Skip to content

Class: Tactic

The MITRE Tactic object describes the ATT&CK® or ATLAS™ Tactic ID and/or name

that is associated to an attack.

URI: ocsf:Tactic

 classDiagram
    class Tactic
    click Tactic href "../Tactic/"
      Entity <|-- Tactic
        click Entity href "../Entity/"

      Tactic : name

      Tactic : src_url

      Tactic : uid

Inheritance

Slots

Name Cardinality and Range Description Inheritance
name 0..1 recommended
String		 The Tactic name that is associated with the attack technique direct
src_url 0..1
UrlT		 The versioned permalink of the Tactic direct
uid 0..1 recommended
String		 The Tactic ID that is associated with the attack technique direct

Usages

used by used in type used
Attack tactic range Tactic
Attack tactics range Tactic

In Subsets

Aliases

  • MITRE Tactic

See Also

Notes

Identifier and Mapping Information

Schema Source

Mappings

Mapping Type Mapped Value
self ocsf:Tactic
native ocsf:Tactic
exact attack:Tactic
close capec:Category

LinkML Source

Direct

name: Tactic
description: 'The MITRE Tactic object describes the ATT&CK® or ATLAS™ Tactic ID and/or
  name

  that is associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
aliases:
- MITRE Tactic
exact_mappings:
- attack:Tactic
close_mappings:
- capec:Category
is_a: Entity
slots:
- name
- src_url
- uid
slot_usage:
  name:
    name: name
    description: 'The Tactic name that is associated with the attack technique. For
      example:

      <code>Reconnaissance</code> or <code>ML Model Access</code>.'
  src_url:
    name: src_url
    description: 'The versioned permalink of the Tactic. For example:

      <code>https://attack.mitre.org/versions/v14/tactics/TA0043/</code>.'
  uid:
    name: uid
    description: 'The Tactic ID that is associated with the attack technique. For
      example:

      <code>TA0043</code>, or <code>AML.TA0000</code>.'

Induced

name: Tactic
description: 'The MITRE Tactic object describes the ATT&CK® or ATLAS™ Tactic ID and/or
  name

  that is associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
aliases:
- MITRE Tactic
exact_mappings:
- attack:Tactic
close_mappings:
- capec:Category
is_a: Entity
slot_usage:
  name:
    name: name
    description: 'The Tactic name that is associated with the attack technique. For
      example:

      <code>Reconnaissance</code> or <code>ML Model Access</code>.'
  src_url:
    name: src_url
    description: 'The versioned permalink of the Tactic. For example:

      <code>https://attack.mitre.org/versions/v14/tactics/TA0043/</code>.'
  uid:
    name: uid
    description: 'The Tactic ID that is associated with the attack technique. For
      example:

      <code>TA0043</code>, or <code>AML.TA0000</code>.'
attributes:
  name:
    name: name
    description: 'The Tactic name that is associated with the attack technique. For
      example:

      <code>Reconnaissance</code> or <code>ML Model Access</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Name
    rank: 1000
    alias: name
    owner: Tactic
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - Parameter
    - PrivilegeInfo
    - San
    - Scim
    - Script
    - ServicePrivilegeAnalysis
    - SoftwareComponent
    - Sso
    - StartupItem
    - ThreatActor
    - Token
    - Entity
    - Resource
    - Account
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - AutonomousSystem
    - Campaign
    - Check
    - CisBenchmark
    - CisBenchmarkResult
    - CisControl
    - ClassifierDetails
    - Container
    - D3fTactic
    - D3fTechnique
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Endpoint
    - Enrichment
    - EnvironmentVariable
    - Evidences
    - Extension
    - Feature
    - File
    - Graph
    - Group
    - HttpCookie
    - HttpHeader
    - Idp
    - Image
    - Job
    - Kernel
    - KeyValueObject
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metric
    - Mitigation
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - ResourceDetails
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - FtpActivity
    - RegValue
    - WinResource
    - WinService
    - PrefetchQuery
    range: string
    recommended: true
  src_url:
    name: src_url
    description: 'The versioned permalink of the Tactic. For example:

      <code>https://attack.mitre.org/versions/v14/tactics/TA0043/</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Source URL
    rank: 1000
    alias: src_url
    owner: Tactic
    domain_of:
    - Osint
    - Package
    - Ticket
    - Advisory
    - Cvss
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Enrichment
    - FindingObject
    - FindingInfo
    - KbArticle
    - Mitigation
    - SubTechnique
    - Tactic
    - Technique
    - IncidentProfile
    - IncidentFinding
    range: UrlT
  uid:
    name: uid
    description: 'The Tactic ID that is associated with the attack technique. For
      example:

      <code>TA0043</code>, or <code>AML.TA0000</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Unique ID
    rank: 1000
    alias: uid
    owner: Tactic
    domain_of:
    - Osint
    - Package
    - ProgrammaticCredential
    - RelatedEvent
    - Request
    - Sbom
    - Scim
    - Script
    - Session
    - Span
    - Sso
    - Ticket
    - Token
    - Trace
    - Entity
    - Resource
    - Account
    - Advisory
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - Certificate
    - Check
    - ClassifierDetails
    - Container
    - Cve
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Email
    - Endpoint
    - Evidences
    - Extension
    - Feature
    - File
    - FindingObject
    - FindingInfo
    - Graph
    - Group
    - HttpRequest
    - Idp
    - Image
    - KbArticle
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metadata
    - Mitigation
    - NetworkConnectionInfo
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - WinResource
    range: string
    recommended: true