MITRE Sub-technique

sub_technique

The MITRE Sub-technique object describes the ATT&CK® or ATLAS™ Sub-technique ID and/or name associated to an attack.

Attributes

CaptionNameTypeDescription
NamenameStringThe name of the attack sub-technique. For example: Scanning IP Blocks or User Execution: Unsafe ML Artifacts.
Raw Dataraw_dataJSONGroup:context

The event data as received from the event source.
Record IDrecord_idStringGroup:primary

Unique identifier for the object
Source URLsrc_urlURL StringEntity:URL_STRING

The versioned permalink of the attack sub-technique. For example: https://attack.mitre.org/versions/v14/techniques/T1595/001/.
Unique IDuidStringThe unique identifier of the attack sub-technique. For example: T1595.001 or AML.T0011.000.
UnmappedunmappedUnmapped[]Data from the source that was not mapped into the schema.

Relationships

MITRE Sub-technique shown in context

Inbound Relationships

These objects and events reference MITRE Sub-technique in their attributes:

Outbound Relationships

MITRE Sub-technique references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0