The MITRE ATT&CK® & ATLAS™ object describes the tactic, technique, sub-technique & mitigation associated to an attack.
Attributes
Section titled “Attributes”sub_technique
- Type:
sub_technique - Requirement: recommended
The Sub-technique object describes the MITRE ATT&CK® or ATLAS™ Sub-technique ID and/or name associated to an attack.
tactic
- Type:
tactic - Requirement: recommended
The Tactic object describes the MITRE ATT&CK® or ATLAS™ Tactic ID and/or name that is associated to an attack.
technique
- Type:
technique - Requirement: recommended
The Technique object describes the MITRE ATT&CK® or ATLAS™ Technique ID and/or name associated to an attack.
version
- Type:
string_t - Requirement: recommended
The ATT&CK® or ATLAS™ Matrix version.
mitigation
- Type:
mitigation - Requirement: optional
The Mitigation object describes the MITRE ATT&CK® or ATLAS™ Mitigation ID and/or name that is associated to an attack.
tactics
- Type:
tactic - Requirement: optional
The Tactic object describes the tactic ID and/or tactic name that are associated with the attack technique, as defined by ATT&CK® Matrix.
Constraints
Section titled “Constraints”At least one of: tactic, technique, sub_technique
Used By
Section titled “Used By”account_changeadmin_group_queryairborne_broadcast_activityapi_activityapplication_errorapplication_lifecycleapplication_security_posture_findingauthenticationauthorize_sessionbase_eventcloud_resources_inventory_infocompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activitydrone_flights_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_log_actvityevidence_infofile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityincident_findinginventory_infojob_querykernel_activitykernel_extension_activitykernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activityosint_inventory_infopatch_stateperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activityscript_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitystartup_item_querytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/windows_resource_activitywin/windows_service_activity