Detections
Analytics
Exploitation of Remote Services
Description
Adversaries may exploit a software vulnerability to take advantage of a programming error in a program, service, or within the operating system software or kernel itself to enable remote service abuse. A common goal for post-compromise exploitation of remote services is for initial access into and lateral movement throughout the ICS environment to enable access to targeted systems.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Vulnerability Management | Computer | Active vulnerabilities detected by Tenable Vulnerability Management plugins | ||||
| Tenable OT Security | OT Device | Active vulnerabilities detected by detected by Tenable OT Security plugins | ||||
| Tenable Vulnerability Management | OT Device | Active network connections | ||||
| Tenable Vulnerability Management | Computer | Active vulnerabilities detected by Tenable Vulnerability Management plugins | ||||
| Tenable OT Security | OT Device | Active vulnerabilities detected by detected by Tenable OT Security plugins | ||||
| Tenable Vulnerability Management | OT Device | Active network connections | ||||
| Tenable Vulnerability Management | Computer | Active vulnerabilities detected by Tenable Vulnerability Management plugins | ||||
| Tenable OT Security | OT Device | Active vulnerabilities detected by detected by Tenable OT Security plugins | ||||
| Tenable Vulnerability Management | OT Device | Active network connections |
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Initial Access, Lateral Movement
Technique: Exploitation of Remote Services
Products Required: Tenable Vulnerability Management and Tenable OT Security