Enum: PhaseIdEnum
The cyber kill chain phase identifier.
URI: ocsf:PhaseIdEnum
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| UNKNOWN | None | The kill chain phase is unknown |
| RECONNAISSANCE | None | The attackers pick a target and perform a detailed analysis, start collecting |
| WEAPONIZATION | None | The attackers develop a malware weapon and aim to exploit the discovered |
| DELIVERY | None | The intruders will use various tactics, such as phishing, infected USB drives... |
| EXPLOITATION | None | The intruders start leveraging vulnerabilities to executed code on the victim... |
| INSTALLATION | None | The intruders install malware on the victim’s system |
| COMMAND_CONTROL | None | Malware opens a command channel to enable the intruders to remotely manipulat... |
| ACTIONS_ON_OBJECTIVES | None | With hands-on keyboard access, intruders accomplish the mission’s goal |
| OTHER | None | The kill chain phase is not mapped |
Slots
| Name | Description |
|---|---|
| phase_id | The cyber kill chain phase identifier |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: PhaseIdEnum
description: The cyber kill chain phase identifier.
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: The kill chain phase is unknown.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
RECONNAISSANCE:
text: RECONNAISSANCE
description: 'The attackers pick a target and perform a detailed analysis, start
collecting
information (email addresses, conferences information, etc.) and evaluate the
victim’s vulnerabilities to determine how to exploit them.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Reconnaissance
WEAPONIZATION:
text: WEAPONIZATION
description: 'The attackers develop a malware weapon and aim to exploit the discovered
vulnerabilities.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Weaponization
DELIVERY:
text: DELIVERY
description: 'The intruders will use various tactics, such as phishing, infected
USB drives,
etc.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Delivery
EXPLOITATION:
text: EXPLOITATION
description: 'The intruders start leveraging vulnerabilities to executed code
on the victim’s
system.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: Exploitation
INSTALLATION:
text: INSTALLATION
description: The intruders install malware on the victim’s system.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: Installation
COMMAND_CONTROL:
text: COMMAND_CONTROL
description: 'Malware opens a command channel to enable the intruders to remotely
manipulate
the victim''s system.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Command & Control
ACTIONS_ON_OBJECTIVES:
text: ACTIONS_ON_OBJECTIVES
description: With hands-on keyboard access, intruders accomplish the mission’s
goal.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Actions on Objectives
OTHER:
text: OTHER
description: 'The kill chain phase is not mapped. See the <code>phase</code> attribute,
which
contains a data source specific value.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other