Guides

MITRE ATT&CK®

Suggest Edits

The MITRE ATT&CK® object describes the tactic, technique & sub-technique associated to an attack as defined in ATT&CK® Matrix.

Attributes

CaptionNameTypeDescription
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Sub Technique sub_technique MITRE ATT&CK® Sub Technique[] The Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.
Tactic tactic MITRE ATT&CK® Tactic[] The Tactic object describes the tactic ID and/or name that is associated to an attack, as defined by ATT&CK® Matrix.
Tactics tactics MITRE ATT&CK® Tactic[] The Tactic object describes the tactic ID and/or tactic name that are associated with the attack technique, as defined by ATT&CK® Matrix.

🚧 WARNING: DEPRECATED

Tactics has been deprecated since 1.1.0. Use the tactic attribute instead.
Technique technique MITRE ATT&CK® Technique[] The Technique object describes the technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
Version version String The ATT&CK® Matrix version.

Relationships

MITRE ATT&CK® shown in context

Inbound Relationships

These objects and events reference MITRE ATT&CK® in their attributes:

Outbound Relationships

MITRE ATT&CK® references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 6 months ago