Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Updates MITRE Tactics, Techniques, and Subtechniques for 7.13 #97011

Merged
merged 2 commits into from
Apr 13, 2021
Merged

[Security Solution][Detections] Updates MITRE Tactics, Techniques, and Subtechniques for 7.13 #97011

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad6fc4d
Updates MITRE Tactics, Techniques, and Subtechniques
spong Apr 13, 2021
be1c033
Fixing translations :)
spong Apr 13, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
165 changes: 129 additions & 36 deletions x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -718,12 +718,6 @@ export const technique = [
reference: 'https://attack.mitre.org/techniques/T1061',
tactics: ['execution'],
},
{
name: 'Group Policy Modification',
id: 'T1484',
reference: 'https://attack.mitre.org/techniques/T1484',
tactics: ['defense-evasion', 'privilege-escalation'],
},
{
name: 'Hardware Additions',
id: 'T1200',
Expand Down Expand Up @@ -1354,6 +1348,18 @@ export const technique = [
reference: 'https://attack.mitre.org/techniques/T1220',
tactics: ['defense-evasion'],
},
{
name: 'Domain Policy Modification',
id: 'T1484',
reference: 'https://attack.mitre.org/techniques/T1484',
tactics: ['defense-evasion', 'privilege-escalation'],
},
{
name: 'Forge Web Credentials',
id: 'T1606',
reference: 'https://attack.mitre.org/techniques/T1606',
tactics: ['credential-access'],
},
];

export const techniquesOptions: MitreTechniquesOptions[] = [
Expand Down Expand Up @@ -2259,17 +2265,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [
tactics: 'execution',
value: 'graphicalUserInterface',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyModificationDescription',
{ defaultMessage: 'Group Policy Modification (T1484)' }
),
id: 'T1484',
name: 'Group Policy Modification',
reference: 'https://attack.mitre.org/techniques/T1484',
tactics: 'defense-evasion,privilege-escalation',
value: 'groupPolicyModification',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription',
Expand Down Expand Up @@ -3425,6 +3420,28 @@ export const techniquesOptions: MitreTechniquesOptions[] = [
tactics: 'defense-evasion',
value: 'xslScriptProcessing',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription',
{ defaultMessage: 'Domain Policy Modification (T1484)' }
),
id: 'T1484',
name: 'Domain Policy Modification',
reference: 'https://attack.mitre.org/techniques/T1484',
tactics: 'defense-evasion,privilege-escalation',
value: 'domainPolicyModification',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackTechniques.forgeWebCredentialsDescription',
{ defaultMessage: 'Forge Web Credentials (T1606)' }
),
id: 'T1606',
name: 'Forge Web Credentials',
reference: 'https://attack.mitre.org/techniques/T1606',
tactics: 'credential-access',
value: 'forgeWebCredentials',
},
];

export const subtechniques = [
Expand Down Expand Up @@ -3477,13 +3494,6 @@ export const subtechniques = [
tactics: ['persistence'],
techniqueId: 'T1137',
},
{
name: 'Additional Cloud Credentials',
id: 'T1098.001',
reference: 'https://attack.mitre.org/techniques/T1098/001',
tactics: ['persistence'],
techniqueId: 'T1098',
},
{
name: 'AppCert DLLs',
id: 'T1546.009',
Expand Down Expand Up @@ -5864,6 +5874,41 @@ export const subtechniques = [
tactics: ['persistence', 'privilege-escalation'],
techniqueId: 'T1547',
},
{
name: 'Additional Cloud Credentials',
id: 'T1098.001',
reference: 'https://attack.mitre.org/techniques/T1098/001',
tactics: ['persistence'],
techniqueId: 'T1098',
},
{
name: 'Group Policy Modification',
id: 'T1484.001',
reference: 'https://attack.mitre.org/techniques/T1484/001',
tactics: ['defense-evasion', 'privilege-escalation'],
techniqueId: 'T1484',
},
{
name: 'Domain Trust Modification',
id: 'T1484.002',
reference: 'https://attack.mitre.org/techniques/T1484/002',
tactics: ['defense-evasion', 'privilege-escalation'],
techniqueId: 'T1484',
},
{
name: 'Web Cookies',
id: 'T1606.001',
reference: 'https://attack.mitre.org/techniques/T1606/001',
tactics: ['credential-access'],
techniqueId: 'T1606',
},
{
name: 'SAML Tokens',
id: 'T1606.002',
reference: 'https://attack.mitre.org/techniques/T1606/002',
tactics: ['credential-access'],
techniqueId: 'T1606',
},
];

export const subtechniquesOptions: MitreSubtechniquesOptions[] = [
Expand Down Expand Up @@ -5951,18 +5996,6 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [
techniqueId: 'T1137',
value: 'addIns',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description',
{ defaultMessage: 'Additional Cloud Credentials (T1098.001)' }
),
id: 'T1098.001',
name: 'Additional Cloud Credentials',
reference: 'https://attack.mitre.org/techniques/T1098/001',
tactics: 'persistence',
techniqueId: 'T1098',
value: 'additionalCloudCredentials',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description',
Expand Down Expand Up @@ -10043,6 +10076,66 @@ export const subtechniquesOptions: MitreSubtechniquesOptions[] = [
techniqueId: 'T1547',
value: 'winlogonHelperDll',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description',
{ defaultMessage: 'Additional Cloud Credentials (T1098.001)' }
),
id: 'T1098.001',
name: 'Additional Cloud Credentials',
reference: 'https://attack.mitre.org/techniques/T1098/001',
tactics: 'persistence',
techniqueId: 'T1098',
value: 'additionalCloudCredentials',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.groupPolicyModificationT1484Description',
{ defaultMessage: 'Group Policy Modification (T1484.001)' }
),
id: 'T1484.001',
name: 'Group Policy Modification',
reference: 'https://attack.mitre.org/techniques/T1484/001',
tactics: 'defense-evasion,privilege-escalation',
techniqueId: 'T1484',
value: 'groupPolicyModification',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainTrustModificationT1484Description',
{ defaultMessage: 'Domain Trust Modification (T1484.002)' }
),
id: 'T1484.002',
name: 'Domain Trust Modification',
reference: 'https://attack.mitre.org/techniques/T1484/002',
tactics: 'defense-evasion,privilege-escalation',
techniqueId: 'T1484',
value: 'domainTrustModification',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webCookiesT1606Description',
{ defaultMessage: 'Web Cookies (T1606.001)' }
),
id: 'T1606.001',
name: 'Web Cookies',
reference: 'https://attack.mitre.org/techniques/T1606/001',
tactics: 'credential-access',
techniqueId: 'T1606',
value: 'webCookies',
},
{
label: i18n.translate(
'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.samlTokensT1606Description',
{ defaultMessage: 'SAML Tokens (T1606.002)' }
),
id: 'T1606.002',
name: 'SAML Tokens',
reference: 'https://attack.mitre.org/techniques/T1606/002',
tactics: 'credential-access',
techniqueId: 'T1606',
value: 'samlTokens',
},
];

/**
Expand Down