Kill Chain Phase
The Kill Chain Phase object represents a single phase of a cyber attack, including the initial reconnaissance and planning stages up to the final objective of the attacker. It provides a detailed description of each phase and its associated activities within the broader context of a cyber attack. See Cyber Kill Chain®.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Kill Chain Phase | phase |
String | The cyber kill chain phase. |
Kill Chain Phase ID | phase_id |
Integer |
The cyber kill chain phase identifier.
|
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
Relationships
Inbound Relationships
These objects and events reference Kill Chain Phase in their attributes:
Outbound Relationships
Kill Chain Phase references the following objects and events in its attributes:
This page describes qdm-1.3.2+ocsf-1.3.0
Updated 2 months ago