Skip to content

Enum: RemediationActivityActivityIdEnum

Matches the MITRE D3FEND™ Tactic. Note: the Model and Detect Tactics are not

supported as remediations by the OCSF Remediation event class.

URI: ocsf:RemediationActivityActivityIdEnum

Permissible Values

Value Meaning Description
ISOLATE None Creates logical or physical barriers in a system which reduces opportunities
EVICT None Removes an adversary or malicious resource from a device or computer network
RESTORE None Returns the system to a better state
HARDEN None Increases the opportunity cost of computer network exploitation
DETECT None Further identify adversary access to or unauthorized activity on computer
UNKNOWN None The event activity is unknown
OTHER None The event activity is not mapped

Slots

Name Description
activity_id Matches the MITRE D3FEND™ Tactic

Identifier and Mapping Information

Schema Source

LinkML Source

name: RemediationActivityActivityIdEnum
description: 'Matches the MITRE D3FEND™ Tactic. Note: the Model and Detect Tactics
  are not

  supported as remediations by the OCSF Remediation event class.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
  ISOLATE:
    text: ISOLATE
    description: 'Creates logical or physical barriers in a system which reduces opportunities

      for adversaries to create further accesses. Defined by D3FEND™ <a

      target=''_blank''

      href=''https://d3fend.mitre.org/tactic/d3f:Isolate/''>d3f:Isolate</a>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '1'
      caption:
        tag: caption
        value: Isolate
  EVICT:
    text: EVICT
    description: 'Removes an adversary or malicious resource from a device or computer
      network.

      Defined by D3FEND™ <a target=''_blank''

      href=''https://d3fend.mitre.org/tactic/d3f:Evict/''>d3f:Evict</a>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '2'
      caption:
        tag: caption
        value: Evict
  RESTORE:
    text: RESTORE
    description: 'Returns the system to a better state. Defined by D3FEND™ <a target=''_blank''

      href=''https://d3fend.mitre.org/tactic/d3f:Restore/''>d3f:Restore</a>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '3'
      caption:
        tag: caption
        value: Restore
  HARDEN:
    text: HARDEN
    description: 'Increases the opportunity cost of computer network exploitation.
      Defined by

      D3FEND™ <a target=''_blank''

      href=''https://d3fend.mitre.org/tactic/d3f:Harden/''>d3f:Harden</a>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '4'
      caption:
        tag: caption
        value: Harden
  DETECT:
    text: DETECT
    description: 'Further identify adversary access to or unauthorized activity on
      computer

      networks. Defined by D3FEND™ <a target=''_blank''

      href=''https://d3fend.mitre.org/tactic/d3f:Detect/''>d3f:Detect</a>.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '5'
      caption:
        tag: caption
        value: Detect
  UNKNOWN:
    text: UNKNOWN
    description: The event activity is unknown.
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '0'
      caption:
        tag: caption
        value: Unknown
  OTHER:
    text: OTHER
    description: 'The event activity is not mapped. See the <code>activity_name</code>
      attribute,

      which contains a data source specific value.'
    annotations:
      ocsf_uid:
        tag: ocsf_uid
        value: '99'
      caption:
        tag: caption
        value: Other