Skip to content

DS0013 Sensor Health

Information from host telemetry providing insights about system status, errors, or other notable functional activity

Item Value
ID DS0013
Platforms Linux, Windows, macOS
Collection Layers Host
Version 1.0
Created 20 October 2021
Last Modified 30 March 2022

Data Components

Host Status

Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)

Domain ID Name
enterprise T1499 Endpoint Denial of Service
enterprise T1499.001 OS Exhaustion Flood
enterprise T1499.002 Service Exhaustion Flood
enterprise T1499.003 Application Exhaustion Flood
enterprise T1499.004 Application or System Exploitation
enterprise T1562 Impair Defenses
enterprise T1562.001 Disable or Modify Tools
enterprise T1562.002 Disable Windows Event Logging
enterprise T1562.003 Impair Command History Logging
enterprise T1562.006 Indicator Blocking
enterprise T1498 Network Denial of Service
enterprise T1498.001 Direct Network Flood
enterprise T1498.002 Reflection Amplification
enterprise T1496 Resource Hijacking
enterprise T1529 System Shutdown/Reboot

References

Back to top