{'created': '2020-10-02T16:01:35.350Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': "Adversaries may gather information about the victim's network "
                'security appliances that can be used during targeting. '
                'Information about network security appliances may include a '
                'variety of details, such as the existence and specifics of '
                'deployed firewalls, content filters, and proxies/bastion '
                'hosts. Adversaries may also target information about victim '
                'network-based intrusion detection systems (NIDS) or other '
                'appliances related to defensive cybersecurity operations.\n'
                '\n'
                'Adversaries may gather this information in various ways, such '
                'as direct collection actions via [Active '
                'Scanning](https://attack.mitre.org/techniques/T1595) or '
                '[Phishing for '
                'Information](https://attack.mitre.org/techniques/T1598).(Citation: '
                'Nmap Firewalls NIDS) Information about network security '
                'appliances may also be exposed to adversaries via online or '
                'other accessible data sets (ex: [Search Victim-Owned '
                'Websites](https://attack.mitre.org/techniques/T1594)). '
                'Gathering this information may reveal opportunities for other '
                'forms of reconnaissance (ex: [Search Open Technical '
                'Databases](https://attack.mitre.org/techniques/T1596) or '
                '[Search Open '
                'Websites/Domains](https://attack.mitre.org/techniques/T1593)), '
                'establishing operational resources (ex: [Develop '
                'Capabilities](https://attack.mitre.org/techniques/T1587) or '
                '[Obtain '
                'Capabilities](https://attack.mitre.org/techniques/T1588)), '
                'and/or initial access (ex: [External Remote '
                'Services](https://attack.mitre.org/techniques/T1133)).',
 'external_references': [{'external_id': 'T1590.006',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1590/006'},
                         {'description': 'Nmap. (n.d.). Chapter 10. Detecting '
                                         'and Subverting Firewalls and '
                                         'Intrusion Detection Systems. '
                                         'Retrieved October 20, 2020.',
                          'source_name': 'Nmap Firewalls NIDS',
                          'url': 'https://nmap.org/book/firewalls.html'}],
 'id': 'attack-pattern--6c2957f9-502a-478c-b1dd-d626c0659413',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'reconnaissance'}],
 'modified': '2025-10-24T17:48:55.360Z',
 'name': 'Network Security Appliances',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['PRE'],
 'x_mitre_version': '1.0'}