MITRE D3FEND™
d3fend
The MITRE D3FEND™ object describes the tactic, technique & sub-technique associated with a countermeasure as defined in DEFEND MatrixTM.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| MITRE DEFEND™ Tactic | d3f_tactic | MITRE D3FEND™ Tactic | The Tactic object describes the tactic ID and/or name that is associated with a countermeasure, as defined by D3FEND MatrixTM. | ||
| MITRE DEFEND™ Technique | d3f_technique | MITRE DEFEND™ Technique | The Defend Technique object describes the technique ID and/or name associated with a countermeasure, as defined by D3FEND MatrixTM. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. | ||
| Version | version | String | The D3FEND MatrixTM version. |
References
Context
JSON
{
"caption": "MITRE D3FEND\u2122",
"name": "d3fend",
"description": "The <a target='_blank' href='https://d3fend.mitre.org'>MITRE D3FEND\u2122</a> object describes the tactic, technique & sub-technique associated with a countermeasure as defined in <a target='_blank' href='https://d3fend.mitre.org/'>DEFEND Matrix<sup>TM</sup></a>.",
"extends": "object",
"attributes": {
"d3f_tactic": {
"description": "The Tactic object describes the tactic ID and/or name that is associated with a countermeasure, as defined by <a target='_blank' href='https://d3fend.mitre.org'>D3FEND Matrix<sup>TM</sup></a>.",
"requirement": "recommended",
"caption": "MITRE DEFEND\u2122 Tactic",
"type": "d3f_tactic"
},
"d3f_technique": {
"description": "The Defend Technique object describes the technique ID and/or name associated with a countermeasure, as defined by <a target='_blank' href='https://d3fend.mitre.org'>D3FEND Matrix<sup>TM</sup></a>.",
"requirement": "recommended",
"caption": "MITRE DEFEND\u2122 Technique",
"type": "d3f_technique"
},
"version": {
"description": "The <a target='_blank' href='https://d3fend.mitre.org'>D3FEND Matrix<sup>TM</sup></a> version.",
"requirement": "recommended",
"caption": "Version",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"d3f_tactic",
"d3f_technique"
]
}
}