Software Discovery: Security Software Discovery

Description

Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable.ioAdvanced Network ScanWindows machinesAuthenticated ScanSMBList of Security SoftwarePlugin ID: 20811

References

Microsoft Windows Installed Software Enumeration

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Discovery

Platform: Windows

Products Required: Tenable.io

Tenable Release Date: 2022 Q2