Class: Mitigation
The MITRE Mitigation object describes the ATT&CK® or ATLAS™ Mitigation ID
and/or name that is associated to an attack.
URI: ocsf:Mitigation
classDiagram
class Mitigation
click Mitigation href "../Mitigation/"
Entity <|-- Mitigation
click Entity href "../Entity/"
Mitigation : countermeasures
Mitigation --> "*" D3fend : countermeasures
click D3fend href "../D3fend/"
Mitigation : name
Mitigation : src_url
Mitigation : uid
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| countermeasures | * D3fend |
The D3FEND countermeasures that are associated with the attack technique | direct |
| name | 0..1 recommended String |
The Mitigation name that is associated with the attack technique | direct |
| src_url | 0..1 UrlT |
The versioned permalink of the Mitigation | direct |
| uid | 0..1 recommended String |
The Mitigation ID that is associated with the attack technique | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| Attack | mitigation | range | Mitigation |
In Subsets
Aliases
- MITRE Mitigation
See Also
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
- https://d3fend.mitre.org/mappings/attack-mitigations/
Notes
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
- ATT&CK® Mitigation to D3FEND™ Technique Mappings — https://d3fend.mitre.org/mappings/attack-mitigations/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:Mitigation |
| native | ocsf:Mitigation |
| exact | attack:Mitigation |
| related | capec:AttackPattern |
LinkML Source
Direct
name: Mitigation
description: 'The MITRE Mitigation object describes the ATT&CK® or ATLAS™ Mitigation
ID
and/or name that is associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
- 'ATT&CK® Mitigation to D3FEND™ Technique Mappings —
https://d3fend.mitre.org/mappings/attack-mitigations/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
- https://d3fend.mitre.org/mappings/attack-mitigations/
aliases:
- MITRE Mitigation
exact_mappings:
- attack:Mitigation
related_mappings:
- capec:AttackPattern
is_a: Entity
slots:
- countermeasures
- name
- src_url
- uid
slot_usage:
countermeasures:
name: countermeasures
description: 'The D3FEND countermeasures that are associated with the attack technique.
For
example: ATT&CK Technique <code>T1003</code> is addressed by Mitigation
<code>M1027</code>, and D3FEND Technique <code>D3-OTP</code>.'
name:
name: name
description: 'The Mitigation name that is associated with the attack technique.
For example:
<code>Password Policies</code>, or <code>Code Signing</code>.'
src_url:
name: src_url
description: 'The versioned permalink of the Mitigation. For example:
<code>https://attack.mitre.org/versions/v14/mitigations/M1027</code>.'
uid:
name: uid
description: 'The Mitigation ID that is associated with the attack technique.
For example:
<code>M1027</code>, or <code>AML.M0013</code>.'
Induced
name: Mitigation
description: 'The MITRE Mitigation object describes the ATT&CK® or ATLAS™ Mitigation
ID
and/or name that is associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
- 'ATT&CK® Mitigation to D3FEND™ Technique Mappings —
https://d3fend.mitre.org/mappings/attack-mitigations/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
- https://d3fend.mitre.org/mappings/attack-mitigations/
aliases:
- MITRE Mitigation
exact_mappings:
- attack:Mitigation
related_mappings:
- capec:AttackPattern
is_a: Entity
slot_usage:
countermeasures:
name: countermeasures
description: 'The D3FEND countermeasures that are associated with the attack technique.
For
example: ATT&CK Technique <code>T1003</code> is addressed by Mitigation
<code>M1027</code>, and D3FEND Technique <code>D3-OTP</code>.'
name:
name: name
description: 'The Mitigation name that is associated with the attack technique.
For example:
<code>Password Policies</code>, or <code>Code Signing</code>.'
src_url:
name: src_url
description: 'The versioned permalink of the Mitigation. For example:
<code>https://attack.mitre.org/versions/v14/mitigations/M1027</code>.'
uid:
name: uid
description: 'The Mitigation ID that is associated with the attack technique.
For example:
<code>M1027</code>, or <code>AML.M0013</code>.'
attributes:
countermeasures:
name: countermeasures
description: 'The D3FEND countermeasures that are associated with the attack technique.
For
example: ATT&CK Technique <code>T1003</code> is addressed by Mitigation
<code>M1027</code>, and D3FEND Technique <code>D3-OTP</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Countermeasures
rank: 1000
alias: countermeasures
owner: Mitigation
domain_of:
- Mitigation
- RemediationActivity
range: D3fend
multivalued: true
name:
name: name
description: 'The Mitigation name that is associated with the attack technique.
For example:
<code>Password Policies</code>, or <code>Code Signing</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: Mitigation
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
src_url:
name: src_url
description: 'The versioned permalink of the Mitigation. For example:
<code>https://attack.mitre.org/versions/v14/mitigations/M1027</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source URL
rank: 1000
alias: src_url
owner: Mitigation
domain_of:
- Osint
- Package
- Ticket
- Advisory
- Cvss
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Enrichment
- FindingObject
- FindingInfo
- KbArticle
- Mitigation
- SubTechnique
- Tactic
- Technique
- IncidentProfile
- IncidentFinding
range: UrlT
uid:
name: uid
description: 'The Mitigation ID that is associated with the attack technique.
For example:
<code>M1027</code>, or <code>AML.M0013</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: Mitigation
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true