to Central Repository

 
Block Logging to Central Repository
Definition in a New Window Definition in a New Window
Attack Pattern ID: 571
Abstraction: Standard
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

An adversary may attempt to block indicators from leaving the host machine. In the case of network based reporting of indicators, an adversary may block traffic associated with reporting to prevent central station analysis. This may be accomplished by many means such as stopping a local process to creating a host-based firewall rule to block traffic to a specific server.

+ References
[R.571.1] ATT&CK Project. "Indicator Blocking on Host (1054)". MITRE. <https://attack.mitre.org/wiki/Indicator_blocking_on_host>.
+ Content History
Submissions
SubmitterOrganizationDateSource
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team

More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2017