CAF Outcome C2.a: System Abnormalities for Attack Detection

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You define examples of abnormalities in system behaviour that provide practical ways of detecting malicious activity that is otherwise hard to identify.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

ATT&CK Mitigations

MITRE ATT&CK mitigations which map to this CAF outcome, based on mappings by Ofgem.

Threat Intelligence Program

A threat intelligence program helps an organization generate their own threat intelligence information and track trends to inform defensive priorities to mitigate risk.

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on the above mappings to ATT&CK mitigations by Ofgem.

ATT&CK ID	Title	Associated Tactics
T1656	Impersonation	Defense Evasion
T1210	Exploitation of Remote Services	Lateral Movement
T1211	Exploitation for Defense Evasion	Defense Evasion
T1212	Exploitation for Credential Access	Credential Access
T1068	Exploitation for Privilege Escalation	Privilege Escalation