{ "id": "bundle--2ed6ab6a-ca68-414f-8493-e4db8b75dd51", "objects": [ { "created": "2017-05-31T21:30:41.022744Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify unnecessary system utilities or potentially malicious software that may be used to collect data from a network share, and audit and/or block them by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--d9727aee-48b8-4fdb-89e2-4c49746ba4dd", "modified": "2017-05-31T21:30:41.022744Z", "name": "Data from Network Shared Drive Mitigation", "type": "course-of-action" } ], "spec_version": "2.0", "type": "bundle" }