{
    "id": "bundle--a42d26fe-c938-4074-a1b3-50d852e6f0bd",
    "objects": [
        {
            "created": "2017-05-31T21:30:26.495974Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "description": "Identify potentially malicious software that may contain rootkit functionality, and audit and/or block it by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]",
            "id": "course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f",
            "modified": "2017-05-31T21:30:26.495974Z",
            "name": "Rootkit Mitigation",
            "type": "course-of-action"
        }
    ],
    "spec_version": "2.0",
    "type": "bundle"
}