MITRE Mitigation

mitigation

The MITRE Mitigation object describes the ATT&CK® or ATLAS™ Mitigation ID and/or name that is associated to an attack.

Attributes

CaptionNameTypeDescription
CountermeasurescountermeasuresMITRE D3FEND™[]The D3FEND countermeasures that are associated with the attack technique. For example: ATT&CK Technique T1003 is addressed by Mitigation M1027, and D3FEND Technique D3-OTP.
NamenameStringThe Mitigation name that is associated with the attack technique. For example: Password Policies, or Code Signing.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Source URLsrc_urlURL StringEntity:URL_STRING

The versioned permalink of the Mitigation. For example: https://attack.mitre.org/versions/v14/mitigations/M1027.
Unique IDuidStringThe Mitigation ID that is associated with the attack technique. For example: M1027, or AML.M0013.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

MITRE Mitigation shown in context

Inbound Relationships

These objects and events reference MITRE Mitigation in their attributes:

Outbound Relationships

MITRE Mitigation references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0