This use case involves the implementation of strategies to detect and mitigate Distributed Denial of Service (DDoS) attacks specifically targeting an organization's network infrastructure. The focus is on safeguarding critical network components, such as routers, switches, and firewalls, from volumetric attacks that can disrupt normal network operations. Impact Early detection and mitigation of DDoS attacks on network infrastructure. Minimization of downtime and disruptions to normal network operations. Protection of critical network components and services. Mitigation Reduction in the duration and severity of DDoS attacks targeting network infrastructure. Timely response to detected anomalies specific to network traffic. Preservation of network availability and reliability during attack scenarios. MITRE Tactic: T1499 MITRE Technique: T1133

This use case involves implementing monitoring and mitigation strategies to detect and respond to Distributed Denial of Service (DDoS) attacks specifically targeting Application Programming Interfaces (APIs). The primary focus is on identifying abnormal traffic patterns, high-volume packet-per-second (PPS) rates, and mitigating the impact on API availability and functionality. Impact Early detection and mitigation of DDoS attacks on API services. Minimization of downtime and disruptions to API functionality. Protection of critical API endpoints and associated services. Mitigation Reduction in the duration and severity of DDoS attacks targeting API services. Timely response to detected anomalies specific to API traffic. Preservation of API service availability and reliability during attack scenarios. MITRE Tactic: T1499 MITRE Technique: T1133

Identifies IP addresses that generate over 5% of traffic during DDoS attack. In this use case, the organization is vulnerable to Distributed Denial of Service (DDoS) attacks targeting its IP addresses. Specifically, the attack focuses on overwhelming the network with a high percentage of traffic during DDos attack. Impact Service Disruption: The primary impact is the disruption of services, leading to downtime for the organization's online platforms or services. Revenue Loss: Extended downtime can result in financial losses due to the inability to conduct business and serve customers. Mitigation Traffic Monitoring and Analysis: Implement real-time traffic monitoring to identify abnormal patterns. Use intrusion detection and prevention systems (IDPS) to analyze incoming traffic for anomalies. Firewall Configuration: Configure firewalls to filter and block malicious traffic based on predefined thresholds for network traffic flow. Employ stateful packet inspection to differentiate between legitimate and malicious traffic. Content Delivery Network (CDN): Utilize CDN services to cache and distribute content geographically, reducing the impact of DDoS attacks. MITRE Tactic: T1499 MITRE Technique: T1133

Identifies IP addresses that generates maximal traffic rate over 10k PPS during DDoS attack. In this use case, the organization is vulnerable to Distributed Denial of Service (DDoS) attacks targeting its IP addresses. Specifically, the attack focuses on overwhelming the network with a high volume of packets per second (PPS). Impact Service Disruption: The primary impact is the disruption of services, leading to downtime for the organization's online platforms or services. Revenue Loss: Extended downtime can result in financial losses due to the inability to conduct business and serve customers. Mitigation Traffic Monitoring and Analysis: Implement real-time traffic monitoring to identify abnormal patterns. Use intrusion detection and prevention systems (IDPS) to analyze incoming traffic for anomalies. Firewall Configuration: Configure firewalls to filter and block malicious traffic based on predefined thresholds for PPS. Employ stateful packet inspection to differentiate between legitimate and malicious traffic. Content Delivery Network (CDN): Utilize CDN services to cache and distribute content geographically, reducing the impact of DDoS attacks. MITRE Tactic: T1499 MITRE Technique: T1133

The Azure DDoS Public IP Address Protection Status Audit use case involves the creation and maintenance of an audit log to track and record actions related to the Distributed Denial of Service (DDoS) protection status of public IP addresses within the Azure cloud environment. Monitoring these protection status actions is essential for enhancing the security posture of public-facing assets, ensuring resilience against DDoS attacks Impact A Distributed Denial of Service (DDoS) attack can have significant and disruptive impacts on the targeted organization, its services, and its users. The severity of the impact depends on the scale, duration, and effectiveness of the DDoS attack. Service Disruption Loss of Revenue Risk of Data leak Mitigation Mitigation strategies that organizations can employ to minimize the impact of DoS/DDoS attacks: Network Security Measures Traffic filtering Load Balancing Cloud based DDos protection MITRE Tactic: T1499 MITRE Technique: T1133