[8.6] [Security Solution][Detections] Updates MITRE ATT&CK mappings to v12.1 (#151931) (#152006)

# Backport

This will backport the following commits from `main` to `8.6`:
- [[Security Solution][Detections] Updates MITRE ATT&CK mappings to
v12.1 (#151931)](https://github.com/elastic/kibana/pull/151931)

<!--- Backport version: 8.9.7 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Garrett
Spong","email":"spong@users.noreply.github.com"},"sourceCommit":{"committedDate":"2023-02-23T15:26:00Z","message":"[Security
Solution][Detections] Updates MITRE ATT&CK mappings to v12.1
(#151931)\n\n## Summary\r\n\r\nUpdates MITRE ATT&CK mappings to `v12.1`,
see `detection-rules` repo\r\nupdate here:
https://github.com/elastic/detection-rules/pull/2422. Last\r\nupdate was
to `v11.3` in https://github.com/elastic/kibana/pull/137122.\r\n\r\nTo
update, I modified
\r\n\r\n\r\n1a19148c18/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js (L22)\r\nto
point to the `ATT&CK-v12.1` tag.\r\n\r\nThen ran `yarn
extract-mitre-attacks` from the root `security_solution`\r\nplugin
directory, and then `node scripts/i18n_check.js --fix` from\r\nKibana
root to regen the i18n files.\r\n\r\n### Checklist\r\n\r\n- [X] Any text
added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)","sha":"bbfa43ae58f9d2d94a124b932a26cdd6e8167aba","branchLabelMapping":{"^v8.8.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Feature:Detection
Rules","Team:Detections and Resp","Team:
SecuritySolution","Team:Detection
Rules","v8.6.0","v8.7.0","v8.8.0"],"number":151931,"url":"https://github.com/elastic/kibana/pull/151931","mergeCommit":{"message":"[Security
Solution][Detections] Updates MITRE ATT&CK mappings to v12.1
(#151931)\n\n## Summary\r\n\r\nUpdates MITRE ATT&CK mappings to `v12.1`,
see `detection-rules` repo\r\nupdate here:
https://github.com/elastic/detection-rules/pull/2422. Last\r\nupdate was
to `v11.3` in https://github.com/elastic/kibana/pull/137122.\r\n\r\nTo
update, I modified
\r\n\r\n\r\n1a19148c18/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js (L22)\r\nto
point to the `ATT&CK-v12.1` tag.\r\n\r\nThen ran `yarn
extract-mitre-attacks` from the root `security_solution`\r\nplugin
directory, and then `node scripts/i18n_check.js --fix` from\r\nKibana
root to regen the i18n files.\r\n\r\n### Checklist\r\n\r\n- [X] Any text
added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)","sha":"bbfa43ae58f9d2d94a124b932a26cdd6e8167aba"}},"sourceBranch":"main","suggestedTargetBranches":["8.6","8.7"],"targetPullRequestStates":[{"branch":"8.6","label":"v8.6.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.7","label":"v8.7.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.8.0","labelRegex":"^v8.8.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/151931","number":151931,"mergeCommit":{"message":"[Security
Solution][Detections] Updates MITRE ATT&CK mappings to v12.1
(#151931)\n\n## Summary\r\n\r\nUpdates MITRE ATT&CK mappings to `v12.1`,
see `detection-rules` repo\r\nupdate here:
https://github.com/elastic/detection-rules/pull/2422. Last\r\nupdate was
to `v11.3` in https://github.com/elastic/kibana/pull/137122.\r\n\r\nTo
update, I modified
\r\n\r\n\r\n1a19148c18/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js (L22)\r\nto
point to the `ATT&CK-v12.1` tag.\r\n\r\nThen ran `yarn
extract-mitre-attacks` from the root `security_solution`\r\nplugin
directory, and then `node scripts/i18n_check.js --fix` from\r\nKibana
root to regen the i18n files.\r\n\r\n### Checklist\r\n\r\n- [X] Any text
added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)","sha":"bbfa43ae58f9d2d94a124b932a26cdd6e8167aba"}}]}]
BACKPORT-->

Co-authored-by: Garrett Spong <spong@users.noreply.github.com>

x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js

@@ -19,7 +19,7 @@ const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre');
 // Every release we should update the version of MITRE ATT&CK content and regenerate the model in our code.
 // This version must correspond to the one used for prebuilt rules in https://github.com/elastic/detection-rules.
 // This version is basically a tag on https://github.com/mitre/cti/tags, or can be a branch name like `master`.
-const MITRE_CONTENT_VERSION = 'ATT&CK-v11.3'; // last updated when preparing for 8.4.0 release
+const MITRE_CONTENT_VERSION = 'ATT&CK-v12.1'; // last updated when preparing for 8.7.0 release
 const MITRE_CONTENT_URL = `https://raw.githubusercontent.com/mitre/cti/${MITRE_CONTENT_VERSION}/enterprise-attack/enterprise-attack.json`;
 
 const getTacticsOptions = (tactics) =>

x-pack/plugins/translations/translations/fr-FR.json

@@ -28751,7 +28751,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "Encodage de données (T1132)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "Données chiffrées (T1022)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "Données chiffrées pour impact (T1486)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "Données d'objet de stockage cloud (T1530)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "Données de référentiel de configuration (T1602)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "Données de référentiels d'information (T1213)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "Données de système local (T1005)",
@@ -28832,7 +28831,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "Implantation d'image interne (T1525)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "Blocage de l'indicateur (T1054)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "Retrait de l'indicateur dans les outils (T1066)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "Retrait d'un indicateur sur l'hôte (T1070)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "Exécution d'une commande indirecte (T1202)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Transfert d'outil d'entrée (T1105)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "Désactivation de la récupération du système (T1490)",

x-pack/plugins/translations/translations/ja-JP.json

@@ -28725,7 +28725,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "データエンコード(T1132)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "データ暗号化(T1022)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "影響のデータ暗号化(T1486)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "クラウドストレージオブジェクトからのデータ（T1530）",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "構成リポジトリのデータ（T1602）",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "情報リポジトリからのデータ（T1213）",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "ローカルシステムからのデータ（T1005）",
@@ -28806,7 +28805,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "内部画像の埋め込み (T1525)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "インジケーターブロック(T1054)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "ツールからのインジケーター削除(T1066)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "ホストでのインジケーター削除(T1070)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "間接コマンド実行（T1202）",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Ingress Tool Transfer（T1105）",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "システム回復の抑制（T1490）",

x-pack/plugins/translations/translations/zh-CN.json

@@ -28758,7 +28758,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "Data Encoding (T1132)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "Data Encrypted (T1022)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "Data Encrypted for Impact (T1486)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "Data from Cloud Storage Object (T1530)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "Data from Configuration Repository (T1602)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "Data from Information Repositories (T1213)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "Data from Local System (T1005)",
@@ -28839,7 +28838,6 @@
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "Implant Internal Image (T1525)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "Indicator Blocking (T1054)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "Indicator Removal from Tools (T1066)",
-    "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "Indicator Removal on Host (T1070)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "Indirect Command Execution (T1202)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Ingress Tool Transfer (T1105)",
     "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "Inhibit System Recovery (T1490)",