MitreAttack
import type { MitreAttack } from "https://googleapis.deno.dev/v1/securitycenter:v1.ts";MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org
interface MitreAttack {
additionalTactics?:
| "TACTIC_UNSPECIFIED"
| "RECONNAISSANCE"
| "RESOURCE_DEVELOPMENT"
| "INITIAL_ACCESS"
| "EXECUTION"
| "PERSISTENCE"
| "PRIVILEGE_ESCALATION"
| "DEFENSE_EVASION"
| "CREDENTIAL_ACCESS"
| "DISCOVERY"
| "LATERAL_MOVEMENT"
| "COLLECTION"
| "COMMAND_AND_CONTROL"
| "EXFILTRATION"
| "IMPACT"[];
additionalTechniques?:
| "TECHNIQUE_UNSPECIFIED"
| "DATA_OBFUSCATION"
| "DATA_OBFUSCATION_STEGANOGRAPHY"
| "OS_CREDENTIAL_DUMPING"
| "OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM"
| "OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW"
| "DATA_FROM_LOCAL_SYSTEM"
| "AUTOMATED_EXFILTRATION"
| "OBFUSCATED_FILES_OR_INFO"
| "STEGANOGRAPHY"
| "COMPILE_AFTER_DELIVERY"
| "COMMAND_OBFUSCATION"
| "SCHEDULED_TRANSFER"
| "SYSTEM_OWNER_USER_DISCOVERY"
| "MASQUERADING"
| "MATCH_LEGITIMATE_NAME_OR_LOCATION"
| "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS"
| "STARTUP_ITEMS"
| "NETWORK_SERVICE_DISCOVERY"
| "SCHEDULED_TASK_JOB"
| "SCHEDULED_TASK_JOB_CRON"
| "CONTAINER_ORCHESTRATION_JOB"
| "PROCESS_INJECTION"
| "INPUT_CAPTURE"
| "INPUT_CAPTURE_KEYLOGGING"
| "PROCESS_DISCOVERY"
| "COMMAND_AND_SCRIPTING_INTERPRETER"
| "UNIX_SHELL"
| "PYTHON"
| "EXPLOITATION_FOR_PRIVILEGE_ESCALATION"
| "PERMISSION_GROUPS_DISCOVERY"
| "CLOUD_GROUPS"
| "INDICATOR_REMOVAL"
| "INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS"
| "INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY"
| "INDICATOR_REMOVAL_FILE_DELETION"
| "INDICATOR_REMOVAL_TIMESTOMP"
| "INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA"
| "APPLICATION_LAYER_PROTOCOL"
| "DNS"
| "SOFTWARE_DEPLOYMENT_TOOLS"
| "VALID_ACCOUNTS"
| "DEFAULT_ACCOUNTS"
| "LOCAL_ACCOUNTS"
| "CLOUD_ACCOUNTS"
| "FILE_AND_DIRECTORY_DISCOVERY"
| "ACCOUNT_DISCOVERY_LOCAL_ACCOUNT"
| "PROXY"
| "EXTERNAL_PROXY"
| "MULTI_HOP_PROXY"
| "ACCOUNT_MANIPULATION"
| "ADDITIONAL_CLOUD_CREDENTIALS"
| "ADDITIONAL_CLOUD_ROLES"
| "SSH_AUTHORIZED_KEYS"
| "ADDITIONAL_CONTAINER_CLUSTER_ROLES"
| "MULTI_STAGE_CHANNELS"
| "INGRESS_TOOL_TRANSFER"
| "NATIVE_API"
| "BRUTE_FORCE"
| "AUTOMATED_COLLECTION"
| "SHARED_MODULES"
| "DATA_ENCODING"
| "STANDARD_ENCODING"
| "ACCESS_TOKEN_MANIPULATION"
| "TOKEN_IMPERSONATION_OR_THEFT"
| "CREATE_ACCOUNT"
| "LOCAL_ACCOUNT"
| "DEOBFUSCATE_DECODE_FILES_OR_INFO"
| "EXPLOIT_PUBLIC_FACING_APPLICATION"
| "SUPPLY_CHAIN_COMPROMISE"
| "COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS"
| "EXPLOITATION_FOR_CLIENT_EXECUTION"
| "USER_EXECUTION"
| "LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION"
| "DOMAIN_POLICY_MODIFICATION"
| "DATA_DESTRUCTION"
| "DATA_ENCRYPTED_FOR_IMPACT"
| "SERVICE_STOP"
| "INHIBIT_SYSTEM_RECOVERY"
| "FIRMWARE_CORRUPTION"
| "RESOURCE_HIJACKING"
| "NETWORK_DENIAL_OF_SERVICE"
| "CLOUD_SERVICE_DISCOVERY"
| "STEAL_APPLICATION_ACCESS_TOKEN"
| "ACCOUNT_ACCESS_REMOVAL"
| "TRANSFER_DATA_TO_CLOUD_ACCOUNT"
| "STEAL_WEB_SESSION_COOKIE"
| "CREATE_OR_MODIFY_SYSTEM_PROCESS"
| "EVENT_TRIGGERED_EXECUTION"
| "BOOT_OR_LOGON_AUTOSTART_EXECUTION"
| "KERNEL_MODULES_AND_EXTENSIONS"
| "SHORTCUT_MODIFICATION"
| "ABUSE_ELEVATION_CONTROL_MECHANISM"
| "ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID"
| "ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING"
| "UNSECURED_CREDENTIALS"
| "CREDENTIALS_IN_FILES"
| "BASH_HISTORY"
| "PRIVATE_KEYS"
| "SUBVERT_TRUST_CONTROL"
| "INSTALL_ROOT_CERTIFICATE"
| "COMPROMISE_HOST_SOFTWARE_BINARY"
| "CREDENTIALS_FROM_PASSWORD_STORES"
| "MODIFY_AUTHENTICATION_PROCESS"
| "PLUGGABLE_AUTHENTICATION_MODULES"
| "IMPAIR_DEFENSES"
| "DISABLE_OR_MODIFY_TOOLS"
| "INDICATOR_BLOCKING"
| "DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM"
| "HIDE_ARTIFACTS"
| "HIDDEN_FILES_AND_DIRECTORIES"
| "HIDDEN_USERS"
| "EXFILTRATION_OVER_WEB_SERVICE"
| "EXFILTRATION_TO_CLOUD_STORAGE"
| "DYNAMIC_RESOLUTION"
| "LATERAL_TOOL_TRANSFER"
| "HIJACK_EXECUTION_FLOW"
| "HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING"
| "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE"
| "CREATE_SNAPSHOT"
| "CLOUD_INFRASTRUCTURE_DISCOVERY"
| "DEVELOP_CAPABILITIES"
| "DEVELOP_CAPABILITIES_MALWARE"
| "OBTAIN_CAPABILITIES"
| "OBTAIN_CAPABILITIES_MALWARE"
| "OBTAIN_CAPABILITIES_VULNERABILITIES"
| "ACTIVE_SCANNING"
| "SCANNING_IP_BLOCKS"
| "STAGE_CAPABILITIES"
| "UPLOAD_MALWARE"
| "CONTAINER_ADMINISTRATION_COMMAND"
| "DEPLOY_CONTAINER"
| "ESCAPE_TO_HOST"
| "CONTAINER_AND_RESOURCE_DISCOVERY"
| "REFLECTIVE_CODE_LOADING"
| "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES"
| "FINANCIAL_THEFT"[];
primaryTactic?:
| "TACTIC_UNSPECIFIED"
| "RECONNAISSANCE"
| "RESOURCE_DEVELOPMENT"
| "INITIAL_ACCESS"
| "EXECUTION"
| "PERSISTENCE"
| "PRIVILEGE_ESCALATION"
| "DEFENSE_EVASION"
| "CREDENTIAL_ACCESS"
| "DISCOVERY"
| "LATERAL_MOVEMENT"
| "COLLECTION"
| "COMMAND_AND_CONTROL"
| "EXFILTRATION"
| "IMPACT";
primaryTechniques?:
| "TECHNIQUE_UNSPECIFIED"
| "DATA_OBFUSCATION"
| "DATA_OBFUSCATION_STEGANOGRAPHY"
| "OS_CREDENTIAL_DUMPING"
| "OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM"
| "OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW"
| "DATA_FROM_LOCAL_SYSTEM"
| "AUTOMATED_EXFILTRATION"
| "OBFUSCATED_FILES_OR_INFO"
| "STEGANOGRAPHY"
| "COMPILE_AFTER_DELIVERY"
| "COMMAND_OBFUSCATION"
| "SCHEDULED_TRANSFER"
| "SYSTEM_OWNER_USER_DISCOVERY"
| "MASQUERADING"
| "MATCH_LEGITIMATE_NAME_OR_LOCATION"
| "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS"
| "STARTUP_ITEMS"
| "NETWORK_SERVICE_DISCOVERY"
| "SCHEDULED_TASK_JOB"
| "SCHEDULED_TASK_JOB_CRON"
| "CONTAINER_ORCHESTRATION_JOB"
| "PROCESS_INJECTION"
| "INPUT_CAPTURE"
| "INPUT_CAPTURE_KEYLOGGING"
| "PROCESS_DISCOVERY"
| "COMMAND_AND_SCRIPTING_INTERPRETER"
| "UNIX_SHELL"
| "PYTHON"
| "EXPLOITATION_FOR_PRIVILEGE_ESCALATION"
| "PERMISSION_GROUPS_DISCOVERY"
| "CLOUD_GROUPS"
| "INDICATOR_REMOVAL"
| "INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS"
| "INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY"
| "INDICATOR_REMOVAL_FILE_DELETION"
| "INDICATOR_REMOVAL_TIMESTOMP"
| "INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA"
| "APPLICATION_LAYER_PROTOCOL"
| "DNS"
| "SOFTWARE_DEPLOYMENT_TOOLS"
| "VALID_ACCOUNTS"
| "DEFAULT_ACCOUNTS"
| "LOCAL_ACCOUNTS"
| "CLOUD_ACCOUNTS"
| "FILE_AND_DIRECTORY_DISCOVERY"
| "ACCOUNT_DISCOVERY_LOCAL_ACCOUNT"
| "PROXY"
| "EXTERNAL_PROXY"
| "MULTI_HOP_PROXY"
| "ACCOUNT_MANIPULATION"
| "ADDITIONAL_CLOUD_CREDENTIALS"
| "ADDITIONAL_CLOUD_ROLES"
| "SSH_AUTHORIZED_KEYS"
| "ADDITIONAL_CONTAINER_CLUSTER_ROLES"
| "MULTI_STAGE_CHANNELS"
| "INGRESS_TOOL_TRANSFER"
| "NATIVE_API"
| "BRUTE_FORCE"
| "AUTOMATED_COLLECTION"
| "SHARED_MODULES"
| "DATA_ENCODING"
| "STANDARD_ENCODING"
| "ACCESS_TOKEN_MANIPULATION"
| "TOKEN_IMPERSONATION_OR_THEFT"
| "CREATE_ACCOUNT"
| "LOCAL_ACCOUNT"
| "DEOBFUSCATE_DECODE_FILES_OR_INFO"
| "EXPLOIT_PUBLIC_FACING_APPLICATION"
| "SUPPLY_CHAIN_COMPROMISE"
| "COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS"
| "EXPLOITATION_FOR_CLIENT_EXECUTION"
| "USER_EXECUTION"
| "LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION"
| "DOMAIN_POLICY_MODIFICATION"
| "DATA_DESTRUCTION"
| "DATA_ENCRYPTED_FOR_IMPACT"
| "SERVICE_STOP"
| "INHIBIT_SYSTEM_RECOVERY"
| "FIRMWARE_CORRUPTION"
| "RESOURCE_HIJACKING"
| "NETWORK_DENIAL_OF_SERVICE"
| "CLOUD_SERVICE_DISCOVERY"
| "STEAL_APPLICATION_ACCESS_TOKEN"
| "ACCOUNT_ACCESS_REMOVAL"
| "TRANSFER_DATA_TO_CLOUD_ACCOUNT"
| "STEAL_WEB_SESSION_COOKIE"
| "CREATE_OR_MODIFY_SYSTEM_PROCESS"
| "EVENT_TRIGGERED_EXECUTION"
| "BOOT_OR_LOGON_AUTOSTART_EXECUTION"
| "KERNEL_MODULES_AND_EXTENSIONS"
| "SHORTCUT_MODIFICATION"
| "ABUSE_ELEVATION_CONTROL_MECHANISM"
| "ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID"
| "ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING"
| "UNSECURED_CREDENTIALS"
| "CREDENTIALS_IN_FILES"
| "BASH_HISTORY"
| "PRIVATE_KEYS"
| "SUBVERT_TRUST_CONTROL"
| "INSTALL_ROOT_CERTIFICATE"
| "COMPROMISE_HOST_SOFTWARE_BINARY"
| "CREDENTIALS_FROM_PASSWORD_STORES"
| "MODIFY_AUTHENTICATION_PROCESS"
| "PLUGGABLE_AUTHENTICATION_MODULES"
| "IMPAIR_DEFENSES"
| "DISABLE_OR_MODIFY_TOOLS"
| "INDICATOR_BLOCKING"
| "DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM"
| "HIDE_ARTIFACTS"
| "HIDDEN_FILES_AND_DIRECTORIES"
| "HIDDEN_USERS"
| "EXFILTRATION_OVER_WEB_SERVICE"
| "EXFILTRATION_TO_CLOUD_STORAGE"
| "DYNAMIC_RESOLUTION"
| "LATERAL_TOOL_TRANSFER"
| "HIJACK_EXECUTION_FLOW"
| "HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING"
| "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE"
| "CREATE_SNAPSHOT"
| "CLOUD_INFRASTRUCTURE_DISCOVERY"
| "DEVELOP_CAPABILITIES"
| "DEVELOP_CAPABILITIES_MALWARE"
| "OBTAIN_CAPABILITIES"
| "OBTAIN_CAPABILITIES_MALWARE"
| "OBTAIN_CAPABILITIES_VULNERABILITIES"
| "ACTIVE_SCANNING"
| "SCANNING_IP_BLOCKS"
| "STAGE_CAPABILITIES"
| "UPLOAD_MALWARE"
| "CONTAINER_ADMINISTRATION_COMMAND"
| "DEPLOY_CONTAINER"
| "ESCAPE_TO_HOST"
| "CONTAINER_AND_RESOURCE_DISCOVERY"
| "REFLECTIVE_CODE_LOADING"
| "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES"
| "FINANCIAL_THEFT"[];
version?: string;
}§Properties
§
additionalTactics?: "TACTIC_UNSPECIFIED" | "RECONNAISSANCE" | "RESOURCE_DEVELOPMENT" | "INITIAL_ACCESS" | "EXECUTION" | "PERSISTENCE" | "PRIVILEGE_ESCALATION" | "DEFENSE_EVASION" | "CREDENTIAL_ACCESS" | "DISCOVERY" | "LATERAL_MOVEMENT" | "COLLECTION" | "COMMAND_AND_CONTROL" | "EXFILTRATION" | "IMPACT"[]
[src]Additional MITRE ATT&CK tactics related to this finding, if any.
§
additionalTechniques?: "TECHNIQUE_UNSPECIFIED" | "DATA_OBFUSCATION" | "DATA_OBFUSCATION_STEGANOGRAPHY" | "OS_CREDENTIAL_DUMPING" | "OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM" | "OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW" | "DATA_FROM_LOCAL_SYSTEM" | "AUTOMATED_EXFILTRATION" | "OBFUSCATED_FILES_OR_INFO" | "STEGANOGRAPHY" | "COMPILE_AFTER_DELIVERY" | "COMMAND_OBFUSCATION" | "SCHEDULED_TRANSFER" | "SYSTEM_OWNER_USER_DISCOVERY" | "MASQUERADING" | "MATCH_LEGITIMATE_NAME_OR_LOCATION" | "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS" | "STARTUP_ITEMS" | "NETWORK_SERVICE_DISCOVERY" | "SCHEDULED_TASK_JOB" | "SCHEDULED_TASK_JOB_CRON" | "CONTAINER_ORCHESTRATION_JOB" | "PROCESS_INJECTION" | "INPUT_CAPTURE" | "INPUT_CAPTURE_KEYLOGGING" | "PROCESS_DISCOVERY" | "COMMAND_AND_SCRIPTING_INTERPRETER" | "UNIX_SHELL" | "PYTHON" | "EXPLOITATION_FOR_PRIVILEGE_ESCALATION" | "PERMISSION_GROUPS_DISCOVERY" | "CLOUD_GROUPS" | "INDICATOR_REMOVAL" | "INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS" | "INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY" | "INDICATOR_REMOVAL_FILE_DELETION" | "INDICATOR_REMOVAL_TIMESTOMP" | "INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA" | "APPLICATION_LAYER_PROTOCOL" | "DNS" | "SOFTWARE_DEPLOYMENT_TOOLS" | "VALID_ACCOUNTS" | "DEFAULT_ACCOUNTS" | "LOCAL_ACCOUNTS" | "CLOUD_ACCOUNTS" | "FILE_AND_DIRECTORY_DISCOVERY" | "ACCOUNT_DISCOVERY_LOCAL_ACCOUNT" | "PROXY" | "EXTERNAL_PROXY" | "MULTI_HOP_PROXY" | "ACCOUNT_MANIPULATION" | "ADDITIONAL_CLOUD_CREDENTIALS" | "ADDITIONAL_CLOUD_ROLES" | "SSH_AUTHORIZED_KEYS" | "ADDITIONAL_CONTAINER_CLUSTER_ROLES" | "MULTI_STAGE_CHANNELS" | "INGRESS_TOOL_TRANSFER" | "NATIVE_API" | "BRUTE_FORCE" | "AUTOMATED_COLLECTION" | "SHARED_MODULES" | "DATA_ENCODING" | "STANDARD_ENCODING" | "ACCESS_TOKEN_MANIPULATION" | "TOKEN_IMPERSONATION_OR_THEFT" | "CREATE_ACCOUNT" | "LOCAL_ACCOUNT" | "DEOBFUSCATE_DECODE_FILES_OR_INFO" | "EXPLOIT_PUBLIC_FACING_APPLICATION" | "SUPPLY_CHAIN_COMPROMISE" | "COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS" | "EXPLOITATION_FOR_CLIENT_EXECUTION" | "USER_EXECUTION" | "LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION" | "DOMAIN_POLICY_MODIFICATION" | "DATA_DESTRUCTION" | "DATA_ENCRYPTED_FOR_IMPACT" | "SERVICE_STOP" | "INHIBIT_SYSTEM_RECOVERY" | "FIRMWARE_CORRUPTION" | "RESOURCE_HIJACKING" | "NETWORK_DENIAL_OF_SERVICE" | "CLOUD_SERVICE_DISCOVERY" | "STEAL_APPLICATION_ACCESS_TOKEN" | "ACCOUNT_ACCESS_REMOVAL" | "TRANSFER_DATA_TO_CLOUD_ACCOUNT" | "STEAL_WEB_SESSION_COOKIE" | "CREATE_OR_MODIFY_SYSTEM_PROCESS" | "EVENT_TRIGGERED_EXECUTION" | "BOOT_OR_LOGON_AUTOSTART_EXECUTION" | "KERNEL_MODULES_AND_EXTENSIONS" | "SHORTCUT_MODIFICATION" | "ABUSE_ELEVATION_CONTROL_MECHANISM" | "ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID" | "ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING" | "UNSECURED_CREDENTIALS" | "CREDENTIALS_IN_FILES" | "BASH_HISTORY" | "PRIVATE_KEYS" | "SUBVERT_TRUST_CONTROL" | "INSTALL_ROOT_CERTIFICATE" | "COMPROMISE_HOST_SOFTWARE_BINARY" | "CREDENTIALS_FROM_PASSWORD_STORES" | "MODIFY_AUTHENTICATION_PROCESS" | "PLUGGABLE_AUTHENTICATION_MODULES" | "IMPAIR_DEFENSES" | "DISABLE_OR_MODIFY_TOOLS" | "INDICATOR_BLOCKING" | "DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM" | "HIDE_ARTIFACTS" | "HIDDEN_FILES_AND_DIRECTORIES" | "HIDDEN_USERS" | "EXFILTRATION_OVER_WEB_SERVICE" | "EXFILTRATION_TO_CLOUD_STORAGE" | "DYNAMIC_RESOLUTION" | "LATERAL_TOOL_TRANSFER" | "HIJACK_EXECUTION_FLOW" | "HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING" | "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" | "CREATE_SNAPSHOT" | "CLOUD_INFRASTRUCTURE_DISCOVERY" | "DEVELOP_CAPABILITIES" | "DEVELOP_CAPABILITIES_MALWARE" | "OBTAIN_CAPABILITIES" | "OBTAIN_CAPABILITIES_MALWARE" | "OBTAIN_CAPABILITIES_VULNERABILITIES" | "ACTIVE_SCANNING" | "SCANNING_IP_BLOCKS" | "STAGE_CAPABILITIES" | "UPLOAD_MALWARE" | "CONTAINER_ADMINISTRATION_COMMAND" | "DEPLOY_CONTAINER" | "ESCAPE_TO_HOST" | "CONTAINER_AND_RESOURCE_DISCOVERY" | "REFLECTIVE_CODE_LOADING" | "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" | "FINANCIAL_THEFT"[]
[src]Additional MITRE ATT&CK techniques related to this finding, if any, along with any of their respective parent techniques.
§
primaryTactic?: "TACTIC_UNSPECIFIED" | "RECONNAISSANCE" | "RESOURCE_DEVELOPMENT" | "INITIAL_ACCESS" | "EXECUTION" | "PERSISTENCE" | "PRIVILEGE_ESCALATION" | "DEFENSE_EVASION" | "CREDENTIAL_ACCESS" | "DISCOVERY" | "LATERAL_MOVEMENT" | "COLLECTION" | "COMMAND_AND_CONTROL" | "EXFILTRATION" | "IMPACT"
[src]The MITRE ATT&CK tactic most closely represented by this finding, if any.
§
primaryTechniques?: "TECHNIQUE_UNSPECIFIED" | "DATA_OBFUSCATION" | "DATA_OBFUSCATION_STEGANOGRAPHY" | "OS_CREDENTIAL_DUMPING" | "OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM" | "OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW" | "DATA_FROM_LOCAL_SYSTEM" | "AUTOMATED_EXFILTRATION" | "OBFUSCATED_FILES_OR_INFO" | "STEGANOGRAPHY" | "COMPILE_AFTER_DELIVERY" | "COMMAND_OBFUSCATION" | "SCHEDULED_TRANSFER" | "SYSTEM_OWNER_USER_DISCOVERY" | "MASQUERADING" | "MATCH_LEGITIMATE_NAME_OR_LOCATION" | "BOOT_OR_LOGON_INITIALIZATION_SCRIPTS" | "STARTUP_ITEMS" | "NETWORK_SERVICE_DISCOVERY" | "SCHEDULED_TASK_JOB" | "SCHEDULED_TASK_JOB_CRON" | "CONTAINER_ORCHESTRATION_JOB" | "PROCESS_INJECTION" | "INPUT_CAPTURE" | "INPUT_CAPTURE_KEYLOGGING" | "PROCESS_DISCOVERY" | "COMMAND_AND_SCRIPTING_INTERPRETER" | "UNIX_SHELL" | "PYTHON" | "EXPLOITATION_FOR_PRIVILEGE_ESCALATION" | "PERMISSION_GROUPS_DISCOVERY" | "CLOUD_GROUPS" | "INDICATOR_REMOVAL" | "INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS" | "INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY" | "INDICATOR_REMOVAL_FILE_DELETION" | "INDICATOR_REMOVAL_TIMESTOMP" | "INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA" | "APPLICATION_LAYER_PROTOCOL" | "DNS" | "SOFTWARE_DEPLOYMENT_TOOLS" | "VALID_ACCOUNTS" | "DEFAULT_ACCOUNTS" | "LOCAL_ACCOUNTS" | "CLOUD_ACCOUNTS" | "FILE_AND_DIRECTORY_DISCOVERY" | "ACCOUNT_DISCOVERY_LOCAL_ACCOUNT" | "PROXY" | "EXTERNAL_PROXY" | "MULTI_HOP_PROXY" | "ACCOUNT_MANIPULATION" | "ADDITIONAL_CLOUD_CREDENTIALS" | "ADDITIONAL_CLOUD_ROLES" | "SSH_AUTHORIZED_KEYS" | "ADDITIONAL_CONTAINER_CLUSTER_ROLES" | "MULTI_STAGE_CHANNELS" | "INGRESS_TOOL_TRANSFER" | "NATIVE_API" | "BRUTE_FORCE" | "AUTOMATED_COLLECTION" | "SHARED_MODULES" | "DATA_ENCODING" | "STANDARD_ENCODING" | "ACCESS_TOKEN_MANIPULATION" | "TOKEN_IMPERSONATION_OR_THEFT" | "CREATE_ACCOUNT" | "LOCAL_ACCOUNT" | "DEOBFUSCATE_DECODE_FILES_OR_INFO" | "EXPLOIT_PUBLIC_FACING_APPLICATION" | "SUPPLY_CHAIN_COMPROMISE" | "COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS" | "EXPLOITATION_FOR_CLIENT_EXECUTION" | "USER_EXECUTION" | "LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION" | "DOMAIN_POLICY_MODIFICATION" | "DATA_DESTRUCTION" | "DATA_ENCRYPTED_FOR_IMPACT" | "SERVICE_STOP" | "INHIBIT_SYSTEM_RECOVERY" | "FIRMWARE_CORRUPTION" | "RESOURCE_HIJACKING" | "NETWORK_DENIAL_OF_SERVICE" | "CLOUD_SERVICE_DISCOVERY" | "STEAL_APPLICATION_ACCESS_TOKEN" | "ACCOUNT_ACCESS_REMOVAL" | "TRANSFER_DATA_TO_CLOUD_ACCOUNT" | "STEAL_WEB_SESSION_COOKIE" | "CREATE_OR_MODIFY_SYSTEM_PROCESS" | "EVENT_TRIGGERED_EXECUTION" | "BOOT_OR_LOGON_AUTOSTART_EXECUTION" | "KERNEL_MODULES_AND_EXTENSIONS" | "SHORTCUT_MODIFICATION" | "ABUSE_ELEVATION_CONTROL_MECHANISM" | "ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID" | "ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING" | "UNSECURED_CREDENTIALS" | "CREDENTIALS_IN_FILES" | "BASH_HISTORY" | "PRIVATE_KEYS" | "SUBVERT_TRUST_CONTROL" | "INSTALL_ROOT_CERTIFICATE" | "COMPROMISE_HOST_SOFTWARE_BINARY" | "CREDENTIALS_FROM_PASSWORD_STORES" | "MODIFY_AUTHENTICATION_PROCESS" | "PLUGGABLE_AUTHENTICATION_MODULES" | "IMPAIR_DEFENSES" | "DISABLE_OR_MODIFY_TOOLS" | "INDICATOR_BLOCKING" | "DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM" | "HIDE_ARTIFACTS" | "HIDDEN_FILES_AND_DIRECTORIES" | "HIDDEN_USERS" | "EXFILTRATION_OVER_WEB_SERVICE" | "EXFILTRATION_TO_CLOUD_STORAGE" | "DYNAMIC_RESOLUTION" | "LATERAL_TOOL_TRANSFER" | "HIJACK_EXECUTION_FLOW" | "HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING" | "MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE" | "CREATE_SNAPSHOT" | "CLOUD_INFRASTRUCTURE_DISCOVERY" | "DEVELOP_CAPABILITIES" | "DEVELOP_CAPABILITIES_MALWARE" | "OBTAIN_CAPABILITIES" | "OBTAIN_CAPABILITIES_MALWARE" | "OBTAIN_CAPABILITIES_VULNERABILITIES" | "ACTIVE_SCANNING" | "SCANNING_IP_BLOCKS" | "STAGE_CAPABILITIES" | "UPLOAD_MALWARE" | "CONTAINER_ADMINISTRATION_COMMAND" | "DEPLOY_CONTAINER" | "ESCAPE_TO_HOST" | "CONTAINER_AND_RESOURCE_DISCOVERY" | "REFLECTIVE_CODE_LOADING" | "STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES" | "FINANCIAL_THEFT"[]
[src]The MITRE ATT&CK technique most closely represented by this finding, if
any. primary_techniques is a repeated field because there are multiple
levels of MITRE ATT&CK techniques. If the technique most closely
represented by this finding is a sub-technique (e.g. SCANNING_IP_BLOCKS),
both the sub-technique and its parent technique(s) will be listed (e.g.
SCANNING_IP_BLOCKS, ACTIVE_SCANNING).