Threat actors may attempt to get detailed information about remote systems and their peripherals, such as make/model, role, and configuration. Threat actors may use information from Remote System Information Discovery to aid in targeting and shaping follow-on behaviors. For example, the system's operational role and model information can dictate whether it is a relevant target for the adversary's operational objectives. In addition, the system's configuration may be used to scope subsequent technique usage.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.