mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[Security Solution][Detections] Update the MITRE ATT&CK model to v11.3 (#137122)
**Related to:** https://github.com/elastic/detection-rules/pull/2073#issuecomment-1191758934, https://github.com/elastic/kibana/issues/89876 ## Summary Here we regenerate the MITRE ATT&CK model in the code based on the official MITRE content: - we update to the version `ATT&CK-v11.3` (see https://github.com/elastic/detection-rules/pull/2073#issuecomment-1194691383) - this corresponds to the `https://raw.githubusercontent.com/mitre/cti/ATT&CK-v11.3/enterprise-attack/enterprise-attack.json` content Also, this PR fixes the model regeneration script (check the comment below).
This commit is contained in:
Georgii Gorbachev
GitHub
parent
bc256148e3
commit
cc634ed59b
5 changed files with 5371 additions and 297 deletions
File diff suppressed because it is too large
Load diff
|
|
@ -11,12 +11,16 @@ const fs = require('fs');
|
|||
// eslint-disable-next-line import/no-extraneous-dependencies
|
||||
const fetch = require('node-fetch');
|
||||
// eslint-disable-next-line import/no-extraneous-dependencies
|
||||
const { camelCase, startCase } = require('lodash');
|
||||
const { camelCase, sortBy } = require('lodash');
|
||||
const { resolve } = require('path');
|
||||
|
||||
const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre');
|
||||
const MITRE_ENTERPRISE_ATTACK_URL =
|
||||
'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json';
|
||||
|
||||
// Every release we should update the version of MITRE ATT&CK content and regenerate the model in our code.
|
||||
// This version must correspond to the one used for prebuilt rules in https://github.com/elastic/detection-rules.
|
||||
// This version is basically a tag on https://github.com/mitre/cti/tags, or can be a branch name like `master`.
|
||||
const MITRE_CONTENT_VERSION = 'ATT&CK-v11.3'; // last updated when preparing for 8.4.0 release
|
||||
const MITRE_CONTENT_URL = `https://raw.githubusercontent.com/mitre/cti/${MITRE_CONTENT_VERSION}/enterprise-attack/enterprise-attack.json`;
|
||||
|
||||
const getTacticsOptions = (tactics) =>
|
||||
tactics.map((t) =>
|
||||
|
|
@ -67,98 +71,124 @@ const getSubtechniquesOptions = (subtechniques) =>
|
|||
}`.replace(/(\r\n|\n|\r)/gm, ' ')
|
||||
);
|
||||
|
||||
const getIdReference = (references) =>
|
||||
references.reduce(
|
||||
(obj, extRef) => {
|
||||
if (extRef.source_name === 'mitre-attack') {
|
||||
return {
|
||||
id: extRef.external_id,
|
||||
reference: extRef.url,
|
||||
};
|
||||
}
|
||||
return obj;
|
||||
},
|
||||
{ id: '', reference: '' }
|
||||
);
|
||||
const getIdReference = (references) => {
|
||||
const ref = references.find((r) => r.source_name === 'mitre-attack');
|
||||
if (ref != null) {
|
||||
return {
|
||||
id: ref.external_id,
|
||||
reference: ref.url,
|
||||
};
|
||||
} else {
|
||||
return { id: '', reference: '' };
|
||||
}
|
||||
};
|
||||
|
||||
const buildMockThreatData = (tactics, techniques, subtechniques) => {
|
||||
const extractTacticsData = (mitreData) => {
|
||||
const tactics = mitreData
|
||||
.filter((obj) => obj.type === 'x-mitre-tactic')
|
||||
.reduce((acc, item) => {
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
displayName: item.name,
|
||||
shortName: item.x_mitre_shortname,
|
||||
id,
|
||||
reference,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
|
||||
return sortBy(tactics, 'displayName');
|
||||
};
|
||||
|
||||
const normalizeTacticsData = (tacticsData) => {
|
||||
return tacticsData.map((data) => {
|
||||
const { displayName, id, reference } = data;
|
||||
return { name: displayName, id, reference };
|
||||
});
|
||||
};
|
||||
|
||||
const extractTechniques = (mitreData) => {
|
||||
const techniques = mitreData
|
||||
.filter(
|
||||
(obj) =>
|
||||
obj.type === 'attack-pattern' &&
|
||||
(obj.x_mitre_is_subtechnique === false || obj.x_mitre_is_subtechnique === undefined)
|
||||
)
|
||||
.reduce((acc, item) => {
|
||||
let tactics = [];
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) {
|
||||
item.kill_chain_phases.forEach((tactic) => {
|
||||
tactics = [...tactics, tactic.phase_name];
|
||||
});
|
||||
}
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
name: item.name,
|
||||
id,
|
||||
reference,
|
||||
tactics,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
|
||||
return sortBy(techniques, 'name');
|
||||
};
|
||||
|
||||
const extractSubtechniques = (mitreData) => {
|
||||
const subtechniques = mitreData
|
||||
.filter((obj) => obj.x_mitre_is_subtechnique === true)
|
||||
.reduce((acc, item) => {
|
||||
let tactics = [];
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) {
|
||||
item.kill_chain_phases.forEach((tactic) => {
|
||||
tactics = [...tactics, tactic.phase_name];
|
||||
});
|
||||
}
|
||||
const techniqueId = id.split('.')[0];
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
name: item.name,
|
||||
id,
|
||||
reference,
|
||||
tactics,
|
||||
techniqueId,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
|
||||
return sortBy(subtechniques, 'name');
|
||||
};
|
||||
|
||||
const buildMockThreatData = (tacticsData, techniques, subtechniques) => {
|
||||
const subtechnique = subtechniques[0];
|
||||
const technique = techniques.find((technique) => technique.id === subtechnique.techniqueId);
|
||||
const tactic = tactics.find(
|
||||
(tactic) => tactic.name === startCase(camelCase(technique.tactics[0]))
|
||||
);
|
||||
const tactic = tacticsData.find((tactic) => tactic.shortName === technique.tactics[0]);
|
||||
|
||||
return {
|
||||
tactic,
|
||||
tactic: normalizeTacticsData([tactic])[0],
|
||||
technique,
|
||||
subtechnique,
|
||||
};
|
||||
};
|
||||
|
||||
async function main() {
|
||||
fetch(MITRE_ENTERPRISE_ATTACK_URL)
|
||||
fetch(MITRE_CONTENT_URL)
|
||||
.then((res) => res.json())
|
||||
.then((json) => {
|
||||
const mitreData = json.objects;
|
||||
const tactics = mitreData
|
||||
.filter((obj) => obj.type === 'x-mitre-tactic')
|
||||
.reduce((acc, item) => {
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
name: item.name,
|
||||
id,
|
||||
reference,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
const techniques = mitreData
|
||||
.filter((obj) => obj.type === 'attack-pattern' && obj.x_mitre_is_subtechnique === false)
|
||||
.reduce((acc, item) => {
|
||||
let tactics = [];
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) {
|
||||
item.kill_chain_phases.forEach((tactic) => {
|
||||
tactics = [...tactics, tactic.phase_name];
|
||||
});
|
||||
}
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
name: item.name,
|
||||
id,
|
||||
reference,
|
||||
tactics,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
|
||||
const subtechniques = mitreData
|
||||
.filter((obj) => obj.x_mitre_is_subtechnique === true)
|
||||
.reduce((acc, item) => {
|
||||
let tactics = [];
|
||||
const { id, reference } = getIdReference(item.external_references);
|
||||
if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) {
|
||||
item.kill_chain_phases.forEach((tactic) => {
|
||||
tactics = [...tactics, tactic.phase_name];
|
||||
});
|
||||
}
|
||||
const techniqueId = id.split('.')[0];
|
||||
|
||||
return [
|
||||
...acc,
|
||||
{
|
||||
name: item.name,
|
||||
id,
|
||||
reference,
|
||||
tactics,
|
||||
techniqueId,
|
||||
},
|
||||
];
|
||||
}, []);
|
||||
const tacticsData = extractTacticsData(mitreData);
|
||||
const tactics = normalizeTacticsData(tacticsData);
|
||||
const techniques = extractTechniques(mitreData);
|
||||
const subtechniques = extractSubtechniques(mitreData);
|
||||
|
||||
const body = `/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
|
|
@ -202,7 +232,7 @@ async function main() {
|
|||
* Is built alongside and sampled from the data in the file so to always be valid with the most up to date MITRE ATT&CK data
|
||||
*/
|
||||
export const getMockThreatData = () => (${JSON.stringify(
|
||||
buildMockThreatData(tactics, techniques, subtechniques),
|
||||
buildMockThreatData(tacticsData, techniques, subtechniques),
|
||||
null,
|
||||
2
|
||||
)
|
||||
|
|
|
|||
|
|
@ -24723,7 +24723,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "Configuration active (T1547.014)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "Compléments (T1137.006)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "Informations d'identification de cloud supplémentaires (T1098.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Ajouter un rôle d'administrateur global Office 365 (T1098.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "DLL AppCert (T1546.009)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "DLL AppInit (T1546.010)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)",
|
||||
|
|
@ -24739,7 +24738,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "Cryptographie asymétrique (T1573.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "Procédure d'appel asynchrone (T1055.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "At (Linux) (T1053.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "At (Windows) (T1053.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "Pack d'authentification (T1547.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Historique bash (T1552.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "Communication bidirectionnelle (T1102.002)",
|
||||
|
|
@ -24846,12 +24844,10 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "Noms d'employés (T1589.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "Saisie environnementale (T1480.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd et /etc/shadow (T1003.008)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Autorisations de délégation du courrier Exchange (T1098.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "Faiblesse d'autorisations du fichier d'installation exécutable (T1574.005)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration sur protocole chiffré asymétrique non C2 (T1048.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Exfiltration sur Bluetooth (T1011.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration sur protocole chiffré symétrique non C2 (T1048.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "Exfiltration sur protocole non chiffré/brouillé non C2 (T1048.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "Exfiltration sur USB (T1052.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "Exfiltration vers stockage cloud (T1567.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "Exfiltration vers référentiel de code (T1567.001)",
|
||||
|
|
@ -24911,7 +24907,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "Collection d'e-mails locaux (T1114.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "Groupes locaux (T1069.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Éléments de connexion (T1547.015)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "Script de connexion (Mac) (T1037.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "Script de connexion (Windows) (T1037.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "Secrets LSA (T1003.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "Pilote LSASS (T1547.008)",
|
||||
|
|
@ -25230,7 +25225,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "API native (T1106)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "Franchissement des limites du réseau (T1599)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "Déni de service réseau (T1498)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "Analyse du service réseau (T1046)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "Découverte de partages réseau (T1135)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "Sniffing réseau (T1040)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "Protocole de couche non applicative (T1095)",
|
||||
|
|
@ -25273,8 +25267,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "Arrêt de service (T1489)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "Modules partagés (T1129)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "Répertoire racine du Web partagé (T1051)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "Exécution du proxy binaire signé (T1218)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "Exécution du proxy de script signé (T1216)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "Outils de déploiement logiciel (T1072)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "Découverte de logiciels (T1518)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "Source (T1153)",
|
||||
|
|
@ -25299,7 +25291,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "Transfert de données vers le compte cloud (T1537)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "Exécution de proxy d'utilitaires de développeur de confiance (T1127)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "Relation de confiance (T1199)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "Interception d'authentification à deux facteurs (T1111)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "Informations d'identification non sécurisées (T1552)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "Régions cloud non utilisées/non prises en charge (T1535)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "Utilisation d'autres supports d'authentification (T1550)",
|
||||
|
|
|
|||
|
|
@ -24803,7 +24803,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "アクティブな設定 (T1547.014)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "アドイン(T1137.006)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "追加のクラウド資格情報(T1098.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Office 365 グローバル管理者ロールの追加(T1098.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "AppCert DLL(T1546.009)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "AppInit DLLs (T1546.010)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)",
|
||||
|
|
@ -24819,7 +24818,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "非対称暗号化(T1573.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "非同期プローシージャーコール(T1055.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "(Linux)(T1053.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "(Windows)(T1053.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "認証パッケージ(T1547.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Bash 履歴(T1552.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "双方向通信(T1102.002)",
|
||||
|
|
@ -24926,12 +24924,10 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "従業員名(T1589.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "環境キーイング(T1480.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd and /etc/shadow(T1003.008)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Exchange 電子メール委任権限(T1098.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "実行ファイルインストーラーファイル権限脆弱性(T1574.005)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "非対称暗号化非 C2 プロトコルでのデータ抽出(T1048.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Bluetooth でのデータ抽出(T1011.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "対称暗号化非 C2 プロトコルでのデータ抽出(T1048.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "非暗号化/難読化非 C2 プロトコルでのデータ抽出(T1048.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "USB でのデータ抽出(T1052.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "クラウドストレージへのデータ抽出(T1567.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "コードリポジトリへのデータ抽出(T1567.001)",
|
||||
|
|
@ -24991,7 +24987,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "ローカル電子メール収集(T1114.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "ローカルグループ(T1069.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Login Items (T1547.015)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "ログオンスクリプト(Mac)(T1037.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "ログオンスクリプト(Windows)(T1037.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "LSA シークレット(T1003.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "LSASS ドライバー(T1547.008)",
|
||||
|
|
@ -25310,7 +25305,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "ネイティブ API(T1106)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "ネットワーク境界ブリッジ(T1599)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "ネットワークサービス妨害(T1498)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "ネットワークサービススキャン(T1046)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "ネットワーク共有検出(T1135)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "ネットワーク検査(T1040)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "非アプリケーション層プロトコル(T1095)",
|
||||
|
|
@ -25353,8 +25347,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "サービス停止(T1489)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "共有モジュール(T1129)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "共有 Webroot(T1051)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "署名されたバイナリプロキシ実行(T1218)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "署名されたスクリプトプロキシ実行(T1216)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "ソフトウェア開発ツール(T1072)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "ソフトウェア検出(T1518)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "ソース(T1153)",
|
||||
|
|
@ -25379,7 +25371,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "クラウドアカウントへのデータ転送(T1537)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "信頼できる開発者のユーティリティのプロキシ実行(T1127)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "信頼できる関係(T1199)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "二要素認証傍受(T1111)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "保護されていない資格情報(T1552)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "未使用/サポートされていないクラウドリージョン(T1535)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "代替認証方法の使用(T1550)",
|
||||
|
|
|
|||
|
|
@ -24828,7 +24828,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description": "Active Setup (T1547.014)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description": "Add-ins (T1137.006)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description": "Additional Cloud Credentials (T1098.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description": "Add Office 365 Global Administrator Role (T1098.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description": "AppCert DLLs (T1546.009)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description": "AppInit DLLs (T1546.010)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description": "AppleScript (T1059.002)",
|
||||
|
|
@ -24844,7 +24843,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description": "Asymmetric Cryptography (T1573.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description": "Asynchronous Procedure Call (T1055.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description": "At (Linux) (T1053.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description": "At (Windows) (T1053.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description": "Authentication Package (T1547.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description": "Bash History (T1552.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description": "Bidirectional Communication (T1102.002)",
|
||||
|
|
@ -24951,12 +24949,10 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description": "Employee Names (T1589.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description": "Environmental Keying (T1480.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description": "/etc/passwd and /etc/shadow (T1003.008)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description": "Exchange Email Delegate Permissions (T1098.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description": "Executable Installer File Permissions Weakness (T1574.005)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (T1048.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description": "Exfiltration Over Bluetooth (T1011.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description": "Exfiltration Over Symmetric Encrypted Non-C2 Protocol (T1048.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description": "Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (T1048.003)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description": "Exfiltration over USB (T1052.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description": "Exfiltration to Cloud Storage (T1567.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description": "Exfiltration to Code Repository (T1567.001)",
|
||||
|
|
@ -25016,7 +25012,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description": "Local Email Collection (T1114.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description": "Local Groups (T1069.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description": "Login Items (T1547.015)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description": "Logon Script (Mac) (T1037.002)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description": "Logon Script (Windows) (T1037.001)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description": "LSA Secrets (T1003.004)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description": "LSASS Driver (T1547.008)",
|
||||
|
|
@ -25335,7 +25330,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription": "Native API (T1106)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription": "Network Boundary Bridging (T1599)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "Network Denial of Service (T1498)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "Network Service Scanning (T1046)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "Network Share Discovery (T1135)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "Network Sniffing (T1040)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription": "Non-Application Layer Protocol (T1095)",
|
||||
|
|
@ -25378,8 +25372,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "Service Stop (T1489)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription": "Shared Modules (T1129)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "Shared Webroot (T1051)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "Signed Binary Proxy Execution (T1218)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "Signed Script Proxy Execution (T1216)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription": "Software Deployment Tools (T1072)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "Software Discovery (T1518)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "Source (T1153)",
|
||||
|
|
@ -25404,7 +25396,6 @@
|
|||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "Transfer Data to Cloud Account (T1537)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription": "Trusted Developer Utilities Proxy Execution (T1127)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "Trusted Relationship (T1199)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "Two-Factor Authentication Interception (T1111)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription": "Unsecured Credentials (T1552)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "Unused/Unsupported Cloud Regions (T1535)",
|
||||
"xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription": "Use Alternate Authentication Material (T1550)",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue