MITRE ATT&CK® Sub Technique

sub_technique

The MITRE ATT&CK® Sub Technique object describes the sub technique ID and/or name associated to an attack, as defined by ATT&CK® Matrix.

Attributes

Caption	Name	Type	Description
Name	`name`	String	The name of the attack sub technique, as defined by ATT&CK® Matrix. For example: `Scanning IP Blocks`.
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Source URL	`src_url`	URL String	Entity:`URL_STRING` The versioned permalink of the attack sub technique, as defined by ATT&CK® Matrix. For example: `https://attack.mitre.org/versions/v14/techniques/T1595/001/`.
Unique ID	`uid`	String	The unique identifier of the attack sub technique, as defined by ATT&CK® Matrix. For example: `T1595.001`.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

These objects and events reference MITRE ATT&CK® Sub Technique in their attributes:

MITRE ATT&CK® Sub Technique references the following objects and events in its attributes:

This page describes ocsf-1.4.0

Updated 1 day ago