DS0013 Sensor Health

Information from host telemetry providing insights about system status, errors, or other notable functional activity

Item	Value
ID	DS0013
Platforms	Android, Linux, Windows, iOS, macOS
Collection Layers	Host
Version	1.1
Created	20 October 2021
Last Modified	20 April 2023

Data Components

Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)

Domain	ID	Name
mobile	T1398	Boot or Logon Initialization Scripts
mobile	T1645	Compromise Client Software Binary
mobile	T1634	Credentials from Password Store
mobile	T1634.001	Keychain
mobile	T1456	Drive-By Compromise
enterprise	T1499	Endpoint Denial of Service
enterprise	T1499.001	OS Exhaustion Flood
enterprise	T1499.002	Service Exhaustion Flood
enterprise	T1499.003	Application Exhaustion Flood
enterprise	T1499.004	Application or System Exploitation
mobile	T1404	Exploitation for Privilege Escalation
mobile	T1625	Hijack Execution Flow
mobile	T1625.001	System Runtime API Hijacking
enterprise	T1562	Impair Defenses
enterprise	T1562.001	Disable or Modify Tools
enterprise	T1562.002	Disable Windows Event Logging
enterprise	T1562.003	Impair Command History Logging
enterprise	T1562.006	Indicator Blocking
enterprise	T1562.011	Spoof Security Alerting
mobile	T1630	Indicator Removal on Host
mobile	T1630.003	Disguise Root/Jailbreak Indicators
enterprise	T1498	Network Denial of Service
enterprise	T1498.001	Direct Network Flood
enterprise	T1498.002	Reflection Amplification
enterprise	T1496	Resource Hijacking
enterprise	T1195	Supply Chain Compromise
enterprise	T1195.003	Compromise Hardware Supply Chain
mobile	T1474	Supply Chain Compromise
mobile	T1474.002	Compromise Hardware Supply Chain
mobile	T1474.003	Compromise Software Supply Chain
enterprise	T1529	System Shutdown/Reboot