MITRE ATT&CK® Object
The MITRE ATT&CK® object describes the tactic, technique & sub-technique associated to an attack as defined in ATT&CK® Matrix.
| Name | Caption | Requirement | Type | Description |
|---|---|---|---|---|
| sub_technique | Sub Technique | Optional (†) | MITRE ATT&CK® Sub Technique | The Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix. |
| tactic | Tactic | Optional (†) | MITRE ATT&CK® Tactic | The Tactic object describes the tactic ID and/or name that is associated to an attack, as defined by ATT&CK® Matrix. |
| tactics | Tactics | Optional | MITRE ATT&CK® Tactic Array | The Tactic object describes the tactic ID and/or tactic name that are associated with the attack technique, as defined by ATT&CK® Matrix. DEPRECATED since v1.1.0 Use the tactic attribute instead. |
| technique | Technique | Optional (†) | MITRE ATT&CK® Technique | The Technique object describes the technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix. |
| version | Version | Recommended | String | The ATT&CK® Matrix version. |
Referenced By
- DHCP Activity Class
- Attribute: attacks
- DNS Activity Class
- Attribute: attacks
- Data Security Finding Class
- Attribute: attacks
- Datastore Activity Class
- Attribute: attacks
- Detection Finding Class
- Attribute: attacks
- Email Activity Class
- Attribute: attacks
- Email File Activity Class
- Attribute: attacks
- Email URL Activity Class
- Attribute: attacks
- Event Log Activity Class
- Attribute: attacks
- FTP Activity Class
- Attribute: attacks
- File System Activity Class
- Attribute: attacks
- HTTP Activity Class
- Attribute: attacks
- Incident Finding Class
- Attribute: attacks
- Kernel Activity Class
- Attribute: attacks
- Kernel Extension Activity Class
- Attribute: attacks
- Memory Activity Class
- Attribute: attacks
- Module Activity Class
- Attribute: attacks
- NTP Activity Class
- Attribute: attacks
- Network Activity Class
- Attribute: attacks
- Network File Activity Class D
- Attribute: attacks
- Process Activity Class
- Attribute: attacks
- RDP Activity Class
- Attribute: attacks
- Registry Key Activity Class
- Attribute: attacks
- Registry Value Activity Class
- Attribute: attacks
- SMB Activity Class
- Attribute: attacks
- SSH Activity Class
- Attribute: attacks
- Scheduled Job Activity Class
- Attribute: attacks
- Security Finding Class D
- Attribute: attacks
- Tunnel Activity Class
- Attribute: attacks
- Web Resources Activity Class
- Attribute: attacks
- Windows Resource Activity Class
- Attribute: attacks
- Windows Service Activity Class
- Attribute: attacks
- Finding Information Object
- Attribute: attacks
- OSINT Object
- Attribute: attacks
- Related Event Object
- Attribute: attacks
Constraints
† At least one of these attributes must be present: sub_technique, tactic, technique