Attack Object

The attack object describes the technique and associated tactics related to an attack. Multiple attack objects can be added to Security Detection and System Activity events.
Name Attribute Requirement Type Description
Sub-technique Name sub_technique_name Recommended String The name of the attack sub-technique, as defined by ATT&CK MatrixTM.
Sub-technique ID sub_technique_uid Recommended String The unique identifier of the attack sub-technique, as defined by ATT&CK MatrixTM.
Tactics tactic_ids Recommended Integer Array The tactics that are associated with the attack technique (To be deprecated, use tactic_uids).
1Enterprise: Initial Access
2Enterprise: Execution
3Enterprise: Persistance
4Enterprise: Privilege Escalation
5Enterprise: Defense Evasion
6Enterprise: Credential Access
7Enterprise: Discovery
8Enterprise: Lateral Movement
9Enterprise: Collection
10Enterprise: Exfiltration
11Enterprise: Command and Control
12PRE-ATT&CK: Priority Definition Planning
13PRE-ATT&CK: Priority Definition Direction
14PRE-ATT&CK: Target Selection
15PRE-ATT&CK: Technical Information Gathering
16PRE-ATT&CK: People Information Gathering
17PRE-ATT&CK: Organizational Information Gathering
18PRE-ATT&CK: Technical Weakness Identification
19PRE-ATT&CK: People Weakness Identification
20PRE-ATT&CK: Organizational Weakness Identification
21PRE-ATT&CK: Adversary OPSEC
22PRE-ATT&CK: Establish & Maintain Infrastructure
23PRE-ATT&CK: Persona Development
24PRE-ATT&CK: Build Capabilities
25PRE-ATT&CK: Test Capabilities
26PRE-ATT&CK: Stage Capabilities
27Mobile: Initial Access
28Mobile: Persistence
29Mobile: Privilege Escalation
30Mobile: Defense Evasion
31Mobile: Credential Access
32Mobile: Discovery
33Mobile: Lateral Movement
34Mobile: Effects
35Mobile: Collection
36Mobile: Exfiltration
37Mobile: Command and Control
38Mobile: Network Effects
39Mobile: Remote Service Effects
40Enterprise: Impact
Tactics tactic_uids Recommended String Array The tactics that are associated with the attack technique, as defined by ATT&CK MatrixTM.
Technique Name technique_name Recommended String The name of the attack technique, as defined by ATT&CK MatrixTM. For example: Drive-by Compromise.
Technique ID technique_uid Recommended String The unique identifier of the attack technique, as defined by ATT&CK MatrixTM. For example: T1189.