Class: MutableElement
An environment-tunable parameter within an ATT&CK analytic. Mutable elements identify specific fields in the detection logic that defenders can adjust to adapt the analytic to their operational environment without altering its fundamental detection behavior. For example, 'TimeWindow' could be tuned to match an organization's normal authentication patterns, or 'PortRange' adjusted to reflect monitored network segments.
classDiagram
class MutableElement
click MutableElement href "../MutableElement/"
MutableElement : description
MutableElement : mutable_field
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| mutable_field | 1 String |
The name of the analytic field or parameter that can be tuned by a defender t... | direct |
| description | 1 String |
Rationale for why this field is tunable and guidance for environment-specific... | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Analytic | x_mitre_mutable_elements | range | MutableElement |
In Subsets
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/attack
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | attack:MutableElement |
| native | attack:MutableElement |
LinkML Source
Direct
name: MutableElement
description: An environment-tunable parameter within an ATT&CK analytic. Mutable elements
identify specific fields in the detection logic that defenders can adjust to adapt
the analytic to their operational environment without altering its fundamental detection
behavior. For example, 'TimeWindow' could be tuned to match an organization's normal
authentication patterns, or 'PortRange' adjusted to reflect monitored network segments.
in_subset:
- attack_aux
from_schema: https://w3id.org/lmodel/attack
slots:
- mutable_field
- description
slot_usage:
mutable_field:
name: mutable_field
required: true
description:
name: description
description: Rationale for why this field is tunable and guidance for environment-specific
configuration considerations.
required: true
Induced
name: MutableElement
description: An environment-tunable parameter within an ATT&CK analytic. Mutable elements
identify specific fields in the detection logic that defenders can adjust to adapt
the analytic to their operational environment without altering its fundamental detection
behavior. For example, 'TimeWindow' could be tuned to match an organization's normal
authentication patterns, or 'PortRange' adjusted to reflect monitored network segments.
in_subset:
- attack_aux
from_schema: https://w3id.org/lmodel/attack
slot_usage:
mutable_field:
name: mutable_field
required: true
description:
name: description
description: Rationale for why this field is tunable and guidance for environment-specific
configuration considerations.
required: true
attributes:
mutable_field:
name: mutable_field
description: The name of the analytic field or parameter that can be tuned by
a defender to adapt it to their environment (e.g., 'TimeWindow', 'UserContext',
'PortRange', 'SubnetFilter'). Provides a clear identifier for the tunable aspect
of the analytic.
in_subset:
- attack_aux
from_schema: https://w3id.org/lmodel/attack
rank: 1000
alias: mutable_field
owner: MutableElement
domain_of:
- MutableElement
range: string
required: true
description:
name: description
description: Rationale for why this field is tunable and guidance for environment-specific
configuration considerations.
from_schema: https://w3id.org/lmodel/attack
close_mappings:
- unified_cyber_ontology:description
rank: 1000
alias: description
owner: MutableElement
domain_of:
- RelatedAsset
- MutableElement
- StixEntity
- ExtensionDefinition
- ExternalReference
range: string
required: true