| ID | Name |
|---|---|
| ATAGS-T1150.001 | Security Software Discovery |
| ATAGS-T1150.002 | Backup Software Discovery |
Threat Actors may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as cloud monitoring agents and anti-virus. Threat Actors may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.