Module: Google::Cloud::SecurityCenter::V2::MitreAttack::Technique

Defined in:

proto_docs/google/cloud/securitycenter/v2/mitre_attack.rb

Overview

MITRE ATT&CK techniques that can be referenced by Security Command Center findings. See: https://attack.mitre.org/techniques/enterprise/

Constant Summary

TECHNIQUE_UNSPECIFIED =

Unspecified value.

0

DATA_OBFUSCATION =

T1001

70

DATA_OBFUSCATION_STEGANOGRAPHY =

T1001.002

71

OS_CREDENTIAL_DUMPING =

T1003

114

OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM =

T1003.007

115

OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW =

T1003.008

122

DATA_FROM_LOCAL_SYSTEM =

T1005

117

AUTOMATED_EXFILTRATION =

T1020

68

OBFUSCATED_FILES_OR_INFO =

T1027

72

STEGANOGRAPHY =

T1027.003

73

COMPILE_AFTER_DELIVERY =

T1027.004

74

COMMAND_OBFUSCATION =

T1027.010

75

SCHEDULED_TRANSFER =

T1029

120

SYSTEM_OWNER_USER_DISCOVERY =

T1033

118

MASQUERADING =

T1036

49

MATCH_LEGITIMATE_NAME_OR_LOCATION =

T1036.005

50

BOOT_OR_LOGON_INITIALIZATION_SCRIPTS =

T1037

37

STARTUP_ITEMS =

T1037.005

38

NETWORK_SERVICE_DISCOVERY =

T1046

32

SCHEDULED_TASK_JOB =

T1053

89

SCHEDULED_TASK_JOB_CRON =

T1053.003

119

CONTAINER_ORCHESTRATION_JOB =

T1053.007

90

PROCESS_INJECTION =

T1055

93

INPUT_CAPTURE =

T1056

103

INPUT_CAPTURE_KEYLOGGING =

T1056.001

104

PROCESS_DISCOVERY =

T1057

56

COMMAND_AND_SCRIPTING_INTERPRETER =

T1059

6

UNIX_SHELL =

T1059.004

7

PYTHON =

T1059.006

59

EXPLOITATION_FOR_PRIVILEGE_ESCALATION =

T1068

63

PERMISSION_GROUPS_DISCOVERY =

T1069

18

CLOUD_GROUPS =

T1069.003

19

INDICATOR_REMOVAL =

T1070

123

INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS =

T1070.002

124

INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY =

T1070.003

125

INDICATOR_REMOVAL_FILE_DELETION =

T1070.004

64

INDICATOR_REMOVAL_TIMESTOMP =

T1070.006

128

INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA =

T1070.008

126

APPLICATION_LAYER_PROTOCOL =

T1071

45

DNS =

T1071.004

46

SOFTWARE_DEPLOYMENT_TOOLS =

T1072

47

VALID_ACCOUNTS =

T1078

14

DEFAULT_ACCOUNTS =

T1078.001

35

LOCAL_ACCOUNTS =

T1078.003

15

CLOUD_ACCOUNTS =

T1078.004

16

FILE_AND_DIRECTORY_DISCOVERY =

T1083

121

ACCOUNT_DISCOVERY_LOCAL_ACCOUNT =

T1087.001

116

PROXY =

T1090

9

EXTERNAL_PROXY =

T1090.002

10

MULTI_HOP_PROXY =

T1090.003

11

ACCOUNT_MANIPULATION =

T1098

22

ADDITIONAL_CLOUD_CREDENTIALS =

T1098.001

40

ADDITIONAL_CLOUD_ROLES =

T1098.003

67

SSH_AUTHORIZED_KEYS =

T1098.004

23

ADDITIONAL_CONTAINER_CLUSTER_ROLES =

T1098.006

58

MULTI_STAGE_CHANNELS =

T1104

76

INGRESS_TOOL_TRANSFER =

T1105

3

NATIVE_API =

T1106

4

BRUTE_FORCE =

T1110

44

AUTOMATED_COLLECTION =

T1119

94

SHARED_MODULES =

T1129

5

DATA_ENCODING =

T1132

77

STANDARD_ENCODING =

T1132.001

78

ACCESS_TOKEN_MANIPULATION =

T1134

33

TOKEN_IMPERSONATION_OR_THEFT =

T1134.001

39

CREATE_ACCOUNT =

T1136

79

LOCAL_ACCOUNT =

T1136.001

80

DEOBFUSCATE_DECODE_FILES_OR_INFO =

T1140

95

EXPLOIT_PUBLIC_FACING_APPLICATION =

T1190

27

SUPPLY_CHAIN_COMPROMISE =

T1195

129

COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS =

T1195.001

130

EXPLOITATION_FOR_CLIENT_EXECUTION =

T1203

134

USER_EXECUTION =

T1204

69

LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION =

T1222.002

135

DOMAIN_POLICY_MODIFICATION =

T1484

30

DATA_DESTRUCTION =

T1485

29

DATA_ENCRYPTED_FOR_IMPACT =

T1486

132

SERVICE_STOP =

T1489

52

INHIBIT_SYSTEM_RECOVERY =

T1490

36

FIRMWARE_CORRUPTION =

T1495

81

RESOURCE_HIJACKING =

T1496

8

NETWORK_DENIAL_OF_SERVICE =

T1498

17

CLOUD_SERVICE_DISCOVERY =

T1526

48

STEAL_APPLICATION_ACCESS_TOKEN =

T1528

42

ACCOUNT_ACCESS_REMOVAL =

T1531

51

TRANSFER_DATA_TO_CLOUD_ACCOUNT =

T1537

91

STEAL_WEB_SESSION_COOKIE =

T1539

25

CREATE_OR_MODIFY_SYSTEM_PROCESS =

T1543

24

EVENT_TRIGGERED_EXECUTION =

T1546

65

BOOT_OR_LOGON_AUTOSTART_EXECUTION =

T1547

82

KERNEL_MODULES_AND_EXTENSIONS =

T1547.006

83

SHORTCUT_MODIFICATION =

T1547.009

127

ABUSE_ELEVATION_CONTROL_MECHANISM =

T1548

34

ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID =

T1548.001

136

ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING =

T1548.003

109

UNSECURED_CREDENTIALS =

T1552

13

CREDENTIALS_IN_FILES =

T1552.001

105

BASH_HISTORY =

T1552.003

96

PRIVATE_KEYS =

T1552.004

97

SUBVERT_TRUST_CONTROL =

T1553

106

INSTALL_ROOT_CERTIFICATE =

T1553.004

107

COMPROMISE_HOST_SOFTWARE_BINARY =

T1554

84

CREDENTIALS_FROM_PASSWORD_STORES =

T1555

98

MODIFY_AUTHENTICATION_PROCESS =

T1556

28

PLUGGABLE_AUTHENTICATION_MODULES =

T1556.003

108

MULTI_FACTOR_AUTHENTICATION =

T1556.006

137

IMPAIR_DEFENSES =

T1562

31

DISABLE_OR_MODIFY_TOOLS =

T1562.001

55

INDICATOR_BLOCKING =

T1562.006

110

DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM =

T1562.012

111

HIDE_ARTIFACTS =

T1564

85

HIDDEN_FILES_AND_DIRECTORIES =

T1564.001

86

HIDDEN_USERS =

T1564.002

87

EXFILTRATION_OVER_WEB_SERVICE =

T1567

20

EXFILTRATION_TO_CLOUD_STORAGE =

T1567.002

21

DYNAMIC_RESOLUTION =

T1568

12

LATERAL_TOOL_TRANSFER =

T1570

41

HIJACK_EXECUTION_FLOW =

T1574

112

HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING =

T1574.006

113

MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE =

T1578

26

CREATE_SNAPSHOT =

T1578.001

54

CLOUD_INFRASTRUCTURE_DISCOVERY =

T1580

53

DEVELOP_CAPABILITIES =

T1587

99

DEVELOP_CAPABILITIES_MALWARE =

T1587.001

100

OBTAIN_CAPABILITIES =

T1588

43

OBTAIN_CAPABILITIES_MALWARE =

T1588.001

101

OBTAIN_CAPABILITIES_VULNERABILITIES =

T1588.006

133

ACTIVE_SCANNING =

T1595

1

SCANNING_IP_BLOCKS =

T1595.001

2

STAGE_CAPABILITIES =

T1608

88

UPLOAD_MALWARE =

T1608.001

102

CONTAINER_ADMINISTRATION_COMMAND =

T1609

60

DEPLOY_CONTAINER =

T1610

66

ESCAPE_TO_HOST =

T1611

61

CONTAINER_AND_RESOURCE_DISCOVERY =

T1613

57

REFLECTIVE_CODE_LOADING =

T1620

92

STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES =

T1649

62

FINANCIAL_THEFT =

T1657

131