Class MitreAttack (1.31.0)

MitreAttack(mapping=None, *, ignore_unknown_fields=False, **kwargs)

MITRE ATT&CK tactics and techniques related to this finding. See: https://attack.mitre.org

Attributes

NameDescription
primary_tactic google.cloud.securitycenter_v1.types.MitreAttack.Tactic
The MITRE ATT&CK tactic most closely represented by this finding, if any.
primary_techniques MutableSequence[google.cloud.securitycenter_v1.types.MitreAttack.Technique]
The MITRE ATT&CK technique most closely represented by this finding, if any. primary_techniques is a repeated field because there are multiple levels of MITRE ATT&CK techniques. If the technique most closely represented by this finding is a sub-technique (e.g. SCANNING_IP_BLOCKS), both the sub-technique and its parent technique(s) will be listed (e.g. SCANNING_IP_BLOCKS, ACTIVE_SCANNING).
additional_tactics MutableSequence[google.cloud.securitycenter_v1.types.MitreAttack.Tactic]
Additional MITRE ATT&CK tactics related to this finding, if any.
additional_techniques MutableSequence[google.cloud.securitycenter_v1.types.MitreAttack.Technique]
Additional MITRE ATT&CK techniques related to this finding, if any, along with any of their respective parent techniques.
version str
The MITRE ATT&CK version referenced by the above fields. E.g. "8".

Classes

Tactic

Tactic(value)

MITRE ATT&CK tactics that can be referenced by SCC findings. See: https://attack.mitre.org/tactics/enterprise/

Values: TACTIC_UNSPECIFIED (0): Unspecified value. RECONNAISSANCE (1): TA0043 RESOURCE_DEVELOPMENT (2): TA0042 INITIAL_ACCESS (5): TA0001 EXECUTION (3): TA0002 PERSISTENCE (6): TA0003 PRIVILEGE_ESCALATION (8): TA0004 DEFENSE_EVASION (7): TA0005 CREDENTIAL_ACCESS (9): TA0006 DISCOVERY (10): TA0007 LATERAL_MOVEMENT (11): TA0008 COLLECTION (12): TA0009 COMMAND_AND_CONTROL (4): TA0011 EXFILTRATION (13): TA0010 IMPACT (14): TA0040

Technique

Technique(value)

MITRE ATT&CK techniques that can be referenced by SCC findings. See: https://attack.mitre.org/techniques/enterprise/ Next ID: 59

Values: TECHNIQUE_UNSPECIFIED (0): Unspecified value. MASQUERADING (49): T1036 MATCH_LEGITIMATE_NAME_OR_LOCATION (50): T1036.005 BOOT_OR_LOGON_INITIALIZATION_SCRIPTS (37): T1037 STARTUP_ITEMS (38): T1037.005 NETWORK_SERVICE_DISCOVERY (32): T1046 PROCESS_DISCOVERY (56): T1057 COMMAND_AND_SCRIPTING_INTERPRETER (6): T1059 UNIX_SHELL (7): T1059.004 PERMISSION_GROUPS_DISCOVERY (18): T1069 CLOUD_GROUPS (19): T1069.003 APPLICATION_LAYER_PROTOCOL (45): T1071 DNS (46): T1071.004 SOFTWARE_DEPLOYMENT_TOOLS (47): T1072 VALID_ACCOUNTS (14): T1078 DEFAULT_ACCOUNTS (35): T1078.001 LOCAL_ACCOUNTS (15): T1078.003 CLOUD_ACCOUNTS (16): T1078.004 PROXY (9): T1090 EXTERNAL_PROXY (10): T1090.002 MULTI_HOP_PROXY (11): T1090.003 ACCOUNT_MANIPULATION (22): T1098 ADDITIONAL_CLOUD_CREDENTIALS (40): T1098.001 SSH_AUTHORIZED_KEYS (23): T1098.004 ADDITIONAL_CONTAINER_CLUSTER_ROLES (58): T1098.006 INGRESS_TOOL_TRANSFER (3): T1105 NATIVE_API (4): T1106 BRUTE_FORCE (44): T1110 SHARED_MODULES (5): T1129 ACCESS_TOKEN_MANIPULATION (33): T1134 TOKEN_IMPERSONATION_OR_THEFT (39): T1134.001 EXPLOIT_PUBLIC_FACING_APPLICATION (27): T1190 DOMAIN_POLICY_MODIFICATION (30): T1484 DATA_DESTRUCTION (29): T1485 SERVICE_STOP (52): T1489 INHIBIT_SYSTEM_RECOVERY (36): T1490 RESOURCE_HIJACKING (8): T1496 NETWORK_DENIAL_OF_SERVICE (17): T1498 CLOUD_SERVICE_DISCOVERY (48): T1526 STEAL_APPLICATION_ACCESS_TOKEN (42): T1528 ACCOUNT_ACCESS_REMOVAL (51): T1531 STEAL_WEB_SESSION_COOKIE (25): T1539 CREATE_OR_MODIFY_SYSTEM_PROCESS (24): T1543 ABUSE_ELEVATION_CONTROL_MECHANISM (34): T1548 UNSECURED_CREDENTIALS (13): T1552 MODIFY_AUTHENTICATION_PROCESS (28): T1556 IMPAIR_DEFENSES (31): T1562 DISABLE_OR_MODIFY_TOOLS (55): T1562.001 EXFILTRATION_OVER_WEB_SERVICE (20): T1567 EXFILTRATION_TO_CLOUD_STORAGE (21): T1567.002 DYNAMIC_RESOLUTION (12): T1568 LATERAL_TOOL_TRANSFER (41): T1570 MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE (26): T1578 CREATE_SNAPSHOT (54): T1578.001 CLOUD_INFRASTRUCTURE_DISCOVERY (53): T1580 OBTAIN_CAPABILITIES (43): T1588 ACTIVE_SCANNING (1): T1595 SCANNING_IP_BLOCKS (2): T1595.001 CONTAINER_AND_RESOURCE_DISCOVERY (57): T1613