{ "id": "bundle--a42d26fe-c938-4074-a1b3-50d852e6f0bd", "objects": [ { "created": "2017-05-31T21:30:26.495974Z", "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5", "description": "Identify potentially malicious software that may contain rootkit functionality, and audit and/or block it by using whitelisting[[CiteRef::Beechey 2010]] tools, like AppLocker,[[CiteRef::Windows Commands JPCERT]][[CiteRef::NSA MS AppLocker]] or Software Restriction Policies[[CiteRef::Corio 2008]] where appropriate.[[CiteRef::TechNet Applocker vs SRP]]", "id": "course-of-action--95ddb356-7ba0-4bd9-a889-247262b8946f", "modified": "2017-05-31T21:30:26.495974Z", "name": "Rootkit Mitigation", "spec_version": "2.1", "type": "course-of-action" } ], "type": "bundle" }