MITRE ATT&CK detection coverage

← Back to main site

Home/ MITRE Matrix/ Defense Evasion/ T1686

T1686Disable or Modify System Firewall

T1686 — Disable or Modify System Firewall is a MITRE ATT&CK technique in the Defense Evasion tactic. Clankerusecase tracks 12 detection use cases covering it.

Defense Evasion

View on the matrix → Filter Detection Library MITRE official spec ↗

12Use cases

0Articles

3Sub-techniques

1Tactic

Sub-techniques (3)

T1686.001 · Cloud Firewall T1686.002 · Network Device Firewall T1686.003 · Windows Host Firewall

Use cases covering this technique (12)

ESXi Firewall Disabled ESCU actions · alerting P Microsoft Intune DeviceManagementConfigurationPolicies ESCU actions · hunting P Firewall Allowed Program Enable ESCU actions · hunting P Linux Auditd Disable Or Modify System Firewall ESCU actions · hunting P Linux Iptables Firewall Modification ESCU actions · hunting P Linux Stdout Redirection To Dev Null File ESCU actions · hunting P Windows Delete or Modify System Firewall ESCU actions · hunting P Windows Firewall Rule Added ESCU actions · hunting P Windows Firewall Rule Deletion ESCU actions · hunting P Windows Firewall Rule Modification ESCU actions · hunting P Windows Modify System Firewall with Notable Process Path ESCU actions · alerting P Processes launching netsh ESCU actions · hunting P