diff --git a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts index dbcbdfa3ca3bc..b30111b06bdcb 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts @@ -17,6 +17,79 @@ import type { MitreSubtechniquesOptions, } from './types'; +export const tactics = [ + { + name: 'Collection', + id: 'TA0009', + reference: 'https://attack.mitre.org/tactics/TA0009', + }, + { + name: 'Command and Control', + id: 'TA0011', + reference: 'https://attack.mitre.org/tactics/TA0011', + }, + { + name: 'Credential Access', + id: 'TA0006', + reference: 'https://attack.mitre.org/tactics/TA0006', + }, + { + name: 'Defense Evasion', + id: 'TA0005', + reference: 'https://attack.mitre.org/tactics/TA0005', + }, + { + name: 'Discovery', + id: 'TA0007', + reference: 'https://attack.mitre.org/tactics/TA0007', + }, + { + name: 'Execution', + id: 'TA0002', + reference: 'https://attack.mitre.org/tactics/TA0002', + }, + { + name: 'Exfiltration', + id: 'TA0010', + reference: 'https://attack.mitre.org/tactics/TA0010', + }, + { + name: 'Impact', + id: 'TA0040', + reference: 'https://attack.mitre.org/tactics/TA0040', + }, + { + name: 'Initial Access', + id: 'TA0001', + reference: 'https://attack.mitre.org/tactics/TA0001', + }, + { + name: 'Lateral Movement', + id: 'TA0008', + reference: 'https://attack.mitre.org/tactics/TA0008', + }, + { + name: 'Persistence', + id: 'TA0003', + reference: 'https://attack.mitre.org/tactics/TA0003', + }, + { + name: 'Privilege Escalation', + id: 'TA0004', + reference: 'https://attack.mitre.org/tactics/TA0004', + }, + { + name: 'Reconnaissance', + id: 'TA0043', + reference: 'https://attack.mitre.org/tactics/TA0043', + }, + { + name: 'Resource Development', + id: 'TA0042', + reference: 'https://attack.mitre.org/tactics/TA0042', + }, +]; + export const tacticsOptions: MitreTacticsOptions[] = [ { id: 'TA0009', @@ -160,3647 +233,8501 @@ export const tacticsOptions: MitreTacticsOptions[] = [ }, ]; -export const techniquesOptions: MitreTechniquesOptions[] = [ +export const technique = [ { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.abuseElevationControlMechanismDescription', - { defaultMessage: 'Abuse Elevation Control Mechanism (T1548)' } - ), - id: 'T1548', name: 'Abuse Elevation Control Mechanism', + id: 'T1548', reference: 'https://attack.mitre.org/techniques/T1548', - tactics: 'privilege-escalation,defense-evasion', - value: 'abuseElevationControlMechanism', + tactics: ['privilege-escalation', 'defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessTokenManipulationDescription', - { defaultMessage: 'Access Token Manipulation (T1134)' } - ), - id: 'T1134', name: 'Access Token Manipulation', + id: 'T1134', reference: 'https://attack.mitre.org/techniques/T1134', - tactics: 'defense-evasion,privilege-escalation', - value: 'accessTokenManipulation', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription', - { defaultMessage: 'Accessibility Features (T1015)' } - ), - id: 'T1015', name: 'Accessibility Features', + id: 'T1015', reference: 'https://attack.mitre.org/techniques/T1015', - tactics: 'persistence,privilege-escalation', - value: 'accessibilityFeatures', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription', - { defaultMessage: 'Account Access Removal (T1531)' } - ), - id: 'T1531', name: 'Account Access Removal', + id: 'T1531', reference: 'https://attack.mitre.org/techniques/T1531', - tactics: 'impact', - value: 'accountAccessRemoval', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountDiscoveryDescription', - { defaultMessage: 'Account Discovery (T1087)' } - ), - id: 'T1087', name: 'Account Discovery', + id: 'T1087', reference: 'https://attack.mitre.org/techniques/T1087', - tactics: 'discovery', - value: 'accountDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountManipulationDescription', - { defaultMessage: 'Account Manipulation (T1098)' } - ), - id: 'T1098', name: 'Account Manipulation', + id: 'T1098', reference: 'https://attack.mitre.org/techniques/T1098', - tactics: 'persistence', - value: 'accountManipulation', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.acquireInfrastructureDescription', - { defaultMessage: 'Acquire Infrastructure (T1583)' } - ), - id: 'T1583', name: 'Acquire Infrastructure', + id: 'T1583', reference: 'https://attack.mitre.org/techniques/T1583', - tactics: 'resource-development', - value: 'acquireInfrastructure', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.activeScanningDescription', - { defaultMessage: 'Active Scanning (T1595)' } - ), - id: 'T1595', name: 'Active Scanning', + id: 'T1595', reference: 'https://attack.mitre.org/techniques/T1595', - tactics: 'reconnaissance', - value: 'activeScanning', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.adversaryInTheMiddleDescription', - { defaultMessage: 'Adversary-in-the-Middle (T1557)' } - ), - id: 'T1557', name: 'Adversary-in-the-Middle', + id: 'T1557', reference: 'https://attack.mitre.org/techniques/T1557', - tactics: 'credential-access,collection', - value: 'adversaryInTheMiddle', + tactics: ['credential-access', 'collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription', - { defaultMessage: 'AppCert DLLs (T1182)' } - ), - id: 'T1182', name: 'AppCert DLLs', + id: 'T1182', reference: 'https://attack.mitre.org/techniques/T1182', - tactics: 'persistence,privilege-escalation', - value: 'appCertDlLs', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription', - { defaultMessage: 'AppInit DLLs (T1103)' } - ), - id: 'T1103', name: 'AppInit DLLs', + id: 'T1103', reference: 'https://attack.mitre.org/techniques/T1103', - tactics: 'persistence,privilege-escalation', - value: 'appInitDlLs', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription', - { defaultMessage: 'AppleScript (T1155)' } - ), - id: 'T1155', name: 'AppleScript', + id: 'T1155', reference: 'https://attack.mitre.org/techniques/T1155', - tactics: 'execution', - value: 'appleScript', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription', - { defaultMessage: 'Application Access Token (T1527)' } - ), - id: 'T1527', name: 'Application Access Token', + id: 'T1527', reference: 'https://attack.mitre.org/techniques/T1527', - tactics: 'defense-evasion,lateral-movement', - value: 'applicationAccessToken', + tactics: ['defense-evasion', 'lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription', - { defaultMessage: 'Application Deployment Software (T1017)' } - ), - id: 'T1017', name: 'Application Deployment Software', + id: 'T1017', reference: 'https://attack.mitre.org/techniques/T1017', - tactics: 'lateral-movement', - value: 'applicationDeploymentSoftware', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationLayerProtocolDescription', - { defaultMessage: 'Application Layer Protocol (T1071)' } - ), - id: 'T1071', name: 'Application Layer Protocol', + id: 'T1071', reference: 'https://attack.mitre.org/techniques/T1071', - tactics: 'command-and-control', - value: 'applicationLayerProtocol', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription', - { defaultMessage: 'Application Shimming (T1138)' } - ), - id: 'T1138', name: 'Application Shimming', + id: 'T1138', reference: 'https://attack.mitre.org/techniques/T1138', - tactics: 'persistence,privilege-escalation', - value: 'applicationShimming', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription', - { defaultMessage: 'Application Window Discovery (T1010)' } - ), - id: 'T1010', name: 'Application Window Discovery', + id: 'T1010', reference: 'https://attack.mitre.org/techniques/T1010', - tactics: 'discovery', - value: 'applicationWindowDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.archiveCollectedDataDescription', - { defaultMessage: 'Archive Collected Data (T1560)' } - ), - id: 'T1560', name: 'Archive Collected Data', + id: 'T1560', reference: 'https://attack.mitre.org/techniques/T1560', - tactics: 'collection', - value: 'archiveCollectedData', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription', - { defaultMessage: 'Audio Capture (T1123)' } - ), - id: 'T1123', name: 'Audio Capture', + id: 'T1123', reference: 'https://attack.mitre.org/techniques/T1123', - tactics: 'collection', - value: 'audioCapture', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription', - { defaultMessage: 'Authentication Package (T1131)' } - ), - id: 'T1131', name: 'Authentication Package', + id: 'T1131', reference: 'https://attack.mitre.org/techniques/T1131', - tactics: 'persistence', - value: 'authenticationPackage', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription', - { defaultMessage: 'Automated Collection (T1119)' } - ), - id: 'T1119', name: 'Automated Collection', + id: 'T1119', reference: 'https://attack.mitre.org/techniques/T1119', - tactics: 'collection', - value: 'automatedCollection', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedExfiltrationDescription', - { defaultMessage: 'Automated Exfiltration (T1020)' } - ), - id: 'T1020', name: 'Automated Exfiltration', + id: 'T1020', reference: 'https://attack.mitre.org/techniques/T1020', - tactics: 'exfiltration', - value: 'automatedExfiltration', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bitsJobsDescription', - { defaultMessage: 'BITS Jobs (T1197)' } - ), - id: 'T1197', name: 'BITS Jobs', + id: 'T1197', reference: 'https://attack.mitre.org/techniques/T1197', - tactics: 'defense-evasion,persistence', - value: 'bitsJobs', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription', - { defaultMessage: 'Bash History (T1139)' } - ), - id: 'T1139', name: 'Bash History', + id: 'T1139', reference: 'https://attack.mitre.org/techniques/T1139', - tactics: 'credential-access', - value: 'bashHistory', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription', - { defaultMessage: 'Binary Padding (T1009)' } - ), - id: 'T1009', name: 'Binary Padding', + id: 'T1009', reference: 'https://attack.mitre.org/techniques/T1009', - tactics: 'defense-evasion', - value: 'binaryPadding', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonAutostartExecutionDescription', - { defaultMessage: 'Boot or Logon Autostart Execution (T1547)' } - ), - id: 'T1547', name: 'Boot or Logon Autostart Execution', + id: 'T1547', reference: 'https://attack.mitre.org/techniques/T1547', - tactics: 'persistence,privilege-escalation', - value: 'bootOrLogonAutostartExecution', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonInitializationScriptsDescription', - { defaultMessage: 'Boot or Logon Initialization Scripts (T1037)' } - ), - id: 'T1037', name: 'Boot or Logon Initialization Scripts', + id: 'T1037', reference: 'https://attack.mitre.org/techniques/T1037', - tactics: 'persistence,privilege-escalation', - value: 'bootOrLogonInitializationScripts', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription', - { defaultMessage: 'Bootkit (T1067)' } - ), - id: 'T1067', name: 'Bootkit', + id: 'T1067', reference: 'https://attack.mitre.org/techniques/T1067', - tactics: 'persistence', - value: 'bootkit', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserBookmarkDiscoveryDescription', - { defaultMessage: 'Browser Bookmark Discovery (T1217)' } - ), - id: 'T1217', name: 'Browser Bookmark Discovery', + id: 'T1217', reference: 'https://attack.mitre.org/techniques/T1217', - tactics: 'discovery', - value: 'browserBookmarkDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserExtensionsDescription', - { defaultMessage: 'Browser Extensions (T1176)' } - ), - id: 'T1176', name: 'Browser Extensions', + id: 'T1176', reference: 'https://attack.mitre.org/techniques/T1176', - tactics: 'persistence', - value: 'browserExtensions', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserSessionHijackingDescription', - { defaultMessage: 'Browser Session Hijacking (T1185)' } - ), - id: 'T1185', name: 'Browser Session Hijacking', + id: 'T1185', reference: 'https://attack.mitre.org/techniques/T1185', - tactics: 'collection', - value: 'browserSessionHijacking', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bruteForceDescription', - { defaultMessage: 'Brute Force (T1110)' } - ), - id: 'T1110', name: 'Brute Force', + id: 'T1110', reference: 'https://attack.mitre.org/techniques/T1110', - tactics: 'credential-access', - value: 'bruteForce', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.buildImageOnHostDescription', - { defaultMessage: 'Build Image on Host (T1612)' } - ), - id: 'T1612', name: 'Build Image on Host', + id: 'T1612', reference: 'https://attack.mitre.org/techniques/T1612', - tactics: 'defense-evasion', - value: 'buildImageOnHost', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription', - { defaultMessage: 'Bypass User Account Control (T1088)' } - ), - id: 'T1088', name: 'Bypass User Account Control', + id: 'T1088', reference: 'https://attack.mitre.org/techniques/T1088', - tactics: 'defense-evasion,privilege-escalation', - value: 'bypassUserAccountControl', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription', - { defaultMessage: 'CMSTP (T1191)' } - ), - id: 'T1191', name: 'CMSTP', + id: 'T1191', reference: 'https://attack.mitre.org/techniques/T1191', - tactics: 'defense-evasion,execution', - value: 'cmstp', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription', - { defaultMessage: 'Change Default File Association (T1042)' } - ), - id: 'T1042', name: 'Change Default File Association', + id: 'T1042', reference: 'https://attack.mitre.org/techniques/T1042', - tactics: 'persistence', - value: 'changeDefaultFileAssociation', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription', - { defaultMessage: 'Clear Command History (T1146)' } - ), - id: 'T1146', name: 'Clear Command History', + id: 'T1146', reference: 'https://attack.mitre.org/techniques/T1146', - tactics: 'defense-evasion', - value: 'clearCommandHistory', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription', - { defaultMessage: 'Clipboard Data (T1115)' } - ), - id: 'T1115', name: 'Clipboard Data', + id: 'T1115', reference: 'https://attack.mitre.org/techniques/T1115', - tactics: 'collection', - value: 'clipboardData', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInfrastructureDiscoveryDescription', - { defaultMessage: 'Cloud Infrastructure Discovery (T1580)' } - ), - id: 'T1580', name: 'Cloud Infrastructure Discovery', + id: 'T1580', reference: 'https://attack.mitre.org/techniques/T1580', - tactics: 'discovery', - value: 'cloudInfrastructureDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription', - { defaultMessage: 'Cloud Instance Metadata API (T1522)' } - ), - id: 'T1522', name: 'Cloud Instance Metadata API', + id: 'T1522', reference: 'https://attack.mitre.org/techniques/T1522', - tactics: 'credential-access', - value: 'cloudInstanceMetadataApi', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription', - { defaultMessage: 'Cloud Service Dashboard (T1538)' } - ), - id: 'T1538', name: 'Cloud Service Dashboard', + id: 'T1538', reference: 'https://attack.mitre.org/techniques/T1538', - tactics: 'discovery', - value: 'cloudServiceDashboard', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDiscoveryDescription', - { defaultMessage: 'Cloud Service Discovery (T1526)' } - ), - id: 'T1526', name: 'Cloud Service Discovery', + id: 'T1526', reference: 'https://attack.mitre.org/techniques/T1526', - tactics: 'discovery', - value: 'cloudServiceDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudStorageObjectDiscoveryDescription', - { defaultMessage: 'Cloud Storage Object Discovery (T1619)' } - ), - id: 'T1619', name: 'Cloud Storage Object Discovery', + id: 'T1619', reference: 'https://attack.mitre.org/techniques/T1619', - tactics: 'discovery', - value: 'cloudStorageObjectDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription', - { defaultMessage: 'Code Signing (T1116)' } - ), - id: 'T1116', name: 'Code Signing', + id: 'T1116', reference: 'https://attack.mitre.org/techniques/T1116', - tactics: 'defense-evasion', - value: 'codeSigning', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandAndScriptingInterpreterDescription', - { defaultMessage: 'Command and Scripting Interpreter (T1059)' } - ), - id: 'T1059', name: 'Command and Scripting Interpreter', + id: 'T1059', reference: 'https://attack.mitre.org/techniques/T1059', - tactics: 'execution', - value: 'commandAndScriptingInterpreter', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commonlyUsedPortDescription', - { defaultMessage: 'Commonly Used Port (T1043)' } - ), - id: 'T1043', name: 'Commonly Used Port', + id: 'T1043', reference: 'https://attack.mitre.org/techniques/T1043', - tactics: 'command-and-control', - value: 'commonlyUsedPort', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.communicationThroughRemovableMediaDescription', - { defaultMessage: 'Communication Through Removable Media (T1092)' } - ), - id: 'T1092', name: 'Communication Through Removable Media', + id: 'T1092', reference: 'https://attack.mitre.org/techniques/T1092', - tactics: 'command-and-control', - value: 'communicationThroughRemovableMedia', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription', - { defaultMessage: 'Compile After Delivery (T1500)' } - ), - id: 'T1500', name: 'Compile After Delivery', + id: 'T1500', reference: 'https://attack.mitre.org/techniques/T1500', - tactics: 'defense-evasion', - value: 'compileAfterDelivery', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription', - { defaultMessage: 'Compiled HTML File (T1223)' } - ), - id: 'T1223', name: 'Compiled HTML File', + id: 'T1223', reference: 'https://attack.mitre.org/techniques/T1223', - tactics: 'defense-evasion,execution', - value: 'compiledHtmlFile', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription', - { defaultMessage: 'Component Firmware (T1109)' } - ), - id: 'T1109', name: 'Component Firmware', + id: 'T1109', reference: 'https://attack.mitre.org/techniques/T1109', - tactics: 'defense-evasion,persistence', - value: 'componentFirmware', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription', - { defaultMessage: 'Component Object Model Hijacking (T1122)' } - ), - id: 'T1122', name: 'Component Object Model Hijacking', + id: 'T1122', reference: 'https://attack.mitre.org/techniques/T1122', - tactics: 'defense-evasion,persistence', - value: 'componentObjectModelHijacking', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription', - { defaultMessage: 'Component Object Model and Distributed COM (T1175)' } - ), - id: 'T1175', name: 'Component Object Model and Distributed COM', + id: 'T1175', reference: 'https://attack.mitre.org/techniques/T1175', - tactics: 'lateral-movement,execution', - value: 'componentObjectModelAndDistributedCom', + tactics: ['lateral-movement', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseAccountsDescription', - { defaultMessage: 'Compromise Accounts (T1586)' } - ), - id: 'T1586', name: 'Compromise Accounts', + id: 'T1586', reference: 'https://attack.mitre.org/techniques/T1586', - tactics: 'resource-development', - value: 'compromiseAccounts', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseClientSoftwareBinaryDescription', - { defaultMessage: 'Compromise Client Software Binary (T1554)' } - ), - id: 'T1554', name: 'Compromise Client Software Binary', + id: 'T1554', reference: 'https://attack.mitre.org/techniques/T1554', - tactics: 'persistence', - value: 'compromiseClientSoftwareBinary', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseInfrastructureDescription', - { defaultMessage: 'Compromise Infrastructure (T1584)' } - ), - id: 'T1584', name: 'Compromise Infrastructure', + id: 'T1584', reference: 'https://attack.mitre.org/techniques/T1584', - tactics: 'resource-development', - value: 'compromiseInfrastructure', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAdministrationCommandDescription', - { defaultMessage: 'Container Administration Command (T1609)' } - ), - id: 'T1609', name: 'Container Administration Command', + id: 'T1609', reference: 'https://attack.mitre.org/techniques/T1609', - tactics: 'execution', - value: 'containerAdministrationCommand', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAndResourceDiscoveryDescription', - { defaultMessage: 'Container and Resource Discovery (T1613)' } - ), - id: 'T1613', name: 'Container and Resource Discovery', + id: 'T1613', reference: 'https://attack.mitre.org/techniques/T1613', - tactics: 'discovery', - value: 'containerAndResourceDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription', - { defaultMessage: 'Control Panel Items (T1196)' } - ), - id: 'T1196', name: 'Control Panel Items', + id: 'T1196', reference: 'https://attack.mitre.org/techniques/T1196', - tactics: 'defense-evasion,execution', - value: 'controlPanelItems', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', - { defaultMessage: 'Create Account (T1136)' } - ), - id: 'T1136', name: 'Create Account', + id: 'T1136', reference: 'https://attack.mitre.org/techniques/T1136', - tactics: 'persistence', - value: 'createAccount', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createOrModifySystemProcessDescription', - { defaultMessage: 'Create or Modify System Process (T1543)' } - ), - id: 'T1543', name: 'Create or Modify System Process', + id: 'T1543', reference: 'https://attack.mitre.org/techniques/T1543', - tactics: 'persistence,privilege-escalation', - value: 'createOrModifySystemProcess', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromPasswordStoresDescription', - { defaultMessage: 'Credentials from Password Stores (T1555)' } - ), - id: 'T1555', name: 'Credentials from Password Stores', + id: 'T1555', reference: 'https://attack.mitre.org/techniques/T1555', - tactics: 'credential-access', - value: 'credentialsFromPasswordStores', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription', - { defaultMessage: 'Credentials from Web Browsers (T1503)' } - ), - id: 'T1503', name: 'Credentials from Web Browsers', + id: 'T1503', reference: 'https://attack.mitre.org/techniques/T1503', - tactics: 'credential-access', - value: 'credentialsFromWebBrowsers', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription', - { defaultMessage: 'Credentials in Files (T1081)' } - ), - id: 'T1081', name: 'Credentials in Files', + id: 'T1081', reference: 'https://attack.mitre.org/techniques/T1081', - tactics: 'credential-access', - value: 'credentialsInFiles', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription', - { defaultMessage: 'Credentials in Registry (T1214)' } - ), - id: 'T1214', name: 'Credentials in Registry', + id: 'T1214', reference: 'https://attack.mitre.org/techniques/T1214', - tactics: 'credential-access', - value: 'credentialsInRegistry', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription', - { defaultMessage: 'Custom Command and Control Protocol (T1094)' } - ), - id: 'T1094', name: 'Custom Command and Control Protocol', + id: 'T1094', reference: 'https://attack.mitre.org/techniques/T1094', - tactics: 'command-and-control', - value: 'customCommandAndControlProtocol', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription', - { defaultMessage: 'Custom Cryptographic Protocol (T1024)' } - ), - id: 'T1024', name: 'Custom Cryptographic Protocol', + id: 'T1024', reference: 'https://attack.mitre.org/techniques/T1024', - tactics: 'command-and-control', - value: 'customCryptographicProtocol', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription', - { defaultMessage: 'DLL Search Order Hijacking (T1038)' } - ), - id: 'T1038', name: 'DLL Search Order Hijacking', + id: 'T1038', reference: 'https://attack.mitre.org/techniques/T1038', - tactics: 'persistence,privilege-escalation,defense-evasion', - value: 'dllSearchOrderHijacking', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription', - { defaultMessage: 'DLL Side-Loading (T1073)' } - ), - id: 'T1073', name: 'DLL Side-Loading', + id: 'T1073', reference: 'https://attack.mitre.org/techniques/T1073', - tactics: 'defense-evasion', - value: 'dllSideLoading', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription', - { defaultMessage: 'Data Compressed (T1002)' } - ), - id: 'T1002', name: 'Data Compressed', + id: 'T1002', reference: 'https://attack.mitre.org/techniques/T1002', - tactics: 'exfiltration', - value: 'dataCompressed', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription', - { defaultMessage: 'Data Destruction (T1485)' } - ), - id: 'T1485', name: 'Data Destruction', + id: 'T1485', reference: 'https://attack.mitre.org/techniques/T1485', - tactics: 'impact', - value: 'dataDestruction', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription', - { defaultMessage: 'Data Encoding (T1132)' } - ), - id: 'T1132', name: 'Data Encoding', + id: 'T1132', reference: 'https://attack.mitre.org/techniques/T1132', - tactics: 'command-and-control', - value: 'dataEncoding', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription', - { defaultMessage: 'Data Encrypted (T1022)' } - ), - id: 'T1022', name: 'Data Encrypted', + id: 'T1022', reference: 'https://attack.mitre.org/techniques/T1022', - tactics: 'exfiltration', - value: 'dataEncrypted', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription', - { defaultMessage: 'Data Encrypted for Impact (T1486)' } - ), - id: 'T1486', name: 'Data Encrypted for Impact', + id: 'T1486', reference: 'https://attack.mitre.org/techniques/T1486', - tactics: 'impact', - value: 'dataEncryptedForImpact', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataManipulationDescription', - { defaultMessage: 'Data Manipulation (T1565)' } - ), - id: 'T1565', name: 'Data Manipulation', + id: 'T1565', reference: 'https://attack.mitre.org/techniques/T1565', - tactics: 'impact', - value: 'dataManipulation', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription', - { defaultMessage: 'Data Obfuscation (T1001)' } - ), - id: 'T1001', name: 'Data Obfuscation', + id: 'T1001', reference: 'https://attack.mitre.org/techniques/T1001', - tactics: 'command-and-control', - value: 'dataObfuscation', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataStagedDescription', - { defaultMessage: 'Data Staged (T1074)' } - ), - id: 'T1074', name: 'Data Staged', + id: 'T1074', reference: 'https://attack.mitre.org/techniques/T1074', - tactics: 'collection', - value: 'dataStaged', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataTransferSizeLimitsDescription', - { defaultMessage: 'Data Transfer Size Limits (T1030)' } - ), - id: 'T1030', name: 'Data Transfer Size Limits', + id: 'T1030', reference: 'https://attack.mitre.org/techniques/T1030', - tactics: 'exfiltration', - value: 'dataTransferSizeLimits', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription', - { defaultMessage: 'Data from Cloud Storage Object (T1530)' } - ), + name: 'Data from Cloud Storage', id: 'T1530', - name: 'Data from Cloud Storage Object', reference: 'https://attack.mitre.org/techniques/T1530', - tactics: 'collection', - value: 'dataFromCloudStorageObject', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription', - { defaultMessage: 'Data from Configuration Repository (T1602)' } - ), - id: 'T1602', name: 'Data from Configuration Repository', + id: 'T1602', reference: 'https://attack.mitre.org/techniques/T1602', - tactics: 'collection', - value: 'dataFromConfigurationRepository', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription', - { defaultMessage: 'Data from Information Repositories (T1213)' } - ), - id: 'T1213', name: 'Data from Information Repositories', + id: 'T1213', reference: 'https://attack.mitre.org/techniques/T1213', - tactics: 'collection', - value: 'dataFromInformationRepositories', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription', - { defaultMessage: 'Data from Local System (T1005)' } - ), - id: 'T1005', name: 'Data from Local System', + id: 'T1005', reference: 'https://attack.mitre.org/techniques/T1005', - tactics: 'collection', - value: 'dataFromLocalSystem', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromNetworkSharedDriveDescription', - { defaultMessage: 'Data from Network Shared Drive (T1039)' } - ), - id: 'T1039', name: 'Data from Network Shared Drive', + id: 'T1039', reference: 'https://attack.mitre.org/techniques/T1039', - tactics: 'collection', - value: 'dataFromNetworkSharedDrive', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromRemovableMediaDescription', - { defaultMessage: 'Data from Removable Media (T1025)' } - ), - id: 'T1025', name: 'Data from Removable Media', + id: 'T1025', reference: 'https://attack.mitre.org/techniques/T1025', - tactics: 'collection', - value: 'dataFromRemovableMedia', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.debuggerEvasionDescription', - { defaultMessage: 'Debugger Evasion (T1622)' } - ), - id: 'T1622', name: 'Debugger Evasion', + id: 'T1622', reference: 'https://attack.mitre.org/techniques/T1622', - tactics: 'defense-evasion,discovery', - value: 'debuggerEvasion', + tactics: ['defense-evasion', 'discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription', - { defaultMessage: 'Defacement (T1491)' } - ), - id: 'T1491', name: 'Defacement', + id: 'T1491', reference: 'https://attack.mitre.org/techniques/T1491', - tactics: 'impact', - value: 'defacement', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.deobfuscateDecodeFilesOrInformationDescription', - { defaultMessage: 'Deobfuscate/Decode Files or Information (T1140)' } - ), - id: 'T1140', name: 'Deobfuscate/Decode Files or Information', + id: 'T1140', reference: 'https://attack.mitre.org/techniques/T1140', - tactics: 'defense-evasion', - value: 'deobfuscateDecodeFilesOrInformation', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.deployContainerDescription', - { defaultMessage: 'Deploy Container (T1610)' } - ), - id: 'T1610', name: 'Deploy Container', + id: 'T1610', reference: 'https://attack.mitre.org/techniques/T1610', - tactics: 'defense-evasion,execution', - value: 'deployContainer', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.developCapabilitiesDescription', - { defaultMessage: 'Develop Capabilities (T1587)' } - ), - id: 'T1587', name: 'Develop Capabilities', + id: 'T1587', reference: 'https://attack.mitre.org/techniques/T1587', - tactics: 'resource-development', - value: 'developCapabilities', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.directVolumeAccessDescription', - { defaultMessage: 'Direct Volume Access (T1006)' } - ), - id: 'T1006', name: 'Direct Volume Access', + id: 'T1006', reference: 'https://attack.mitre.org/techniques/T1006', - tactics: 'defense-evasion', - value: 'directVolumeAccess', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription', - { defaultMessage: 'Disabling Security Tools (T1089)' } - ), - id: 'T1089', name: 'Disabling Security Tools', + id: 'T1089', reference: 'https://attack.mitre.org/techniques/T1089', - tactics: 'defense-evasion', - value: 'disablingSecurityTools', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription', - { defaultMessage: 'Disk Content Wipe (T1488)' } - ), - id: 'T1488', name: 'Disk Content Wipe', + id: 'T1488', reference: 'https://attack.mitre.org/techniques/T1488', - tactics: 'impact', - value: 'diskContentWipe', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription', - { defaultMessage: 'Disk Structure Wipe (T1487)' } - ), - id: 'T1487', name: 'Disk Structure Wipe', + id: 'T1487', reference: 'https://attack.mitre.org/techniques/T1487', - tactics: 'impact', - value: 'diskStructureWipe', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskWipeDescription', - { defaultMessage: 'Disk Wipe (T1561)' } - ), - id: 'T1561', name: 'Disk Wipe', + id: 'T1561', reference: 'https://attack.mitre.org/techniques/T1561', - tactics: 'impact', - value: 'diskWipe', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription', - { defaultMessage: 'Domain Fronting (T1172)' } - ), - id: 'T1172', name: 'Domain Fronting', + id: 'T1172', reference: 'https://attack.mitre.org/techniques/T1172', - tactics: 'command-and-control', - value: 'domainFronting', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription', - { defaultMessage: 'Domain Generation Algorithms (T1483)' } - ), - id: 'T1483', name: 'Domain Generation Algorithms', + id: 'T1483', reference: 'https://attack.mitre.org/techniques/T1483', - tactics: 'command-and-control', - value: 'domainGenerationAlgorithms', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription', - { defaultMessage: 'Domain Policy Modification (T1484)' } - ), - id: 'T1484', name: 'Domain Policy Modification', + id: 'T1484', reference: 'https://attack.mitre.org/techniques/T1484', - tactics: 'defense-evasion,privilege-escalation', - value: 'domainPolicyModification', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription', - { defaultMessage: 'Domain Trust Discovery (T1482)' } - ), - id: 'T1482', name: 'Domain Trust Discovery', + id: 'T1482', reference: 'https://attack.mitre.org/techniques/T1482', - tactics: 'discovery', - value: 'domainTrustDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.driveByCompromiseDescription', - { defaultMessage: 'Drive-by Compromise (T1189)' } - ), - id: 'T1189', name: 'Drive-by Compromise', + id: 'T1189', reference: 'https://attack.mitre.org/techniques/T1189', - tactics: 'initial-access', - value: 'driveByCompromise', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription', - { defaultMessage: 'Dylib Hijacking (T1157)' } - ), - id: 'T1157', name: 'Dylib Hijacking', + id: 'T1157', reference: 'https://attack.mitre.org/techniques/T1157', - tactics: 'persistence,privilege-escalation', - value: 'dylibHijacking', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription', - { defaultMessage: 'Dynamic Data Exchange (T1173)' } - ), - id: 'T1173', name: 'Dynamic Data Exchange', + id: 'T1173', reference: 'https://attack.mitre.org/techniques/T1173', - tactics: 'execution', - value: 'dynamicDataExchange', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicResolutionDescription', - { defaultMessage: 'Dynamic Resolution (T1568)' } - ), - id: 'T1568', name: 'Dynamic Resolution', + id: 'T1568', reference: 'https://attack.mitre.org/techniques/T1568', - tactics: 'command-and-control', - value: 'dynamicResolution', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription', - { defaultMessage: 'Elevated Execution with Prompt (T1514)' } - ), - id: 'T1514', name: 'Elevated Execution with Prompt', + id: 'T1514', reference: 'https://attack.mitre.org/techniques/T1514', - tactics: 'privilege-escalation', - value: 'elevatedExecutionWithPrompt', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription', - { defaultMessage: 'Email Collection (T1114)' } - ), - id: 'T1114', name: 'Email Collection', + id: 'T1114', reference: 'https://attack.mitre.org/techniques/T1114', - tactics: 'collection', - value: 'emailCollection', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription', - { defaultMessage: 'Emond (T1519)' } - ), - id: 'T1519', name: 'Emond', + id: 'T1519', reference: 'https://attack.mitre.org/techniques/T1519', - tactics: 'persistence,privilege-escalation', - value: 'emond', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.encryptedChannelDescription', - { defaultMessage: 'Encrypted Channel (T1573)' } - ), - id: 'T1573', name: 'Encrypted Channel', + id: 'T1573', reference: 'https://attack.mitre.org/techniques/T1573', - tactics: 'command-and-control', - value: 'encryptedChannel', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.endpointDenialOfServiceDescription', - { defaultMessage: 'Endpoint Denial of Service (T1499)' } - ), - id: 'T1499', name: 'Endpoint Denial of Service', + id: 'T1499', reference: 'https://attack.mitre.org/techniques/T1499', - tactics: 'impact', - value: 'endpointDenialOfService', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.escapeToHostDescription', - { defaultMessage: 'Escape to Host (T1611)' } - ), - id: 'T1611', name: 'Escape to Host', + id: 'T1611', reference: 'https://attack.mitre.org/techniques/T1611', - tactics: 'privilege-escalation', - value: 'escapeToHost', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.establishAccountsDescription', - { defaultMessage: 'Establish Accounts (T1585)' } - ), - id: 'T1585', name: 'Establish Accounts', + id: 'T1585', reference: 'https://attack.mitre.org/techniques/T1585', - tactics: 'resource-development', - value: 'establishAccounts', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.eventTriggeredExecutionDescription', - { defaultMessage: 'Event Triggered Execution (T1546)' } - ), - id: 'T1546', name: 'Event Triggered Execution', + id: 'T1546', reference: 'https://attack.mitre.org/techniques/T1546', - tactics: 'privilege-escalation,persistence', - value: 'eventTriggeredExecution', + tactics: ['privilege-escalation', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription', - { defaultMessage: 'Execution Guardrails (T1480)' } - ), - id: 'T1480', name: 'Execution Guardrails', + id: 'T1480', reference: 'https://attack.mitre.org/techniques/T1480', - tactics: 'defense-evasion', - value: 'executionGuardrails', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverAlternativeProtocolDescription', - { defaultMessage: 'Exfiltration Over Alternative Protocol (T1048)' } - ), - id: 'T1048', name: 'Exfiltration Over Alternative Protocol', + id: 'T1048', reference: 'https://attack.mitre.org/techniques/T1048', - tactics: 'exfiltration', - value: 'exfiltrationOverAlternativeProtocol', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverC2ChannelDescription', - { defaultMessage: 'Exfiltration Over C2 Channel (T1041)' } - ), - id: 'T1041', name: 'Exfiltration Over C2 Channel', + id: 'T1041', reference: 'https://attack.mitre.org/techniques/T1041', - tactics: 'exfiltration', - value: 'exfiltrationOverC2Channel', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverOtherNetworkMediumDescription', - { defaultMessage: 'Exfiltration Over Other Network Medium (T1011)' } - ), - id: 'T1011', name: 'Exfiltration Over Other Network Medium', + id: 'T1011', reference: 'https://attack.mitre.org/techniques/T1011', - tactics: 'exfiltration', - value: 'exfiltrationOverOtherNetworkMedium', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverPhysicalMediumDescription', - { defaultMessage: 'Exfiltration Over Physical Medium (T1052)' } - ), - id: 'T1052', name: 'Exfiltration Over Physical Medium', + id: 'T1052', reference: 'https://attack.mitre.org/techniques/T1052', - tactics: 'exfiltration', - value: 'exfiltrationOverPhysicalMedium', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverWebServiceDescription', - { defaultMessage: 'Exfiltration Over Web Service (T1567)' } - ), - id: 'T1567', name: 'Exfiltration Over Web Service', + id: 'T1567', reference: 'https://attack.mitre.org/techniques/T1567', - tactics: 'exfiltration', - value: 'exfiltrationOverWebService', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription', - { defaultMessage: 'Exploit Public-Facing Application (T1190)' } - ), - id: 'T1190', name: 'Exploit Public-Facing Application', + id: 'T1190', reference: 'https://attack.mitre.org/techniques/T1190', - tactics: 'initial-access', - value: 'exploitPublicFacingApplication', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForClientExecutionDescription', - { defaultMessage: 'Exploitation for Client Execution (T1203)' } - ), - id: 'T1203', name: 'Exploitation for Client Execution', + id: 'T1203', reference: 'https://attack.mitre.org/techniques/T1203', - tactics: 'execution', - value: 'exploitationForClientExecution', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForCredentialAccessDescription', - { defaultMessage: 'Exploitation for Credential Access (T1212)' } - ), - id: 'T1212', name: 'Exploitation for Credential Access', + id: 'T1212', reference: 'https://attack.mitre.org/techniques/T1212', - tactics: 'credential-access', - value: 'exploitationForCredentialAccess', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForDefenseEvasionDescription', - { defaultMessage: 'Exploitation for Defense Evasion (T1211)' } - ), - id: 'T1211', name: 'Exploitation for Defense Evasion', + id: 'T1211', reference: 'https://attack.mitre.org/techniques/T1211', - tactics: 'defense-evasion', - value: 'exploitationForDefenseEvasion', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForPrivilegeEscalationDescription', - { defaultMessage: 'Exploitation for Privilege Escalation (T1068)' } - ), - id: 'T1068', name: 'Exploitation for Privilege Escalation', + id: 'T1068', reference: 'https://attack.mitre.org/techniques/T1068', - tactics: 'privilege-escalation', - value: 'exploitationForPrivilegeEscalation', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationOfRemoteServicesDescription', - { defaultMessage: 'Exploitation of Remote Services (T1210)' } - ), - id: 'T1210', name: 'Exploitation of Remote Services', + id: 'T1210', reference: 'https://attack.mitre.org/techniques/T1210', - tactics: 'lateral-movement', - value: 'exploitationOfRemoteServices', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.externalRemoteServicesDescription', - { defaultMessage: 'External Remote Services (T1133)' } - ), - id: 'T1133', name: 'External Remote Services', + id: 'T1133', reference: 'https://attack.mitre.org/techniques/T1133', - tactics: 'persistence,initial-access', - value: 'externalRemoteServices', + tactics: ['persistence', 'initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription', - { defaultMessage: 'Extra Window Memory Injection (T1181)' } - ), - id: 'T1181', name: 'Extra Window Memory Injection', + id: 'T1181', reference: 'https://attack.mitre.org/techniques/T1181', - tactics: 'defense-evasion,privilege-escalation', - value: 'extraWindowMemoryInjection', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription', - { defaultMessage: 'Fallback Channels (T1008)' } - ), - id: 'T1008', name: 'Fallback Channels', + id: 'T1008', reference: 'https://attack.mitre.org/techniques/T1008', - tactics: 'command-and-control', - value: 'fallbackChannels', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription', - { defaultMessage: 'File Deletion (T1107)' } - ), - id: 'T1107', name: 'File Deletion', + id: 'T1107', reference: 'https://attack.mitre.org/techniques/T1107', - tactics: 'defense-evasion', - value: 'fileDeletion', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription', - { defaultMessage: 'File System Permissions Weakness (T1044)' } - ), - id: 'T1044', name: 'File System Permissions Weakness', + id: 'T1044', reference: 'https://attack.mitre.org/techniques/T1044', - tactics: 'persistence,privilege-escalation', - value: 'fileSystemPermissionsWeakness', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription', - { defaultMessage: 'File and Directory Discovery (T1083)' } - ), - id: 'T1083', name: 'File and Directory Discovery', + id: 'T1083', reference: 'https://attack.mitre.org/techniques/T1083', - tactics: 'discovery', - value: 'fileAndDirectoryDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryPermissionsModificationDescription', - { defaultMessage: 'File and Directory Permissions Modification (T1222)' } - ), - id: 'T1222', name: 'File and Directory Permissions Modification', + id: 'T1222', reference: 'https://attack.mitre.org/techniques/T1222', - tactics: 'defense-evasion', - value: 'fileAndDirectoryPermissionsModification', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription', - { defaultMessage: 'Firmware Corruption (T1495)' } - ), - id: 'T1495', name: 'Firmware Corruption', + id: 'T1495', reference: 'https://attack.mitre.org/techniques/T1495', - tactics: 'impact', - value: 'firmwareCorruption', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.forcedAuthenticationDescription', - { defaultMessage: 'Forced Authentication (T1187)' } - ), - id: 'T1187', name: 'Forced Authentication', + id: 'T1187', reference: 'https://attack.mitre.org/techniques/T1187', - tactics: 'credential-access', - value: 'forcedAuthentication', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.forgeWebCredentialsDescription', - { defaultMessage: 'Forge Web Credentials (T1606)' } - ), - id: 'T1606', name: 'Forge Web Credentials', + id: 'T1606', reference: 'https://attack.mitre.org/techniques/T1606', - tactics: 'credential-access', - value: 'forgeWebCredentials', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription', - { defaultMessage: 'Gatekeeper Bypass (T1144)' } - ), - id: 'T1144', name: 'Gatekeeper Bypass', + id: 'T1144', reference: 'https://attack.mitre.org/techniques/T1144', - tactics: 'defense-evasion', - value: 'gatekeeperBypass', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimHostInformationDescription', - { defaultMessage: 'Gather Victim Host Information (T1592)' } - ), - id: 'T1592', name: 'Gather Victim Host Information', + id: 'T1592', reference: 'https://attack.mitre.org/techniques/T1592', - tactics: 'reconnaissance', - value: 'gatherVictimHostInformation', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimIdentityInformationDescription', - { defaultMessage: 'Gather Victim Identity Information (T1589)' } - ), - id: 'T1589', name: 'Gather Victim Identity Information', + id: 'T1589', reference: 'https://attack.mitre.org/techniques/T1589', - tactics: 'reconnaissance', - value: 'gatherVictimIdentityInformation', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimNetworkInformationDescription', - { defaultMessage: 'Gather Victim Network Information (T1590)' } - ), - id: 'T1590', name: 'Gather Victim Network Information', + id: 'T1590', reference: 'https://attack.mitre.org/techniques/T1590', - tactics: 'reconnaissance', - value: 'gatherVictimNetworkInformation', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimOrgInformationDescription', - { defaultMessage: 'Gather Victim Org Information (T1591)' } - ), - id: 'T1591', name: 'Gather Victim Org Information', + id: 'T1591', reference: 'https://attack.mitre.org/techniques/T1591', - tactics: 'reconnaissance', - value: 'gatherVictimOrgInformation', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.graphicalUserInterfaceDescription', - { defaultMessage: 'Graphical User Interface (T1061)' } - ), - id: 'T1061', name: 'Graphical User Interface', + id: 'T1061', reference: 'https://attack.mitre.org/techniques/T1061', - tactics: 'execution', - value: 'graphicalUserInterface', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyDiscoveryDescription', - { defaultMessage: 'Group Policy Discovery (T1615)' } - ), - id: 'T1615', name: 'Group Policy Discovery', + id: 'T1615', reference: 'https://attack.mitre.org/techniques/T1615', - tactics: 'discovery', - value: 'groupPolicyDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription', - { defaultMessage: 'HISTCONTROL (T1148)' } - ), - id: 'T1148', name: 'HISTCONTROL', + id: 'T1148', reference: 'https://attack.mitre.org/techniques/T1148', - tactics: 'defense-evasion', - value: 'histcontrol', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription', - { defaultMessage: 'Hardware Additions (T1200)' } - ), - id: 'T1200', name: 'Hardware Additions', + id: 'T1200', reference: 'https://attack.mitre.org/techniques/T1200', - tactics: 'initial-access', - value: 'hardwareAdditions', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription', - { defaultMessage: 'Hidden Files and Directories (T1158)' } - ), - id: 'T1158', name: 'Hidden Files and Directories', + id: 'T1158', reference: 'https://attack.mitre.org/techniques/T1158', - tactics: 'defense-evasion,persistence', - value: 'hiddenFilesAndDirectories', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription', - { defaultMessage: 'Hidden Users (T1147)' } - ), - id: 'T1147', name: 'Hidden Users', + id: 'T1147', reference: 'https://attack.mitre.org/techniques/T1147', - tactics: 'defense-evasion', - value: 'hiddenUsers', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription', - { defaultMessage: 'Hidden Window (T1143)' } - ), - id: 'T1143', name: 'Hidden Window', + id: 'T1143', reference: 'https://attack.mitre.org/techniques/T1143', - tactics: 'defense-evasion', - value: 'hiddenWindow', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hideArtifactsDescription', - { defaultMessage: 'Hide Artifacts (T1564)' } - ), - id: 'T1564', name: 'Hide Artifacts', + id: 'T1564', reference: 'https://attack.mitre.org/techniques/T1564', - tactics: 'defense-evasion', - value: 'hideArtifacts', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hijackExecutionFlowDescription', - { defaultMessage: 'Hijack Execution Flow (T1574)' } - ), - id: 'T1574', name: 'Hijack Execution Flow', + id: 'T1574', reference: 'https://attack.mitre.org/techniques/T1574', - tactics: 'persistence,privilege-escalation,defense-evasion', - value: 'hijackExecutionFlow', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription', - { defaultMessage: 'Hooking (T1179)' } - ), - id: 'T1179', name: 'Hooking', + id: 'T1179', reference: 'https://attack.mitre.org/techniques/T1179', - tactics: 'persistence,privilege-escalation,credential-access', - value: 'hooking', + tactics: ['persistence', 'privilege-escalation', 'credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hypervisorDescription', - { defaultMessage: 'Hypervisor (T1062)' } - ), - id: 'T1062', name: 'Hypervisor', + id: 'T1062', reference: 'https://attack.mitre.org/techniques/T1062', - tactics: 'persistence', - value: 'hypervisor', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription', - { defaultMessage: 'Image File Execution Options Injection (T1183)' } - ), - id: 'T1183', name: 'Image File Execution Options Injection', + id: 'T1183', reference: 'https://attack.mitre.org/techniques/T1183', - tactics: 'privilege-escalation,persistence,defense-evasion', - value: 'imageFileExecutionOptionsInjection', + tactics: ['privilege-escalation', 'persistence', 'defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.impairDefensesDescription', - { defaultMessage: 'Impair Defenses (T1562)' } - ), - id: 'T1562', name: 'Impair Defenses', + id: 'T1562', reference: 'https://attack.mitre.org/techniques/T1562', - tactics: 'defense-evasion', - value: 'impairDefenses', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription', - { defaultMessage: 'Implant Internal Image (T1525)' } - ), - id: 'T1525', name: 'Implant Internal Image', + id: 'T1525', reference: 'https://attack.mitre.org/techniques/T1525', - tactics: 'persistence', - value: 'implantInternalImage', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription', - { defaultMessage: 'Indicator Blocking (T1054)' } - ), - id: 'T1054', name: 'Indicator Blocking', + id: 'T1054', reference: 'https://attack.mitre.org/techniques/T1054', - tactics: 'defense-evasion', - value: 'indicatorBlocking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription', - { defaultMessage: 'Indicator Removal from Tools (T1066)' } - ), - id: 'T1066', - name: 'Indicator Removal from Tools', - reference: 'https://attack.mitre.org/techniques/T1066', - tactics: 'defense-evasion', - value: 'indicatorRemovalFromTools', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription', - { defaultMessage: 'Indicator Removal on Host (T1070)' } - ), + name: 'Indicator Removal', id: 'T1070', - name: 'Indicator Removal on Host', reference: 'https://attack.mitre.org/techniques/T1070', - tactics: 'defense-evasion', - value: 'indicatorRemovalOnHost', + tactics: ['defense-evasion'], + }, + { + name: 'Indicator Removal from Tools', + id: 'T1066', + reference: 'https://attack.mitre.org/techniques/T1066', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription', - { defaultMessage: 'Indirect Command Execution (T1202)' } - ), - id: 'T1202', name: 'Indirect Command Execution', + id: 'T1202', reference: 'https://attack.mitre.org/techniques/T1202', - tactics: 'defense-evasion', - value: 'indirectCommandExecution', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription', - { defaultMessage: 'Ingress Tool Transfer (T1105)' } - ), - id: 'T1105', name: 'Ingress Tool Transfer', + id: 'T1105', reference: 'https://attack.mitre.org/techniques/T1105', - tactics: 'command-and-control', - value: 'ingressToolTransfer', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription', - { defaultMessage: 'Inhibit System Recovery (T1490)' } - ), - id: 'T1490', name: 'Inhibit System Recovery', + id: 'T1490', reference: 'https://attack.mitre.org/techniques/T1490', - tactics: 'impact', - value: 'inhibitSystemRecovery', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputCaptureDescription', - { defaultMessage: 'Input Capture (T1056)' } - ), - id: 'T1056', name: 'Input Capture', + id: 'T1056', reference: 'https://attack.mitre.org/techniques/T1056', - tactics: 'collection,credential-access', - value: 'inputCapture', + tactics: ['collection', 'credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription', - { defaultMessage: 'Input Prompt (T1141)' } - ), - id: 'T1141', name: 'Input Prompt', + id: 'T1141', reference: 'https://attack.mitre.org/techniques/T1141', - tactics: 'credential-access', - value: 'inputPrompt', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription', - { defaultMessage: 'Install Root Certificate (T1130)' } - ), - id: 'T1130', name: 'Install Root Certificate', + id: 'T1130', reference: 'https://attack.mitre.org/techniques/T1130', - tactics: 'defense-evasion', - value: 'installRootCertificate', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription', - { defaultMessage: 'InstallUtil (T1118)' } - ), - id: 'T1118', name: 'InstallUtil', + id: 'T1118', reference: 'https://attack.mitre.org/techniques/T1118', - tactics: 'defense-evasion,execution', - value: 'installUtil', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.interProcessCommunicationDescription', - { defaultMessage: 'Inter-Process Communication (T1559)' } - ), - id: 'T1559', name: 'Inter-Process Communication', + id: 'T1559', reference: 'https://attack.mitre.org/techniques/T1559', - tactics: 'execution', - value: 'interProcessCommunication', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription', - { defaultMessage: 'Internal Spearphishing (T1534)' } - ), - id: 'T1534', name: 'Internal Spearphishing', + id: 'T1534', reference: 'https://attack.mitre.org/techniques/T1534', - tactics: 'lateral-movement', - value: 'internalSpearphishing', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription', - { defaultMessage: 'Kerberoasting (T1208)' } - ), - id: 'T1208', name: 'Kerberoasting', + id: 'T1208', reference: 'https://attack.mitre.org/techniques/T1208', - tactics: 'credential-access', - value: 'kerberoasting', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription', - { defaultMessage: 'Kernel Modules and Extensions (T1215)' } - ), - id: 'T1215', name: 'Kernel Modules and Extensions', + id: 'T1215', reference: 'https://attack.mitre.org/techniques/T1215', - tactics: 'persistence', - value: 'kernelModulesAndExtensions', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription', - { defaultMessage: 'Keychain (T1142)' } - ), - id: 'T1142', name: 'Keychain', + id: 'T1142', reference: 'https://attack.mitre.org/techniques/T1142', - tactics: 'credential-access', - value: 'keychain', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription', - { defaultMessage: 'LC_LOAD_DYLIB Addition (T1161)' } - ), - id: 'T1161', name: 'LC_LOAD_DYLIB Addition', + id: 'T1161', reference: 'https://attack.mitre.org/techniques/T1161', - tactics: 'persistence', - value: 'lcLoadDylibAddition', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription', - { defaultMessage: 'LC_MAIN Hijacking (T1149)' } - ), - id: 'T1149', name: 'LC_MAIN Hijacking', + id: 'T1149', reference: 'https://attack.mitre.org/techniques/T1149', - tactics: 'defense-evasion', - value: 'lcMainHijacking', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription', - { defaultMessage: 'LLMNR/NBT-NS Poisoning and Relay (T1171)' } - ), - id: 'T1171', name: 'LLMNR/NBT-NS Poisoning and Relay', + id: 'T1171', reference: 'https://attack.mitre.org/techniques/T1171', - tactics: 'credential-access', - value: 'llmnrNbtNsPoisoningAndRelay', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription', - { defaultMessage: 'LSASS Driver (T1177)' } - ), - id: 'T1177', name: 'LSASS Driver', + id: 'T1177', reference: 'https://attack.mitre.org/techniques/T1177', - tactics: 'execution,persistence', - value: 'lsassDriver', + tactics: ['execution', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lateralToolTransferDescription', - { defaultMessage: 'Lateral Tool Transfer (T1570)' } - ), - id: 'T1570', name: 'Lateral Tool Transfer', + id: 'T1570', reference: 'https://attack.mitre.org/techniques/T1570', - tactics: 'lateral-movement', - value: 'lateralToolTransfer', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription', - { defaultMessage: 'Launch Agent (T1159)' } - ), - id: 'T1159', name: 'Launch Agent', + id: 'T1159', reference: 'https://attack.mitre.org/techniques/T1159', - tactics: 'persistence', - value: 'launchAgent', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription', - { defaultMessage: 'Launch Daemon (T1160)' } - ), - id: 'T1160', name: 'Launch Daemon', + id: 'T1160', reference: 'https://attack.mitre.org/techniques/T1160', - tactics: 'persistence,privilege-escalation', - value: 'launchDaemon', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription', - { defaultMessage: 'Launchctl (T1152)' } - ), - id: 'T1152', name: 'Launchctl', + id: 'T1152', reference: 'https://attack.mitre.org/techniques/T1152', - tactics: 'defense-evasion,execution,persistence', - value: 'launchctl', + tactics: ['defense-evasion', 'execution', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription', - { defaultMessage: 'Local Job Scheduling (T1168)' } - ), - id: 'T1168', name: 'Local Job Scheduling', + id: 'T1168', reference: 'https://attack.mitre.org/techniques/T1168', - tactics: 'persistence,execution', - value: 'localJobScheduling', + tactics: ['persistence', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription', - { defaultMessage: 'Login Item (T1162)' } - ), - id: 'T1162', name: 'Login Item', + id: 'T1162', reference: 'https://attack.mitre.org/techniques/T1162', - tactics: 'persistence', - value: 'loginItem', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.maliciousShellModificationDescription', - { defaultMessage: 'Malicious Shell Modification (T1156)' } - ), - id: 'T1156', name: 'Malicious Shell Modification', + id: 'T1156', reference: 'https://attack.mitre.org/techniques/T1156', - tactics: 'persistence', - value: 'maliciousShellModification', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', - { defaultMessage: 'Masquerading (T1036)' } - ), - id: 'T1036', name: 'Masquerading', + id: 'T1036', reference: 'https://attack.mitre.org/techniques/T1036', - tactics: 'defense-evasion', - value: 'masquerading', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyAuthenticationProcessDescription', - { defaultMessage: 'Modify Authentication Process (T1556)' } - ), - id: 'T1556', name: 'Modify Authentication Process', + id: 'T1556', reference: 'https://attack.mitre.org/techniques/T1556', - tactics: 'credential-access,defense-evasion,persistence', - value: 'modifyAuthenticationProcess', + tactics: ['credential-access', 'defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyCloudComputeInfrastructureDescription', - { defaultMessage: 'Modify Cloud Compute Infrastructure (T1578)' } - ), - id: 'T1578', name: 'Modify Cloud Compute Infrastructure', + id: 'T1578', reference: 'https://attack.mitre.org/techniques/T1578', - tactics: 'defense-evasion', - value: 'modifyCloudComputeInfrastructure', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription', - { defaultMessage: 'Modify Existing Service (T1031)' } - ), - id: 'T1031', name: 'Modify Existing Service', + id: 'T1031', reference: 'https://attack.mitre.org/techniques/T1031', - tactics: 'persistence', - value: 'modifyExistingService', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription', - { defaultMessage: 'Modify Registry (T1112)' } - ), - id: 'T1112', name: 'Modify Registry', + id: 'T1112', reference: 'https://attack.mitre.org/techniques/T1112', - tactics: 'defense-evasion', - value: 'modifyRegistry', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifySystemImageDescription', - { defaultMessage: 'Modify System Image (T1601)' } - ), - id: 'T1601', name: 'Modify System Image', + id: 'T1601', reference: 'https://attack.mitre.org/techniques/T1601', - tactics: 'defense-evasion', - value: 'modifySystemImage', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription', - { defaultMessage: 'Mshta (T1170)' } - ), - id: 'T1170', name: 'Mshta', + id: 'T1170', reference: 'https://attack.mitre.org/techniques/T1170', - tactics: 'defense-evasion,execution', - value: 'mshta', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationInterceptionDescription', - { defaultMessage: 'Multi-Factor Authentication Interception (T1111)' } - ), - id: 'T1111', name: 'Multi-Factor Authentication Interception', + id: 'T1111', reference: 'https://attack.mitre.org/techniques/T1111', - tactics: 'credential-access', - value: 'multiFactorAuthenticationInterception', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationRequestGenerationDescription', - { defaultMessage: 'Multi-Factor Authentication Request Generation (T1621)' } - ), - id: 'T1621', name: 'Multi-Factor Authentication Request Generation', + id: 'T1621', reference: 'https://attack.mitre.org/techniques/T1621', - tactics: 'credential-access', - value: 'multiFactorAuthenticationRequestGeneration', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription', - { defaultMessage: 'Multi-Stage Channels (T1104)' } - ), - id: 'T1104', name: 'Multi-Stage Channels', + id: 'T1104', reference: 'https://attack.mitre.org/techniques/T1104', - tactics: 'command-and-control', - value: 'multiStageChannels', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription', - { defaultMessage: 'Multi-hop Proxy (T1188)' } - ), - id: 'T1188', name: 'Multi-hop Proxy', + id: 'T1188', reference: 'https://attack.mitre.org/techniques/T1188', - tactics: 'command-and-control', - value: 'multiHopProxy', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription', - { defaultMessage: 'Multiband Communication (T1026)' } - ), - id: 'T1026', name: 'Multiband Communication', + id: 'T1026', reference: 'https://attack.mitre.org/techniques/T1026', - tactics: 'command-and-control', - value: 'multibandCommunication', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription', - { defaultMessage: 'Multilayer Encryption (T1079)' } - ), - id: 'T1079', name: 'Multilayer Encryption', + id: 'T1079', reference: 'https://attack.mitre.org/techniques/T1079', - tactics: 'command-and-control', - value: 'multilayerEncryption', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription', - { defaultMessage: 'NTFS File Attributes (T1096)' } - ), - id: 'T1096', name: 'NTFS File Attributes', + id: 'T1096', reference: 'https://attack.mitre.org/techniques/T1096', - tactics: 'defense-evasion', - value: 'ntfsFileAttributes', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', - { defaultMessage: 'Native API (T1106)' } - ), - id: 'T1106', name: 'Native API', + id: 'T1106', reference: 'https://attack.mitre.org/techniques/T1106', - tactics: 'execution', - value: 'nativeApi', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription', - { defaultMessage: 'Netsh Helper DLL (T1128)' } - ), - id: 'T1128', name: 'Netsh Helper DLL', + id: 'T1128', reference: 'https://attack.mitre.org/techniques/T1128', - tactics: 'persistence', - value: 'netshHelperDll', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', - { defaultMessage: 'Network Boundary Bridging (T1599)' } - ), - id: 'T1599', name: 'Network Boundary Bridging', + id: 'T1599', reference: 'https://attack.mitre.org/techniques/T1599', - tactics: 'defense-evasion', - value: 'networkBoundaryBridging', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription', - { defaultMessage: 'Network Denial of Service (T1498)' } - ), - id: 'T1498', name: 'Network Denial of Service', + id: 'T1498', reference: 'https://attack.mitre.org/techniques/T1498', - tactics: 'impact', - value: 'networkDenialOfService', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceDiscoveryDescription', - { defaultMessage: 'Network Service Discovery (T1046)' } - ), - id: 'T1046', name: 'Network Service Discovery', + id: 'T1046', reference: 'https://attack.mitre.org/techniques/T1046', - tactics: 'discovery', - value: 'networkServiceDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription', - { defaultMessage: 'Network Share Connection Removal (T1126)' } - ), - id: 'T1126', name: 'Network Share Connection Removal', + id: 'T1126', reference: 'https://attack.mitre.org/techniques/T1126', - tactics: 'defense-evasion', - value: 'networkShareConnectionRemoval', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription', - { defaultMessage: 'Network Share Discovery (T1135)' } - ), - id: 'T1135', name: 'Network Share Discovery', + id: 'T1135', reference: 'https://attack.mitre.org/techniques/T1135', - tactics: 'discovery', - value: 'networkShareDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription', - { defaultMessage: 'Network Sniffing (T1040)' } - ), - id: 'T1040', name: 'Network Sniffing', + id: 'T1040', reference: 'https://attack.mitre.org/techniques/T1040', - tactics: 'credential-access,discovery', - value: 'networkSniffing', + tactics: ['credential-access', 'discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription', - { defaultMessage: 'New Service (T1050)' } - ), - id: 'T1050', name: 'New Service', + id: 'T1050', reference: 'https://attack.mitre.org/techniques/T1050', - tactics: 'persistence,privilege-escalation', - value: 'newService', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription', - { defaultMessage: 'Non-Application Layer Protocol (T1095)' } - ), - id: 'T1095', name: 'Non-Application Layer Protocol', + id: 'T1095', reference: 'https://attack.mitre.org/techniques/T1095', - tactics: 'command-and-control', - value: 'nonApplicationLayerProtocol', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonStandardPortDescription', - { defaultMessage: 'Non-Standard Port (T1571)' } - ), - id: 'T1571', name: 'Non-Standard Port', + id: 'T1571', reference: 'https://attack.mitre.org/techniques/T1571', - tactics: 'command-and-control', - value: 'nonStandardPort', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.osCredentialDumpingDescription', - { defaultMessage: 'OS Credential Dumping (T1003)' } - ), - id: 'T1003', name: 'OS Credential Dumping', + id: 'T1003', reference: 'https://attack.mitre.org/techniques/T1003', - tactics: 'credential-access', - value: 'osCredentialDumping', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.obfuscatedFilesOrInformationDescription', - { defaultMessage: 'Obfuscated Files or Information (T1027)' } - ), - id: 'T1027', name: 'Obfuscated Files or Information', + id: 'T1027', reference: 'https://attack.mitre.org/techniques/T1027', - tactics: 'defense-evasion', - value: 'obfuscatedFilesOrInformation', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.obtainCapabilitiesDescription', - { defaultMessage: 'Obtain Capabilities (T1588)' } - ), - id: 'T1588', name: 'Obtain Capabilities', + id: 'T1588', reference: 'https://attack.mitre.org/techniques/T1588', - tactics: 'resource-development', - value: 'obtainCapabilities', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription', - { defaultMessage: 'Office Application Startup (T1137)' } - ), - id: 'T1137', name: 'Office Application Startup', + id: 'T1137', reference: 'https://attack.mitre.org/techniques/T1137', - tactics: 'persistence', - value: 'officeApplicationStartup', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription', - { defaultMessage: 'Parent PID Spoofing (T1502)' } - ), - id: 'T1502', name: 'Parent PID Spoofing', + id: 'T1502', reference: 'https://attack.mitre.org/techniques/T1502', - tactics: 'defense-evasion,privilege-escalation', - value: 'parentPidSpoofing', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription', - { defaultMessage: 'Pass the Hash (T1075)' } - ), - id: 'T1075', name: 'Pass the Hash', + id: 'T1075', reference: 'https://attack.mitre.org/techniques/T1075', - tactics: 'lateral-movement', - value: 'passTheHash', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription', - { defaultMessage: 'Pass the Ticket (T1097)' } - ), - id: 'T1097', name: 'Pass the Ticket', + id: 'T1097', reference: 'https://attack.mitre.org/techniques/T1097', - tactics: 'lateral-movement', - value: 'passTheTicket', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription', - { defaultMessage: 'Password Filter DLL (T1174)' } - ), - id: 'T1174', name: 'Password Filter DLL', + id: 'T1174', reference: 'https://attack.mitre.org/techniques/T1174', - tactics: 'credential-access', - value: 'passwordFilterDll', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription', - { defaultMessage: 'Password Policy Discovery (T1201)' } - ), - id: 'T1201', name: 'Password Policy Discovery', + id: 'T1201', reference: 'https://attack.mitre.org/techniques/T1201', - tactics: 'discovery', - value: 'passwordPolicyDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.pathInterceptionDescription', - { defaultMessage: 'Path Interception (T1034)' } - ), - id: 'T1034', name: 'Path Interception', + id: 'T1034', reference: 'https://attack.mitre.org/techniques/T1034', - tactics: 'persistence,privilege-escalation', - value: 'pathInterception', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.peripheralDeviceDiscoveryDescription', - { defaultMessage: 'Peripheral Device Discovery (T1120)' } - ), - id: 'T1120', name: 'Peripheral Device Discovery', + id: 'T1120', reference: 'https://attack.mitre.org/techniques/T1120', - tactics: 'discovery', - value: 'peripheralDeviceDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.permissionGroupsDiscoveryDescription', - { defaultMessage: 'Permission Groups Discovery (T1069)' } - ), - id: 'T1069', name: 'Permission Groups Discovery', + id: 'T1069', reference: 'https://attack.mitre.org/techniques/T1069', - tactics: 'discovery', - value: 'permissionGroupsDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingDescription', - { defaultMessage: 'Phishing (T1566)' } - ), - id: 'T1566', name: 'Phishing', + id: 'T1566', reference: 'https://attack.mitre.org/techniques/T1566', - tactics: 'initial-access', - value: 'phishing', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingForInformationDescription', - { defaultMessage: 'Phishing for Information (T1598)' } - ), - id: 'T1598', name: 'Phishing for Information', + id: 'T1598', reference: 'https://attack.mitre.org/techniques/T1598', - tactics: 'reconnaissance', - value: 'phishingForInformation', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistFileModificationDescription', - { defaultMessage: 'Plist File Modification (T1647)' } - ), - id: 'T1647', name: 'Plist File Modification', + id: 'T1647', reference: 'https://attack.mitre.org/techniques/T1647', - tactics: 'defense-evasion', - value: 'plistFileModification', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription', - { defaultMessage: 'Plist Modification (T1150)' } - ), - id: 'T1150', name: 'Plist Modification', + id: 'T1150', reference: 'https://attack.mitre.org/techniques/T1150', - tactics: 'defense-evasion,persistence,privilege-escalation', - value: 'plistModification', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription', - { defaultMessage: 'Port Monitors (T1013)' } - ), - id: 'T1013', name: 'Port Monitors', + id: 'T1013', reference: 'https://attack.mitre.org/techniques/T1013', - tactics: 'persistence,privilege-escalation', - value: 'portMonitors', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription', - { defaultMessage: 'PowerShell (T1086)' } - ), - id: 'T1086', name: 'PowerShell', + id: 'T1086', reference: 'https://attack.mitre.org/techniques/T1086', - tactics: 'execution', - value: 'powerShell', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription', - { defaultMessage: 'PowerShell Profile (T1504)' } - ), - id: 'T1504', name: 'PowerShell Profile', + id: 'T1504', reference: 'https://attack.mitre.org/techniques/T1504', - tactics: 'persistence,privilege-escalation', - value: 'powerShellProfile', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', - { defaultMessage: 'Pre-OS Boot (T1542)' } - ), - id: 'T1542', name: 'Pre-OS Boot', + id: 'T1542', reference: 'https://attack.mitre.org/techniques/T1542', - tactics: 'defense-evasion,persistence', - value: 'preOsBoot', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription', - { defaultMessage: 'Private Keys (T1145)' } - ), - id: 'T1145', name: 'Private Keys', + id: 'T1145', reference: 'https://attack.mitre.org/techniques/T1145', - tactics: 'credential-access', - value: 'privateKeys', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription', - { defaultMessage: 'Process Discovery (T1057)' } - ), - id: 'T1057', name: 'Process Discovery', + id: 'T1057', reference: 'https://attack.mitre.org/techniques/T1057', - tactics: 'discovery', - value: 'processDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription', - { defaultMessage: 'Process Doppelgänging (T1186)' } - ), - id: 'T1186', name: 'Process Doppelgänging', + id: 'T1186', reference: 'https://attack.mitre.org/techniques/T1186', - tactics: 'defense-evasion', - value: 'processDoppelganging', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription', - { defaultMessage: 'Process Hollowing (T1093)' } - ), - id: 'T1093', name: 'Process Hollowing', + id: 'T1093', reference: 'https://attack.mitre.org/techniques/T1093', - tactics: 'defense-evasion', - value: 'processHollowing', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription', - { defaultMessage: 'Process Injection (T1055)' } - ), - id: 'T1055', name: 'Process Injection', + id: 'T1055', reference: 'https://attack.mitre.org/techniques/T1055', - tactics: 'defense-evasion,privilege-escalation', - value: 'processInjection', + tactics: ['defense-evasion', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.protocolTunnelingDescription', - { defaultMessage: 'Protocol Tunneling (T1572)' } - ), - id: 'T1572', name: 'Protocol Tunneling', + id: 'T1572', reference: 'https://attack.mitre.org/techniques/T1572', - tactics: 'command-and-control', - value: 'protocolTunneling', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.proxyDescription', - { defaultMessage: 'Proxy (T1090)' } - ), - id: 'T1090', name: 'Proxy', + id: 'T1090', reference: 'https://attack.mitre.org/techniques/T1090', - tactics: 'command-and-control', - value: 'proxy', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription', - { defaultMessage: 'Query Registry (T1012)' } - ), - id: 'T1012', name: 'Query Registry', + id: 'T1012', reference: 'https://attack.mitre.org/techniques/T1012', - tactics: 'discovery', - value: 'queryRegistry', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription', - { defaultMessage: 'Rc.common (T1163)' } - ), - id: 'T1163', name: 'Rc.common', + id: 'T1163', reference: 'https://attack.mitre.org/techniques/T1163', - tactics: 'persistence', - value: 'rcCommon', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription', - { defaultMessage: 'Re-opened Applications (T1164)' } - ), - id: 'T1164', name: 'Re-opened Applications', + id: 'T1164', reference: 'https://attack.mitre.org/techniques/T1164', - tactics: 'persistence', - value: 'reOpenedApplications', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.redundantAccessDescription', - { defaultMessage: 'Redundant Access (T1108)' } - ), - id: 'T1108', name: 'Redundant Access', + id: 'T1108', reference: 'https://attack.mitre.org/techniques/T1108', - tactics: 'defense-evasion,persistence', - value: 'redundantAccess', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reflectiveCodeLoadingDescription', - { defaultMessage: 'Reflective Code Loading (T1620)' } - ), - id: 'T1620', name: 'Reflective Code Loading', + id: 'T1620', reference: 'https://attack.mitre.org/techniques/T1620', - tactics: 'defense-evasion', - value: 'reflectiveCodeLoading', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription', - { defaultMessage: 'Registry Run Keys / Startup Folder (T1060)' } - ), - id: 'T1060', name: 'Registry Run Keys / Startup Folder', + id: 'T1060', reference: 'https://attack.mitre.org/techniques/T1060', - tactics: 'persistence', - value: 'registryRunKeysStartupFolder', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription', - { defaultMessage: 'Regsvcs/Regasm (T1121)' } - ), - id: 'T1121', name: 'Regsvcs/Regasm', + id: 'T1121', reference: 'https://attack.mitre.org/techniques/T1121', - tactics: 'defense-evasion,execution', - value: 'regsvcsRegasm', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description', - { defaultMessage: 'Regsvr32 (T1117)' } - ), - id: 'T1117', name: 'Regsvr32', + id: 'T1117', reference: 'https://attack.mitre.org/techniques/T1117', - tactics: 'defense-evasion,execution', - value: 'regsvr32', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessSoftwareDescription', - { defaultMessage: 'Remote Access Software (T1219)' } - ), - id: 'T1219', name: 'Remote Access Software', + id: 'T1219', reference: 'https://attack.mitre.org/techniques/T1219', - tactics: 'command-and-control', - value: 'remoteAccessSoftware', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription', - { defaultMessage: 'Remote Desktop Protocol (T1076)' } - ), - id: 'T1076', name: 'Remote Desktop Protocol', + id: 'T1076', reference: 'https://attack.mitre.org/techniques/T1076', - tactics: 'lateral-movement', - value: 'remoteDesktopProtocol', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServiceSessionHijackingDescription', - { defaultMessage: 'Remote Service Session Hijacking (T1563)' } - ), - id: 'T1563', name: 'Remote Service Session Hijacking', + id: 'T1563', reference: 'https://attack.mitre.org/techniques/T1563', - tactics: 'lateral-movement', - value: 'remoteServiceSessionHijacking', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServicesDescription', - { defaultMessage: 'Remote Services (T1021)' } - ), - id: 'T1021', name: 'Remote Services', + id: 'T1021', reference: 'https://attack.mitre.org/techniques/T1021', - tactics: 'lateral-movement', - value: 'remoteServices', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteSystemDiscoveryDescription', - { defaultMessage: 'Remote System Discovery (T1018)' } - ), - id: 'T1018', name: 'Remote System Discovery', + id: 'T1018', reference: 'https://attack.mitre.org/techniques/T1018', - tactics: 'discovery', - value: 'remoteSystemDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.replicationThroughRemovableMediaDescription', - { defaultMessage: 'Replication Through Removable Media (T1091)' } - ), - id: 'T1091', name: 'Replication Through Removable Media', + id: 'T1091', reference: 'https://attack.mitre.org/techniques/T1091', - tactics: 'lateral-movement,initial-access', - value: 'replicationThroughRemovableMedia', + tactics: ['lateral-movement', 'initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.resourceHijackingDescription', - { defaultMessage: 'Resource Hijacking (T1496)' } - ), - id: 'T1496', name: 'Resource Hijacking', + id: 'T1496', reference: 'https://attack.mitre.org/techniques/T1496', - tactics: 'impact', - value: 'resourceHijacking', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription', - { defaultMessage: 'Revert Cloud Instance (T1536)' } - ), - id: 'T1536', name: 'Revert Cloud Instance', + id: 'T1536', reference: 'https://attack.mitre.org/techniques/T1536', - tactics: 'defense-evasion', - value: 'revertCloudInstance', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rogueDomainControllerDescription', - { defaultMessage: 'Rogue Domain Controller (T1207)' } - ), - id: 'T1207', name: 'Rogue Domain Controller', + id: 'T1207', reference: 'https://attack.mitre.org/techniques/T1207', - tactics: 'defense-evasion', - value: 'rogueDomainController', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rootkitDescription', - { defaultMessage: 'Rootkit (T1014)' } - ), - id: 'T1014', name: 'Rootkit', + id: 'T1014', reference: 'https://attack.mitre.org/techniques/T1014', - tactics: 'defense-evasion', - value: 'rootkit', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description', - { defaultMessage: 'Rundll32 (T1085)' } - ), - id: 'T1085', name: 'Rundll32', + id: 'T1085', reference: 'https://attack.mitre.org/techniques/T1085', - tactics: 'defense-evasion,execution', - value: 'rundll32', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription', - { defaultMessage: 'Runtime Data Manipulation (T1494)' } - ), - id: 'T1494', name: 'Runtime Data Manipulation', + id: 'T1494', reference: 'https://attack.mitre.org/techniques/T1494', - tactics: 'impact', - value: 'runtimeDataManipulation', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription', - { defaultMessage: 'SID-History Injection (T1178)' } - ), - id: 'T1178', name: 'SID-History Injection', + id: 'T1178', reference: 'https://attack.mitre.org/techniques/T1178', - tactics: 'privilege-escalation', - value: 'sidHistoryInjection', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription', - { defaultMessage: 'SIP and Trust Provider Hijacking (T1198)' } - ), - id: 'T1198', name: 'SIP and Trust Provider Hijacking', + id: 'T1198', reference: 'https://attack.mitre.org/techniques/T1198', - tactics: 'defense-evasion,persistence', - value: 'sipAndTrustProviderHijacking', + tactics: ['defense-evasion', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription', - { defaultMessage: 'SSH Hijacking (T1184)' } - ), - id: 'T1184', name: 'SSH Hijacking', + id: 'T1184', reference: 'https://attack.mitre.org/techniques/T1184', - tactics: 'lateral-movement', - value: 'sshHijacking', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskJobDescription', - { defaultMessage: 'Scheduled Task/Job (T1053)' } - ), - id: 'T1053', name: 'Scheduled Task/Job', + id: 'T1053', reference: 'https://attack.mitre.org/techniques/T1053', - tactics: 'execution,persistence,privilege-escalation', - value: 'scheduledTaskJob', + tactics: ['execution', 'persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTransferDescription', - { defaultMessage: 'Scheduled Transfer (T1029)' } - ), - id: 'T1029', name: 'Scheduled Transfer', + id: 'T1029', reference: 'https://attack.mitre.org/techniques/T1029', - tactics: 'exfiltration', - value: 'scheduledTransfer', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screenCaptureDescription', - { defaultMessage: 'Screen Capture (T1113)' } - ), - id: 'T1113', name: 'Screen Capture', + id: 'T1113', reference: 'https://attack.mitre.org/techniques/T1113', - tactics: 'collection', - value: 'screenCapture', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription', - { defaultMessage: 'Screensaver (T1180)' } - ), - id: 'T1180', name: 'Screensaver', + id: 'T1180', reference: 'https://attack.mitre.org/techniques/T1180', - tactics: 'persistence', - value: 'screensaver', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription', - { defaultMessage: 'Scripting (T1064)' } - ), - id: 'T1064', name: 'Scripting', + id: 'T1064', reference: 'https://attack.mitre.org/techniques/T1064', - tactics: 'defense-evasion,execution', - value: 'scripting', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchClosedSourcesDescription', - { defaultMessage: 'Search Closed Sources (T1597)' } - ), - id: 'T1597', name: 'Search Closed Sources', + id: 'T1597', reference: 'https://attack.mitre.org/techniques/T1597', - tactics: 'reconnaissance', - value: 'searchClosedSources', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenTechnicalDatabasesDescription', - { defaultMessage: 'Search Open Technical Databases (T1596)' } - ), - id: 'T1596', name: 'Search Open Technical Databases', + id: 'T1596', reference: 'https://attack.mitre.org/techniques/T1596', - tactics: 'reconnaissance', - value: 'searchOpenTechnicalDatabases', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenWebsitesDomainsDescription', - { defaultMessage: 'Search Open Websites/Domains (T1593)' } - ), - id: 'T1593', name: 'Search Open Websites/Domains', + id: 'T1593', reference: 'https://attack.mitre.org/techniques/T1593', - tactics: 'reconnaissance', - value: 'searchOpenWebsitesDomains', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchVictimOwnedWebsitesDescription', - { defaultMessage: 'Search Victim-Owned Websites (T1594)' } - ), - id: 'T1594', name: 'Search Victim-Owned Websites', + id: 'T1594', reference: 'https://attack.mitre.org/techniques/T1594', - tactics: 'reconnaissance', - value: 'searchVictimOwnedWebsites', + tactics: ['reconnaissance'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription', - { defaultMessage: 'Security Software Discovery (T1063)' } - ), - id: 'T1063', name: 'Security Software Discovery', + id: 'T1063', reference: 'https://attack.mitre.org/techniques/T1063', - tactics: 'discovery', - value: 'securitySoftwareDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription', - { defaultMessage: 'Security Support Provider (T1101)' } - ), - id: 'T1101', name: 'Security Support Provider', + id: 'T1101', reference: 'https://attack.mitre.org/techniques/T1101', - tactics: 'persistence', - value: 'securitySupportProvider', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription', - { defaultMessage: 'Securityd Memory (T1167)' } - ), - id: 'T1167', name: 'Securityd Memory', + id: 'T1167', reference: 'https://attack.mitre.org/techniques/T1167', - tactics: 'credential-access', - value: 'securitydMemory', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription', - { defaultMessage: 'Server Software Component (T1505)' } - ), - id: 'T1505', name: 'Server Software Component', + id: 'T1505', reference: 'https://attack.mitre.org/techniques/T1505', - tactics: 'persistence', - value: 'serverSoftwareComponent', + tactics: ['persistence'], + }, + { + name: 'Serverless Execution', + id: 'T1648', + reference: 'https://attack.mitre.org/techniques/T1648', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription', - { defaultMessage: 'Service Execution (T1035)' } - ), - id: 'T1035', name: 'Service Execution', + id: 'T1035', reference: 'https://attack.mitre.org/techniques/T1035', - tactics: 'execution', - value: 'serviceExecution', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription', - { defaultMessage: 'Service Registry Permissions Weakness (T1058)' } - ), - id: 'T1058', name: 'Service Registry Permissions Weakness', + id: 'T1058', reference: 'https://attack.mitre.org/techniques/T1058', - tactics: 'persistence,privilege-escalation', - value: 'serviceRegistryPermissionsWeakness', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription', - { defaultMessage: 'Service Stop (T1489)' } - ), - id: 'T1489', name: 'Service Stop', + id: 'T1489', reference: 'https://attack.mitre.org/techniques/T1489', - tactics: 'impact', - value: 'serviceStop', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription', - { defaultMessage: 'Setuid and Setgid (T1166)' } - ), - id: 'T1166', name: 'Setuid and Setgid', + id: 'T1166', reference: 'https://attack.mitre.org/techniques/T1166', - tactics: 'privilege-escalation,persistence', - value: 'setuidAndSetgid', + tactics: ['privilege-escalation', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription', - { defaultMessage: 'Shared Modules (T1129)' } - ), - id: 'T1129', name: 'Shared Modules', + id: 'T1129', reference: 'https://attack.mitre.org/techniques/T1129', - tactics: 'execution', - value: 'sharedModules', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription', - { defaultMessage: 'Shared Webroot (T1051)' } - ), - id: 'T1051', name: 'Shared Webroot', + id: 'T1051', reference: 'https://attack.mitre.org/techniques/T1051', - tactics: 'lateral-movement', - value: 'sharedWebroot', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription', - { defaultMessage: 'Shortcut Modification (T1023)' } - ), - id: 'T1023', name: 'Shortcut Modification', + id: 'T1023', reference: 'https://attack.mitre.org/techniques/T1023', - tactics: 'persistence', - value: 'shortcutModification', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', - { defaultMessage: 'Software Deployment Tools (T1072)' } - ), - id: 'T1072', name: 'Software Deployment Tools', + id: 'T1072', reference: 'https://attack.mitre.org/techniques/T1072', - tactics: 'execution,lateral-movement', - value: 'softwareDeploymentTools', + tactics: ['execution', 'lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription', - { defaultMessage: 'Software Discovery (T1518)' } - ), - id: 'T1518', name: 'Software Discovery', + id: 'T1518', reference: 'https://attack.mitre.org/techniques/T1518', - tactics: 'discovery', - value: 'softwareDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription', - { defaultMessage: 'Software Packing (T1045)' } - ), - id: 'T1045', name: 'Software Packing', + id: 'T1045', reference: 'https://attack.mitre.org/techniques/T1045', - tactics: 'defense-evasion', - value: 'softwarePacking', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription', - { defaultMessage: 'Source (T1153)' } - ), - id: 'T1153', name: 'Source', + id: 'T1153', reference: 'https://attack.mitre.org/techniques/T1153', - tactics: 'execution', - value: 'source', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription', - { defaultMessage: 'Space after Filename (T1151)' } - ), - id: 'T1151', name: 'Space after Filename', + id: 'T1151', reference: 'https://attack.mitre.org/techniques/T1151', - tactics: 'defense-evasion,execution', - value: 'spaceAfterFilename', + tactics: ['defense-evasion', 'execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription', - { defaultMessage: 'Spearphishing Attachment (T1193)' } - ), - id: 'T1193', name: 'Spearphishing Attachment', + id: 'T1193', reference: 'https://attack.mitre.org/techniques/T1193', - tactics: 'initial-access', - value: 'spearphishingAttachment', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription', - { defaultMessage: 'Spearphishing Link (T1192)' } - ), - id: 'T1192', name: 'Spearphishing Link', + id: 'T1192', reference: 'https://attack.mitre.org/techniques/T1192', - tactics: 'initial-access', - value: 'spearphishingLink', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription', - { defaultMessage: 'Spearphishing via Service (T1194)' } - ), - id: 'T1194', name: 'Spearphishing via Service', + id: 'T1194', reference: 'https://attack.mitre.org/techniques/T1194', - tactics: 'initial-access', - value: 'spearphishingViaService', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stageCapabilitiesDescription', - { defaultMessage: 'Stage Capabilities (T1608)' } - ), - id: 'T1608', name: 'Stage Capabilities', + id: 'T1608', reference: 'https://attack.mitre.org/techniques/T1608', - tactics: 'resource-development', - value: 'stageCapabilities', + tactics: ['resource-development'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription', - { defaultMessage: 'Standard Cryptographic Protocol (T1032)' } - ), - id: 'T1032', name: 'Standard Cryptographic Protocol', + id: 'T1032', reference: 'https://attack.mitre.org/techniques/T1032', - tactics: 'command-and-control', - value: 'standardCryptographicProtocol', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription', - { defaultMessage: 'Startup Items (T1165)' } - ), - id: 'T1165', name: 'Startup Items', + id: 'T1165', reference: 'https://attack.mitre.org/techniques/T1165', - tactics: 'persistence,privilege-escalation', - value: 'startupItems', + tactics: ['persistence', 'privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription', - { defaultMessage: 'Steal Application Access Token (T1528)' } - ), - id: 'T1528', name: 'Steal Application Access Token', + id: 'T1528', reference: 'https://attack.mitre.org/techniques/T1528', - tactics: 'credential-access', - value: 'stealApplicationAccessToken', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealWebSessionCookieDescription', - { defaultMessage: 'Steal Web Session Cookie (T1539)' } - ), - id: 'T1539', name: 'Steal Web Session Cookie', + id: 'T1539', reference: 'https://attack.mitre.org/techniques/T1539', - tactics: 'credential-access', - value: 'stealWebSessionCookie', + tactics: ['credential-access'], + }, + { + name: 'Steal or Forge Authentication Certificates', + id: 'T1649', + reference: 'https://attack.mitre.org/techniques/T1649', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeKerberosTicketsDescription', - { defaultMessage: 'Steal or Forge Kerberos Tickets (T1558)' } - ), - id: 'T1558', name: 'Steal or Forge Kerberos Tickets', + id: 'T1558', reference: 'https://attack.mitre.org/techniques/T1558', - tactics: 'credential-access', - value: 'stealOrForgeKerberosTickets', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription', - { defaultMessage: 'Stored Data Manipulation (T1492)' } - ), - id: 'T1492', name: 'Stored Data Manipulation', + id: 'T1492', reference: 'https://attack.mitre.org/techniques/T1492', - tactics: 'impact', - value: 'storedDataManipulation', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.subvertTrustControlsDescription', - { defaultMessage: 'Subvert Trust Controls (T1553)' } - ), - id: 'T1553', name: 'Subvert Trust Controls', + id: 'T1553', reference: 'https://attack.mitre.org/techniques/T1553', - tactics: 'defense-evasion', - value: 'subvertTrustControls', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription', - { defaultMessage: 'Sudo (T1169)' } - ), - id: 'T1169', name: 'Sudo', + id: 'T1169', reference: 'https://attack.mitre.org/techniques/T1169', - tactics: 'privilege-escalation', - value: 'sudo', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription', - { defaultMessage: 'Sudo Caching (T1206)' } - ), - id: 'T1206', name: 'Sudo Caching', + id: 'T1206', reference: 'https://attack.mitre.org/techniques/T1206', - tactics: 'privilege-escalation', - value: 'sudoCaching', + tactics: ['privilege-escalation'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription', - { defaultMessage: 'Supply Chain Compromise (T1195)' } - ), - id: 'T1195', name: 'Supply Chain Compromise', + id: 'T1195', reference: 'https://attack.mitre.org/techniques/T1195', - tactics: 'initial-access', - value: 'supplyChainCompromise', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemBinaryProxyExecutionDescription', - { defaultMessage: 'System Binary Proxy Execution (T1218)' } - ), - id: 'T1218', name: 'System Binary Proxy Execution', + id: 'T1218', reference: 'https://attack.mitre.org/techniques/T1218', - tactics: 'defense-evasion', - value: 'systemBinaryProxyExecution', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription', - { defaultMessage: 'System Firmware (T1019)' } - ), - id: 'T1019', name: 'System Firmware', + id: 'T1019', reference: 'https://attack.mitre.org/techniques/T1019', - tactics: 'persistence', - value: 'systemFirmware', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription', - { defaultMessage: 'System Information Discovery (T1082)' } - ), - id: 'T1082', name: 'System Information Discovery', + id: 'T1082', reference: 'https://attack.mitre.org/techniques/T1082', - tactics: 'discovery', - value: 'systemInformationDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemLocationDiscoveryDescription', - { defaultMessage: 'System Location Discovery (T1614)' } - ), - id: 'T1614', name: 'System Location Discovery', + id: 'T1614', reference: 'https://attack.mitre.org/techniques/T1614', - tactics: 'discovery', - value: 'systemLocationDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConfigurationDiscoveryDescription', - { defaultMessage: 'System Network Configuration Discovery (T1016)' } - ), - id: 'T1016', name: 'System Network Configuration Discovery', + id: 'T1016', reference: 'https://attack.mitre.org/techniques/T1016', - tactics: 'discovery', - value: 'systemNetworkConfigurationDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConnectionsDiscoveryDescription', - { defaultMessage: 'System Network Connections Discovery (T1049)' } - ), - id: 'T1049', name: 'System Network Connections Discovery', + id: 'T1049', reference: 'https://attack.mitre.org/techniques/T1049', - tactics: 'discovery', - value: 'systemNetworkConnectionsDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemOwnerUserDiscoveryDescription', - { defaultMessage: 'System Owner/User Discovery (T1033)' } - ), - id: 'T1033', name: 'System Owner/User Discovery', + id: 'T1033', reference: 'https://attack.mitre.org/techniques/T1033', - tactics: 'discovery', - value: 'systemOwnerUserDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemScriptProxyExecutionDescription', - { defaultMessage: 'System Script Proxy Execution (T1216)' } - ), - id: 'T1216', name: 'System Script Proxy Execution', + id: 'T1216', reference: 'https://attack.mitre.org/techniques/T1216', - tactics: 'defense-evasion', - value: 'systemScriptProxyExecution', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServiceDiscoveryDescription', - { defaultMessage: 'System Service Discovery (T1007)' } - ), - id: 'T1007', name: 'System Service Discovery', + id: 'T1007', reference: 'https://attack.mitre.org/techniques/T1007', - tactics: 'discovery', - value: 'systemServiceDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServicesDescription', - { defaultMessage: 'System Services (T1569)' } - ), - id: 'T1569', name: 'System Services', + id: 'T1569', reference: 'https://attack.mitre.org/techniques/T1569', - tactics: 'execution', - value: 'systemServices', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemShutdownRebootDescription', - { defaultMessage: 'System Shutdown/Reboot (T1529)' } - ), - id: 'T1529', name: 'System Shutdown/Reboot', + id: 'T1529', reference: 'https://attack.mitre.org/techniques/T1529', - tactics: 'impact', - value: 'systemShutdownReboot', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemTimeDiscoveryDescription', - { defaultMessage: 'System Time Discovery (T1124)' } - ), - id: 'T1124', name: 'System Time Discovery', + id: 'T1124', reference: 'https://attack.mitre.org/techniques/T1124', - tactics: 'discovery', - value: 'systemTimeDiscovery', + tactics: ['discovery'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription', - { defaultMessage: 'Systemd Service (T1501)' } - ), - id: 'T1501', name: 'Systemd Service', + id: 'T1501', reference: 'https://attack.mitre.org/techniques/T1501', - tactics: 'persistence', - value: 'systemdService', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription', - { defaultMessage: 'Taint Shared Content (T1080)' } - ), - id: 'T1080', name: 'Taint Shared Content', + id: 'T1080', reference: 'https://attack.mitre.org/techniques/T1080', - tactics: 'lateral-movement', - value: 'taintSharedContent', + tactics: ['lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.templateInjectionDescription', - { defaultMessage: 'Template Injection (T1221)' } - ), - id: 'T1221', name: 'Template Injection', + id: 'T1221', reference: 'https://attack.mitre.org/techniques/T1221', - tactics: 'defense-evasion', - value: 'templateInjection', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription', - { defaultMessage: 'Time Providers (T1209)' } - ), - id: 'T1209', name: 'Time Providers', + id: 'T1209', reference: 'https://attack.mitre.org/techniques/T1209', - tactics: 'persistence', - value: 'timeProviders', + tactics: ['persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription', - { defaultMessage: 'Timestomp (T1099)' } - ), - id: 'T1099', name: 'Timestomp', + id: 'T1099', reference: 'https://attack.mitre.org/techniques/T1099', - tactics: 'defense-evasion', - value: 'timestomp', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trafficSignalingDescription', - { defaultMessage: 'Traffic Signaling (T1205)' } - ), - id: 'T1205', name: 'Traffic Signaling', + id: 'T1205', reference: 'https://attack.mitre.org/techniques/T1205', - tactics: 'defense-evasion,persistence,command-and-control', - value: 'trafficSignaling', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription', - { defaultMessage: 'Transfer Data to Cloud Account (T1537)' } - ), - id: 'T1537', name: 'Transfer Data to Cloud Account', + id: 'T1537', reference: 'https://attack.mitre.org/techniques/T1537', - tactics: 'exfiltration', - value: 'transferDataToCloudAccount', + tactics: ['exfiltration'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription', - { defaultMessage: 'Transmitted Data Manipulation (T1493)' } - ), - id: 'T1493', name: 'Transmitted Data Manipulation', + id: 'T1493', reference: 'https://attack.mitre.org/techniques/T1493', - tactics: 'impact', - value: 'transmittedDataManipulation', + tactics: ['impact'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription', - { defaultMessage: 'Trap (T1154)' } - ), - id: 'T1154', name: 'Trap', + id: 'T1154', reference: 'https://attack.mitre.org/techniques/T1154', - tactics: 'execution,persistence', - value: 'trap', + tactics: ['execution', 'persistence'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription', - { defaultMessage: 'Trusted Developer Utilities Proxy Execution (T1127)' } - ), - id: 'T1127', name: 'Trusted Developer Utilities Proxy Execution', + id: 'T1127', reference: 'https://attack.mitre.org/techniques/T1127', - tactics: 'defense-evasion', - value: 'trustedDeveloperUtilitiesProxyExecution', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription', - { defaultMessage: 'Trusted Relationship (T1199)' } - ), - id: 'T1199', name: 'Trusted Relationship', + id: 'T1199', reference: 'https://attack.mitre.org/techniques/T1199', - tactics: 'initial-access', - value: 'trustedRelationship', + tactics: ['initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription', - { defaultMessage: 'Uncommonly Used Port (T1065)' } - ), - id: 'T1065', name: 'Uncommonly Used Port', + id: 'T1065', reference: 'https://attack.mitre.org/techniques/T1065', - tactics: 'command-and-control', - value: 'uncommonlyUsedPort', + tactics: ['command-and-control'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription', - { defaultMessage: 'Unsecured Credentials (T1552)' } - ), - id: 'T1552', name: 'Unsecured Credentials', + id: 'T1552', reference: 'https://attack.mitre.org/techniques/T1552', - tactics: 'credential-access', - value: 'unsecuredCredentials', + tactics: ['credential-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription', - { defaultMessage: 'Unused/Unsupported Cloud Regions (T1535)' } - ), - id: 'T1535', name: 'Unused/Unsupported Cloud Regions', + id: 'T1535', reference: 'https://attack.mitre.org/techniques/T1535', - tactics: 'defense-evasion', - value: 'unusedUnsupportedCloudRegions', + tactics: ['defense-evasion'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription', - { defaultMessage: 'Use Alternate Authentication Material (T1550)' } - ), - id: 'T1550', name: 'Use Alternate Authentication Material', + id: 'T1550', reference: 'https://attack.mitre.org/techniques/T1550', - tactics: 'defense-evasion,lateral-movement', - value: 'useAlternateAuthenticationMaterial', + tactics: ['defense-evasion', 'lateral-movement'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription', - { defaultMessage: 'User Execution (T1204)' } - ), - id: 'T1204', name: 'User Execution', + id: 'T1204', reference: 'https://attack.mitre.org/techniques/T1204', - tactics: 'execution', - value: 'userExecution', + tactics: ['execution'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.validAccountsDescription', - { defaultMessage: 'Valid Accounts (T1078)' } - ), - id: 'T1078', name: 'Valid Accounts', + id: 'T1078', reference: 'https://attack.mitre.org/techniques/T1078', - tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', - value: 'validAccounts', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.videoCaptureDescription', - { defaultMessage: 'Video Capture (T1125)' } - ), - id: 'T1125', name: 'Video Capture', + id: 'T1125', reference: 'https://attack.mitre.org/techniques/T1125', - tactics: 'collection', - value: 'videoCapture', + tactics: ['collection'], }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.virtualizationSandboxEvasionDescription', - { defaultMessage: 'Virtualization/Sandbox Evasion (T1497)' } - ), - id: 'T1497', name: 'Virtualization/Sandbox Evasion', + id: 'T1497', reference: 'https://attack.mitre.org/techniques/T1497', - tactics: 'defense-evasion,discovery', - value: 'virtualizationSandboxEvasion', + tactics: ['defense-evasion', 'discovery'], + }, + { + name: 'Weaken Encryption', + id: 'T1600', + reference: 'https://attack.mitre.org/techniques/T1600', + tactics: ['defense-evasion'], + }, + { + name: 'Web Service', + id: 'T1102', + reference: 'https://attack.mitre.org/techniques/T1102', + tactics: ['command-and-control'], + }, + { + name: 'Web Session Cookie', + id: 'T1506', + reference: 'https://attack.mitre.org/techniques/T1506', + tactics: ['defense-evasion', 'lateral-movement'], + }, + { + name: 'Web Shell', + id: 'T1100', + reference: 'https://attack.mitre.org/techniques/T1100', + tactics: ['persistence', 'privilege-escalation'], + }, + { + name: 'Windows Admin Shares', + id: 'T1077', + reference: 'https://attack.mitre.org/techniques/T1077', + tactics: ['lateral-movement'], + }, + { + name: 'Windows Management Instrumentation', + id: 'T1047', + reference: 'https://attack.mitre.org/techniques/T1047', + tactics: ['execution'], + }, + { + name: 'Windows Management Instrumentation Event Subscription', + id: 'T1084', + reference: 'https://attack.mitre.org/techniques/T1084', + tactics: ['persistence'], + }, + { + name: 'Windows Remote Management', + id: 'T1028', + reference: 'https://attack.mitre.org/techniques/T1028', + tactics: ['execution', 'lateral-movement'], + }, + { + name: 'Winlogon Helper DLL', + id: 'T1004', + reference: 'https://attack.mitre.org/techniques/T1004', + tactics: ['persistence'], + }, + { + name: 'XSL Script Processing', + id: 'T1220', + reference: 'https://attack.mitre.org/techniques/T1220', + tactics: ['defense-evasion'], + }, +]; + +export const techniquesOptions: MitreTechniquesOptions[] = [ + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.abuseElevationControlMechanismDescription', + { defaultMessage: 'Abuse Elevation Control Mechanism (T1548)' } + ), + id: 'T1548', + name: 'Abuse Elevation Control Mechanism', + reference: 'https://attack.mitre.org/techniques/T1548', + tactics: 'privilege-escalation,defense-evasion', + value: 'abuseElevationControlMechanism', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessTokenManipulationDescription', + { defaultMessage: 'Access Token Manipulation (T1134)' } + ), + id: 'T1134', + name: 'Access Token Manipulation', + reference: 'https://attack.mitre.org/techniques/T1134', + tactics: 'defense-evasion,privilege-escalation', + value: 'accessTokenManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription', + { defaultMessage: 'Accessibility Features (T1015)' } + ), + id: 'T1015', + name: 'Accessibility Features', + reference: 'https://attack.mitre.org/techniques/T1015', + tactics: 'persistence,privilege-escalation', + value: 'accessibilityFeatures', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription', + { defaultMessage: 'Account Access Removal (T1531)' } + ), + id: 'T1531', + name: 'Account Access Removal', + reference: 'https://attack.mitre.org/techniques/T1531', + tactics: 'impact', + value: 'accountAccessRemoval', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountDiscoveryDescription', + { defaultMessage: 'Account Discovery (T1087)' } + ), + id: 'T1087', + name: 'Account Discovery', + reference: 'https://attack.mitre.org/techniques/T1087', + tactics: 'discovery', + value: 'accountDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountManipulationDescription', + { defaultMessage: 'Account Manipulation (T1098)' } + ), + id: 'T1098', + name: 'Account Manipulation', + reference: 'https://attack.mitre.org/techniques/T1098', + tactics: 'persistence', + value: 'accountManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.acquireInfrastructureDescription', + { defaultMessage: 'Acquire Infrastructure (T1583)' } + ), + id: 'T1583', + name: 'Acquire Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1583', + tactics: 'resource-development', + value: 'acquireInfrastructure', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.activeScanningDescription', + { defaultMessage: 'Active Scanning (T1595)' } + ), + id: 'T1595', + name: 'Active Scanning', + reference: 'https://attack.mitre.org/techniques/T1595', + tactics: 'reconnaissance', + value: 'activeScanning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.adversaryInTheMiddleDescription', + { defaultMessage: 'Adversary-in-the-Middle (T1557)' } + ), + id: 'T1557', + name: 'Adversary-in-the-Middle', + reference: 'https://attack.mitre.org/techniques/T1557', + tactics: 'credential-access,collection', + value: 'adversaryInTheMiddle', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription', + { defaultMessage: 'AppCert DLLs (T1182)' } + ), + id: 'T1182', + name: 'AppCert DLLs', + reference: 'https://attack.mitre.org/techniques/T1182', + tactics: 'persistence,privilege-escalation', + value: 'appCertDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription', + { defaultMessage: 'AppInit DLLs (T1103)' } + ), + id: 'T1103', + name: 'AppInit DLLs', + reference: 'https://attack.mitre.org/techniques/T1103', + tactics: 'persistence,privilege-escalation', + value: 'appInitDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription', + { defaultMessage: 'AppleScript (T1155)' } + ), + id: 'T1155', + name: 'AppleScript', + reference: 'https://attack.mitre.org/techniques/T1155', + tactics: 'execution', + value: 'appleScript', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription', + { defaultMessage: 'Application Access Token (T1527)' } + ), + id: 'T1527', + name: 'Application Access Token', + reference: 'https://attack.mitre.org/techniques/T1527', + tactics: 'defense-evasion,lateral-movement', + value: 'applicationAccessToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription', + { defaultMessage: 'Application Deployment Software (T1017)' } + ), + id: 'T1017', + name: 'Application Deployment Software', + reference: 'https://attack.mitre.org/techniques/T1017', + tactics: 'lateral-movement', + value: 'applicationDeploymentSoftware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationLayerProtocolDescription', + { defaultMessage: 'Application Layer Protocol (T1071)' } + ), + id: 'T1071', + name: 'Application Layer Protocol', + reference: 'https://attack.mitre.org/techniques/T1071', + tactics: 'command-and-control', + value: 'applicationLayerProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription', + { defaultMessage: 'Application Shimming (T1138)' } + ), + id: 'T1138', + name: 'Application Shimming', + reference: 'https://attack.mitre.org/techniques/T1138', + tactics: 'persistence,privilege-escalation', + value: 'applicationShimming', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription', + { defaultMessage: 'Application Window Discovery (T1010)' } + ), + id: 'T1010', + name: 'Application Window Discovery', + reference: 'https://attack.mitre.org/techniques/T1010', + tactics: 'discovery', + value: 'applicationWindowDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.archiveCollectedDataDescription', + { defaultMessage: 'Archive Collected Data (T1560)' } + ), + id: 'T1560', + name: 'Archive Collected Data', + reference: 'https://attack.mitre.org/techniques/T1560', + tactics: 'collection', + value: 'archiveCollectedData', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription', + { defaultMessage: 'Audio Capture (T1123)' } + ), + id: 'T1123', + name: 'Audio Capture', + reference: 'https://attack.mitre.org/techniques/T1123', + tactics: 'collection', + value: 'audioCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription', + { defaultMessage: 'Authentication Package (T1131)' } + ), + id: 'T1131', + name: 'Authentication Package', + reference: 'https://attack.mitre.org/techniques/T1131', + tactics: 'persistence', + value: 'authenticationPackage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription', + { defaultMessage: 'Automated Collection (T1119)' } + ), + id: 'T1119', + name: 'Automated Collection', + reference: 'https://attack.mitre.org/techniques/T1119', + tactics: 'collection', + value: 'automatedCollection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedExfiltrationDescription', + { defaultMessage: 'Automated Exfiltration (T1020)' } + ), + id: 'T1020', + name: 'Automated Exfiltration', + reference: 'https://attack.mitre.org/techniques/T1020', + tactics: 'exfiltration', + value: 'automatedExfiltration', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bitsJobsDescription', + { defaultMessage: 'BITS Jobs (T1197)' } + ), + id: 'T1197', + name: 'BITS Jobs', + reference: 'https://attack.mitre.org/techniques/T1197', + tactics: 'defense-evasion,persistence', + value: 'bitsJobs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription', + { defaultMessage: 'Bash History (T1139)' } + ), + id: 'T1139', + name: 'Bash History', + reference: 'https://attack.mitre.org/techniques/T1139', + tactics: 'credential-access', + value: 'bashHistory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription', + { defaultMessage: 'Binary Padding (T1009)' } + ), + id: 'T1009', + name: 'Binary Padding', + reference: 'https://attack.mitre.org/techniques/T1009', + tactics: 'defense-evasion', + value: 'binaryPadding', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonAutostartExecutionDescription', + { defaultMessage: 'Boot or Logon Autostart Execution (T1547)' } + ), + id: 'T1547', + name: 'Boot or Logon Autostart Execution', + reference: 'https://attack.mitre.org/techniques/T1547', + tactics: 'persistence,privilege-escalation', + value: 'bootOrLogonAutostartExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonInitializationScriptsDescription', + { defaultMessage: 'Boot or Logon Initialization Scripts (T1037)' } + ), + id: 'T1037', + name: 'Boot or Logon Initialization Scripts', + reference: 'https://attack.mitre.org/techniques/T1037', + tactics: 'persistence,privilege-escalation', + value: 'bootOrLogonInitializationScripts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription', + { defaultMessage: 'Bootkit (T1067)' } + ), + id: 'T1067', + name: 'Bootkit', + reference: 'https://attack.mitre.org/techniques/T1067', + tactics: 'persistence', + value: 'bootkit', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserBookmarkDiscoveryDescription', + { defaultMessage: 'Browser Bookmark Discovery (T1217)' } + ), + id: 'T1217', + name: 'Browser Bookmark Discovery', + reference: 'https://attack.mitre.org/techniques/T1217', + tactics: 'discovery', + value: 'browserBookmarkDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserExtensionsDescription', + { defaultMessage: 'Browser Extensions (T1176)' } + ), + id: 'T1176', + name: 'Browser Extensions', + reference: 'https://attack.mitre.org/techniques/T1176', + tactics: 'persistence', + value: 'browserExtensions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserSessionHijackingDescription', + { defaultMessage: 'Browser Session Hijacking (T1185)' } + ), + id: 'T1185', + name: 'Browser Session Hijacking', + reference: 'https://attack.mitre.org/techniques/T1185', + tactics: 'collection', + value: 'browserSessionHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bruteForceDescription', + { defaultMessage: 'Brute Force (T1110)' } + ), + id: 'T1110', + name: 'Brute Force', + reference: 'https://attack.mitre.org/techniques/T1110', + tactics: 'credential-access', + value: 'bruteForce', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.buildImageOnHostDescription', + { defaultMessage: 'Build Image on Host (T1612)' } + ), + id: 'T1612', + name: 'Build Image on Host', + reference: 'https://attack.mitre.org/techniques/T1612', + tactics: 'defense-evasion', + value: 'buildImageOnHost', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription', + { defaultMessage: 'Bypass User Account Control (T1088)' } + ), + id: 'T1088', + name: 'Bypass User Account Control', + reference: 'https://attack.mitre.org/techniques/T1088', + tactics: 'defense-evasion,privilege-escalation', + value: 'bypassUserAccountControl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription', + { defaultMessage: 'CMSTP (T1191)' } + ), + id: 'T1191', + name: 'CMSTP', + reference: 'https://attack.mitre.org/techniques/T1191', + tactics: 'defense-evasion,execution', + value: 'cmstp', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription', + { defaultMessage: 'Change Default File Association (T1042)' } + ), + id: 'T1042', + name: 'Change Default File Association', + reference: 'https://attack.mitre.org/techniques/T1042', + tactics: 'persistence', + value: 'changeDefaultFileAssociation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription', + { defaultMessage: 'Clear Command History (T1146)' } + ), + id: 'T1146', + name: 'Clear Command History', + reference: 'https://attack.mitre.org/techniques/T1146', + tactics: 'defense-evasion', + value: 'clearCommandHistory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription', + { defaultMessage: 'Clipboard Data (T1115)' } + ), + id: 'T1115', + name: 'Clipboard Data', + reference: 'https://attack.mitre.org/techniques/T1115', + tactics: 'collection', + value: 'clipboardData', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInfrastructureDiscoveryDescription', + { defaultMessage: 'Cloud Infrastructure Discovery (T1580)' } + ), + id: 'T1580', + name: 'Cloud Infrastructure Discovery', + reference: 'https://attack.mitre.org/techniques/T1580', + tactics: 'discovery', + value: 'cloudInfrastructureDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription', + { defaultMessage: 'Cloud Instance Metadata API (T1522)' } + ), + id: 'T1522', + name: 'Cloud Instance Metadata API', + reference: 'https://attack.mitre.org/techniques/T1522', + tactics: 'credential-access', + value: 'cloudInstanceMetadataApi', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription', + { defaultMessage: 'Cloud Service Dashboard (T1538)' } + ), + id: 'T1538', + name: 'Cloud Service Dashboard', + reference: 'https://attack.mitre.org/techniques/T1538', + tactics: 'discovery', + value: 'cloudServiceDashboard', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDiscoveryDescription', + { defaultMessage: 'Cloud Service Discovery (T1526)' } + ), + id: 'T1526', + name: 'Cloud Service Discovery', + reference: 'https://attack.mitre.org/techniques/T1526', + tactics: 'discovery', + value: 'cloudServiceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudStorageObjectDiscoveryDescription', + { defaultMessage: 'Cloud Storage Object Discovery (T1619)' } + ), + id: 'T1619', + name: 'Cloud Storage Object Discovery', + reference: 'https://attack.mitre.org/techniques/T1619', + tactics: 'discovery', + value: 'cloudStorageObjectDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription', + { defaultMessage: 'Code Signing (T1116)' } + ), + id: 'T1116', + name: 'Code Signing', + reference: 'https://attack.mitre.org/techniques/T1116', + tactics: 'defense-evasion', + value: 'codeSigning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandAndScriptingInterpreterDescription', + { defaultMessage: 'Command and Scripting Interpreter (T1059)' } + ), + id: 'T1059', + name: 'Command and Scripting Interpreter', + reference: 'https://attack.mitre.org/techniques/T1059', + tactics: 'execution', + value: 'commandAndScriptingInterpreter', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commonlyUsedPortDescription', + { defaultMessage: 'Commonly Used Port (T1043)' } + ), + id: 'T1043', + name: 'Commonly Used Port', + reference: 'https://attack.mitre.org/techniques/T1043', + tactics: 'command-and-control', + value: 'commonlyUsedPort', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.communicationThroughRemovableMediaDescription', + { defaultMessage: 'Communication Through Removable Media (T1092)' } + ), + id: 'T1092', + name: 'Communication Through Removable Media', + reference: 'https://attack.mitre.org/techniques/T1092', + tactics: 'command-and-control', + value: 'communicationThroughRemovableMedia', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription', + { defaultMessage: 'Compile After Delivery (T1500)' } + ), + id: 'T1500', + name: 'Compile After Delivery', + reference: 'https://attack.mitre.org/techniques/T1500', + tactics: 'defense-evasion', + value: 'compileAfterDelivery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription', + { defaultMessage: 'Compiled HTML File (T1223)' } + ), + id: 'T1223', + name: 'Compiled HTML File', + reference: 'https://attack.mitre.org/techniques/T1223', + tactics: 'defense-evasion,execution', + value: 'compiledHtmlFile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription', + { defaultMessage: 'Component Firmware (T1109)' } + ), + id: 'T1109', + name: 'Component Firmware', + reference: 'https://attack.mitre.org/techniques/T1109', + tactics: 'defense-evasion,persistence', + value: 'componentFirmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription', + { defaultMessage: 'Component Object Model Hijacking (T1122)' } + ), + id: 'T1122', + name: 'Component Object Model Hijacking', + reference: 'https://attack.mitre.org/techniques/T1122', + tactics: 'defense-evasion,persistence', + value: 'componentObjectModelHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription', + { defaultMessage: 'Component Object Model and Distributed COM (T1175)' } + ), + id: 'T1175', + name: 'Component Object Model and Distributed COM', + reference: 'https://attack.mitre.org/techniques/T1175', + tactics: 'lateral-movement,execution', + value: 'componentObjectModelAndDistributedCom', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseAccountsDescription', + { defaultMessage: 'Compromise Accounts (T1586)' } + ), + id: 'T1586', + name: 'Compromise Accounts', + reference: 'https://attack.mitre.org/techniques/T1586', + tactics: 'resource-development', + value: 'compromiseAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseClientSoftwareBinaryDescription', + { defaultMessage: 'Compromise Client Software Binary (T1554)' } + ), + id: 'T1554', + name: 'Compromise Client Software Binary', + reference: 'https://attack.mitre.org/techniques/T1554', + tactics: 'persistence', + value: 'compromiseClientSoftwareBinary', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseInfrastructureDescription', + { defaultMessage: 'Compromise Infrastructure (T1584)' } + ), + id: 'T1584', + name: 'Compromise Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1584', + tactics: 'resource-development', + value: 'compromiseInfrastructure', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAdministrationCommandDescription', + { defaultMessage: 'Container Administration Command (T1609)' } + ), + id: 'T1609', + name: 'Container Administration Command', + reference: 'https://attack.mitre.org/techniques/T1609', + tactics: 'execution', + value: 'containerAdministrationCommand', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAndResourceDiscoveryDescription', + { defaultMessage: 'Container and Resource Discovery (T1613)' } + ), + id: 'T1613', + name: 'Container and Resource Discovery', + reference: 'https://attack.mitre.org/techniques/T1613', + tactics: 'discovery', + value: 'containerAndResourceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription', + { defaultMessage: 'Control Panel Items (T1196)' } + ), + id: 'T1196', + name: 'Control Panel Items', + reference: 'https://attack.mitre.org/techniques/T1196', + tactics: 'defense-evasion,execution', + value: 'controlPanelItems', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', + { defaultMessage: 'Create Account (T1136)' } + ), + id: 'T1136', + name: 'Create Account', + reference: 'https://attack.mitre.org/techniques/T1136', + tactics: 'persistence', + value: 'createAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createOrModifySystemProcessDescription', + { defaultMessage: 'Create or Modify System Process (T1543)' } + ), + id: 'T1543', + name: 'Create or Modify System Process', + reference: 'https://attack.mitre.org/techniques/T1543', + tactics: 'persistence,privilege-escalation', + value: 'createOrModifySystemProcess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromPasswordStoresDescription', + { defaultMessage: 'Credentials from Password Stores (T1555)' } + ), + id: 'T1555', + name: 'Credentials from Password Stores', + reference: 'https://attack.mitre.org/techniques/T1555', + tactics: 'credential-access', + value: 'credentialsFromPasswordStores', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription', + { defaultMessage: 'Credentials from Web Browsers (T1503)' } + ), + id: 'T1503', + name: 'Credentials from Web Browsers', + reference: 'https://attack.mitre.org/techniques/T1503', + tactics: 'credential-access', + value: 'credentialsFromWebBrowsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription', + { defaultMessage: 'Credentials in Files (T1081)' } + ), + id: 'T1081', + name: 'Credentials in Files', + reference: 'https://attack.mitre.org/techniques/T1081', + tactics: 'credential-access', + value: 'credentialsInFiles', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription', + { defaultMessage: 'Credentials in Registry (T1214)' } + ), + id: 'T1214', + name: 'Credentials in Registry', + reference: 'https://attack.mitre.org/techniques/T1214', + tactics: 'credential-access', + value: 'credentialsInRegistry', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription', + { defaultMessage: 'Custom Command and Control Protocol (T1094)' } + ), + id: 'T1094', + name: 'Custom Command and Control Protocol', + reference: 'https://attack.mitre.org/techniques/T1094', + tactics: 'command-and-control', + value: 'customCommandAndControlProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription', + { defaultMessage: 'Custom Cryptographic Protocol (T1024)' } + ), + id: 'T1024', + name: 'Custom Cryptographic Protocol', + reference: 'https://attack.mitre.org/techniques/T1024', + tactics: 'command-and-control', + value: 'customCryptographicProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription', + { defaultMessage: 'DLL Search Order Hijacking (T1038)' } + ), + id: 'T1038', + name: 'DLL Search Order Hijacking', + reference: 'https://attack.mitre.org/techniques/T1038', + tactics: 'persistence,privilege-escalation,defense-evasion', + value: 'dllSearchOrderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription', + { defaultMessage: 'DLL Side-Loading (T1073)' } + ), + id: 'T1073', + name: 'DLL Side-Loading', + reference: 'https://attack.mitre.org/techniques/T1073', + tactics: 'defense-evasion', + value: 'dllSideLoading', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription', + { defaultMessage: 'Data Compressed (T1002)' } + ), + id: 'T1002', + name: 'Data Compressed', + reference: 'https://attack.mitre.org/techniques/T1002', + tactics: 'exfiltration', + value: 'dataCompressed', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription', + { defaultMessage: 'Data Destruction (T1485)' } + ), + id: 'T1485', + name: 'Data Destruction', + reference: 'https://attack.mitre.org/techniques/T1485', + tactics: 'impact', + value: 'dataDestruction', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription', + { defaultMessage: 'Data Encoding (T1132)' } + ), + id: 'T1132', + name: 'Data Encoding', + reference: 'https://attack.mitre.org/techniques/T1132', + tactics: 'command-and-control', + value: 'dataEncoding', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription', + { defaultMessage: 'Data Encrypted (T1022)' } + ), + id: 'T1022', + name: 'Data Encrypted', + reference: 'https://attack.mitre.org/techniques/T1022', + tactics: 'exfiltration', + value: 'dataEncrypted', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription', + { defaultMessage: 'Data Encrypted for Impact (T1486)' } + ), + id: 'T1486', + name: 'Data Encrypted for Impact', + reference: 'https://attack.mitre.org/techniques/T1486', + tactics: 'impact', + value: 'dataEncryptedForImpact', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataManipulationDescription', + { defaultMessage: 'Data Manipulation (T1565)' } + ), + id: 'T1565', + name: 'Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1565', + tactics: 'impact', + value: 'dataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription', + { defaultMessage: 'Data Obfuscation (T1001)' } + ), + id: 'T1001', + name: 'Data Obfuscation', + reference: 'https://attack.mitre.org/techniques/T1001', + tactics: 'command-and-control', + value: 'dataObfuscation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataStagedDescription', + { defaultMessage: 'Data Staged (T1074)' } + ), + id: 'T1074', + name: 'Data Staged', + reference: 'https://attack.mitre.org/techniques/T1074', + tactics: 'collection', + value: 'dataStaged', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataTransferSizeLimitsDescription', + { defaultMessage: 'Data Transfer Size Limits (T1030)' } + ), + id: 'T1030', + name: 'Data Transfer Size Limits', + reference: 'https://attack.mitre.org/techniques/T1030', + tactics: 'exfiltration', + value: 'dataTransferSizeLimits', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageDescription', + { defaultMessage: 'Data from Cloud Storage (T1530)' } + ), + id: 'T1530', + name: 'Data from Cloud Storage', + reference: 'https://attack.mitre.org/techniques/T1530', + tactics: 'collection', + value: 'dataFromCloudStorage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription', + { defaultMessage: 'Data from Configuration Repository (T1602)' } + ), + id: 'T1602', + name: 'Data from Configuration Repository', + reference: 'https://attack.mitre.org/techniques/T1602', + tactics: 'collection', + value: 'dataFromConfigurationRepository', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription', + { defaultMessage: 'Data from Information Repositories (T1213)' } + ), + id: 'T1213', + name: 'Data from Information Repositories', + reference: 'https://attack.mitre.org/techniques/T1213', + tactics: 'collection', + value: 'dataFromInformationRepositories', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription', + { defaultMessage: 'Data from Local System (T1005)' } + ), + id: 'T1005', + name: 'Data from Local System', + reference: 'https://attack.mitre.org/techniques/T1005', + tactics: 'collection', + value: 'dataFromLocalSystem', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromNetworkSharedDriveDescription', + { defaultMessage: 'Data from Network Shared Drive (T1039)' } + ), + id: 'T1039', + name: 'Data from Network Shared Drive', + reference: 'https://attack.mitre.org/techniques/T1039', + tactics: 'collection', + value: 'dataFromNetworkSharedDrive', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromRemovableMediaDescription', + { defaultMessage: 'Data from Removable Media (T1025)' } + ), + id: 'T1025', + name: 'Data from Removable Media', + reference: 'https://attack.mitre.org/techniques/T1025', + tactics: 'collection', + value: 'dataFromRemovableMedia', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.debuggerEvasionDescription', + { defaultMessage: 'Debugger Evasion (T1622)' } + ), + id: 'T1622', + name: 'Debugger Evasion', + reference: 'https://attack.mitre.org/techniques/T1622', + tactics: 'defense-evasion,discovery', + value: 'debuggerEvasion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription', + { defaultMessage: 'Defacement (T1491)' } + ), + id: 'T1491', + name: 'Defacement', + reference: 'https://attack.mitre.org/techniques/T1491', + tactics: 'impact', + value: 'defacement', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.deobfuscateDecodeFilesOrInformationDescription', + { defaultMessage: 'Deobfuscate/Decode Files or Information (T1140)' } + ), + id: 'T1140', + name: 'Deobfuscate/Decode Files or Information', + reference: 'https://attack.mitre.org/techniques/T1140', + tactics: 'defense-evasion', + value: 'deobfuscateDecodeFilesOrInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.deployContainerDescription', + { defaultMessage: 'Deploy Container (T1610)' } + ), + id: 'T1610', + name: 'Deploy Container', + reference: 'https://attack.mitre.org/techniques/T1610', + tactics: 'defense-evasion,execution', + value: 'deployContainer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.developCapabilitiesDescription', + { defaultMessage: 'Develop Capabilities (T1587)' } + ), + id: 'T1587', + name: 'Develop Capabilities', + reference: 'https://attack.mitre.org/techniques/T1587', + tactics: 'resource-development', + value: 'developCapabilities', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.directVolumeAccessDescription', + { defaultMessage: 'Direct Volume Access (T1006)' } + ), + id: 'T1006', + name: 'Direct Volume Access', + reference: 'https://attack.mitre.org/techniques/T1006', + tactics: 'defense-evasion', + value: 'directVolumeAccess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription', + { defaultMessage: 'Disabling Security Tools (T1089)' } + ), + id: 'T1089', + name: 'Disabling Security Tools', + reference: 'https://attack.mitre.org/techniques/T1089', + tactics: 'defense-evasion', + value: 'disablingSecurityTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription', + { defaultMessage: 'Disk Content Wipe (T1488)' } + ), + id: 'T1488', + name: 'Disk Content Wipe', + reference: 'https://attack.mitre.org/techniques/T1488', + tactics: 'impact', + value: 'diskContentWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription', + { defaultMessage: 'Disk Structure Wipe (T1487)' } + ), + id: 'T1487', + name: 'Disk Structure Wipe', + reference: 'https://attack.mitre.org/techniques/T1487', + tactics: 'impact', + value: 'diskStructureWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskWipeDescription', + { defaultMessage: 'Disk Wipe (T1561)' } + ), + id: 'T1561', + name: 'Disk Wipe', + reference: 'https://attack.mitre.org/techniques/T1561', + tactics: 'impact', + value: 'diskWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription', + { defaultMessage: 'Domain Fronting (T1172)' } + ), + id: 'T1172', + name: 'Domain Fronting', + reference: 'https://attack.mitre.org/techniques/T1172', + tactics: 'command-and-control', + value: 'domainFronting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription', + { defaultMessage: 'Domain Generation Algorithms (T1483)' } + ), + id: 'T1483', + name: 'Domain Generation Algorithms', + reference: 'https://attack.mitre.org/techniques/T1483', + tactics: 'command-and-control', + value: 'domainGenerationAlgorithms', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription', + { defaultMessage: 'Domain Policy Modification (T1484)' } + ), + id: 'T1484', + name: 'Domain Policy Modification', + reference: 'https://attack.mitre.org/techniques/T1484', + tactics: 'defense-evasion,privilege-escalation', + value: 'domainPolicyModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription', + { defaultMessage: 'Domain Trust Discovery (T1482)' } + ), + id: 'T1482', + name: 'Domain Trust Discovery', + reference: 'https://attack.mitre.org/techniques/T1482', + tactics: 'discovery', + value: 'domainTrustDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.driveByCompromiseDescription', + { defaultMessage: 'Drive-by Compromise (T1189)' } + ), + id: 'T1189', + name: 'Drive-by Compromise', + reference: 'https://attack.mitre.org/techniques/T1189', + tactics: 'initial-access', + value: 'driveByCompromise', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription', + { defaultMessage: 'Dylib Hijacking (T1157)' } + ), + id: 'T1157', + name: 'Dylib Hijacking', + reference: 'https://attack.mitre.org/techniques/T1157', + tactics: 'persistence,privilege-escalation', + value: 'dylibHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription', + { defaultMessage: 'Dynamic Data Exchange (T1173)' } + ), + id: 'T1173', + name: 'Dynamic Data Exchange', + reference: 'https://attack.mitre.org/techniques/T1173', + tactics: 'execution', + value: 'dynamicDataExchange', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicResolutionDescription', + { defaultMessage: 'Dynamic Resolution (T1568)' } + ), + id: 'T1568', + name: 'Dynamic Resolution', + reference: 'https://attack.mitre.org/techniques/T1568', + tactics: 'command-and-control', + value: 'dynamicResolution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription', + { defaultMessage: 'Elevated Execution with Prompt (T1514)' } + ), + id: 'T1514', + name: 'Elevated Execution with Prompt', + reference: 'https://attack.mitre.org/techniques/T1514', + tactics: 'privilege-escalation', + value: 'elevatedExecutionWithPrompt', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription', + { defaultMessage: 'Email Collection (T1114)' } + ), + id: 'T1114', + name: 'Email Collection', + reference: 'https://attack.mitre.org/techniques/T1114', + tactics: 'collection', + value: 'emailCollection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription', + { defaultMessage: 'Emond (T1519)' } + ), + id: 'T1519', + name: 'Emond', + reference: 'https://attack.mitre.org/techniques/T1519', + tactics: 'persistence,privilege-escalation', + value: 'emond', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.encryptedChannelDescription', + { defaultMessage: 'Encrypted Channel (T1573)' } + ), + id: 'T1573', + name: 'Encrypted Channel', + reference: 'https://attack.mitre.org/techniques/T1573', + tactics: 'command-and-control', + value: 'encryptedChannel', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.endpointDenialOfServiceDescription', + { defaultMessage: 'Endpoint Denial of Service (T1499)' } + ), + id: 'T1499', + name: 'Endpoint Denial of Service', + reference: 'https://attack.mitre.org/techniques/T1499', + tactics: 'impact', + value: 'endpointDenialOfService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.escapeToHostDescription', + { defaultMessage: 'Escape to Host (T1611)' } + ), + id: 'T1611', + name: 'Escape to Host', + reference: 'https://attack.mitre.org/techniques/T1611', + tactics: 'privilege-escalation', + value: 'escapeToHost', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.establishAccountsDescription', + { defaultMessage: 'Establish Accounts (T1585)' } + ), + id: 'T1585', + name: 'Establish Accounts', + reference: 'https://attack.mitre.org/techniques/T1585', + tactics: 'resource-development', + value: 'establishAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.eventTriggeredExecutionDescription', + { defaultMessage: 'Event Triggered Execution (T1546)' } + ), + id: 'T1546', + name: 'Event Triggered Execution', + reference: 'https://attack.mitre.org/techniques/T1546', + tactics: 'privilege-escalation,persistence', + value: 'eventTriggeredExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription', + { defaultMessage: 'Execution Guardrails (T1480)' } + ), + id: 'T1480', + name: 'Execution Guardrails', + reference: 'https://attack.mitre.org/techniques/T1480', + tactics: 'defense-evasion', + value: 'executionGuardrails', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverAlternativeProtocolDescription', + { defaultMessage: 'Exfiltration Over Alternative Protocol (T1048)' } + ), + id: 'T1048', + name: 'Exfiltration Over Alternative Protocol', + reference: 'https://attack.mitre.org/techniques/T1048', + tactics: 'exfiltration', + value: 'exfiltrationOverAlternativeProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverC2ChannelDescription', + { defaultMessage: 'Exfiltration Over C2 Channel (T1041)' } + ), + id: 'T1041', + name: 'Exfiltration Over C2 Channel', + reference: 'https://attack.mitre.org/techniques/T1041', + tactics: 'exfiltration', + value: 'exfiltrationOverC2Channel', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverOtherNetworkMediumDescription', + { defaultMessage: 'Exfiltration Over Other Network Medium (T1011)' } + ), + id: 'T1011', + name: 'Exfiltration Over Other Network Medium', + reference: 'https://attack.mitre.org/techniques/T1011', + tactics: 'exfiltration', + value: 'exfiltrationOverOtherNetworkMedium', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverPhysicalMediumDescription', + { defaultMessage: 'Exfiltration Over Physical Medium (T1052)' } + ), + id: 'T1052', + name: 'Exfiltration Over Physical Medium', + reference: 'https://attack.mitre.org/techniques/T1052', + tactics: 'exfiltration', + value: 'exfiltrationOverPhysicalMedium', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverWebServiceDescription', + { defaultMessage: 'Exfiltration Over Web Service (T1567)' } + ), + id: 'T1567', + name: 'Exfiltration Over Web Service', + reference: 'https://attack.mitre.org/techniques/T1567', + tactics: 'exfiltration', + value: 'exfiltrationOverWebService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription', + { defaultMessage: 'Exploit Public-Facing Application (T1190)' } + ), + id: 'T1190', + name: 'Exploit Public-Facing Application', + reference: 'https://attack.mitre.org/techniques/T1190', + tactics: 'initial-access', + value: 'exploitPublicFacingApplication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForClientExecutionDescription', + { defaultMessage: 'Exploitation for Client Execution (T1203)' } + ), + id: 'T1203', + name: 'Exploitation for Client Execution', + reference: 'https://attack.mitre.org/techniques/T1203', + tactics: 'execution', + value: 'exploitationForClientExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForCredentialAccessDescription', + { defaultMessage: 'Exploitation for Credential Access (T1212)' } + ), + id: 'T1212', + name: 'Exploitation for Credential Access', + reference: 'https://attack.mitre.org/techniques/T1212', + tactics: 'credential-access', + value: 'exploitationForCredentialAccess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForDefenseEvasionDescription', + { defaultMessage: 'Exploitation for Defense Evasion (T1211)' } + ), + id: 'T1211', + name: 'Exploitation for Defense Evasion', + reference: 'https://attack.mitre.org/techniques/T1211', + tactics: 'defense-evasion', + value: 'exploitationForDefenseEvasion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForPrivilegeEscalationDescription', + { defaultMessage: 'Exploitation for Privilege Escalation (T1068)' } + ), + id: 'T1068', + name: 'Exploitation for Privilege Escalation', + reference: 'https://attack.mitre.org/techniques/T1068', + tactics: 'privilege-escalation', + value: 'exploitationForPrivilegeEscalation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationOfRemoteServicesDescription', + { defaultMessage: 'Exploitation of Remote Services (T1210)' } + ), + id: 'T1210', + name: 'Exploitation of Remote Services', + reference: 'https://attack.mitre.org/techniques/T1210', + tactics: 'lateral-movement', + value: 'exploitationOfRemoteServices', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.externalRemoteServicesDescription', + { defaultMessage: 'External Remote Services (T1133)' } + ), + id: 'T1133', + name: 'External Remote Services', + reference: 'https://attack.mitre.org/techniques/T1133', + tactics: 'persistence,initial-access', + value: 'externalRemoteServices', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription', + { defaultMessage: 'Extra Window Memory Injection (T1181)' } + ), + id: 'T1181', + name: 'Extra Window Memory Injection', + reference: 'https://attack.mitre.org/techniques/T1181', + tactics: 'defense-evasion,privilege-escalation', + value: 'extraWindowMemoryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription', + { defaultMessage: 'Fallback Channels (T1008)' } + ), + id: 'T1008', + name: 'Fallback Channels', + reference: 'https://attack.mitre.org/techniques/T1008', + tactics: 'command-and-control', + value: 'fallbackChannels', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription', + { defaultMessage: 'File Deletion (T1107)' } + ), + id: 'T1107', + name: 'File Deletion', + reference: 'https://attack.mitre.org/techniques/T1107', + tactics: 'defense-evasion', + value: 'fileDeletion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription', + { defaultMessage: 'File System Permissions Weakness (T1044)' } + ), + id: 'T1044', + name: 'File System Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1044', + tactics: 'persistence,privilege-escalation', + value: 'fileSystemPermissionsWeakness', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription', + { defaultMessage: 'File and Directory Discovery (T1083)' } + ), + id: 'T1083', + name: 'File and Directory Discovery', + reference: 'https://attack.mitre.org/techniques/T1083', + tactics: 'discovery', + value: 'fileAndDirectoryDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryPermissionsModificationDescription', + { defaultMessage: 'File and Directory Permissions Modification (T1222)' } + ), + id: 'T1222', + name: 'File and Directory Permissions Modification', + reference: 'https://attack.mitre.org/techniques/T1222', + tactics: 'defense-evasion', + value: 'fileAndDirectoryPermissionsModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription', + { defaultMessage: 'Firmware Corruption (T1495)' } + ), + id: 'T1495', + name: 'Firmware Corruption', + reference: 'https://attack.mitre.org/techniques/T1495', + tactics: 'impact', + value: 'firmwareCorruption', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.forcedAuthenticationDescription', + { defaultMessage: 'Forced Authentication (T1187)' } + ), + id: 'T1187', + name: 'Forced Authentication', + reference: 'https://attack.mitre.org/techniques/T1187', + tactics: 'credential-access', + value: 'forcedAuthentication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.forgeWebCredentialsDescription', + { defaultMessage: 'Forge Web Credentials (T1606)' } + ), + id: 'T1606', + name: 'Forge Web Credentials', + reference: 'https://attack.mitre.org/techniques/T1606', + tactics: 'credential-access', + value: 'forgeWebCredentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription', + { defaultMessage: 'Gatekeeper Bypass (T1144)' } + ), + id: 'T1144', + name: 'Gatekeeper Bypass', + reference: 'https://attack.mitre.org/techniques/T1144', + tactics: 'defense-evasion', + value: 'gatekeeperBypass', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimHostInformationDescription', + { defaultMessage: 'Gather Victim Host Information (T1592)' } + ), + id: 'T1592', + name: 'Gather Victim Host Information', + reference: 'https://attack.mitre.org/techniques/T1592', + tactics: 'reconnaissance', + value: 'gatherVictimHostInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimIdentityInformationDescription', + { defaultMessage: 'Gather Victim Identity Information (T1589)' } + ), + id: 'T1589', + name: 'Gather Victim Identity Information', + reference: 'https://attack.mitre.org/techniques/T1589', + tactics: 'reconnaissance', + value: 'gatherVictimIdentityInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimNetworkInformationDescription', + { defaultMessage: 'Gather Victim Network Information (T1590)' } + ), + id: 'T1590', + name: 'Gather Victim Network Information', + reference: 'https://attack.mitre.org/techniques/T1590', + tactics: 'reconnaissance', + value: 'gatherVictimNetworkInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimOrgInformationDescription', + { defaultMessage: 'Gather Victim Org Information (T1591)' } + ), + id: 'T1591', + name: 'Gather Victim Org Information', + reference: 'https://attack.mitre.org/techniques/T1591', + tactics: 'reconnaissance', + value: 'gatherVictimOrgInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.graphicalUserInterfaceDescription', + { defaultMessage: 'Graphical User Interface (T1061)' } + ), + id: 'T1061', + name: 'Graphical User Interface', + reference: 'https://attack.mitre.org/techniques/T1061', + tactics: 'execution', + value: 'graphicalUserInterface', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyDiscoveryDescription', + { defaultMessage: 'Group Policy Discovery (T1615)' } + ), + id: 'T1615', + name: 'Group Policy Discovery', + reference: 'https://attack.mitre.org/techniques/T1615', + tactics: 'discovery', + value: 'groupPolicyDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription', + { defaultMessage: 'HISTCONTROL (T1148)' } + ), + id: 'T1148', + name: 'HISTCONTROL', + reference: 'https://attack.mitre.org/techniques/T1148', + tactics: 'defense-evasion', + value: 'histcontrol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription', + { defaultMessage: 'Hardware Additions (T1200)' } + ), + id: 'T1200', + name: 'Hardware Additions', + reference: 'https://attack.mitre.org/techniques/T1200', + tactics: 'initial-access', + value: 'hardwareAdditions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription', + { defaultMessage: 'Hidden Files and Directories (T1158)' } + ), + id: 'T1158', + name: 'Hidden Files and Directories', + reference: 'https://attack.mitre.org/techniques/T1158', + tactics: 'defense-evasion,persistence', + value: 'hiddenFilesAndDirectories', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription', + { defaultMessage: 'Hidden Users (T1147)' } + ), + id: 'T1147', + name: 'Hidden Users', + reference: 'https://attack.mitre.org/techniques/T1147', + tactics: 'defense-evasion', + value: 'hiddenUsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription', + { defaultMessage: 'Hidden Window (T1143)' } + ), + id: 'T1143', + name: 'Hidden Window', + reference: 'https://attack.mitre.org/techniques/T1143', + tactics: 'defense-evasion', + value: 'hiddenWindow', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hideArtifactsDescription', + { defaultMessage: 'Hide Artifacts (T1564)' } + ), + id: 'T1564', + name: 'Hide Artifacts', + reference: 'https://attack.mitre.org/techniques/T1564', + tactics: 'defense-evasion', + value: 'hideArtifacts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hijackExecutionFlowDescription', + { defaultMessage: 'Hijack Execution Flow (T1574)' } + ), + id: 'T1574', + name: 'Hijack Execution Flow', + reference: 'https://attack.mitre.org/techniques/T1574', + tactics: 'persistence,privilege-escalation,defense-evasion', + value: 'hijackExecutionFlow', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription', + { defaultMessage: 'Hooking (T1179)' } + ), + id: 'T1179', + name: 'Hooking', + reference: 'https://attack.mitre.org/techniques/T1179', + tactics: 'persistence,privilege-escalation,credential-access', + value: 'hooking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hypervisorDescription', + { defaultMessage: 'Hypervisor (T1062)' } + ), + id: 'T1062', + name: 'Hypervisor', + reference: 'https://attack.mitre.org/techniques/T1062', + tactics: 'persistence', + value: 'hypervisor', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription', + { defaultMessage: 'Image File Execution Options Injection (T1183)' } + ), + id: 'T1183', + name: 'Image File Execution Options Injection', + reference: 'https://attack.mitre.org/techniques/T1183', + tactics: 'privilege-escalation,persistence,defense-evasion', + value: 'imageFileExecutionOptionsInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.impairDefensesDescription', + { defaultMessage: 'Impair Defenses (T1562)' } + ), + id: 'T1562', + name: 'Impair Defenses', + reference: 'https://attack.mitre.org/techniques/T1562', + tactics: 'defense-evasion', + value: 'impairDefenses', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription', + { defaultMessage: 'Implant Internal Image (T1525)' } + ), + id: 'T1525', + name: 'Implant Internal Image', + reference: 'https://attack.mitre.org/techniques/T1525', + tactics: 'persistence', + value: 'implantInternalImage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription', + { defaultMessage: 'Indicator Blocking (T1054)' } + ), + id: 'T1054', + name: 'Indicator Blocking', + reference: 'https://attack.mitre.org/techniques/T1054', + tactics: 'defense-evasion', + value: 'indicatorBlocking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalDescription', + { defaultMessage: 'Indicator Removal (T1070)' } + ), + id: 'T1070', + name: 'Indicator Removal', + reference: 'https://attack.mitre.org/techniques/T1070', + tactics: 'defense-evasion', + value: 'indicatorRemoval', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription', + { defaultMessage: 'Indicator Removal from Tools (T1066)' } + ), + id: 'T1066', + name: 'Indicator Removal from Tools', + reference: 'https://attack.mitre.org/techniques/T1066', + tactics: 'defense-evasion', + value: 'indicatorRemovalFromTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription', + { defaultMessage: 'Indirect Command Execution (T1202)' } + ), + id: 'T1202', + name: 'Indirect Command Execution', + reference: 'https://attack.mitre.org/techniques/T1202', + tactics: 'defense-evasion', + value: 'indirectCommandExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription', + { defaultMessage: 'Ingress Tool Transfer (T1105)' } + ), + id: 'T1105', + name: 'Ingress Tool Transfer', + reference: 'https://attack.mitre.org/techniques/T1105', + tactics: 'command-and-control', + value: 'ingressToolTransfer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription', + { defaultMessage: 'Inhibit System Recovery (T1490)' } + ), + id: 'T1490', + name: 'Inhibit System Recovery', + reference: 'https://attack.mitre.org/techniques/T1490', + tactics: 'impact', + value: 'inhibitSystemRecovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputCaptureDescription', + { defaultMessage: 'Input Capture (T1056)' } + ), + id: 'T1056', + name: 'Input Capture', + reference: 'https://attack.mitre.org/techniques/T1056', + tactics: 'collection,credential-access', + value: 'inputCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription', + { defaultMessage: 'Input Prompt (T1141)' } + ), + id: 'T1141', + name: 'Input Prompt', + reference: 'https://attack.mitre.org/techniques/T1141', + tactics: 'credential-access', + value: 'inputPrompt', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription', + { defaultMessage: 'Install Root Certificate (T1130)' } + ), + id: 'T1130', + name: 'Install Root Certificate', + reference: 'https://attack.mitre.org/techniques/T1130', + tactics: 'defense-evasion', + value: 'installRootCertificate', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription', + { defaultMessage: 'InstallUtil (T1118)' } + ), + id: 'T1118', + name: 'InstallUtil', + reference: 'https://attack.mitre.org/techniques/T1118', + tactics: 'defense-evasion,execution', + value: 'installUtil', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.interProcessCommunicationDescription', + { defaultMessage: 'Inter-Process Communication (T1559)' } + ), + id: 'T1559', + name: 'Inter-Process Communication', + reference: 'https://attack.mitre.org/techniques/T1559', + tactics: 'execution', + value: 'interProcessCommunication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription', + { defaultMessage: 'Internal Spearphishing (T1534)' } + ), + id: 'T1534', + name: 'Internal Spearphishing', + reference: 'https://attack.mitre.org/techniques/T1534', + tactics: 'lateral-movement', + value: 'internalSpearphishing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription', + { defaultMessage: 'Kerberoasting (T1208)' } + ), + id: 'T1208', + name: 'Kerberoasting', + reference: 'https://attack.mitre.org/techniques/T1208', + tactics: 'credential-access', + value: 'kerberoasting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription', + { defaultMessage: 'Kernel Modules and Extensions (T1215)' } + ), + id: 'T1215', + name: 'Kernel Modules and Extensions', + reference: 'https://attack.mitre.org/techniques/T1215', + tactics: 'persistence', + value: 'kernelModulesAndExtensions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription', + { defaultMessage: 'Keychain (T1142)' } + ), + id: 'T1142', + name: 'Keychain', + reference: 'https://attack.mitre.org/techniques/T1142', + tactics: 'credential-access', + value: 'keychain', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription', + { defaultMessage: 'LC_LOAD_DYLIB Addition (T1161)' } + ), + id: 'T1161', + name: 'LC_LOAD_DYLIB Addition', + reference: 'https://attack.mitre.org/techniques/T1161', + tactics: 'persistence', + value: 'lcLoadDylibAddition', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription', + { defaultMessage: 'LC_MAIN Hijacking (T1149)' } + ), + id: 'T1149', + name: 'LC_MAIN Hijacking', + reference: 'https://attack.mitre.org/techniques/T1149', + tactics: 'defense-evasion', + value: 'lcMainHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription', + { defaultMessage: 'LLMNR/NBT-NS Poisoning and Relay (T1171)' } + ), + id: 'T1171', + name: 'LLMNR/NBT-NS Poisoning and Relay', + reference: 'https://attack.mitre.org/techniques/T1171', + tactics: 'credential-access', + value: 'llmnrNbtNsPoisoningAndRelay', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription', + { defaultMessage: 'LSASS Driver (T1177)' } + ), + id: 'T1177', + name: 'LSASS Driver', + reference: 'https://attack.mitre.org/techniques/T1177', + tactics: 'execution,persistence', + value: 'lsassDriver', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lateralToolTransferDescription', + { defaultMessage: 'Lateral Tool Transfer (T1570)' } + ), + id: 'T1570', + name: 'Lateral Tool Transfer', + reference: 'https://attack.mitre.org/techniques/T1570', + tactics: 'lateral-movement', + value: 'lateralToolTransfer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription', + { defaultMessage: 'Launch Agent (T1159)' } + ), + id: 'T1159', + name: 'Launch Agent', + reference: 'https://attack.mitre.org/techniques/T1159', + tactics: 'persistence', + value: 'launchAgent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription', + { defaultMessage: 'Launch Daemon (T1160)' } + ), + id: 'T1160', + name: 'Launch Daemon', + reference: 'https://attack.mitre.org/techniques/T1160', + tactics: 'persistence,privilege-escalation', + value: 'launchDaemon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription', + { defaultMessage: 'Launchctl (T1152)' } + ), + id: 'T1152', + name: 'Launchctl', + reference: 'https://attack.mitre.org/techniques/T1152', + tactics: 'defense-evasion,execution,persistence', + value: 'launchctl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription', + { defaultMessage: 'Local Job Scheduling (T1168)' } + ), + id: 'T1168', + name: 'Local Job Scheduling', + reference: 'https://attack.mitre.org/techniques/T1168', + tactics: 'persistence,execution', + value: 'localJobScheduling', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription', + { defaultMessage: 'Login Item (T1162)' } + ), + id: 'T1162', + name: 'Login Item', + reference: 'https://attack.mitre.org/techniques/T1162', + tactics: 'persistence', + value: 'loginItem', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.maliciousShellModificationDescription', + { defaultMessage: 'Malicious Shell Modification (T1156)' } + ), + id: 'T1156', + name: 'Malicious Shell Modification', + reference: 'https://attack.mitre.org/techniques/T1156', + tactics: 'persistence', + value: 'maliciousShellModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', + { defaultMessage: 'Masquerading (T1036)' } + ), + id: 'T1036', + name: 'Masquerading', + reference: 'https://attack.mitre.org/techniques/T1036', + tactics: 'defense-evasion', + value: 'masquerading', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyAuthenticationProcessDescription', + { defaultMessage: 'Modify Authentication Process (T1556)' } + ), + id: 'T1556', + name: 'Modify Authentication Process', + reference: 'https://attack.mitre.org/techniques/T1556', + tactics: 'credential-access,defense-evasion,persistence', + value: 'modifyAuthenticationProcess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyCloudComputeInfrastructureDescription', + { defaultMessage: 'Modify Cloud Compute Infrastructure (T1578)' } + ), + id: 'T1578', + name: 'Modify Cloud Compute Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1578', + tactics: 'defense-evasion', + value: 'modifyCloudComputeInfrastructure', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription', + { defaultMessage: 'Modify Existing Service (T1031)' } + ), + id: 'T1031', + name: 'Modify Existing Service', + reference: 'https://attack.mitre.org/techniques/T1031', + tactics: 'persistence', + value: 'modifyExistingService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription', + { defaultMessage: 'Modify Registry (T1112)' } + ), + id: 'T1112', + name: 'Modify Registry', + reference: 'https://attack.mitre.org/techniques/T1112', + tactics: 'defense-evasion', + value: 'modifyRegistry', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifySystemImageDescription', + { defaultMessage: 'Modify System Image (T1601)' } + ), + id: 'T1601', + name: 'Modify System Image', + reference: 'https://attack.mitre.org/techniques/T1601', + tactics: 'defense-evasion', + value: 'modifySystemImage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription', + { defaultMessage: 'Mshta (T1170)' } + ), + id: 'T1170', + name: 'Mshta', + reference: 'https://attack.mitre.org/techniques/T1170', + tactics: 'defense-evasion,execution', + value: 'mshta', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationInterceptionDescription', + { defaultMessage: 'Multi-Factor Authentication Interception (T1111)' } + ), + id: 'T1111', + name: 'Multi-Factor Authentication Interception', + reference: 'https://attack.mitre.org/techniques/T1111', + tactics: 'credential-access', + value: 'multiFactorAuthenticationInterception', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationRequestGenerationDescription', + { defaultMessage: 'Multi-Factor Authentication Request Generation (T1621)' } + ), + id: 'T1621', + name: 'Multi-Factor Authentication Request Generation', + reference: 'https://attack.mitre.org/techniques/T1621', + tactics: 'credential-access', + value: 'multiFactorAuthenticationRequestGeneration', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription', + { defaultMessage: 'Multi-Stage Channels (T1104)' } + ), + id: 'T1104', + name: 'Multi-Stage Channels', + reference: 'https://attack.mitre.org/techniques/T1104', + tactics: 'command-and-control', + value: 'multiStageChannels', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription', + { defaultMessage: 'Multi-hop Proxy (T1188)' } + ), + id: 'T1188', + name: 'Multi-hop Proxy', + reference: 'https://attack.mitre.org/techniques/T1188', + tactics: 'command-and-control', + value: 'multiHopProxy', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription', + { defaultMessage: 'Multiband Communication (T1026)' } + ), + id: 'T1026', + name: 'Multiband Communication', + reference: 'https://attack.mitre.org/techniques/T1026', + tactics: 'command-and-control', + value: 'multibandCommunication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription', + { defaultMessage: 'Multilayer Encryption (T1079)' } + ), + id: 'T1079', + name: 'Multilayer Encryption', + reference: 'https://attack.mitre.org/techniques/T1079', + tactics: 'command-and-control', + value: 'multilayerEncryption', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription', + { defaultMessage: 'NTFS File Attributes (T1096)' } + ), + id: 'T1096', + name: 'NTFS File Attributes', + reference: 'https://attack.mitre.org/techniques/T1096', + tactics: 'defense-evasion', + value: 'ntfsFileAttributes', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', + { defaultMessage: 'Native API (T1106)' } + ), + id: 'T1106', + name: 'Native API', + reference: 'https://attack.mitre.org/techniques/T1106', + tactics: 'execution', + value: 'nativeApi', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription', + { defaultMessage: 'Netsh Helper DLL (T1128)' } + ), + id: 'T1128', + name: 'Netsh Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1128', + tactics: 'persistence', + value: 'netshHelperDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', + { defaultMessage: 'Network Boundary Bridging (T1599)' } + ), + id: 'T1599', + name: 'Network Boundary Bridging', + reference: 'https://attack.mitre.org/techniques/T1599', + tactics: 'defense-evasion', + value: 'networkBoundaryBridging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription', + { defaultMessage: 'Network Denial of Service (T1498)' } + ), + id: 'T1498', + name: 'Network Denial of Service', + reference: 'https://attack.mitre.org/techniques/T1498', + tactics: 'impact', + value: 'networkDenialOfService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceDiscoveryDescription', + { defaultMessage: 'Network Service Discovery (T1046)' } + ), + id: 'T1046', + name: 'Network Service Discovery', + reference: 'https://attack.mitre.org/techniques/T1046', + tactics: 'discovery', + value: 'networkServiceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription', + { defaultMessage: 'Network Share Connection Removal (T1126)' } + ), + id: 'T1126', + name: 'Network Share Connection Removal', + reference: 'https://attack.mitre.org/techniques/T1126', + tactics: 'defense-evasion', + value: 'networkShareConnectionRemoval', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription', + { defaultMessage: 'Network Share Discovery (T1135)' } + ), + id: 'T1135', + name: 'Network Share Discovery', + reference: 'https://attack.mitre.org/techniques/T1135', + tactics: 'discovery', + value: 'networkShareDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription', + { defaultMessage: 'Network Sniffing (T1040)' } + ), + id: 'T1040', + name: 'Network Sniffing', + reference: 'https://attack.mitre.org/techniques/T1040', + tactics: 'credential-access,discovery', + value: 'networkSniffing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription', + { defaultMessage: 'New Service (T1050)' } + ), + id: 'T1050', + name: 'New Service', + reference: 'https://attack.mitre.org/techniques/T1050', + tactics: 'persistence,privilege-escalation', + value: 'newService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription', + { defaultMessage: 'Non-Application Layer Protocol (T1095)' } + ), + id: 'T1095', + name: 'Non-Application Layer Protocol', + reference: 'https://attack.mitre.org/techniques/T1095', + tactics: 'command-and-control', + value: 'nonApplicationLayerProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonStandardPortDescription', + { defaultMessage: 'Non-Standard Port (T1571)' } + ), + id: 'T1571', + name: 'Non-Standard Port', + reference: 'https://attack.mitre.org/techniques/T1571', + tactics: 'command-and-control', + value: 'nonStandardPort', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.osCredentialDumpingDescription', + { defaultMessage: 'OS Credential Dumping (T1003)' } + ), + id: 'T1003', + name: 'OS Credential Dumping', + reference: 'https://attack.mitre.org/techniques/T1003', + tactics: 'credential-access', + value: 'osCredentialDumping', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.obfuscatedFilesOrInformationDescription', + { defaultMessage: 'Obfuscated Files or Information (T1027)' } + ), + id: 'T1027', + name: 'Obfuscated Files or Information', + reference: 'https://attack.mitre.org/techniques/T1027', + tactics: 'defense-evasion', + value: 'obfuscatedFilesOrInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.obtainCapabilitiesDescription', + { defaultMessage: 'Obtain Capabilities (T1588)' } + ), + id: 'T1588', + name: 'Obtain Capabilities', + reference: 'https://attack.mitre.org/techniques/T1588', + tactics: 'resource-development', + value: 'obtainCapabilities', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription', + { defaultMessage: 'Office Application Startup (T1137)' } + ), + id: 'T1137', + name: 'Office Application Startup', + reference: 'https://attack.mitre.org/techniques/T1137', + tactics: 'persistence', + value: 'officeApplicationStartup', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription', + { defaultMessage: 'Parent PID Spoofing (T1502)' } + ), + id: 'T1502', + name: 'Parent PID Spoofing', + reference: 'https://attack.mitre.org/techniques/T1502', + tactics: 'defense-evasion,privilege-escalation', + value: 'parentPidSpoofing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription', + { defaultMessage: 'Pass the Hash (T1075)' } + ), + id: 'T1075', + name: 'Pass the Hash', + reference: 'https://attack.mitre.org/techniques/T1075', + tactics: 'lateral-movement', + value: 'passTheHash', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription', + { defaultMessage: 'Pass the Ticket (T1097)' } + ), + id: 'T1097', + name: 'Pass the Ticket', + reference: 'https://attack.mitre.org/techniques/T1097', + tactics: 'lateral-movement', + value: 'passTheTicket', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription', + { defaultMessage: 'Password Filter DLL (T1174)' } + ), + id: 'T1174', + name: 'Password Filter DLL', + reference: 'https://attack.mitre.org/techniques/T1174', + tactics: 'credential-access', + value: 'passwordFilterDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription', + { defaultMessage: 'Password Policy Discovery (T1201)' } + ), + id: 'T1201', + name: 'Password Policy Discovery', + reference: 'https://attack.mitre.org/techniques/T1201', + tactics: 'discovery', + value: 'passwordPolicyDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.pathInterceptionDescription', + { defaultMessage: 'Path Interception (T1034)' } + ), + id: 'T1034', + name: 'Path Interception', + reference: 'https://attack.mitre.org/techniques/T1034', + tactics: 'persistence,privilege-escalation', + value: 'pathInterception', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.peripheralDeviceDiscoveryDescription', + { defaultMessage: 'Peripheral Device Discovery (T1120)' } + ), + id: 'T1120', + name: 'Peripheral Device Discovery', + reference: 'https://attack.mitre.org/techniques/T1120', + tactics: 'discovery', + value: 'peripheralDeviceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.permissionGroupsDiscoveryDescription', + { defaultMessage: 'Permission Groups Discovery (T1069)' } + ), + id: 'T1069', + name: 'Permission Groups Discovery', + reference: 'https://attack.mitre.org/techniques/T1069', + tactics: 'discovery', + value: 'permissionGroupsDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingDescription', + { defaultMessage: 'Phishing (T1566)' } + ), + id: 'T1566', + name: 'Phishing', + reference: 'https://attack.mitre.org/techniques/T1566', + tactics: 'initial-access', + value: 'phishing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingForInformationDescription', + { defaultMessage: 'Phishing for Information (T1598)' } + ), + id: 'T1598', + name: 'Phishing for Information', + reference: 'https://attack.mitre.org/techniques/T1598', + tactics: 'reconnaissance', + value: 'phishingForInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistFileModificationDescription', + { defaultMessage: 'Plist File Modification (T1647)' } + ), + id: 'T1647', + name: 'Plist File Modification', + reference: 'https://attack.mitre.org/techniques/T1647', + tactics: 'defense-evasion', + value: 'plistFileModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription', + { defaultMessage: 'Plist Modification (T1150)' } + ), + id: 'T1150', + name: 'Plist Modification', + reference: 'https://attack.mitre.org/techniques/T1150', + tactics: 'defense-evasion,persistence,privilege-escalation', + value: 'plistModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription', + { defaultMessage: 'Port Monitors (T1013)' } + ), + id: 'T1013', + name: 'Port Monitors', + reference: 'https://attack.mitre.org/techniques/T1013', + tactics: 'persistence,privilege-escalation', + value: 'portMonitors', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription', + { defaultMessage: 'PowerShell (T1086)' } + ), + id: 'T1086', + name: 'PowerShell', + reference: 'https://attack.mitre.org/techniques/T1086', + tactics: 'execution', + value: 'powerShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription', + { defaultMessage: 'PowerShell Profile (T1504)' } + ), + id: 'T1504', + name: 'PowerShell Profile', + reference: 'https://attack.mitre.org/techniques/T1504', + tactics: 'persistence,privilege-escalation', + value: 'powerShellProfile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', + { defaultMessage: 'Pre-OS Boot (T1542)' } + ), + id: 'T1542', + name: 'Pre-OS Boot', + reference: 'https://attack.mitre.org/techniques/T1542', + tactics: 'defense-evasion,persistence', + value: 'preOsBoot', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription', + { defaultMessage: 'Private Keys (T1145)' } + ), + id: 'T1145', + name: 'Private Keys', + reference: 'https://attack.mitre.org/techniques/T1145', + tactics: 'credential-access', + value: 'privateKeys', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription', + { defaultMessage: 'Process Discovery (T1057)' } + ), + id: 'T1057', + name: 'Process Discovery', + reference: 'https://attack.mitre.org/techniques/T1057', + tactics: 'discovery', + value: 'processDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription', + { defaultMessage: 'Process Doppelgänging (T1186)' } + ), + id: 'T1186', + name: 'Process Doppelgänging', + reference: 'https://attack.mitre.org/techniques/T1186', + tactics: 'defense-evasion', + value: 'processDoppelganging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription', + { defaultMessage: 'Process Hollowing (T1093)' } + ), + id: 'T1093', + name: 'Process Hollowing', + reference: 'https://attack.mitre.org/techniques/T1093', + tactics: 'defense-evasion', + value: 'processHollowing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription', + { defaultMessage: 'Process Injection (T1055)' } + ), + id: 'T1055', + name: 'Process Injection', + reference: 'https://attack.mitre.org/techniques/T1055', + tactics: 'defense-evasion,privilege-escalation', + value: 'processInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.protocolTunnelingDescription', + { defaultMessage: 'Protocol Tunneling (T1572)' } + ), + id: 'T1572', + name: 'Protocol Tunneling', + reference: 'https://attack.mitre.org/techniques/T1572', + tactics: 'command-and-control', + value: 'protocolTunneling', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.proxyDescription', + { defaultMessage: 'Proxy (T1090)' } + ), + id: 'T1090', + name: 'Proxy', + reference: 'https://attack.mitre.org/techniques/T1090', + tactics: 'command-and-control', + value: 'proxy', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription', + { defaultMessage: 'Query Registry (T1012)' } + ), + id: 'T1012', + name: 'Query Registry', + reference: 'https://attack.mitre.org/techniques/T1012', + tactics: 'discovery', + value: 'queryRegistry', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription', + { defaultMessage: 'Rc.common (T1163)' } + ), + id: 'T1163', + name: 'Rc.common', + reference: 'https://attack.mitre.org/techniques/T1163', + tactics: 'persistence', + value: 'rcCommon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription', + { defaultMessage: 'Re-opened Applications (T1164)' } + ), + id: 'T1164', + name: 'Re-opened Applications', + reference: 'https://attack.mitre.org/techniques/T1164', + tactics: 'persistence', + value: 'reOpenedApplications', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.redundantAccessDescription', + { defaultMessage: 'Redundant Access (T1108)' } + ), + id: 'T1108', + name: 'Redundant Access', + reference: 'https://attack.mitre.org/techniques/T1108', + tactics: 'defense-evasion,persistence', + value: 'redundantAccess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reflectiveCodeLoadingDescription', + { defaultMessage: 'Reflective Code Loading (T1620)' } + ), + id: 'T1620', + name: 'Reflective Code Loading', + reference: 'https://attack.mitre.org/techniques/T1620', + tactics: 'defense-evasion', + value: 'reflectiveCodeLoading', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription', + { defaultMessage: 'Registry Run Keys / Startup Folder (T1060)' } + ), + id: 'T1060', + name: 'Registry Run Keys / Startup Folder', + reference: 'https://attack.mitre.org/techniques/T1060', + tactics: 'persistence', + value: 'registryRunKeysStartupFolder', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription', + { defaultMessage: 'Regsvcs/Regasm (T1121)' } + ), + id: 'T1121', + name: 'Regsvcs/Regasm', + reference: 'https://attack.mitre.org/techniques/T1121', + tactics: 'defense-evasion,execution', + value: 'regsvcsRegasm', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description', + { defaultMessage: 'Regsvr32 (T1117)' } + ), + id: 'T1117', + name: 'Regsvr32', + reference: 'https://attack.mitre.org/techniques/T1117', + tactics: 'defense-evasion,execution', + value: 'regsvr32', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessSoftwareDescription', + { defaultMessage: 'Remote Access Software (T1219)' } + ), + id: 'T1219', + name: 'Remote Access Software', + reference: 'https://attack.mitre.org/techniques/T1219', + tactics: 'command-and-control', + value: 'remoteAccessSoftware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription', + { defaultMessage: 'Remote Desktop Protocol (T1076)' } + ), + id: 'T1076', + name: 'Remote Desktop Protocol', + reference: 'https://attack.mitre.org/techniques/T1076', + tactics: 'lateral-movement', + value: 'remoteDesktopProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServiceSessionHijackingDescription', + { defaultMessage: 'Remote Service Session Hijacking (T1563)' } + ), + id: 'T1563', + name: 'Remote Service Session Hijacking', + reference: 'https://attack.mitre.org/techniques/T1563', + tactics: 'lateral-movement', + value: 'remoteServiceSessionHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServicesDescription', + { defaultMessage: 'Remote Services (T1021)' } + ), + id: 'T1021', + name: 'Remote Services', + reference: 'https://attack.mitre.org/techniques/T1021', + tactics: 'lateral-movement', + value: 'remoteServices', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteSystemDiscoveryDescription', + { defaultMessage: 'Remote System Discovery (T1018)' } + ), + id: 'T1018', + name: 'Remote System Discovery', + reference: 'https://attack.mitre.org/techniques/T1018', + tactics: 'discovery', + value: 'remoteSystemDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.replicationThroughRemovableMediaDescription', + { defaultMessage: 'Replication Through Removable Media (T1091)' } + ), + id: 'T1091', + name: 'Replication Through Removable Media', + reference: 'https://attack.mitre.org/techniques/T1091', + tactics: 'lateral-movement,initial-access', + value: 'replicationThroughRemovableMedia', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.resourceHijackingDescription', + { defaultMessage: 'Resource Hijacking (T1496)' } + ), + id: 'T1496', + name: 'Resource Hijacking', + reference: 'https://attack.mitre.org/techniques/T1496', + tactics: 'impact', + value: 'resourceHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription', + { defaultMessage: 'Revert Cloud Instance (T1536)' } + ), + id: 'T1536', + name: 'Revert Cloud Instance', + reference: 'https://attack.mitre.org/techniques/T1536', + tactics: 'defense-evasion', + value: 'revertCloudInstance', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rogueDomainControllerDescription', + { defaultMessage: 'Rogue Domain Controller (T1207)' } + ), + id: 'T1207', + name: 'Rogue Domain Controller', + reference: 'https://attack.mitre.org/techniques/T1207', + tactics: 'defense-evasion', + value: 'rogueDomainController', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rootkitDescription', + { defaultMessage: 'Rootkit (T1014)' } + ), + id: 'T1014', + name: 'Rootkit', + reference: 'https://attack.mitre.org/techniques/T1014', + tactics: 'defense-evasion', + value: 'rootkit', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description', + { defaultMessage: 'Rundll32 (T1085)' } + ), + id: 'T1085', + name: 'Rundll32', + reference: 'https://attack.mitre.org/techniques/T1085', + tactics: 'defense-evasion,execution', + value: 'rundll32', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription', + { defaultMessage: 'Runtime Data Manipulation (T1494)' } + ), + id: 'T1494', + name: 'Runtime Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1494', + tactics: 'impact', + value: 'runtimeDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription', + { defaultMessage: 'SID-History Injection (T1178)' } + ), + id: 'T1178', + name: 'SID-History Injection', + reference: 'https://attack.mitre.org/techniques/T1178', + tactics: 'privilege-escalation', + value: 'sidHistoryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription', + { defaultMessage: 'SIP and Trust Provider Hijacking (T1198)' } + ), + id: 'T1198', + name: 'SIP and Trust Provider Hijacking', + reference: 'https://attack.mitre.org/techniques/T1198', + tactics: 'defense-evasion,persistence', + value: 'sipAndTrustProviderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription', + { defaultMessage: 'SSH Hijacking (T1184)' } + ), + id: 'T1184', + name: 'SSH Hijacking', + reference: 'https://attack.mitre.org/techniques/T1184', + tactics: 'lateral-movement', + value: 'sshHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskJobDescription', + { defaultMessage: 'Scheduled Task/Job (T1053)' } + ), + id: 'T1053', + name: 'Scheduled Task/Job', + reference: 'https://attack.mitre.org/techniques/T1053', + tactics: 'execution,persistence,privilege-escalation', + value: 'scheduledTaskJob', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTransferDescription', + { defaultMessage: 'Scheduled Transfer (T1029)' } + ), + id: 'T1029', + name: 'Scheduled Transfer', + reference: 'https://attack.mitre.org/techniques/T1029', + tactics: 'exfiltration', + value: 'scheduledTransfer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screenCaptureDescription', + { defaultMessage: 'Screen Capture (T1113)' } + ), + id: 'T1113', + name: 'Screen Capture', + reference: 'https://attack.mitre.org/techniques/T1113', + tactics: 'collection', + value: 'screenCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription', + { defaultMessage: 'Screensaver (T1180)' } + ), + id: 'T1180', + name: 'Screensaver', + reference: 'https://attack.mitre.org/techniques/T1180', + tactics: 'persistence', + value: 'screensaver', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription', + { defaultMessage: 'Scripting (T1064)' } + ), + id: 'T1064', + name: 'Scripting', + reference: 'https://attack.mitre.org/techniques/T1064', + tactics: 'defense-evasion,execution', + value: 'scripting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchClosedSourcesDescription', + { defaultMessage: 'Search Closed Sources (T1597)' } + ), + id: 'T1597', + name: 'Search Closed Sources', + reference: 'https://attack.mitre.org/techniques/T1597', + tactics: 'reconnaissance', + value: 'searchClosedSources', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenTechnicalDatabasesDescription', + { defaultMessage: 'Search Open Technical Databases (T1596)' } + ), + id: 'T1596', + name: 'Search Open Technical Databases', + reference: 'https://attack.mitre.org/techniques/T1596', + tactics: 'reconnaissance', + value: 'searchOpenTechnicalDatabases', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenWebsitesDomainsDescription', + { defaultMessage: 'Search Open Websites/Domains (T1593)' } + ), + id: 'T1593', + name: 'Search Open Websites/Domains', + reference: 'https://attack.mitre.org/techniques/T1593', + tactics: 'reconnaissance', + value: 'searchOpenWebsitesDomains', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchVictimOwnedWebsitesDescription', + { defaultMessage: 'Search Victim-Owned Websites (T1594)' } + ), + id: 'T1594', + name: 'Search Victim-Owned Websites', + reference: 'https://attack.mitre.org/techniques/T1594', + tactics: 'reconnaissance', + value: 'searchVictimOwnedWebsites', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription', + { defaultMessage: 'Security Software Discovery (T1063)' } + ), + id: 'T1063', + name: 'Security Software Discovery', + reference: 'https://attack.mitre.org/techniques/T1063', + tactics: 'discovery', + value: 'securitySoftwareDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription', + { defaultMessage: 'Security Support Provider (T1101)' } + ), + id: 'T1101', + name: 'Security Support Provider', + reference: 'https://attack.mitre.org/techniques/T1101', + tactics: 'persistence', + value: 'securitySupportProvider', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription', + { defaultMessage: 'Securityd Memory (T1167)' } + ), + id: 'T1167', + name: 'Securityd Memory', + reference: 'https://attack.mitre.org/techniques/T1167', + tactics: 'credential-access', + value: 'securitydMemory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription', + { defaultMessage: 'Server Software Component (T1505)' } + ), + id: 'T1505', + name: 'Server Software Component', + reference: 'https://attack.mitre.org/techniques/T1505', + tactics: 'persistence', + value: 'serverSoftwareComponent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverlessExecutionDescription', + { defaultMessage: 'Serverless Execution (T1648)' } + ), + id: 'T1648', + name: 'Serverless Execution', + reference: 'https://attack.mitre.org/techniques/T1648', + tactics: 'execution', + value: 'serverlessExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription', + { defaultMessage: 'Service Execution (T1035)' } + ), + id: 'T1035', + name: 'Service Execution', + reference: 'https://attack.mitre.org/techniques/T1035', + tactics: 'execution', + value: 'serviceExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription', + { defaultMessage: 'Service Registry Permissions Weakness (T1058)' } + ), + id: 'T1058', + name: 'Service Registry Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1058', + tactics: 'persistence,privilege-escalation', + value: 'serviceRegistryPermissionsWeakness', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription', + { defaultMessage: 'Service Stop (T1489)' } + ), + id: 'T1489', + name: 'Service Stop', + reference: 'https://attack.mitre.org/techniques/T1489', + tactics: 'impact', + value: 'serviceStop', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription', + { defaultMessage: 'Setuid and Setgid (T1166)' } + ), + id: 'T1166', + name: 'Setuid and Setgid', + reference: 'https://attack.mitre.org/techniques/T1166', + tactics: 'privilege-escalation,persistence', + value: 'setuidAndSetgid', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription', + { defaultMessage: 'Shared Modules (T1129)' } + ), + id: 'T1129', + name: 'Shared Modules', + reference: 'https://attack.mitre.org/techniques/T1129', + tactics: 'execution', + value: 'sharedModules', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription', + { defaultMessage: 'Shared Webroot (T1051)' } + ), + id: 'T1051', + name: 'Shared Webroot', + reference: 'https://attack.mitre.org/techniques/T1051', + tactics: 'lateral-movement', + value: 'sharedWebroot', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription', + { defaultMessage: 'Shortcut Modification (T1023)' } + ), + id: 'T1023', + name: 'Shortcut Modification', + reference: 'https://attack.mitre.org/techniques/T1023', + tactics: 'persistence', + value: 'shortcutModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', + { defaultMessage: 'Software Deployment Tools (T1072)' } + ), + id: 'T1072', + name: 'Software Deployment Tools', + reference: 'https://attack.mitre.org/techniques/T1072', + tactics: 'execution,lateral-movement', + value: 'softwareDeploymentTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription', + { defaultMessage: 'Software Discovery (T1518)' } + ), + id: 'T1518', + name: 'Software Discovery', + reference: 'https://attack.mitre.org/techniques/T1518', + tactics: 'discovery', + value: 'softwareDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription', + { defaultMessage: 'Software Packing (T1045)' } + ), + id: 'T1045', + name: 'Software Packing', + reference: 'https://attack.mitre.org/techniques/T1045', + tactics: 'defense-evasion', + value: 'softwarePacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription', + { defaultMessage: 'Source (T1153)' } + ), + id: 'T1153', + name: 'Source', + reference: 'https://attack.mitre.org/techniques/T1153', + tactics: 'execution', + value: 'source', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription', + { defaultMessage: 'Space after Filename (T1151)' } + ), + id: 'T1151', + name: 'Space after Filename', + reference: 'https://attack.mitre.org/techniques/T1151', + tactics: 'defense-evasion,execution', + value: 'spaceAfterFilename', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription', + { defaultMessage: 'Spearphishing Attachment (T1193)' } + ), + id: 'T1193', + name: 'Spearphishing Attachment', + reference: 'https://attack.mitre.org/techniques/T1193', + tactics: 'initial-access', + value: 'spearphishingAttachment', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription', + { defaultMessage: 'Spearphishing Link (T1192)' } + ), + id: 'T1192', + name: 'Spearphishing Link', + reference: 'https://attack.mitre.org/techniques/T1192', + tactics: 'initial-access', + value: 'spearphishingLink', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription', + { defaultMessage: 'Spearphishing via Service (T1194)' } + ), + id: 'T1194', + name: 'Spearphishing via Service', + reference: 'https://attack.mitre.org/techniques/T1194', + tactics: 'initial-access', + value: 'spearphishingViaService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stageCapabilitiesDescription', + { defaultMessage: 'Stage Capabilities (T1608)' } + ), + id: 'T1608', + name: 'Stage Capabilities', + reference: 'https://attack.mitre.org/techniques/T1608', + tactics: 'resource-development', + value: 'stageCapabilities', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription', + { defaultMessage: 'Standard Cryptographic Protocol (T1032)' } + ), + id: 'T1032', + name: 'Standard Cryptographic Protocol', + reference: 'https://attack.mitre.org/techniques/T1032', + tactics: 'command-and-control', + value: 'standardCryptographicProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription', + { defaultMessage: 'Startup Items (T1165)' } + ), + id: 'T1165', + name: 'Startup Items', + reference: 'https://attack.mitre.org/techniques/T1165', + tactics: 'persistence,privilege-escalation', + value: 'startupItems', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription', + { defaultMessage: 'Steal Application Access Token (T1528)' } + ), + id: 'T1528', + name: 'Steal Application Access Token', + reference: 'https://attack.mitre.org/techniques/T1528', + tactics: 'credential-access', + value: 'stealApplicationAccessToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealWebSessionCookieDescription', + { defaultMessage: 'Steal Web Session Cookie (T1539)' } + ), + id: 'T1539', + name: 'Steal Web Session Cookie', + reference: 'https://attack.mitre.org/techniques/T1539', + tactics: 'credential-access', + value: 'stealWebSessionCookie', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeAuthenticationCertificatesDescription', + { defaultMessage: 'Steal or Forge Authentication Certificates (T1649)' } + ), + id: 'T1649', + name: 'Steal or Forge Authentication Certificates', + reference: 'https://attack.mitre.org/techniques/T1649', + tactics: 'credential-access', + value: 'stealOrForgeAuthenticationCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeKerberosTicketsDescription', + { defaultMessage: 'Steal or Forge Kerberos Tickets (T1558)' } + ), + id: 'T1558', + name: 'Steal or Forge Kerberos Tickets', + reference: 'https://attack.mitre.org/techniques/T1558', + tactics: 'credential-access', + value: 'stealOrForgeKerberosTickets', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription', + { defaultMessage: 'Stored Data Manipulation (T1492)' } + ), + id: 'T1492', + name: 'Stored Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1492', + tactics: 'impact', + value: 'storedDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.subvertTrustControlsDescription', + { defaultMessage: 'Subvert Trust Controls (T1553)' } + ), + id: 'T1553', + name: 'Subvert Trust Controls', + reference: 'https://attack.mitre.org/techniques/T1553', + tactics: 'defense-evasion', + value: 'subvertTrustControls', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription', + { defaultMessage: 'Sudo (T1169)' } + ), + id: 'T1169', + name: 'Sudo', + reference: 'https://attack.mitre.org/techniques/T1169', + tactics: 'privilege-escalation', + value: 'sudo', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription', + { defaultMessage: 'Sudo Caching (T1206)' } + ), + id: 'T1206', + name: 'Sudo Caching', + reference: 'https://attack.mitre.org/techniques/T1206', + tactics: 'privilege-escalation', + value: 'sudoCaching', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription', + { defaultMessage: 'Supply Chain Compromise (T1195)' } + ), + id: 'T1195', + name: 'Supply Chain Compromise', + reference: 'https://attack.mitre.org/techniques/T1195', + tactics: 'initial-access', + value: 'supplyChainCompromise', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemBinaryProxyExecutionDescription', + { defaultMessage: 'System Binary Proxy Execution (T1218)' } + ), + id: 'T1218', + name: 'System Binary Proxy Execution', + reference: 'https://attack.mitre.org/techniques/T1218', + tactics: 'defense-evasion', + value: 'systemBinaryProxyExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription', + { defaultMessage: 'System Firmware (T1019)' } + ), + id: 'T1019', + name: 'System Firmware', + reference: 'https://attack.mitre.org/techniques/T1019', + tactics: 'persistence', + value: 'systemFirmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription', + { defaultMessage: 'System Information Discovery (T1082)' } + ), + id: 'T1082', + name: 'System Information Discovery', + reference: 'https://attack.mitre.org/techniques/T1082', + tactics: 'discovery', + value: 'systemInformationDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemLocationDiscoveryDescription', + { defaultMessage: 'System Location Discovery (T1614)' } + ), + id: 'T1614', + name: 'System Location Discovery', + reference: 'https://attack.mitre.org/techniques/T1614', + tactics: 'discovery', + value: 'systemLocationDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConfigurationDiscoveryDescription', + { defaultMessage: 'System Network Configuration Discovery (T1016)' } + ), + id: 'T1016', + name: 'System Network Configuration Discovery', + reference: 'https://attack.mitre.org/techniques/T1016', + tactics: 'discovery', + value: 'systemNetworkConfigurationDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConnectionsDiscoveryDescription', + { defaultMessage: 'System Network Connections Discovery (T1049)' } + ), + id: 'T1049', + name: 'System Network Connections Discovery', + reference: 'https://attack.mitre.org/techniques/T1049', + tactics: 'discovery', + value: 'systemNetworkConnectionsDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemOwnerUserDiscoveryDescription', + { defaultMessage: 'System Owner/User Discovery (T1033)' } + ), + id: 'T1033', + name: 'System Owner/User Discovery', + reference: 'https://attack.mitre.org/techniques/T1033', + tactics: 'discovery', + value: 'systemOwnerUserDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemScriptProxyExecutionDescription', + { defaultMessage: 'System Script Proxy Execution (T1216)' } + ), + id: 'T1216', + name: 'System Script Proxy Execution', + reference: 'https://attack.mitre.org/techniques/T1216', + tactics: 'defense-evasion', + value: 'systemScriptProxyExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServiceDiscoveryDescription', + { defaultMessage: 'System Service Discovery (T1007)' } + ), + id: 'T1007', + name: 'System Service Discovery', + reference: 'https://attack.mitre.org/techniques/T1007', + tactics: 'discovery', + value: 'systemServiceDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServicesDescription', + { defaultMessage: 'System Services (T1569)' } + ), + id: 'T1569', + name: 'System Services', + reference: 'https://attack.mitre.org/techniques/T1569', + tactics: 'execution', + value: 'systemServices', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemShutdownRebootDescription', + { defaultMessage: 'System Shutdown/Reboot (T1529)' } + ), + id: 'T1529', + name: 'System Shutdown/Reboot', + reference: 'https://attack.mitre.org/techniques/T1529', + tactics: 'impact', + value: 'systemShutdownReboot', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemTimeDiscoveryDescription', + { defaultMessage: 'System Time Discovery (T1124)' } + ), + id: 'T1124', + name: 'System Time Discovery', + reference: 'https://attack.mitre.org/techniques/T1124', + tactics: 'discovery', + value: 'systemTimeDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription', + { defaultMessage: 'Systemd Service (T1501)' } + ), + id: 'T1501', + name: 'Systemd Service', + reference: 'https://attack.mitre.org/techniques/T1501', + tactics: 'persistence', + value: 'systemdService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription', + { defaultMessage: 'Taint Shared Content (T1080)' } + ), + id: 'T1080', + name: 'Taint Shared Content', + reference: 'https://attack.mitre.org/techniques/T1080', + tactics: 'lateral-movement', + value: 'taintSharedContent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.templateInjectionDescription', + { defaultMessage: 'Template Injection (T1221)' } + ), + id: 'T1221', + name: 'Template Injection', + reference: 'https://attack.mitre.org/techniques/T1221', + tactics: 'defense-evasion', + value: 'templateInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription', + { defaultMessage: 'Time Providers (T1209)' } + ), + id: 'T1209', + name: 'Time Providers', + reference: 'https://attack.mitre.org/techniques/T1209', + tactics: 'persistence', + value: 'timeProviders', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription', + { defaultMessage: 'Timestomp (T1099)' } + ), + id: 'T1099', + name: 'Timestomp', + reference: 'https://attack.mitre.org/techniques/T1099', + tactics: 'defense-evasion', + value: 'timestomp', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trafficSignalingDescription', + { defaultMessage: 'Traffic Signaling (T1205)' } + ), + id: 'T1205', + name: 'Traffic Signaling', + reference: 'https://attack.mitre.org/techniques/T1205', + tactics: 'defense-evasion,persistence,command-and-control', + value: 'trafficSignaling', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription', + { defaultMessage: 'Transfer Data to Cloud Account (T1537)' } + ), + id: 'T1537', + name: 'Transfer Data to Cloud Account', + reference: 'https://attack.mitre.org/techniques/T1537', + tactics: 'exfiltration', + value: 'transferDataToCloudAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription', + { defaultMessage: 'Transmitted Data Manipulation (T1493)' } + ), + id: 'T1493', + name: 'Transmitted Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1493', + tactics: 'impact', + value: 'transmittedDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription', + { defaultMessage: 'Trap (T1154)' } + ), + id: 'T1154', + name: 'Trap', + reference: 'https://attack.mitre.org/techniques/T1154', + tactics: 'execution,persistence', + value: 'trap', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription', + { defaultMessage: 'Trusted Developer Utilities Proxy Execution (T1127)' } + ), + id: 'T1127', + name: 'Trusted Developer Utilities Proxy Execution', + reference: 'https://attack.mitre.org/techniques/T1127', + tactics: 'defense-evasion', + value: 'trustedDeveloperUtilitiesProxyExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription', + { defaultMessage: 'Trusted Relationship (T1199)' } + ), + id: 'T1199', + name: 'Trusted Relationship', + reference: 'https://attack.mitre.org/techniques/T1199', + tactics: 'initial-access', + value: 'trustedRelationship', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription', + { defaultMessage: 'Uncommonly Used Port (T1065)' } + ), + id: 'T1065', + name: 'Uncommonly Used Port', + reference: 'https://attack.mitre.org/techniques/T1065', + tactics: 'command-and-control', + value: 'uncommonlyUsedPort', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription', + { defaultMessage: 'Unsecured Credentials (T1552)' } + ), + id: 'T1552', + name: 'Unsecured Credentials', + reference: 'https://attack.mitre.org/techniques/T1552', + tactics: 'credential-access', + value: 'unsecuredCredentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription', + { defaultMessage: 'Unused/Unsupported Cloud Regions (T1535)' } + ), + id: 'T1535', + name: 'Unused/Unsupported Cloud Regions', + reference: 'https://attack.mitre.org/techniques/T1535', + tactics: 'defense-evasion', + value: 'unusedUnsupportedCloudRegions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription', + { defaultMessage: 'Use Alternate Authentication Material (T1550)' } + ), + id: 'T1550', + name: 'Use Alternate Authentication Material', + reference: 'https://attack.mitre.org/techniques/T1550', + tactics: 'defense-evasion,lateral-movement', + value: 'useAlternateAuthenticationMaterial', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription', + { defaultMessage: 'User Execution (T1204)' } + ), + id: 'T1204', + name: 'User Execution', + reference: 'https://attack.mitre.org/techniques/T1204', + tactics: 'execution', + value: 'userExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.validAccountsDescription', + { defaultMessage: 'Valid Accounts (T1078)' } + ), + id: 'T1078', + name: 'Valid Accounts', + reference: 'https://attack.mitre.org/techniques/T1078', + tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', + value: 'validAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.videoCaptureDescription', + { defaultMessage: 'Video Capture (T1125)' } + ), + id: 'T1125', + name: 'Video Capture', + reference: 'https://attack.mitre.org/techniques/T1125', + tactics: 'collection', + value: 'videoCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.virtualizationSandboxEvasionDescription', + { defaultMessage: 'Virtualization/Sandbox Evasion (T1497)' } + ), + id: 'T1497', + name: 'Virtualization/Sandbox Evasion', + reference: 'https://attack.mitre.org/techniques/T1497', + tactics: 'defense-evasion,discovery', + value: 'virtualizationSandboxEvasion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.weakenEncryptionDescription', + { defaultMessage: 'Weaken Encryption (T1600)' } + ), + id: 'T1600', + name: 'Weaken Encryption', + reference: 'https://attack.mitre.org/techniques/T1600', + tactics: 'defense-evasion', + value: 'weakenEncryption', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription', + { defaultMessage: 'Web Service (T1102)' } + ), + id: 'T1102', + name: 'Web Service', + reference: 'https://attack.mitre.org/techniques/T1102', + tactics: 'command-and-control', + value: 'webService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription', + { defaultMessage: 'Web Session Cookie (T1506)' } + ), + id: 'T1506', + name: 'Web Session Cookie', + reference: 'https://attack.mitre.org/techniques/T1506', + tactics: 'defense-evasion,lateral-movement', + value: 'webSessionCookie', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription', + { defaultMessage: 'Web Shell (T1100)' } + ), + id: 'T1100', + name: 'Web Shell', + reference: 'https://attack.mitre.org/techniques/T1100', + tactics: 'persistence,privilege-escalation', + value: 'webShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription', + { defaultMessage: 'Windows Admin Shares (T1077)' } + ), + id: 'T1077', + name: 'Windows Admin Shares', + reference: 'https://attack.mitre.org/techniques/T1077', + tactics: 'lateral-movement', + value: 'windowsAdminShares', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', + { defaultMessage: 'Windows Management Instrumentation (T1047)' } + ), + id: 'T1047', + name: 'Windows Management Instrumentation', + reference: 'https://attack.mitre.org/techniques/T1047', + tactics: 'execution', + value: 'windowsManagementInstrumentation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription', + { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1084)' } + ), + id: 'T1084', + name: 'Windows Management Instrumentation Event Subscription', + reference: 'https://attack.mitre.org/techniques/T1084', + tactics: 'persistence', + value: 'windowsManagementInstrumentationEventSubscription', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription', + { defaultMessage: 'Windows Remote Management (T1028)' } + ), + id: 'T1028', + name: 'Windows Remote Management', + reference: 'https://attack.mitre.org/techniques/T1028', + tactics: 'execution,lateral-movement', + value: 'windowsRemoteManagement', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription', + { defaultMessage: 'Winlogon Helper DLL (T1004)' } + ), + id: 'T1004', + name: 'Winlogon Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1004', + tactics: 'persistence', + value: 'winlogonHelperDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', + { defaultMessage: 'XSL Script Processing (T1220)' } + ), + id: 'T1220', + name: 'XSL Script Processing', + reference: 'https://attack.mitre.org/techniques/T1220', + tactics: 'defense-evasion', + value: 'xslScriptProcessing', + }, +]; + +export const subtechniques = [ + { + name: '/etc/passwd and /etc/shadow', + id: 'T1003.008', + reference: 'https://attack.mitre.org/techniques/T1003/008', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'ARP Cache Poisoning', + id: 'T1557.002', + reference: 'https://attack.mitre.org/techniques/T1557/002', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'AS-REP Roasting', + id: 'T1558.004', + reference: 'https://attack.mitre.org/techniques/T1558/004', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Accessibility Features', + id: 'T1546.008', + reference: 'https://attack.mitre.org/techniques/T1546/008', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Active Setup', + id: 'T1547.014', + reference: 'https://attack.mitre.org/techniques/T1547/014', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Add-ins', + id: 'T1137.006', + reference: 'https://attack.mitre.org/techniques/T1137/006', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Additional Cloud Credentials', + id: 'T1098.001', + reference: 'https://attack.mitre.org/techniques/T1098/001', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Additional Cloud Roles', + id: 'T1098.003', + reference: 'https://attack.mitre.org/techniques/T1098/003', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Additional Email Delegate Permissions', + id: 'T1098.002', + reference: 'https://attack.mitre.org/techniques/T1098/002', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'AppCert DLLs', + id: 'T1546.009', + reference: 'https://attack.mitre.org/techniques/T1546/009', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppInit DLLs', + id: 'T1546.010', + reference: 'https://attack.mitre.org/techniques/T1546/010', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppleScript', + id: 'T1059.002', + reference: 'https://attack.mitre.org/techniques/T1059/002', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Application Access Token', + id: 'T1550.001', + reference: 'https://attack.mitre.org/techniques/T1550/001', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Application Exhaustion Flood', + id: 'T1499.003', + reference: 'https://attack.mitre.org/techniques/T1499/003', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Application Shimming', + id: 'T1546.011', + reference: 'https://attack.mitre.org/techniques/T1546/011', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Application or System Exploitation', + id: 'T1499.004', + reference: 'https://attack.mitre.org/techniques/T1499/004', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Archive via Custom Method', + id: 'T1560.003', + reference: 'https://attack.mitre.org/techniques/T1560/003', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Library', + id: 'T1560.002', + reference: 'https://attack.mitre.org/techniques/T1560/002', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Utility', + id: 'T1560.001', + reference: 'https://attack.mitre.org/techniques/T1560/001', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Asymmetric Cryptography', + id: 'T1573.002', + reference: 'https://attack.mitre.org/techniques/T1573/002', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'Asynchronous Procedure Call', + id: 'T1055.004', + reference: 'https://attack.mitre.org/techniques/T1055/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'At', + id: 'T1053.002', + reference: 'https://attack.mitre.org/techniques/T1053/002', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'At (Linux)', + id: 'T1053.001', + reference: 'https://attack.mitre.org/techniques/T1053/001', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Authentication Package', + id: 'T1547.002', + reference: 'https://attack.mitre.org/techniques/T1547/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Bash History', + id: 'T1552.003', + reference: 'https://attack.mitre.org/techniques/T1552/003', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Bidirectional Communication', + id: 'T1102.002', + reference: 'https://attack.mitre.org/techniques/T1102/002', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Binary Padding', + id: 'T1027.001', + reference: 'https://attack.mitre.org/techniques/T1027/001', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Bootkit', + id: 'T1542.003', + reference: 'https://attack.mitre.org/techniques/T1542/003', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Botnet', + id: 'T1583.005', + reference: 'https://attack.mitre.org/techniques/T1583/005', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Botnet', + id: 'T1584.005', + reference: 'https://attack.mitre.org/techniques/T1584/005', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Business Relationships', + id: 'T1591.002', + reference: 'https://attack.mitre.org/techniques/T1591/002', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Bypass User Account Control', + id: 'T1548.002', + reference: 'https://attack.mitre.org/techniques/T1548/002', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'CDNs', + id: 'T1596.004', + reference: 'https://attack.mitre.org/techniques/T1596/004', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'CMSTP', + id: 'T1218.003', + reference: 'https://attack.mitre.org/techniques/T1218/003', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'COR_PROFILER', + id: 'T1574.012', + reference: 'https://attack.mitre.org/techniques/T1574/012', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Cached Domain Credentials', + id: 'T1003.005', + reference: 'https://attack.mitre.org/techniques/T1003/005', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Change Default File Association', + id: 'T1546.001', + reference: 'https://attack.mitre.org/techniques/T1546/001', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Clear Command History', + id: 'T1070.003', + reference: 'https://attack.mitre.org/techniques/T1070/003', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Linux or Mac System Logs', + id: 'T1070.002', + reference: 'https://attack.mitre.org/techniques/T1070/002', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Mailbox Data', + id: 'T1070.008', + reference: 'https://attack.mitre.org/techniques/T1070/008', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Network Connection History and Configurations', + id: 'T1070.007', + reference: 'https://attack.mitre.org/techniques/T1070/007', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Persistence', + id: 'T1070.009', + reference: 'https://attack.mitre.org/techniques/T1070/009', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Windows Event Logs', + id: 'T1070.001', + reference: 'https://attack.mitre.org/techniques/T1070/001', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Client Configurations', + id: 'T1592.004', + reference: 'https://attack.mitre.org/techniques/T1592/004', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Cloud Account', + id: 'T1087.004', + reference: 'https://attack.mitre.org/techniques/T1087/004', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Cloud Account', + id: 'T1136.003', + reference: 'https://attack.mitre.org/techniques/T1136/003', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Cloud Accounts', + id: 'T1586.003', + reference: 'https://attack.mitre.org/techniques/T1586/003', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Cloud Accounts', + id: 'T1585.003', + reference: 'https://attack.mitre.org/techniques/T1585/003', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Cloud Accounts', + id: 'T1078.004', + reference: 'https://attack.mitre.org/techniques/T1078/004', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Cloud Groups', + id: 'T1069.003', + reference: 'https://attack.mitre.org/techniques/T1069/003', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Cloud Instance Metadata API', + id: 'T1552.005', + reference: 'https://attack.mitre.org/techniques/T1552/005', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Code Repositories', + id: 'T1593.003', + reference: 'https://attack.mitre.org/techniques/T1593/003', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Code Repositories', + id: 'T1213.003', + reference: 'https://attack.mitre.org/techniques/T1213/003', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Code Signing', + id: 'T1553.002', + reference: 'https://attack.mitre.org/techniques/T1553/002', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Code Signing Certificates', + id: 'T1587.002', + reference: 'https://attack.mitre.org/techniques/T1587/002', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Code Signing Certificates', + id: 'T1588.003', + reference: 'https://attack.mitre.org/techniques/T1588/003', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Code Signing Policy Modification', + id: 'T1553.006', + reference: 'https://attack.mitre.org/techniques/T1553/006', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Compile After Delivery', + id: 'T1027.004', + reference: 'https://attack.mitre.org/techniques/T1027/004', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Compiled HTML File', + id: 'T1218.001', + reference: 'https://attack.mitre.org/techniques/T1218/001', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Component Firmware', + id: 'T1542.002', + reference: 'https://attack.mitre.org/techniques/T1542/002', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Component Object Model', + id: 'T1559.001', + reference: 'https://attack.mitre.org/techniques/T1559/001', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Component Object Model Hijacking', + id: 'T1546.015', + reference: 'https://attack.mitre.org/techniques/T1546/015', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Compromise Hardware Supply Chain', + id: 'T1195.003', + reference: 'https://attack.mitre.org/techniques/T1195/003', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Dependencies and Development Tools', + id: 'T1195.001', + reference: 'https://attack.mitre.org/techniques/T1195/001', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Supply Chain', + id: 'T1195.002', + reference: 'https://attack.mitre.org/techniques/T1195/002', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Confluence', + id: 'T1213.001', + reference: 'https://attack.mitre.org/techniques/T1213/001', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Container API', + id: 'T1552.007', + reference: 'https://attack.mitre.org/techniques/T1552/007', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Container Orchestration Job', + id: 'T1053.007', + reference: 'https://attack.mitre.org/techniques/T1053/007', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Control Panel', + id: 'T1218.002', + reference: 'https://attack.mitre.org/techniques/T1218/002', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Create Cloud Instance', + id: 'T1578.002', + reference: 'https://attack.mitre.org/techniques/T1578/002', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Create Process with Token', + id: 'T1134.002', + reference: 'https://attack.mitre.org/techniques/T1134/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Create Snapshot', + id: 'T1578.001', + reference: 'https://attack.mitre.org/techniques/T1578/001', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Credential API Hooking', + id: 'T1056.004', + reference: 'https://attack.mitre.org/techniques/T1056/004', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Credential Stuffing', + id: 'T1110.004', + reference: 'https://attack.mitre.org/techniques/T1110/004', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Credentials', + id: 'T1589.001', + reference: 'https://attack.mitre.org/techniques/T1589/001', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Credentials In Files', + id: 'T1552.001', + reference: 'https://attack.mitre.org/techniques/T1552/001', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Credentials from Web Browsers', + id: 'T1555.003', + reference: 'https://attack.mitre.org/techniques/T1555/003', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Credentials in Registry', + id: 'T1552.002', + reference: 'https://attack.mitre.org/techniques/T1552/002', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Cron', + id: 'T1053.003', + reference: 'https://attack.mitre.org/techniques/T1053/003', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'DCSync', + id: 'T1003.006', + reference: 'https://attack.mitre.org/techniques/T1003/006', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'DHCP Spoofing', + id: 'T1557.003', + reference: 'https://attack.mitre.org/techniques/T1557/003', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'DLL Search Order Hijacking', + id: 'T1574.001', + reference: 'https://attack.mitre.org/techniques/T1574/001', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DLL Side-Loading', + id: 'T1574.002', + reference: 'https://attack.mitre.org/techniques/T1574/002', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DNS', + id: 'T1590.002', + reference: 'https://attack.mitre.org/techniques/T1590/002', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'DNS', + id: 'T1071.004', + reference: 'https://attack.mitre.org/techniques/T1071/004', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'DNS Calculation', + id: 'T1568.003', + reference: 'https://attack.mitre.org/techniques/T1568/003', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'DNS Server', + id: 'T1583.002', + reference: 'https://attack.mitre.org/techniques/T1583/002', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'DNS Server', + id: 'T1584.002', + reference: 'https://attack.mitre.org/techniques/T1584/002', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'DNS/Passive DNS', + id: 'T1596.001', + reference: 'https://attack.mitre.org/techniques/T1596/001', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Dead Drop Resolver', + id: 'T1102.001', + reference: 'https://attack.mitre.org/techniques/T1102/001', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Default Accounts', + id: 'T1078.001', + reference: 'https://attack.mitre.org/techniques/T1078/001', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Delete Cloud Instance', + id: 'T1578.003', + reference: 'https://attack.mitre.org/techniques/T1578/003', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Determine Physical Locations', + id: 'T1591.001', + reference: 'https://attack.mitre.org/techniques/T1591/001', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Device Registration', + id: 'T1098.005', + reference: 'https://attack.mitre.org/techniques/T1098/005', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Digital Certificates', + id: 'T1596.003', + reference: 'https://attack.mitre.org/techniques/T1596/003', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Digital Certificates', + id: 'T1588.004', + reference: 'https://attack.mitre.org/techniques/T1588/004', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Digital Certificates', + id: 'T1587.003', + reference: 'https://attack.mitre.org/techniques/T1587/003', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Direct Network Flood', + id: 'T1498.001', + reference: 'https://attack.mitre.org/techniques/T1498/001', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Disable Cloud Logs', + id: 'T1562.008', + reference: 'https://attack.mitre.org/techniques/T1562/008', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable Crypto Hardware', + id: 'T1600.002', + reference: 'https://attack.mitre.org/techniques/T1600/002', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Disable Windows Event Logging', + id: 'T1562.002', + reference: 'https://attack.mitre.org/techniques/T1562/002', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Cloud Firewall', + id: 'T1562.007', + reference: 'https://attack.mitre.org/techniques/T1562/007', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify System Firewall', + id: 'T1562.004', + reference: 'https://attack.mitre.org/techniques/T1562/004', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Tools', + id: 'T1562.001', + reference: 'https://attack.mitre.org/techniques/T1562/001', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disk Content Wipe', + id: 'T1561.001', + reference: 'https://attack.mitre.org/techniques/T1561/001', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Disk Structure Wipe', + id: 'T1561.002', + reference: 'https://attack.mitre.org/techniques/T1561/002', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Distributed Component Object Model', + id: 'T1021.003', + reference: 'https://attack.mitre.org/techniques/T1021/003', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Domain Account', + id: 'T1087.002', + reference: 'https://attack.mitre.org/techniques/T1087/002', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Domain Account', + id: 'T1136.002', + reference: 'https://attack.mitre.org/techniques/T1136/002', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Domain Accounts', + id: 'T1078.002', + reference: 'https://attack.mitre.org/techniques/T1078/002', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Domain Controller Authentication', + id: 'T1556.001', + reference: 'https://attack.mitre.org/techniques/T1556/001', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Domain Fronting', + id: 'T1090.004', + reference: 'https://attack.mitre.org/techniques/T1090/004', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Domain Generation Algorithms', + id: 'T1568.002', + reference: 'https://attack.mitre.org/techniques/T1568/002', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'Domain Groups', + id: 'T1069.002', + reference: 'https://attack.mitre.org/techniques/T1069/002', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Domain Properties', + id: 'T1590.001', + reference: 'https://attack.mitre.org/techniques/T1590/001', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Domain Trust Modification', + id: 'T1484.002', + reference: 'https://attack.mitre.org/techniques/T1484/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1484', + }, + { + name: 'Domains', + id: 'T1583.001', + reference: 'https://attack.mitre.org/techniques/T1583/001', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Domains', + id: 'T1584.001', + reference: 'https://attack.mitre.org/techniques/T1584/001', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Double File Extension', + id: 'T1036.007', + reference: 'https://attack.mitre.org/techniques/T1036/007', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Downgrade Attack', + id: 'T1562.010', + reference: 'https://attack.mitre.org/techniques/T1562/010', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Downgrade System Image', + id: 'T1601.002', + reference: 'https://attack.mitre.org/techniques/T1601/002', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Drive-by Target', + id: 'T1608.004', + reference: 'https://attack.mitre.org/techniques/T1608/004', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Dylib Hijacking', + id: 'T1574.004', + reference: 'https://attack.mitre.org/techniques/T1574/004', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Dynamic API Resolution', + id: 'T1027.007', + reference: 'https://attack.mitre.org/techniques/T1027/007', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Dynamic Data Exchange', + id: 'T1559.002', + reference: 'https://attack.mitre.org/techniques/T1559/002', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Dynamic Linker Hijacking', + id: 'T1574.006', + reference: 'https://attack.mitre.org/techniques/T1574/006', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Dynamic-link Library Injection', + id: 'T1055.001', + reference: 'https://attack.mitre.org/techniques/T1055/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Elevated Execution with Prompt', + id: 'T1548.004', + reference: 'https://attack.mitre.org/techniques/T1548/004', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Email Account', + id: 'T1087.003', + reference: 'https://attack.mitre.org/techniques/T1087/003', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Email Accounts', + id: 'T1586.002', + reference: 'https://attack.mitre.org/techniques/T1586/002', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Email Accounts', + id: 'T1585.002', + reference: 'https://attack.mitre.org/techniques/T1585/002', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Email Addresses', + id: 'T1589.002', + reference: 'https://attack.mitre.org/techniques/T1589/002', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Email Forwarding Rule', + id: 'T1114.003', + reference: 'https://attack.mitre.org/techniques/T1114/003', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Email Hiding Rules', + id: 'T1564.008', + reference: 'https://attack.mitre.org/techniques/T1564/008', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Embedded Payloads', + id: 'T1027.009', + reference: 'https://attack.mitre.org/techniques/T1027/009', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Emond', + id: 'T1546.014', + reference: 'https://attack.mitre.org/techniques/T1546/014', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Employee Names', + id: 'T1589.003', + reference: 'https://attack.mitre.org/techniques/T1589/003', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Environmental Keying', + id: 'T1480.001', + reference: 'https://attack.mitre.org/techniques/T1480/001', + tactics: ['defense-evasion'], + techniqueId: 'T1480', + }, + { + name: 'Executable Installer File Permissions Weakness', + id: 'T1574.005', + reference: 'https://attack.mitre.org/techniques/T1574/005', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', + id: 'T1048.002', + reference: 'https://attack.mitre.org/techniques/T1048/002', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Bluetooth', + id: 'T1011.001', + reference: 'https://attack.mitre.org/techniques/T1011/001', + tactics: ['exfiltration'], + techniqueId: 'T1011', + }, + { + name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', + id: 'T1048.001', + reference: 'https://attack.mitre.org/techniques/T1048/001', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Unencrypted Non-C2 Protocol', + id: 'T1048.003', + reference: 'https://attack.mitre.org/techniques/T1048/003', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration over USB', + id: 'T1052.001', + reference: 'https://attack.mitre.org/techniques/T1052/001', + tactics: ['exfiltration'], + techniqueId: 'T1052', + }, + { + name: 'Exfiltration to Cloud Storage', + id: 'T1567.002', + reference: 'https://attack.mitre.org/techniques/T1567/002', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exfiltration to Code Repository', + id: 'T1567.001', + reference: 'https://attack.mitre.org/techniques/T1567/001', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exploits', + id: 'T1587.004', + reference: 'https://attack.mitre.org/techniques/T1587/004', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Exploits', + id: 'T1588.005', + reference: 'https://attack.mitre.org/techniques/T1588/005', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'External Defacement', + id: 'T1491.002', + reference: 'https://attack.mitre.org/techniques/T1491/002', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'External Proxy', + id: 'T1090.002', + reference: 'https://attack.mitre.org/techniques/T1090/002', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Extra Window Memory Injection', + id: 'T1055.011', + reference: 'https://attack.mitre.org/techniques/T1055/011', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Fast Flux DNS', + id: 'T1568.001', + reference: 'https://attack.mitre.org/techniques/T1568/001', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'File Deletion', + id: 'T1070.004', + reference: 'https://attack.mitre.org/techniques/T1070/004', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'File Transfer Protocols', + id: 'T1071.002', + reference: 'https://attack.mitre.org/techniques/T1071/002', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Firmware', + id: 'T1592.003', + reference: 'https://attack.mitre.org/techniques/T1592/003', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'GUI Input Capture', + id: 'T1056.002', + reference: 'https://attack.mitre.org/techniques/T1056/002', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Gatekeeper Bypass', + id: 'T1553.001', + reference: 'https://attack.mitre.org/techniques/T1553/001', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Golden Ticket', + id: 'T1558.001', + reference: 'https://attack.mitre.org/techniques/T1558/001', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Group Policy Modification', + id: 'T1484.001', + reference: 'https://attack.mitre.org/techniques/T1484/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1484', + }, + { + name: 'Group Policy Preferences', + id: 'T1552.006', + reference: 'https://attack.mitre.org/techniques/T1552/006', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'HTML Smuggling', + id: 'T1027.006', + reference: 'https://attack.mitre.org/techniques/T1027/006', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Hardware', + id: 'T1592.001', + reference: 'https://attack.mitre.org/techniques/T1592/001', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Hidden File System', + id: 'T1564.005', + reference: 'https://attack.mitre.org/techniques/T1564/005', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Files and Directories', + id: 'T1564.001', + reference: 'https://attack.mitre.org/techniques/T1564/001', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Users', + id: 'T1564.002', + reference: 'https://attack.mitre.org/techniques/T1564/002', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Window', + id: 'T1564.003', + reference: 'https://attack.mitre.org/techniques/T1564/003', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hybrid Identity', + id: 'T1556.007', + reference: 'https://attack.mitre.org/techniques/T1556/007', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'IIS Components', + id: 'T1505.004', + reference: 'https://attack.mitre.org/techniques/T1505/004', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'IP Addresses', + id: 'T1590.005', + reference: 'https://attack.mitre.org/techniques/T1590/005', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Identify Business Tempo', + id: 'T1591.003', + reference: 'https://attack.mitre.org/techniques/T1591/003', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Identify Roles', + id: 'T1591.004', + reference: 'https://attack.mitre.org/techniques/T1591/004', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Image File Execution Options Injection', + id: 'T1546.012', + reference: 'https://attack.mitre.org/techniques/T1546/012', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Impair Command History Logging', + id: 'T1562.003', + reference: 'https://attack.mitre.org/techniques/T1562/003', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Blocking', + id: 'T1562.006', + reference: 'https://attack.mitre.org/techniques/T1562/006', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Removal from Tools', + id: 'T1027.005', + reference: 'https://attack.mitre.org/techniques/T1027/005', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Install Digital Certificate', + id: 'T1608.003', + reference: 'https://attack.mitre.org/techniques/T1608/003', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Install Root Certificate', + id: 'T1553.004', + reference: 'https://attack.mitre.org/techniques/T1553/004', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'InstallUtil', + id: 'T1218.004', + reference: 'https://attack.mitre.org/techniques/T1218/004', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Installer Packages', + id: 'T1546.016', + reference: 'https://attack.mitre.org/techniques/T1546/016', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Internal Defacement', + id: 'T1491.001', + reference: 'https://attack.mitre.org/techniques/T1491/001', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'Internal Proxy', + id: 'T1090.001', + reference: 'https://attack.mitre.org/techniques/T1090/001', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Internet Connection Discovery', + id: 'T1016.001', + reference: 'https://attack.mitre.org/techniques/T1016/001', + tactics: ['discovery'], + techniqueId: 'T1016', + }, + { + name: 'Invalid Code Signature', + id: 'T1036.001', + reference: 'https://attack.mitre.org/techniques/T1036/001', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'JavaScript', + id: 'T1059.007', + reference: 'https://attack.mitre.org/techniques/T1059/007', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Junk Data', + id: 'T1001.001', + reference: 'https://attack.mitre.org/techniques/T1001/001', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Kerberoasting', + id: 'T1558.003', + reference: 'https://attack.mitre.org/techniques/T1558/003', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Kernel Modules and Extensions', + id: 'T1547.006', + reference: 'https://attack.mitre.org/techniques/T1547/006', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'KernelCallbackTable', + id: 'T1574.013', + reference: 'https://attack.mitre.org/techniques/T1574/013', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Keychain', + id: 'T1555.001', + reference: 'https://attack.mitre.org/techniques/T1555/001', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Keylogging', + id: 'T1056.001', + reference: 'https://attack.mitre.org/techniques/T1056/001', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'LC_LOAD_DYLIB Addition', + id: 'T1546.006', + reference: 'https://attack.mitre.org/techniques/T1546/006', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'LLMNR/NBT-NS Poisoning and SMB Relay', + id: 'T1557.001', + reference: 'https://attack.mitre.org/techniques/T1557/001', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'LSA Secrets', + id: 'T1003.004', + reference: 'https://attack.mitre.org/techniques/T1003/004', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'LSASS Driver', + id: 'T1547.008', + reference: 'https://attack.mitre.org/techniques/T1547/008', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'LSASS Memory', + id: 'T1003.001', + reference: 'https://attack.mitre.org/techniques/T1003/001', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Launch Agent', + id: 'T1543.001', + reference: 'https://attack.mitre.org/techniques/T1543/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launch Daemon', + id: 'T1543.004', + reference: 'https://attack.mitre.org/techniques/T1543/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launchctl', + id: 'T1569.001', + reference: 'https://attack.mitre.org/techniques/T1569/001', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Launchd', + id: 'T1053.004', + reference: 'https://attack.mitre.org/techniques/T1053/004', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Link Target', + id: 'T1608.005', + reference: 'https://attack.mitre.org/techniques/T1608/005', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Linux and Mac File and Directory Permissions Modification', + id: 'T1222.002', + reference: 'https://attack.mitre.org/techniques/T1222/002', + tactics: ['defense-evasion'], + techniqueId: 'T1222', + }, + { + name: 'ListPlanting', + id: 'T1055.015', + reference: 'https://attack.mitre.org/techniques/T1055/015', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Local Account', + id: 'T1087.001', + reference: 'https://attack.mitre.org/techniques/T1087/001', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Local Account', + id: 'T1136.001', + reference: 'https://attack.mitre.org/techniques/T1136/001', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Local Accounts', + id: 'T1078.003', + reference: 'https://attack.mitre.org/techniques/T1078/003', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Local Data Staging', + id: 'T1074.001', + reference: 'https://attack.mitre.org/techniques/T1074/001', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Local Email Collection', + id: 'T1114.001', + reference: 'https://attack.mitre.org/techniques/T1114/001', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Local Groups', + id: 'T1069.001', + reference: 'https://attack.mitre.org/techniques/T1069/001', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Login Hook', + id: 'T1037.002', + reference: 'https://attack.mitre.org/techniques/T1037/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Login Items', + id: 'T1547.015', + reference: 'https://attack.mitre.org/techniques/T1547/015', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Logon Script (Windows)', + id: 'T1037.001', + reference: 'https://attack.mitre.org/techniques/T1037/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'MMC', + id: 'T1218.014', + reference: 'https://attack.mitre.org/techniques/T1218/014', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'MSBuild', + id: 'T1127.001', + reference: 'https://attack.mitre.org/techniques/T1127/001', + tactics: ['defense-evasion'], + techniqueId: 'T1127', + }, + { + name: 'Mail Protocols', + id: 'T1071.003', + reference: 'https://attack.mitre.org/techniques/T1071/003', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Make and Impersonate Token', + id: 'T1134.003', + reference: 'https://attack.mitre.org/techniques/T1134/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Malicious File', + id: 'T1204.002', + reference: 'https://attack.mitre.org/techniques/T1204/002', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malicious Image', + id: 'T1204.003', + reference: 'https://attack.mitre.org/techniques/T1204/003', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malicious Link', + id: 'T1204.001', + reference: 'https://attack.mitre.org/techniques/T1204/001', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malware', + id: 'T1587.001', + reference: 'https://attack.mitre.org/techniques/T1587/001', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Malware', + id: 'T1588.001', + reference: 'https://attack.mitre.org/techniques/T1588/001', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Mark-of-the-Web Bypass', + id: 'T1553.005', + reference: 'https://attack.mitre.org/techniques/T1553/005', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Masquerade Task or Service', + id: 'T1036.004', + reference: 'https://attack.mitre.org/techniques/T1036/004', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Match Legitimate Name or Location', + id: 'T1036.005', + reference: 'https://attack.mitre.org/techniques/T1036/005', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Mavinject', + id: 'T1218.013', + reference: 'https://attack.mitre.org/techniques/T1218/013', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Mshta', + id: 'T1218.005', + reference: 'https://attack.mitre.org/techniques/T1218/005', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Msiexec', + id: 'T1218.007', + reference: 'https://attack.mitre.org/techniques/T1218/007', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Multi-Factor Authentication', + id: 'T1556.006', + reference: 'https://attack.mitre.org/techniques/T1556/006', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Multi-hop Proxy', + id: 'T1090.003', + reference: 'https://attack.mitre.org/techniques/T1090/003', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'NTDS', + id: 'T1003.003', + reference: 'https://attack.mitre.org/techniques/T1003/003', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'NTFS File Attributes', + id: 'T1564.004', + reference: 'https://attack.mitre.org/techniques/T1564/004', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Netsh Helper DLL', + id: 'T1546.007', + reference: 'https://attack.mitre.org/techniques/T1546/007', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Network Address Translation Traversal', + id: 'T1599.001', + reference: 'https://attack.mitre.org/techniques/T1599/001', + tactics: ['defense-evasion'], + techniqueId: 'T1599', + }, + { + name: 'Network Device Authentication', + id: 'T1556.004', + reference: 'https://attack.mitre.org/techniques/T1556/004', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Network Device CLI', + id: 'T1059.008', + reference: 'https://attack.mitre.org/techniques/T1059/008', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Network Device Configuration Dump', + id: 'T1602.002', + reference: 'https://attack.mitre.org/techniques/T1602/002', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'Network Logon Script', + id: 'T1037.003', + reference: 'https://attack.mitre.org/techniques/T1037/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Network Security Appliances', + id: 'T1590.006', + reference: 'https://attack.mitre.org/techniques/T1590/006', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Share Connection Removal', + id: 'T1070.005', + reference: 'https://attack.mitre.org/techniques/T1070/005', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Network Topology', + id: 'T1590.004', + reference: 'https://attack.mitre.org/techniques/T1590/004', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Trust Dependencies', + id: 'T1590.003', + reference: 'https://attack.mitre.org/techniques/T1590/003', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Non-Standard Encoding', + id: 'T1132.002', + reference: 'https://attack.mitre.org/techniques/T1132/002', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'OS Exhaustion Flood', + id: 'T1499.001', + reference: 'https://attack.mitre.org/techniques/T1499/001', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Odbcconf', + id: 'T1218.008', + reference: 'https://attack.mitre.org/techniques/T1218/008', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Office Template Macros', + id: 'T1137.001', + reference: 'https://attack.mitre.org/techniques/T1137/001', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Office Test', + id: 'T1137.002', + reference: 'https://attack.mitre.org/techniques/T1137/002', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'One-Way Communication', + id: 'T1102.003', + reference: 'https://attack.mitre.org/techniques/T1102/003', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Outlook Forms', + id: 'T1137.003', + reference: 'https://attack.mitre.org/techniques/T1137/003', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Home Page', + id: 'T1137.004', + reference: 'https://attack.mitre.org/techniques/T1137/004', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Rules', + id: 'T1137.005', + reference: 'https://attack.mitre.org/techniques/T1137/005', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Parent PID Spoofing', + id: 'T1134.004', + reference: 'https://attack.mitre.org/techniques/T1134/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Pass the Hash', + id: 'T1550.002', + reference: 'https://attack.mitre.org/techniques/T1550/002', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Pass the Ticket', + id: 'T1550.003', + reference: 'https://attack.mitre.org/techniques/T1550/003', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Password Cracking', + id: 'T1110.002', + reference: 'https://attack.mitre.org/techniques/T1110/002', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Filter DLL', + id: 'T1556.002', + reference: 'https://attack.mitre.org/techniques/T1556/002', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Password Guessing', + id: 'T1110.001', + reference: 'https://attack.mitre.org/techniques/T1110/001', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Managers', + id: 'T1555.005', + reference: 'https://attack.mitre.org/techniques/T1555/005', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Password Spraying', + id: 'T1110.003', + reference: 'https://attack.mitre.org/techniques/T1110/003', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Patch System Image', + id: 'T1601.001', + reference: 'https://attack.mitre.org/techniques/T1601/001', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Path Interception by PATH Environment Variable', + id: 'T1574.007', + reference: 'https://attack.mitre.org/techniques/T1574/007', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Search Order Hijacking', + id: 'T1574.008', + reference: 'https://attack.mitre.org/techniques/T1574/008', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Unquoted Path', + id: 'T1574.009', + reference: 'https://attack.mitre.org/techniques/T1574/009', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Plist Modification', + id: 'T1547.011', + reference: 'https://attack.mitre.org/techniques/T1547/011', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Pluggable Authentication Modules', + id: 'T1556.003', + reference: 'https://attack.mitre.org/techniques/T1556/003', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Port Knocking', + id: 'T1205.001', + reference: 'https://attack.mitre.org/techniques/T1205/001', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], + techniqueId: 'T1205', + }, + { + name: 'Port Monitors', + id: 'T1547.010', + reference: 'https://attack.mitre.org/techniques/T1547/010', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Portable Executable Injection', + id: 'T1055.002', + reference: 'https://attack.mitre.org/techniques/T1055/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PowerShell', + id: 'T1059.001', + reference: 'https://attack.mitre.org/techniques/T1059/001', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'PowerShell Profile', + id: 'T1546.013', + reference: 'https://attack.mitre.org/techniques/T1546/013', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Print Processors', + id: 'T1547.012', + reference: 'https://attack.mitre.org/techniques/T1547/012', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Private Keys', + id: 'T1552.004', + reference: 'https://attack.mitre.org/techniques/T1552/004', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Proc Filesystem', + id: 'T1003.007', + reference: 'https://attack.mitre.org/techniques/T1003/007', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Proc Memory', + id: 'T1055.009', + reference: 'https://attack.mitre.org/techniques/T1055/009', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Argument Spoofing', + id: 'T1564.010', + reference: 'https://attack.mitre.org/techniques/T1564/010', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Process Doppelgänging', + id: 'T1055.013', + reference: 'https://attack.mitre.org/techniques/T1055/013', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Hollowing', + id: 'T1055.012', + reference: 'https://attack.mitre.org/techniques/T1055/012', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Protocol Impersonation', + id: 'T1001.003', + reference: 'https://attack.mitre.org/techniques/T1001/003', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Ptrace System Calls', + id: 'T1055.008', + reference: 'https://attack.mitre.org/techniques/T1055/008', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PubPrn', + id: 'T1216.001', + reference: 'https://attack.mitre.org/techniques/T1216/001', + tactics: ['defense-evasion'], + techniqueId: 'T1216', + }, + { + name: 'Purchase Technical Data', + id: 'T1597.002', + reference: 'https://attack.mitre.org/techniques/T1597/002', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Python', + id: 'T1059.006', + reference: 'https://attack.mitre.org/techniques/T1059/006', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'RC Scripts', + id: 'T1037.004', + reference: 'https://attack.mitre.org/techniques/T1037/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'RDP Hijacking', + id: 'T1563.002', + reference: 'https://attack.mitre.org/techniques/T1563/002', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'ROMMONkit', + id: 'T1542.004', + reference: 'https://attack.mitre.org/techniques/T1542/004', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Re-opened Applications', + id: 'T1547.007', + reference: 'https://attack.mitre.org/techniques/T1547/007', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Reduce Key Space', + id: 'T1600.001', + reference: 'https://attack.mitre.org/techniques/T1600/001', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Reflection Amplification', + id: 'T1498.002', + reference: 'https://attack.mitre.org/techniques/T1498/002', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Registry Run Keys / Startup Folder', + id: 'T1547.001', + reference: 'https://attack.mitre.org/techniques/T1547/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Regsvcs/Regasm', + id: 'T1218.009', + reference: 'https://attack.mitre.org/techniques/T1218/009', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Regsvr32', + id: 'T1218.010', + reference: 'https://attack.mitre.org/techniques/T1218/010', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Remote Data Staging', + id: 'T1074.002', + reference: 'https://attack.mitre.org/techniques/T1074/002', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Remote Desktop Protocol', + id: 'T1021.001', + reference: 'https://attack.mitre.org/techniques/T1021/001', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Remote Email Collection', + id: 'T1114.002', + reference: 'https://attack.mitre.org/techniques/T1114/002', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Rename System Utilities', + id: 'T1036.003', + reference: 'https://attack.mitre.org/techniques/T1036/003', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Resource Forking', + id: 'T1564.009', + reference: 'https://attack.mitre.org/techniques/T1564/009', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Reversible Encryption', + id: 'T1556.005', + reference: 'https://attack.mitre.org/techniques/T1556/005', + tactics: ['credential-access', 'defense-evasion', 'persistence'], + techniqueId: 'T1556', + }, + { + name: 'Revert Cloud Instance', + id: 'T1578.004', + reference: 'https://attack.mitre.org/techniques/T1578/004', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Right-to-Left Override', + id: 'T1036.002', + reference: 'https://attack.mitre.org/techniques/T1036/002', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Run Virtual Instance', + id: 'T1564.006', + reference: 'https://attack.mitre.org/techniques/T1564/006', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Rundll32', + id: 'T1218.011', + reference: 'https://attack.mitre.org/techniques/T1218/011', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Runtime Data Manipulation', + id: 'T1565.003', + reference: 'https://attack.mitre.org/techniques/T1565/003', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'SAML Tokens', + id: 'T1606.002', + reference: 'https://attack.mitre.org/techniques/T1606/002', + tactics: ['credential-access'], + techniqueId: 'T1606', + }, + { + name: 'SEO Poisoning', + id: 'T1608.006', + reference: 'https://attack.mitre.org/techniques/T1608/006', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'SID-History Injection', + id: 'T1134.005', + reference: 'https://attack.mitre.org/techniques/T1134/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'SIP and Trust Provider Hijacking', + id: 'T1553.003', + reference: 'https://attack.mitre.org/techniques/T1553/003', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'SMB/Windows Admin Shares', + id: 'T1021.002', + reference: 'https://attack.mitre.org/techniques/T1021/002', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SNMP (MIB Dump)', + id: 'T1602.001', + reference: 'https://attack.mitre.org/techniques/T1602/001', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'SQL Stored Procedures', + id: 'T1505.001', + reference: 'https://attack.mitre.org/techniques/T1505/001', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'SSH', + id: 'T1021.004', + reference: 'https://attack.mitre.org/techniques/T1021/004', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SSH Authorized Keys', + id: 'T1098.004', + reference: 'https://attack.mitre.org/techniques/T1098/004', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'SSH Hijacking', + id: 'T1563.001', + reference: 'https://attack.mitre.org/techniques/T1563/001', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'Safe Mode Boot', + id: 'T1562.009', + reference: 'https://attack.mitre.org/techniques/T1562/009', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Scan Databases', + id: 'T1596.005', + reference: 'https://attack.mitre.org/techniques/T1596/005', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Scanning IP Blocks', + id: 'T1595.001', + reference: 'https://attack.mitre.org/techniques/T1595/001', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'Scheduled Task', + id: 'T1053.005', + reference: 'https://attack.mitre.org/techniques/T1053/005', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Screensaver', + id: 'T1546.002', + reference: 'https://attack.mitre.org/techniques/T1546/002', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Search Engines', + id: 'T1593.002', + reference: 'https://attack.mitre.org/techniques/T1593/002', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Security Account Manager', + id: 'T1003.002', + reference: 'https://attack.mitre.org/techniques/T1003/002', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Security Software Discovery', + id: 'T1518.001', + reference: 'https://attack.mitre.org/techniques/T1518/001', + tactics: ['discovery'], + techniqueId: 'T1518', + }, + { + name: 'Security Support Provider', + id: 'T1547.005', + reference: 'https://attack.mitre.org/techniques/T1547/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Securityd Memory', + id: 'T1555.002', + reference: 'https://attack.mitre.org/techniques/T1555/002', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Server', + id: 'T1583.004', + reference: 'https://attack.mitre.org/techniques/T1583/004', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Server', + id: 'T1584.004', + reference: 'https://attack.mitre.org/techniques/T1584/004', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Serverless', + id: 'T1583.007', + reference: 'https://attack.mitre.org/techniques/T1583/007', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Serverless', + id: 'T1584.007', + reference: 'https://attack.mitre.org/techniques/T1584/007', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Service Execution', + id: 'T1569.002', + reference: 'https://attack.mitre.org/techniques/T1569/002', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Service Exhaustion Flood', + id: 'T1499.002', + reference: 'https://attack.mitre.org/techniques/T1499/002', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Services File Permissions Weakness', + id: 'T1574.010', + reference: 'https://attack.mitre.org/techniques/T1574/010', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Services Registry Permissions Weakness', + id: 'T1574.011', + reference: 'https://attack.mitre.org/techniques/T1574/011', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Setuid and Setgid', + id: 'T1548.001', + reference: 'https://attack.mitre.org/techniques/T1548/001', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Sharepoint', + id: 'T1213.002', + reference: 'https://attack.mitre.org/techniques/T1213/002', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Shortcut Modification', + id: 'T1547.009', + reference: 'https://attack.mitre.org/techniques/T1547/009', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Silver Ticket', + id: 'T1558.002', + reference: 'https://attack.mitre.org/techniques/T1558/002', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Social Media', + id: 'T1593.001', + reference: 'https://attack.mitre.org/techniques/T1593/001', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Social Media Accounts', + id: 'T1586.001', + reference: 'https://attack.mitre.org/techniques/T1586/001', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Social Media Accounts', + id: 'T1585.001', + reference: 'https://attack.mitre.org/techniques/T1585/001', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Socket Filters', + id: 'T1205.002', + reference: 'https://attack.mitre.org/techniques/T1205/002', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], + techniqueId: 'T1205', + }, + { + name: 'Software', + id: 'T1592.002', + reference: 'https://attack.mitre.org/techniques/T1592/002', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Software Packing', + id: 'T1027.002', + reference: 'https://attack.mitre.org/techniques/T1027/002', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Space after Filename', + id: 'T1036.006', + reference: 'https://attack.mitre.org/techniques/T1036/006', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Spearphishing Attachment', + id: 'T1566.001', + reference: 'https://attack.mitre.org/techniques/T1566/001', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Attachment', + id: 'T1598.002', + reference: 'https://attack.mitre.org/techniques/T1598/002', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Link', + id: 'T1566.002', + reference: 'https://attack.mitre.org/techniques/T1566/002', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Link', + id: 'T1598.003', + reference: 'https://attack.mitre.org/techniques/T1598/003', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Service', + id: 'T1598.001', + reference: 'https://attack.mitre.org/techniques/T1598/001', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing via Service', + id: 'T1566.003', + reference: 'https://attack.mitre.org/techniques/T1566/003', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Standard Encoding', + id: 'T1132.001', + reference: 'https://attack.mitre.org/techniques/T1132/001', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'Startup Items', + id: 'T1037.005', + reference: 'https://attack.mitre.org/techniques/T1037/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Steganography', + id: 'T1027.003', + reference: 'https://attack.mitre.org/techniques/T1027/003', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Steganography', + id: 'T1001.002', + reference: 'https://attack.mitre.org/techniques/T1001/002', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Stored Data Manipulation', + id: 'T1565.001', + reference: 'https://attack.mitre.org/techniques/T1565/001', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Stripped Payloads', + id: 'T1027.008', + reference: 'https://attack.mitre.org/techniques/T1027/008', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Sudo and Sudo Caching', + id: 'T1548.003', + reference: 'https://attack.mitre.org/techniques/T1548/003', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Symmetric Cryptography', + id: 'T1573.001', + reference: 'https://attack.mitre.org/techniques/T1573/001', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'System Checks', + id: 'T1497.001', + reference: 'https://attack.mitre.org/techniques/T1497/001', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'System Firmware', + id: 'T1542.001', + reference: 'https://attack.mitre.org/techniques/T1542/001', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'System Language Discovery', + id: 'T1614.001', + reference: 'https://attack.mitre.org/techniques/T1614/001', + tactics: ['discovery'], + techniqueId: 'T1614', + }, + { + name: 'Systemd Service', + id: 'T1543.002', + reference: 'https://attack.mitre.org/techniques/T1543/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Systemd Timers', + id: 'T1053.006', + reference: 'https://attack.mitre.org/techniques/T1053/006', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'TFTP Boot', + id: 'T1542.005', + reference: 'https://attack.mitre.org/techniques/T1542/005', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Terminal Services DLL', + id: 'T1505.005', + reference: 'https://attack.mitre.org/techniques/T1505/005', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Thread Execution Hijacking', + id: 'T1055.003', + reference: 'https://attack.mitre.org/techniques/T1055/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Thread Local Storage', + id: 'T1055.005', + reference: 'https://attack.mitre.org/techniques/T1055/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Threat Intel Vendors', + id: 'T1597.001', + reference: 'https://attack.mitre.org/techniques/T1597/001', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Time Based Evasion', + id: 'T1497.003', + reference: 'https://attack.mitre.org/techniques/T1497/003', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'Time Providers', + id: 'T1547.003', + reference: 'https://attack.mitre.org/techniques/T1547/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Timestomp', + id: 'T1070.006', + reference: 'https://attack.mitre.org/techniques/T1070/006', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Token Impersonation/Theft', + id: 'T1134.001', + reference: 'https://attack.mitre.org/techniques/T1134/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Tool', + id: 'T1588.002', + reference: 'https://attack.mitre.org/techniques/T1588/002', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Traffic Duplication', + id: 'T1020.001', + reference: 'https://attack.mitre.org/techniques/T1020/001', + tactics: ['exfiltration'], + techniqueId: 'T1020', + }, + { + name: 'Transmitted Data Manipulation', + id: 'T1565.002', + reference: 'https://attack.mitre.org/techniques/T1565/002', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Transport Agent', + id: 'T1505.002', + reference: 'https://attack.mitre.org/techniques/T1505/002', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Trap', + id: 'T1546.005', + reference: 'https://attack.mitre.org/techniques/T1546/005', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Unix Shell', + id: 'T1059.004', + reference: 'https://attack.mitre.org/techniques/T1059/004', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Unix Shell Configuration Modification', + id: 'T1546.004', + reference: 'https://attack.mitre.org/techniques/T1546/004', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Upload Malware', + id: 'T1608.001', + reference: 'https://attack.mitre.org/techniques/T1608/001', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'Upload Tool', + id: 'T1608.002', + reference: 'https://attack.mitre.org/techniques/T1608/002', + tactics: ['resource-development'], + techniqueId: 'T1608', + }, + { + name: 'User Activity Based Checks', + id: 'T1497.002', + reference: 'https://attack.mitre.org/techniques/T1497/002', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'VBA Stomping', + id: 'T1564.007', + reference: 'https://attack.mitre.org/techniques/T1564/007', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'VDSO Hijacking', + id: 'T1055.014', + reference: 'https://attack.mitre.org/techniques/T1055/014', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'VNC', + id: 'T1021.005', + reference: 'https://attack.mitre.org/techniques/T1021/005', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Verclsid', + id: 'T1218.012', + reference: 'https://attack.mitre.org/techniques/T1218/012', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Virtual Private Server', + id: 'T1584.003', + reference: 'https://attack.mitre.org/techniques/T1584/003', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Virtual Private Server', + id: 'T1583.003', + reference: 'https://attack.mitre.org/techniques/T1583/003', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Visual Basic', + id: 'T1059.005', + reference: 'https://attack.mitre.org/techniques/T1059/005', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Vulnerabilities', + id: 'T1588.006', + reference: 'https://attack.mitre.org/techniques/T1588/006', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Vulnerability Scanning', + id: 'T1595.002', + reference: 'https://attack.mitre.org/techniques/T1595/002', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'WHOIS', + id: 'T1596.002', + reference: 'https://attack.mitre.org/techniques/T1596/002', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Web Cookies', + id: 'T1606.001', + reference: 'https://attack.mitre.org/techniques/T1606/001', + tactics: ['credential-access'], + techniqueId: 'T1606', + }, + { + name: 'Web Portal Capture', + id: 'T1056.003', + reference: 'https://attack.mitre.org/techniques/T1056/003', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.weakenEncryptionDescription', - { defaultMessage: 'Weaken Encryption (T1600)' } - ), - id: 'T1600', - name: 'Weaken Encryption', - reference: 'https://attack.mitre.org/techniques/T1600', - tactics: 'defense-evasion', - value: 'weakenEncryption', + name: 'Web Protocols', + id: 'T1071.001', + reference: 'https://attack.mitre.org/techniques/T1071/001', + tactics: ['command-and-control'], + techniqueId: 'T1071', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription', - { defaultMessage: 'Web Service (T1102)' } - ), - id: 'T1102', - name: 'Web Service', - reference: 'https://attack.mitre.org/techniques/T1102', - tactics: 'command-and-control', - value: 'webService', + name: 'Web Services', + id: 'T1583.006', + reference: 'https://attack.mitre.org/techniques/T1583/006', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Web Services', + id: 'T1584.006', + reference: 'https://attack.mitre.org/techniques/T1584/006', + tactics: ['resource-development'], + techniqueId: 'T1584', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription', - { defaultMessage: 'Web Session Cookie (T1506)' } - ), - id: 'T1506', name: 'Web Session Cookie', - reference: 'https://attack.mitre.org/techniques/T1506', - tactics: 'defense-evasion,lateral-movement', - value: 'webSessionCookie', + id: 'T1550.004', + reference: 'https://attack.mitre.org/techniques/T1550/004', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription', - { defaultMessage: 'Web Shell (T1100)' } - ), - id: 'T1100', name: 'Web Shell', - reference: 'https://attack.mitre.org/techniques/T1100', - tactics: 'persistence,privilege-escalation', - value: 'webShell', + id: 'T1505.003', + reference: 'https://attack.mitre.org/techniques/T1505/003', + tactics: ['persistence'], + techniqueId: 'T1505', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription', - { defaultMessage: 'Windows Admin Shares (T1077)' } - ), - id: 'T1077', - name: 'Windows Admin Shares', - reference: 'https://attack.mitre.org/techniques/T1077', - tactics: 'lateral-movement', - value: 'windowsAdminShares', + name: 'Windows Command Shell', + id: 'T1059.003', + reference: 'https://attack.mitre.org/techniques/T1059/003', + tactics: ['execution'], + techniqueId: 'T1059', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', - { defaultMessage: 'Windows Management Instrumentation (T1047)' } - ), - id: 'T1047', - name: 'Windows Management Instrumentation', - reference: 'https://attack.mitre.org/techniques/T1047', - tactics: 'execution', - value: 'windowsManagementInstrumentation', + name: 'Windows Credential Manager', + id: 'T1555.004', + reference: 'https://attack.mitre.org/techniques/T1555/004', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Windows File and Directory Permissions Modification', + id: 'T1222.001', + reference: 'https://attack.mitre.org/techniques/T1222/001', + tactics: ['defense-evasion'], + techniqueId: 'T1222', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription', - { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1084)' } - ), - id: 'T1084', name: 'Windows Management Instrumentation Event Subscription', - reference: 'https://attack.mitre.org/techniques/T1084', - tactics: 'persistence', - value: 'windowsManagementInstrumentationEventSubscription', + id: 'T1546.003', + reference: 'https://attack.mitre.org/techniques/T1546/003', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription', - { defaultMessage: 'Windows Remote Management (T1028)' } - ), - id: 'T1028', name: 'Windows Remote Management', - reference: 'https://attack.mitre.org/techniques/T1028', - tactics: 'execution,lateral-movement', - value: 'windowsRemoteManagement', + id: 'T1021.006', + reference: 'https://attack.mitre.org/techniques/T1021/006', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Windows Service', + id: 'T1543.003', + reference: 'https://attack.mitre.org/techniques/T1543/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription', - { defaultMessage: 'Winlogon Helper DLL (T1004)' } - ), - id: 'T1004', name: 'Winlogon Helper DLL', - reference: 'https://attack.mitre.org/techniques/T1004', - tactics: 'persistence', - value: 'winlogonHelperDll', + id: 'T1547.004', + reference: 'https://attack.mitre.org/techniques/T1547/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', }, { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', - { defaultMessage: 'XSL Script Processing (T1220)' } - ), - id: 'T1220', - name: 'XSL Script Processing', - reference: 'https://attack.mitre.org/techniques/T1220', - tactics: 'defense-evasion', - value: 'xslScriptProcessing', + name: 'Wordlist Scanning', + id: 'T1595.003', + reference: 'https://attack.mitre.org/techniques/T1595/003', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'XDG Autostart Entries', + id: 'T1547.013', + reference: 'https://attack.mitre.org/techniques/T1547/013', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'XPC Services', + id: 'T1559.003', + reference: 'https://attack.mitre.org/techniques/T1559/003', + tactics: ['execution'], + techniqueId: 'T1559', }, ]; @@ -4273,6 +9200,42 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1070', value: 'clearLinuxOrMacSystemLogs', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearMailboxDataT1070Description', + { defaultMessage: 'Clear Mailbox Data (T1070.008)' } + ), + id: 'T1070.008', + name: 'Clear Mailbox Data', + reference: 'https://attack.mitre.org/techniques/T1070/008', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearMailboxData', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearNetworkConnectionHistoryAndConfigurationsT1070Description', + { defaultMessage: 'Clear Network Connection History and Configurations (T1070.007)' } + ), + id: 'T1070.007', + name: 'Clear Network Connection History and Configurations', + reference: 'https://attack.mitre.org/techniques/T1070/007', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearNetworkConnectionHistoryAndConfigurations', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearPersistenceT1070Description', + { defaultMessage: 'Clear Persistence (T1070.009)' } + ), + id: 'T1070.009', + name: 'Clear Persistence', + reference: 'https://attack.mitre.org/techniques/T1070/009', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearPersistence', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearWindowsEventLogsT1070Description', @@ -4321,6 +9284,30 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1136', value: 'cloudAccount', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1586Description', + { defaultMessage: 'Cloud Accounts (T1586.003)' } + ), + id: 'T1586.003', + name: 'Cloud Accounts', + reference: 'https://attack.mitre.org/techniques/T1586/003', + tactics: 'resource-development', + techniqueId: 'T1586', + value: 'cloudAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1585Description', + { defaultMessage: 'Cloud Accounts (T1585.003)' } + ), + id: 'T1585.003', + name: 'Cloud Accounts', + reference: 'https://attack.mitre.org/techniques/T1585/003', + tactics: 'resource-development', + techniqueId: 'T1585', + value: 'cloudAccounts', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1078Description', @@ -4357,6 +9344,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1552', value: 'cloudInstanceMetadataApi', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeRepositoriesT1593Description', + { defaultMessage: 'Code Repositories (T1593.003)' } + ), + id: 'T1593.003', + name: 'Code Repositories', + reference: 'https://attack.mitre.org/techniques/T1593/003', + tactics: 'reconnaissance', + techniqueId: 'T1593', + value: 'codeRepositories', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeRepositoriesT1213Description', @@ -5209,6 +10208,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1574', value: 'dylibHijacking', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicApiResolutionT1027Description', + { defaultMessage: 'Dynamic API Resolution (T1027.007)' } + ), + id: 'T1027.007', + name: 'Dynamic API Resolution', + reference: 'https://attack.mitre.org/techniques/T1027/007', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'dynamicApiResolution', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicDataExchangeT1559Description', @@ -5329,6 +10340,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1564', value: 'emailHidingRules', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.embeddedPayloadsT1027Description', + { defaultMessage: 'Embedded Payloads (T1027.009)' } + ), + id: 'T1027.009', + name: 'Embedded Payloads', + reference: 'https://attack.mitre.org/techniques/T1027/009', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'embeddedPayloads', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emondT1546Description', @@ -5701,6 +10724,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1564', value: 'hiddenWindow', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hybridIdentityT1556Description', + { defaultMessage: 'Hybrid Identity (T1556.007)' } + ), + id: 'T1556.007', + name: 'Hybrid Identity', + reference: 'https://attack.mitre.org/techniques/T1556/007', + tactics: 'credential-access,defense-evasion,persistence', + techniqueId: 'T1556', + value: 'hybridIdentity', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.iisComponentsT1505Description', @@ -5833,6 +10868,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1218', value: 'installUtil', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installerPackagesT1546Description', + { defaultMessage: 'Installer Packages (T1546.016)' } + ), + id: 'T1546.016', + name: 'Installer Packages', + reference: 'https://attack.mitre.org/techniques/T1546/016', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'installerPackages', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internalDefacementT1491Description', @@ -6397,6 +11444,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1218', value: 'msiexec', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.multiFactorAuthenticationT1556Description', + { defaultMessage: 'Multi-Factor Authentication (T1556.006)' } + ), + id: 'T1556.006', + name: 'Multi-Factor Authentication', + reference: 'https://attack.mitre.org/techniques/T1556/006', + tactics: 'credential-access,defense-evasion,persistence', + techniqueId: 'T1556', + value: 'multiFactorAuthentication', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.multiHopProxyT1090Description', @@ -7285,6 +12344,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1606', value: 'samlTokens', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.seoPoisoningT1608Description', + { defaultMessage: 'SEO Poisoning (T1608.006)' } + ), + id: 'T1608.006', + name: 'SEO Poisoning', + reference: 'https://attack.mitre.org/techniques/T1608/006', + tactics: 'resource-development', + techniqueId: 'T1608', + value: 'seoPoisoning', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sidHistoryInjectionT1134Description', @@ -7525,6 +12596,30 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1584', value: 'server', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverlessT1583Description', + { defaultMessage: 'Serverless (T1583.007)' } + ), + id: 'T1583.007', + name: 'Serverless', + reference: 'https://attack.mitre.org/techniques/T1583/007', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'serverless', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverlessT1584Description', + { defaultMessage: 'Serverless (T1584.007)' } + ), + id: 'T1584.007', + name: 'Serverless', + reference: 'https://attack.mitre.org/techniques/T1584/007', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'serverless', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serviceExecutionT1569Description', @@ -7657,6 +12752,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1585', value: 'socialMediaAccounts', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socketFiltersT1205Description', + { defaultMessage: 'Socket Filters (T1205.002)' } + ), + id: 'T1205.002', + name: 'Socket Filters', + reference: 'https://attack.mitre.org/techniques/T1205/002', + tactics: 'defense-evasion,persistence,command-and-control', + techniqueId: 'T1205', + value: 'socketFilters', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.softwareT1592Description', @@ -7825,6 +12932,18 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ techniqueId: 'T1565', value: 'storedDataManipulation', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.strippedPayloadsT1027Description', + { defaultMessage: 'Stripped Payloads (T1027.008)' } + ), + id: 'T1027.008', + name: 'Stripped Payloads', + reference: 'https://attack.mitre.org/techniques/T1027/008', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'strippedPayloads', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sudoAndSudoCachingT1548Description', diff --git a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js index 162357ae61e82..9960aad7ca5f0 100644 --- a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js +++ b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js @@ -19,7 +19,7 @@ const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre'); // Every release we should update the version of MITRE ATT&CK content and regenerate the model in our code. // This version must correspond to the one used for prebuilt rules in https://github.com/elastic/detection-rules. // This version is basically a tag on https://github.com/mitre/cti/tags, or can be a branch name like `master`. -const MITRE_CONTENT_VERSION = 'ATT&CK-v11.3'; // last updated when preparing for 8.4.0 release +const MITRE_CONTENT_VERSION = 'ATT&CK-v12.1'; // last updated when preparing for 8.7.0 release const MITRE_CONTENT_URL = `https://raw.githubusercontent.com/mitre/cti/${MITRE_CONTENT_VERSION}/enterprise-attack/enterprise-attack.json`; const getTacticsOptions = (tactics) => diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index e7beb411d9f9c..e252398d68c5d 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -28294,7 +28294,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "Encodage de données (T1132)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "Données chiffrées (T1022)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "Données chiffrées pour impact (T1486)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "Données d'objet de stockage cloud (T1530)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "Données de référentiel de configuration (T1602)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "Données de référentiels d'information (T1213)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "Données de système local (T1005)", @@ -28375,7 +28374,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "Implantation d'image interne (T1525)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "Blocage de l'indicateur (T1054)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "Retrait de l'indicateur dans les outils (T1066)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "Retrait d'un indicateur sur l'hôte (T1070)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "Exécution d'une commande indirecte (T1202)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Transfert d'outil d'entrée (T1105)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "Désactivation de la récupération du système (T1490)", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index ce3e629a5a98c..34d6fcae45464 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -28266,7 +28266,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "データエンコード(T1132)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "データ暗号化(T1022)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "影響のデータ暗号化(T1486)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "クラウドストレージオブジェクトからのデータ(T1530)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "構成リポジトリのデータ(T1602)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "情報リポジトリからのデータ(T1213)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "ローカルシステムからのデータ(T1005)", @@ -28347,7 +28346,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "内部画像の埋め込み (T1525)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "インジケーターブロック(T1054)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "ツールからのインジケーター削除(T1066)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "ホストでのインジケーター削除(T1070)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "間接コマンド実行(T1202)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Ingress Tool Transfer(T1105)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "システム回復の抑制(T1490)", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 495d1eac5c4cb..763b6e0fdf20d 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -28300,7 +28300,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "Data Encoding (T1132)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "Data Encrypted (T1022)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "Data Encrypted for Impact (T1486)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "Data from Cloud Storage Object (T1530)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription": "Data from Configuration Repository (T1602)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "Data from Information Repositories (T1213)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription": "Data from Local System (T1005)", @@ -28381,7 +28380,6 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription": "Implant Internal Image (T1525)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "Indicator Blocking (T1054)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "Indicator Removal from Tools (T1066)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "Indicator Removal on Host (T1070)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "Indirect Command Execution (T1202)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription": "Ingress Tool Transfer (T1105)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "Inhibit System Recovery (T1490)",