Skip to content

Class: Technique

The MITRE Technique object describes the ATT&CK® or ATLAS™ Technique ID and/or

name associated to an attack.

URI: ocsf:Technique

 classDiagram
    class Technique
    click Technique href "../Technique/"
      Entity <|-- Technique
        click Entity href "../Entity/"

      Technique : name

      Technique : src_url

      Technique : uid

Inheritance

Slots

Name Cardinality and Range Description Inheritance
name 0..1 recommended
String		 The name of the attack technique direct
src_url 0..1
UrlT		 The versioned permalink of the attack technique direct
uid 0..1 recommended
String		 The unique identifier of the attack technique direct

Usages

used by used in type used
Attack technique range Technique

In Subsets

Aliases

  • MITRE Technique

See Also

Notes

Identifier and Mapping Information

Schema Source

Mappings

Mapping Type Mapped Value
self ocsf:Technique
native ocsf:Technique
exact attack:Technique, capec:Technique

LinkML Source

Direct

name: Technique
description: 'The MITRE Technique object describes the ATT&CK® or ATLAS™ Technique
  ID and/or

  name associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
aliases:
- MITRE Technique
exact_mappings:
- attack:Technique
- capec:Technique
is_a: Entity
slots:
- name
- src_url
- uid
slot_usage:
  name:
    name: name
    description: 'The name of the attack technique. For example: <code>Active Scanning</code>
      or

      <code>AI Model Inference API Access</code>.'
  src_url:
    name: src_url
    description: 'The versioned permalink of the attack technique. For example:

      <code>https://attack.mitre.org/versions/v14/techniques/T1595/</code>.'
  uid:
    name: uid
    description: 'The unique identifier of the attack technique. For example: <code>T1595</code>

      or <code>AML.T0040</code>.'

Induced

name: Technique
description: 'The MITRE Technique object describes the ATT&CK® or ATLAS™ Technique
  ID and/or

  name associated to an attack.'
notes:
- ATT&CK® Matrix — https://attack.mitre.org
- ATLAS™ Matrix — https://atlas.mitre.org/matrices/ATLAS
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://attack.mitre.org
- https://atlas.mitre.org/matrices/ATLAS
aliases:
- MITRE Technique
exact_mappings:
- attack:Technique
- capec:Technique
is_a: Entity
slot_usage:
  name:
    name: name
    description: 'The name of the attack technique. For example: <code>Active Scanning</code>
      or

      <code>AI Model Inference API Access</code>.'
  src_url:
    name: src_url
    description: 'The versioned permalink of the attack technique. For example:

      <code>https://attack.mitre.org/versions/v14/techniques/T1595/</code>.'
  uid:
    name: uid
    description: 'The unique identifier of the attack technique. For example: <code>T1595</code>

      or <code>AML.T0040</code>.'
attributes:
  name:
    name: name
    description: 'The name of the attack technique. For example: <code>Active Scanning</code>
      or

      <code>AI Model Inference API Access</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Name
    rank: 1000
    alias: name
    owner: Technique
    domain_of:
    - AnalysisTarget
    - Observable
    - Os
    - Osint
    - Package
    - Parameter
    - PrivilegeInfo
    - San
    - Scim
    - Script
    - ServicePrivilegeAnalysis
    - SoftwareComponent
    - Sso
    - StartupItem
    - ThreatActor
    - Token
    - Entity
    - Resource
    - Account
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - AutonomousSystem
    - Campaign
    - Check
    - CisBenchmark
    - CisBenchmarkResult
    - CisControl
    - ClassifierDetails
    - Container
    - D3fTactic
    - D3fTechnique
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Endpoint
    - Enrichment
    - EnvironmentVariable
    - Evidences
    - Extension
    - Feature
    - File
    - Graph
    - Group
    - HttpCookie
    - HttpHeader
    - Idp
    - Image
    - Job
    - Kernel
    - KeyValueObject
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metric
    - Mitigation
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - ResourceDetails
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - FtpActivity
    - RegValue
    - WinResource
    - WinService
    - PrefetchQuery
    range: string
    recommended: true
  src_url:
    name: src_url
    description: 'The versioned permalink of the attack technique. For example:

      <code>https://attack.mitre.org/versions/v14/techniques/T1595/</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Source URL
    rank: 1000
    alias: src_url
    owner: Technique
    domain_of:
    - Osint
    - Package
    - Ticket
    - Advisory
    - Cvss
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Enrichment
    - FindingObject
    - FindingInfo
    - KbArticle
    - Mitigation
    - SubTechnique
    - Tactic
    - Technique
    - IncidentProfile
    - IncidentFinding
    range: UrlT
  uid:
    name: uid
    description: 'The unique identifier of the attack technique. For example: <code>T1595</code>

      or <code>AML.T0040</code>.'
    from_schema: https://w3id.org/lmodel/ocsf
    aliases:
    - Unique ID
    rank: 1000
    alias: uid
    owner: Technique
    domain_of:
    - Osint
    - Package
    - ProgrammaticCredential
    - RelatedEvent
    - Request
    - Sbom
    - Scim
    - Script
    - Session
    - Span
    - Sso
    - Ticket
    - Token
    - Trace
    - Entity
    - Resource
    - Account
    - Advisory
    - Agent
    - AiModel
    - Aircraft
    - Analytic
    - ApplicationObject
    - Assessment
    - Certificate
    - Check
    - ClassifierDetails
    - Container
    - Cve
    - Cwe
    - D3fTactic
    - D3fTechnique
    - DataClassification
    - Database
    - Databucket
    - DomainContact
    - Edge
    - Email
    - Endpoint
    - Evidences
    - Extension
    - Feature
    - File
    - FindingObject
    - FindingInfo
    - Graph
    - Group
    - HttpRequest
    - Idp
    - Image
    - KbArticle
    - LoadBalancer
    - Logger
    - Malware
    - ManagedEntity
    - MessageContext
    - Metadata
    - Mitigation
    - NetworkConnectionInfo
    - NetworkEndpoint
    - NetworkInterface
    - Node
    - Organization
    - PeripheralDevice
    - Policy
    - ProcessEntity
    - Product
    - QueryInfo
    - Reporter
    - Rule
    - Scan
    - Service
    - SubTechnique
    - Table
    - Tactic
    - Technique
    - Trait
    - TransformationInfo
    - UnmannedAerialSystem
    - User
    - WebResource
    - Device
    - WinResource
    range: string
    recommended: true