Intent Class

Package:: com.azure.resourcemanager.security.models

Maven Artifact:: com.azure.resourcemanager:azure-resourcemanager-security:1.1.0-beta.1

java.lang.Object
- com.azure.core.util.ExpandableStringEnum<T>
- - com.azure.resourcemanager.security.models.Intent

public final class Intent
extends ExpandableStringEnum<Intent>

The kill chain related intent behind the alert. For list of supported values, and explanations of Azure Security Center's supported kill chain intents.

Field Summary

Modifier and Type	Field and Description
static final Intent	COLLECTION Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.
static final Intent	COMMAND_AND_CONTROL The command and control tactic represents how adversaries communicate with systems under their control within a target network.
static final Intent	CREDENTIAL_ACCESS Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.
static final Intent	DEFENSE_EVASION Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.
static final Intent	DISCOVERY Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.
static final Intent	EXECUTION The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system.
static final Intent	EXFILTRATION Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network.
static final Intent	EXPLOITATION Exploitation is the stage where an attacker manages to get a foothold on the attacked resource.
static final Intent	IMPACT Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process.
static final Intent	INITIAL_ACCESS InitialAccess is the stage where an attacker manages to get foothold on the attacked resource.
static final Intent	LATERAL_MOVEMENT Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.
static final Intent	PERSISTENCE Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system.
static final Intent	PRE_ATTACK PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation.
static final Intent	PRIVILEGE_ESCALATION Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network.
static final Intent	PROBING Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation.
static final Intent	UNKNOWN Unknown.

Constructor Summary

Constructor	Description
Intent()	Deprecated Use the fromString(String name) factory method. Creates a new instance of Intent value.

Constructor

Description

Intent()

Deprecated

Use the fromString(String name) factory method.

Creates a new instance of Intent value.

Method Summary

Modifier and Type	Method and Description
static Intent	fromString(String name) Creates or finds a Intent from its string representation.
static Collection<Intent>	values() Gets known Intent values.

Methods inherited from ExpandableStringEnum

<T>fromString <T>values equals getValue hashCode toString

Methods inherited from java.lang.Object

clone finalize getClass notify notifyAll wait wait wait

Field Details

COLLECTION

public static final Intent COLLECTION

Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration.

COMMAND_AND_CONTROL

public static final Intent COMMAND_AND_CONTROL

The command and control tactic represents how adversaries communicate with systems under their control within a target network.

CREDENTIAL_ACCESS

public static final Intent CREDENTIAL_ACCESS

Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment.

DEFENSE_EVASION

public static final Intent DEFENSE_EVASION

Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.

DISCOVERY

public static final Intent DISCOVERY

Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network.

EXECUTION

public static final Intent EXECUTION

The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system.

EXFILTRATION

public static final Intent EXFILTRATION

Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network.

EXPLOITATION

public static final Intent EXPLOITATION

Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc.

IMPACT

public static final Intent IMPACT

Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process.

INITIAL_ACCESS

public static final Intent INITIAL_ACCESS

InitialAccess is the stage where an attacker manages to get foothold on the attacked resource.

LATERAL_MOVEMENT

public static final Intent LATERAL_MOVEMENT

Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems.

PERSISTENCE

public static final Intent PERSISTENCE

Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system.

PRE_ATTACK

public static final Intent PRE_ATTACK

PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and find a way in. Further details on the PreAttack stage can be read in [MITRE Pre-Att&ck matrix](https://attack.mitre.org/matrices/pre/).

PRIVILEGE_ESCALATION

public static final Intent PRIVILEGE_ESCALATION

Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network.

PROBING

public static final Intent PROBING

Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation.

UNKNOWN

public static final Intent UNKNOWN

Unknown.

Constructor Details

Intent

@Deprecated
public Intent()

Deprecated

Use the fromString(String name) factory method.

Creates a new instance of Intent value.

Method Details

fromString

public static Intent fromString(String name)

Creates or finds a Intent from its string representation.

Parameters:

name - a name to look for.

Returns:

the corresponding Intent.

values

public static Collection<Intent> values()

Gets known Intent values.

Returns:

known Intent values.

Applies to

Comentários

Esta página foi útil?