Technique

The Technique object contains data about a technique in the MITRE ATT&CK matrix.

Structure

Key

Type

Description

id

string

Technique identifier.

name

string

Technique name.

url

string

Web page at https://attack.mitre.org with the technique description and other relevant information.

rules

object/null

List of triggered rules.

 

malicious

string[]

List of rules that have been triggered due to malicious activity of the sample.

 

neutral

string[]

List of rules that have been triggered due to neutral activity of the sample.

 

suspicious

string[]

List of rules that have been triggered due to suspicious activity of the sample.

subtechniques

array [Subtechnique]

List of sub-techniques.

Example

{

   "rules": null,

   "id": "T1070",

   "name": "Indicator Removal",

   "url": "https://attack.mitre.org/techniques/T1070",

   "subtechniques": [

       {

           "rules": {

               "neutral": [

                   "Changes the time when the file was created, accessed, or modified"

               ]

           },

           "id": "T1070.006",

           "name": "Timestomp",

           "url": "https://attack.mitre.org/techniques/T1070/006"

       }

   ]

}