MITRE ATT&CK® Sub Technique
sub_technique
The MITRE ATT&CK® Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Name | name | String |
The name of the attack sub technique, as defined by ATT&CK® Matrix. For example: Scanning IP Blocks.
|
||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Source URL | src_url | URL String |
The versioned permalink of the attack sub technique, as defined by ATT&CK® Matrix. For example: https://attack.mitre.org/versions/v14/techniques/T1595/001/.
|
||
| Unique ID | uid | String |
The unique identifier of the attack sub technique, as defined by ATT&CK® Matrix. For example: T1595.001.
|
||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Referenced By
Context
JSON
{
"caption": "MITRE ATT&CK\u00ae Sub Technique",
"description": "The MITRE ATT&CK\u00ae Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by <a target='_blank' href='https://attack.mitre.org/wiki/ATT&CK_Matrix'>ATT&CK\u00ae Matrix</a>.",
"extends": "_entity",
"name": "sub_technique",
"attributes": {
"name": {
"description": "The name of the attack sub technique, as defined by <a target='_blank' href='https://attack.mitre.org/wiki/ATT&CK_Matrix'>ATT&CK\u00ae Matrix</a>. For example: <code>Scanning IP Blocks</code>.",
"requirement": "optional",
"caption": "Name",
"type": "string_t"
},
"src_url": {
"description": "The versioned permalink of the attack sub technique, as defined by <a target='_blank' href='https://attack.mitre.org/wiki/ATT&CK_Matrix'>ATT&CK\u00ae Matrix</a>. For example: <code>https://attack.mitre.org/versions/v14/techniques/T1595/001/</code>.",
"requirement": "optional",
"caption": "Source URL",
"type": "url_t"
},
"uid": {
"description": "The unique identifier of the attack sub technique, as defined by <a target='_blank' href='https://attack.mitre.org/wiki/ATT&CK_Matrix'>ATT&CK\u00ae Matrix</a>. For example: <code>T1595.001</code>.",
"requirement": "recommended",
"caption": "Unique ID",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
}
},
"constraints": {
"at_least_one": [
"name",
"uid"
]
}
}