MITRE ATT&CK® Sub Technique

sub_technique

The MITRE ATT&CK® Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.

Attributes

CaptionNameTypeDescription
Name name String The name of the attack sub technique, as defined by ATT&CK® Matrix. For example: Scanning IP Blocks.
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Source URL src_url URL String Entity:URL_STRING
The versioned permalink of the attack sub technique, as defined by ATT&CK® Matrix. For example: https://attack.mitre.org/versions/v14/techniques/T1595/001/.
Unique ID uid String The unique identifier of the attack sub technique, as defined by ATT&CK® Matrix. For example: T1595.001.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.

Relationships

MITRE ATT&CK® Sub Technique shown in context

Inbound Relationships

These objects and events reference MITRE ATT&CK® Sub Technique in their attributes:

Outbound Relationships

MITRE ATT&CK® Sub Technique references the following objects and events in its attributes:

This page describes ocsf-1.4.0