"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.techniques = exports.tactics = exports.subtechniques = exports.getMockThreatData = void 0; var _i18n = require("@kbn/i18n"); /* * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one * or more contributor license agreements. Licensed under the Elastic License * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ // THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY // Please modify the 'extract_tactics_techniques_mitre.js' script directly and // run 'yarn extract-mitre-attacks' from the root 'security_solution' plugin directory const tactics = [{ id: 'TA0009', name: 'Collection', reference: 'https://attack.mitre.org/tactics/TA0009', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.collectionDescription', { defaultMessage: 'Collection (TA0009)' }), value: 'collection' }, { id: 'TA0011', name: 'Command and Control', reference: 'https://attack.mitre.org/tactics/TA0011', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.commandAndControlDescription', { defaultMessage: 'Command and Control (TA0011)' }), value: 'commandAndControl' }, { id: 'TA0006', name: 'Credential Access', reference: 'https://attack.mitre.org/tactics/TA0006', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.credentialAccessDescription', { defaultMessage: 'Credential Access (TA0006)' }), value: 'credentialAccess' }, { id: 'TA0005', name: 'Defense Evasion', reference: 'https://attack.mitre.org/tactics/TA0005', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.defenseEvasionDescription', { defaultMessage: 'Defense Evasion (TA0005)' }), value: 'defenseEvasion' }, { id: 'TA0007', name: 'Discovery', reference: 'https://attack.mitre.org/tactics/TA0007', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.discoveryDescription', { defaultMessage: 'Discovery (TA0007)' }), value: 'discovery' }, { id: 'TA0002', name: 'Execution', reference: 'https://attack.mitre.org/tactics/TA0002', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.executionDescription', { defaultMessage: 'Execution (TA0002)' }), value: 'execution' }, { id: 'TA0010', name: 'Exfiltration', reference: 'https://attack.mitre.org/tactics/TA0010', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.exfiltrationDescription', { defaultMessage: 'Exfiltration (TA0010)' }), value: 'exfiltration' }, { id: 'TA0040', name: 'Impact', reference: 'https://attack.mitre.org/tactics/TA0040', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.impactDescription', { defaultMessage: 'Impact (TA0040)' }), value: 'impact' }, { id: 'TA0001', name: 'Initial Access', reference: 'https://attack.mitre.org/tactics/TA0001', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.initialAccessDescription', { defaultMessage: 'Initial Access (TA0001)' }), value: 'initialAccess' }, { id: 'TA0008', name: 'Lateral Movement', reference: 'https://attack.mitre.org/tactics/TA0008', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.lateralMovementDescription', { defaultMessage: 'Lateral Movement (TA0008)' }), value: 'lateralMovement' }, { id: 'TA0003', name: 'Persistence', reference: 'https://attack.mitre.org/tactics/TA0003', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.persistenceDescription', { defaultMessage: 'Persistence (TA0003)' }), value: 'persistence' }, { id: 'TA0004', name: 'Privilege Escalation', reference: 'https://attack.mitre.org/tactics/TA0004', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.privilegeEscalationDescription', { defaultMessage: 'Privilege Escalation (TA0004)' }), value: 'privilegeEscalation' }, { id: 'TA0043', name: 'Reconnaissance', reference: 'https://attack.mitre.org/tactics/TA0043', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.reconnaissanceDescription', { defaultMessage: 'Reconnaissance (TA0043)' }), value: 'reconnaissance' }, { id: 'TA0042', name: 'Resource Development', reference: 'https://attack.mitre.org/tactics/TA0042', label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTactics.resourceDevelopmentDescription', { defaultMessage: 'Resource Development (TA0042)' }), value: 'resourceDevelopment' }]; exports.tactics = tactics; const techniques = [{ label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.abuseElevationControlMechanismDescription', { defaultMessage: 'Abuse Elevation Control Mechanism (T1548)' }), id: 'T1548', name: 'Abuse Elevation Control Mechanism', reference: 'https://attack.mitre.org/techniques/T1548', tactics: ['privilege-escalation', 'defense-evasion'], value: 'abuseElevationControlMechanism' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.accessTokenManipulationDescription', { defaultMessage: 'Access Token Manipulation (T1134)' }), id: 'T1134', name: 'Access Token Manipulation', reference: 'https://attack.mitre.org/techniques/T1134', tactics: ['defense-evasion', 'privilege-escalation'], value: 'accessTokenManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountAccessRemovalDescription', { defaultMessage: 'Account Access Removal (T1531)' }), id: 'T1531', name: 'Account Access Removal', reference: 'https://attack.mitre.org/techniques/T1531', tactics: ['impact'], value: 'accountAccessRemoval' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountDiscoveryDescription', { defaultMessage: 'Account Discovery (T1087)' }), id: 'T1087', name: 'Account Discovery', reference: 'https://attack.mitre.org/techniques/T1087', tactics: ['discovery'], value: 'accountDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.accountManipulationDescription', { defaultMessage: 'Account Manipulation (T1098)' }), id: 'T1098', name: 'Account Manipulation', reference: 'https://attack.mitre.org/techniques/T1098', tactics: ['persistence'], value: 'accountManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.acquireAccessDescription', { defaultMessage: 'Acquire Access (T1650)' }), id: 'T1650', name: 'Acquire Access', reference: 'https://attack.mitre.org/techniques/T1650', tactics: ['resource-development'], value: 'acquireAccess' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.acquireInfrastructureDescription', { defaultMessage: 'Acquire Infrastructure (T1583)' }), id: 'T1583', name: 'Acquire Infrastructure', reference: 'https://attack.mitre.org/techniques/T1583', tactics: ['resource-development'], value: 'acquireInfrastructure' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.activeScanningDescription', { defaultMessage: 'Active Scanning (T1595)' }), id: 'T1595', name: 'Active Scanning', reference: 'https://attack.mitre.org/techniques/T1595', tactics: ['reconnaissance'], value: 'activeScanning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.adversaryInTheMiddleDescription', { defaultMessage: 'Adversary-in-the-Middle (T1557)' }), id: 'T1557', name: 'Adversary-in-the-Middle', reference: 'https://attack.mitre.org/techniques/T1557', tactics: ['credential-access', 'collection'], value: 'adversaryInTheMiddle' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationLayerProtocolDescription', { defaultMessage: 'Application Layer Protocol (T1071)' }), id: 'T1071', name: 'Application Layer Protocol', reference: 'https://attack.mitre.org/techniques/T1071', tactics: ['command-and-control'], value: 'applicationLayerProtocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.applicationWindowDiscoveryDescription', { defaultMessage: 'Application Window Discovery (T1010)' }), id: 'T1010', name: 'Application Window Discovery', reference: 'https://attack.mitre.org/techniques/T1010', tactics: ['discovery'], value: 'applicationWindowDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.archiveCollectedDataDescription', { defaultMessage: 'Archive Collected Data (T1560)' }), id: 'T1560', name: 'Archive Collected Data', reference: 'https://attack.mitre.org/techniques/T1560', tactics: ['collection'], value: 'archiveCollectedData' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.audioCaptureDescription', { defaultMessage: 'Audio Capture (T1123)' }), id: 'T1123', name: 'Audio Capture', reference: 'https://attack.mitre.org/techniques/T1123', tactics: ['collection'], value: 'audioCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedCollectionDescription', { defaultMessage: 'Automated Collection (T1119)' }), id: 'T1119', name: 'Automated Collection', reference: 'https://attack.mitre.org/techniques/T1119', tactics: ['collection'], value: 'automatedCollection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.automatedExfiltrationDescription', { defaultMessage: 'Automated Exfiltration (T1020)' }), id: 'T1020', name: 'Automated Exfiltration', reference: 'https://attack.mitre.org/techniques/T1020', tactics: ['exfiltration'], value: 'automatedExfiltration' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.bitsJobsDescription', { defaultMessage: 'BITS Jobs (T1197)' }), id: 'T1197', name: 'BITS Jobs', reference: 'https://attack.mitre.org/techniques/T1197', tactics: ['defense-evasion', 'persistence'], value: 'bitsJobs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonAutostartExecutionDescription', { defaultMessage: 'Boot or Logon Autostart Execution (T1547)' }), id: 'T1547', name: 'Boot or Logon Autostart Execution', reference: 'https://attack.mitre.org/techniques/T1547', tactics: ['persistence', 'privilege-escalation'], value: 'bootOrLogonAutostartExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.bootOrLogonInitializationScriptsDescription', { defaultMessage: 'Boot or Logon Initialization Scripts (T1037)' }), id: 'T1037', name: 'Boot or Logon Initialization Scripts', reference: 'https://attack.mitre.org/techniques/T1037', tactics: ['persistence', 'privilege-escalation'], value: 'bootOrLogonInitializationScripts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserExtensionsDescription', { defaultMessage: 'Browser Extensions (T1176)' }), id: 'T1176', name: 'Browser Extensions', reference: 'https://attack.mitre.org/techniques/T1176', tactics: ['persistence'], value: 'browserExtensions' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserInformationDiscoveryDescription', { defaultMessage: 'Browser Information Discovery (T1217)' }), id: 'T1217', name: 'Browser Information Discovery', reference: 'https://attack.mitre.org/techniques/T1217', tactics: ['discovery'], value: 'browserInformationDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.browserSessionHijackingDescription', { defaultMessage: 'Browser Session Hijacking (T1185)' }), id: 'T1185', name: 'Browser Session Hijacking', reference: 'https://attack.mitre.org/techniques/T1185', tactics: ['collection'], value: 'browserSessionHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.bruteForceDescription', { defaultMessage: 'Brute Force (T1110)' }), id: 'T1110', name: 'Brute Force', reference: 'https://attack.mitre.org/techniques/T1110', tactics: ['credential-access'], value: 'bruteForce' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.buildImageOnHostDescription', { defaultMessage: 'Build Image on Host (T1612)' }), id: 'T1612', name: 'Build Image on Host', reference: 'https://attack.mitre.org/techniques/T1612', tactics: ['defense-evasion'], value: 'buildImageOnHost' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.clipboardDataDescription', { defaultMessage: 'Clipboard Data (T1115)' }), id: 'T1115', name: 'Clipboard Data', reference: 'https://attack.mitre.org/techniques/T1115', tactics: ['collection'], value: 'clipboardData' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudAdministrationCommandDescription', { defaultMessage: 'Cloud Administration Command (T1651)' }), id: 'T1651', name: 'Cloud Administration Command', reference: 'https://attack.mitre.org/techniques/T1651', tactics: ['execution'], value: 'cloudAdministrationCommand' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudInfrastructureDiscoveryDescription', { defaultMessage: 'Cloud Infrastructure Discovery (T1580)' }), id: 'T1580', name: 'Cloud Infrastructure Discovery', reference: 'https://attack.mitre.org/techniques/T1580', tactics: ['discovery'], value: 'cloudInfrastructureDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDashboardDescription', { defaultMessage: 'Cloud Service Dashboard (T1538)' }), id: 'T1538', name: 'Cloud Service Dashboard', reference: 'https://attack.mitre.org/techniques/T1538', tactics: ['discovery'], value: 'cloudServiceDashboard' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudServiceDiscoveryDescription', { defaultMessage: 'Cloud Service Discovery (T1526)' }), id: 'T1526', name: 'Cloud Service Discovery', reference: 'https://attack.mitre.org/techniques/T1526', tactics: ['discovery'], value: 'cloudServiceDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.cloudStorageObjectDiscoveryDescription', { defaultMessage: 'Cloud Storage Object Discovery (T1619)' }), id: 'T1619', name: 'Cloud Storage Object Discovery', reference: 'https://attack.mitre.org/techniques/T1619', tactics: ['discovery'], value: 'cloudStorageObjectDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.commandAndScriptingInterpreterDescription', { defaultMessage: 'Command and Scripting Interpreter (T1059)' }), id: 'T1059', name: 'Command and Scripting Interpreter', reference: 'https://attack.mitre.org/techniques/T1059', tactics: ['execution'], value: 'commandAndScriptingInterpreter' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.communicationThroughRemovableMediaDescription', { defaultMessage: 'Communication Through Removable Media (T1092)' }), id: 'T1092', name: 'Communication Through Removable Media', reference: 'https://attack.mitre.org/techniques/T1092', tactics: ['command-and-control'], value: 'communicationThroughRemovableMedia' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseAccountsDescription', { defaultMessage: 'Compromise Accounts (T1586)' }), id: 'T1586', name: 'Compromise Accounts', reference: 'https://attack.mitre.org/techniques/T1586', tactics: ['resource-development'], value: 'compromiseAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseClientSoftwareBinaryDescription', { defaultMessage: 'Compromise Client Software Binary (T1554)' }), id: 'T1554', name: 'Compromise Client Software Binary', reference: 'https://attack.mitre.org/techniques/T1554', tactics: ['persistence'], value: 'compromiseClientSoftwareBinary' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.compromiseInfrastructureDescription', { defaultMessage: 'Compromise Infrastructure (T1584)' }), id: 'T1584', name: 'Compromise Infrastructure', reference: 'https://attack.mitre.org/techniques/T1584', tactics: ['resource-development'], value: 'compromiseInfrastructure' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAdministrationCommandDescription', { defaultMessage: 'Container Administration Command (T1609)' }), id: 'T1609', name: 'Container Administration Command', reference: 'https://attack.mitre.org/techniques/T1609', tactics: ['execution'], value: 'containerAdministrationCommand' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.containerAndResourceDiscoveryDescription', { defaultMessage: 'Container and Resource Discovery (T1613)' }), id: 'T1613', name: 'Container and Resource Discovery', reference: 'https://attack.mitre.org/techniques/T1613', tactics: ['discovery'], value: 'containerAndResourceDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.createAccountDescription', { defaultMessage: 'Create Account (T1136)' }), id: 'T1136', name: 'Create Account', reference: 'https://attack.mitre.org/techniques/T1136', tactics: ['persistence'], value: 'createAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.createOrModifySystemProcessDescription', { defaultMessage: 'Create or Modify System Process (T1543)' }), id: 'T1543', name: 'Create or Modify System Process', reference: 'https://attack.mitre.org/techniques/T1543', tactics: ['persistence', 'privilege-escalation'], value: 'createOrModifySystemProcess' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.credentialsFromPasswordStoresDescription', { defaultMessage: 'Credentials from Password Stores (T1555)' }), id: 'T1555', name: 'Credentials from Password Stores', reference: 'https://attack.mitre.org/techniques/T1555', tactics: ['credential-access'], value: 'credentialsFromPasswordStores' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataDestructionDescription', { defaultMessage: 'Data Destruction (T1485)' }), id: 'T1485', name: 'Data Destruction', reference: 'https://attack.mitre.org/techniques/T1485', tactics: ['impact'], value: 'dataDestruction' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncodingDescription', { defaultMessage: 'Data Encoding (T1132)' }), id: 'T1132', name: 'Data Encoding', reference: 'https://attack.mitre.org/techniques/T1132', tactics: ['command-and-control'], value: 'dataEncoding' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataEncryptedForImpactDescription', { defaultMessage: 'Data Encrypted for Impact (T1486)' }), id: 'T1486', name: 'Data Encrypted for Impact', reference: 'https://attack.mitre.org/techniques/T1486', tactics: ['impact'], value: 'dataEncryptedForImpact' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataManipulationDescription', { defaultMessage: 'Data Manipulation (T1565)' }), id: 'T1565', name: 'Data Manipulation', reference: 'https://attack.mitre.org/techniques/T1565', tactics: ['impact'], value: 'dataManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataObfuscationDescription', { defaultMessage: 'Data Obfuscation (T1001)' }), id: 'T1001', name: 'Data Obfuscation', reference: 'https://attack.mitre.org/techniques/T1001', tactics: ['command-and-control'], value: 'dataObfuscation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataStagedDescription', { defaultMessage: 'Data Staged (T1074)' }), id: 'T1074', name: 'Data Staged', reference: 'https://attack.mitre.org/techniques/T1074', tactics: ['collection'], value: 'dataStaged' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataTransferSizeLimitsDescription', { defaultMessage: 'Data Transfer Size Limits (T1030)' }), id: 'T1030', name: 'Data Transfer Size Limits', reference: 'https://attack.mitre.org/techniques/T1030', tactics: ['exfiltration'], value: 'dataTransferSizeLimits' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromCloudStorageDescription', { defaultMessage: 'Data from Cloud Storage (T1530)' }), id: 'T1530', name: 'Data from Cloud Storage', reference: 'https://attack.mitre.org/techniques/T1530', tactics: ['collection'], value: 'dataFromCloudStorage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromConfigurationRepositoryDescription', { defaultMessage: 'Data from Configuration Repository (T1602)' }), id: 'T1602', name: 'Data from Configuration Repository', reference: 'https://attack.mitre.org/techniques/T1602', tactics: ['collection'], value: 'dataFromConfigurationRepository' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromInformationRepositoriesDescription', { defaultMessage: 'Data from Information Repositories (T1213)' }), id: 'T1213', name: 'Data from Information Repositories', reference: 'https://attack.mitre.org/techniques/T1213', tactics: ['collection'], value: 'dataFromInformationRepositories' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromLocalSystemDescription', { defaultMessage: 'Data from Local System (T1005)' }), id: 'T1005', name: 'Data from Local System', reference: 'https://attack.mitre.org/techniques/T1005', tactics: ['collection'], value: 'dataFromLocalSystem' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromNetworkSharedDriveDescription', { defaultMessage: 'Data from Network Shared Drive (T1039)' }), id: 'T1039', name: 'Data from Network Shared Drive', reference: 'https://attack.mitre.org/techniques/T1039', tactics: ['collection'], value: 'dataFromNetworkSharedDrive' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dataFromRemovableMediaDescription', { defaultMessage: 'Data from Removable Media (T1025)' }), id: 'T1025', name: 'Data from Removable Media', reference: 'https://attack.mitre.org/techniques/T1025', tactics: ['collection'], value: 'dataFromRemovableMedia' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.debuggerEvasionDescription', { defaultMessage: 'Debugger Evasion (T1622)' }), id: 'T1622', name: 'Debugger Evasion', reference: 'https://attack.mitre.org/techniques/T1622', tactics: ['defense-evasion', 'discovery'], value: 'debuggerEvasion' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.defacementDescription', { defaultMessage: 'Defacement (T1491)' }), id: 'T1491', name: 'Defacement', reference: 'https://attack.mitre.org/techniques/T1491', tactics: ['impact'], value: 'defacement' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.deobfuscateDecodeFilesOrInformationDescription', { defaultMessage: 'Deobfuscate/Decode Files or Information (T1140)' }), id: 'T1140', name: 'Deobfuscate/Decode Files or Information', reference: 'https://attack.mitre.org/techniques/T1140', tactics: ['defense-evasion'], value: 'deobfuscateDecodeFilesOrInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.deployContainerDescription', { defaultMessage: 'Deploy Container (T1610)' }), id: 'T1610', name: 'Deploy Container', reference: 'https://attack.mitre.org/techniques/T1610', tactics: ['defense-evasion', 'execution'], value: 'deployContainer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.developCapabilitiesDescription', { defaultMessage: 'Develop Capabilities (T1587)' }), id: 'T1587', name: 'Develop Capabilities', reference: 'https://attack.mitre.org/techniques/T1587', tactics: ['resource-development'], value: 'developCapabilities' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.deviceDriverDiscoveryDescription', { defaultMessage: 'Device Driver Discovery (T1652)' }), id: 'T1652', name: 'Device Driver Discovery', reference: 'https://attack.mitre.org/techniques/T1652', tactics: ['discovery'], value: 'deviceDriverDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.directVolumeAccessDescription', { defaultMessage: 'Direct Volume Access (T1006)' }), id: 'T1006', name: 'Direct Volume Access', reference: 'https://attack.mitre.org/techniques/T1006', tactics: ['defense-evasion'], value: 'directVolumeAccess' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.diskWipeDescription', { defaultMessage: 'Disk Wipe (T1561)' }), id: 'T1561', name: 'Disk Wipe', reference: 'https://attack.mitre.org/techniques/T1561', tactics: ['impact'], value: 'diskWipe' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainPolicyModificationDescription', { defaultMessage: 'Domain Policy Modification (T1484)' }), id: 'T1484', name: 'Domain Policy Modification', reference: 'https://attack.mitre.org/techniques/T1484', tactics: ['defense-evasion', 'privilege-escalation'], value: 'domainPolicyModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.domainTrustDiscoveryDescription', { defaultMessage: 'Domain Trust Discovery (T1482)' }), id: 'T1482', name: 'Domain Trust Discovery', reference: 'https://attack.mitre.org/techniques/T1482', tactics: ['discovery'], value: 'domainTrustDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.driveByCompromiseDescription', { defaultMessage: 'Drive-by Compromise (T1189)' }), id: 'T1189', name: 'Drive-by Compromise', reference: 'https://attack.mitre.org/techniques/T1189', tactics: ['initial-access'], value: 'driveByCompromise' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.dynamicResolutionDescription', { defaultMessage: 'Dynamic Resolution (T1568)' }), id: 'T1568', name: 'Dynamic Resolution', reference: 'https://attack.mitre.org/techniques/T1568', tactics: ['command-and-control'], value: 'dynamicResolution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.emailCollectionDescription', { defaultMessage: 'Email Collection (T1114)' }), id: 'T1114', name: 'Email Collection', reference: 'https://attack.mitre.org/techniques/T1114', tactics: ['collection'], value: 'emailCollection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.encryptedChannelDescription', { defaultMessage: 'Encrypted Channel (T1573)' }), id: 'T1573', name: 'Encrypted Channel', reference: 'https://attack.mitre.org/techniques/T1573', tactics: ['command-and-control'], value: 'encryptedChannel' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.endpointDenialOfServiceDescription', { defaultMessage: 'Endpoint Denial of Service (T1499)' }), id: 'T1499', name: 'Endpoint Denial of Service', reference: 'https://attack.mitre.org/techniques/T1499', tactics: ['impact'], value: 'endpointDenialOfService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.escapeToHostDescription', { defaultMessage: 'Escape to Host (T1611)' }), id: 'T1611', name: 'Escape to Host', reference: 'https://attack.mitre.org/techniques/T1611', tactics: ['privilege-escalation'], value: 'escapeToHost' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.establishAccountsDescription', { defaultMessage: 'Establish Accounts (T1585)' }), id: 'T1585', name: 'Establish Accounts', reference: 'https://attack.mitre.org/techniques/T1585', tactics: ['resource-development'], value: 'establishAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.eventTriggeredExecutionDescription', { defaultMessage: 'Event Triggered Execution (T1546)' }), id: 'T1546', name: 'Event Triggered Execution', reference: 'https://attack.mitre.org/techniques/T1546', tactics: ['privilege-escalation', 'persistence'], value: 'eventTriggeredExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.executionGuardrailsDescription', { defaultMessage: 'Execution Guardrails (T1480)' }), id: 'T1480', name: 'Execution Guardrails', reference: 'https://attack.mitre.org/techniques/T1480', tactics: ['defense-evasion'], value: 'executionGuardrails' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverAlternativeProtocolDescription', { defaultMessage: 'Exfiltration Over Alternative Protocol (T1048)' }), id: 'T1048', name: 'Exfiltration Over Alternative Protocol', reference: 'https://attack.mitre.org/techniques/T1048', tactics: ['exfiltration'], value: 'exfiltrationOverAlternativeProtocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverC2ChannelDescription', { defaultMessage: 'Exfiltration Over C2 Channel (T1041)' }), id: 'T1041', name: 'Exfiltration Over C2 Channel', reference: 'https://attack.mitre.org/techniques/T1041', tactics: ['exfiltration'], value: 'exfiltrationOverC2Channel' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverOtherNetworkMediumDescription', { defaultMessage: 'Exfiltration Over Other Network Medium (T1011)' }), id: 'T1011', name: 'Exfiltration Over Other Network Medium', reference: 'https://attack.mitre.org/techniques/T1011', tactics: ['exfiltration'], value: 'exfiltrationOverOtherNetworkMedium' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverPhysicalMediumDescription', { defaultMessage: 'Exfiltration Over Physical Medium (T1052)' }), id: 'T1052', name: 'Exfiltration Over Physical Medium', reference: 'https://attack.mitre.org/techniques/T1052', tactics: ['exfiltration'], value: 'exfiltrationOverPhysicalMedium' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exfiltrationOverWebServiceDescription', { defaultMessage: 'Exfiltration Over Web Service (T1567)' }), id: 'T1567', name: 'Exfiltration Over Web Service', reference: 'https://attack.mitre.org/techniques/T1567', tactics: ['exfiltration'], value: 'exfiltrationOverWebService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitPublicFacingApplicationDescription', { defaultMessage: 'Exploit Public-Facing Application (T1190)' }), id: 'T1190', name: 'Exploit Public-Facing Application', reference: 'https://attack.mitre.org/techniques/T1190', tactics: ['initial-access'], value: 'exploitPublicFacingApplication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForClientExecutionDescription', { defaultMessage: 'Exploitation for Client Execution (T1203)' }), id: 'T1203', name: 'Exploitation for Client Execution', reference: 'https://attack.mitre.org/techniques/T1203', tactics: ['execution'], value: 'exploitationForClientExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForCredentialAccessDescription', { defaultMessage: 'Exploitation for Credential Access (T1212)' }), id: 'T1212', name: 'Exploitation for Credential Access', reference: 'https://attack.mitre.org/techniques/T1212', tactics: ['credential-access'], value: 'exploitationForCredentialAccess' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForDefenseEvasionDescription', { defaultMessage: 'Exploitation for Defense Evasion (T1211)' }), id: 'T1211', name: 'Exploitation for Defense Evasion', reference: 'https://attack.mitre.org/techniques/T1211', tactics: ['defense-evasion'], value: 'exploitationForDefenseEvasion' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationForPrivilegeEscalationDescription', { defaultMessage: 'Exploitation for Privilege Escalation (T1068)' }), id: 'T1068', name: 'Exploitation for Privilege Escalation', reference: 'https://attack.mitre.org/techniques/T1068', tactics: ['privilege-escalation'], value: 'exploitationForPrivilegeEscalation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.exploitationOfRemoteServicesDescription', { defaultMessage: 'Exploitation of Remote Services (T1210)' }), id: 'T1210', name: 'Exploitation of Remote Services', reference: 'https://attack.mitre.org/techniques/T1210', tactics: ['lateral-movement'], value: 'exploitationOfRemoteServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.externalRemoteServicesDescription', { defaultMessage: 'External Remote Services (T1133)' }), id: 'T1133', name: 'External Remote Services', reference: 'https://attack.mitre.org/techniques/T1133', tactics: ['persistence', 'initial-access'], value: 'externalRemoteServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.fallbackChannelsDescription', { defaultMessage: 'Fallback Channels (T1008)' }), id: 'T1008', name: 'Fallback Channels', reference: 'https://attack.mitre.org/techniques/T1008', tactics: ['command-and-control'], value: 'fallbackChannels' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryDiscoveryDescription', { defaultMessage: 'File and Directory Discovery (T1083)' }), id: 'T1083', name: 'File and Directory Discovery', reference: 'https://attack.mitre.org/techniques/T1083', tactics: ['discovery'], value: 'fileAndDirectoryDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.fileAndDirectoryPermissionsModificationDescription', { defaultMessage: 'File and Directory Permissions Modification (T1222)' }), id: 'T1222', name: 'File and Directory Permissions Modification', reference: 'https://attack.mitre.org/techniques/T1222', tactics: ['defense-evasion'], value: 'fileAndDirectoryPermissionsModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.firmwareCorruptionDescription', { defaultMessage: 'Firmware Corruption (T1495)' }), id: 'T1495', name: 'Firmware Corruption', reference: 'https://attack.mitre.org/techniques/T1495', tactics: ['impact'], value: 'firmwareCorruption' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.forcedAuthenticationDescription', { defaultMessage: 'Forced Authentication (T1187)' }), id: 'T1187', name: 'Forced Authentication', reference: 'https://attack.mitre.org/techniques/T1187', tactics: ['credential-access'], value: 'forcedAuthentication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.forgeWebCredentialsDescription', { defaultMessage: 'Forge Web Credentials (T1606)' }), id: 'T1606', name: 'Forge Web Credentials', reference: 'https://attack.mitre.org/techniques/T1606', tactics: ['credential-access'], value: 'forgeWebCredentials' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimHostInformationDescription', { defaultMessage: 'Gather Victim Host Information (T1592)' }), id: 'T1592', name: 'Gather Victim Host Information', reference: 'https://attack.mitre.org/techniques/T1592', tactics: ['reconnaissance'], value: 'gatherVictimHostInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimIdentityInformationDescription', { defaultMessage: 'Gather Victim Identity Information (T1589)' }), id: 'T1589', name: 'Gather Victim Identity Information', reference: 'https://attack.mitre.org/techniques/T1589', tactics: ['reconnaissance'], value: 'gatherVictimIdentityInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimNetworkInformationDescription', { defaultMessage: 'Gather Victim Network Information (T1590)' }), id: 'T1590', name: 'Gather Victim Network Information', reference: 'https://attack.mitre.org/techniques/T1590', tactics: ['reconnaissance'], value: 'gatherVictimNetworkInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.gatherVictimOrgInformationDescription', { defaultMessage: 'Gather Victim Org Information (T1591)' }), id: 'T1591', name: 'Gather Victim Org Information', reference: 'https://attack.mitre.org/techniques/T1591', tactics: ['reconnaissance'], value: 'gatherVictimOrgInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.groupPolicyDiscoveryDescription', { defaultMessage: 'Group Policy Discovery (T1615)' }), id: 'T1615', name: 'Group Policy Discovery', reference: 'https://attack.mitre.org/techniques/T1615', tactics: ['discovery'], value: 'groupPolicyDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.hardwareAdditionsDescription', { defaultMessage: 'Hardware Additions (T1200)' }), id: 'T1200', name: 'Hardware Additions', reference: 'https://attack.mitre.org/techniques/T1200', tactics: ['initial-access'], value: 'hardwareAdditions' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.hideArtifactsDescription', { defaultMessage: 'Hide Artifacts (T1564)' }), id: 'T1564', name: 'Hide Artifacts', reference: 'https://attack.mitre.org/techniques/T1564', tactics: ['defense-evasion'], value: 'hideArtifacts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.hijackExecutionFlowDescription', { defaultMessage: 'Hijack Execution Flow (T1574)' }), id: 'T1574', name: 'Hijack Execution Flow', reference: 'https://attack.mitre.org/techniques/T1574', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], value: 'hijackExecutionFlow' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.impairDefensesDescription', { defaultMessage: 'Impair Defenses (T1562)' }), id: 'T1562', name: 'Impair Defenses', reference: 'https://attack.mitre.org/techniques/T1562', tactics: ['defense-evasion'], value: 'impairDefenses' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.implantInternalImageDescription', { defaultMessage: 'Implant Internal Image (T1525)' }), id: 'T1525', name: 'Implant Internal Image', reference: 'https://attack.mitre.org/techniques/T1525', tactics: ['persistence'], value: 'implantInternalImage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.indicatorRemovalDescription', { defaultMessage: 'Indicator Removal (T1070)' }), id: 'T1070', name: 'Indicator Removal', reference: 'https://attack.mitre.org/techniques/T1070', tactics: ['defense-evasion'], value: 'indicatorRemoval' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.indirectCommandExecutionDescription', { defaultMessage: 'Indirect Command Execution (T1202)' }), id: 'T1202', name: 'Indirect Command Execution', reference: 'https://attack.mitre.org/techniques/T1202', tactics: ['defense-evasion'], value: 'indirectCommandExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.ingressToolTransferDescription', { defaultMessage: 'Ingress Tool Transfer (T1105)' }), id: 'T1105', name: 'Ingress Tool Transfer', reference: 'https://attack.mitre.org/techniques/T1105', tactics: ['command-and-control'], value: 'ingressToolTransfer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.inhibitSystemRecoveryDescription', { defaultMessage: 'Inhibit System Recovery (T1490)' }), id: 'T1490', name: 'Inhibit System Recovery', reference: 'https://attack.mitre.org/techniques/T1490', tactics: ['impact'], value: 'inhibitSystemRecovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.inputCaptureDescription', { defaultMessage: 'Input Capture (T1056)' }), id: 'T1056', name: 'Input Capture', reference: 'https://attack.mitre.org/techniques/T1056', tactics: ['collection', 'credential-access'], value: 'inputCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.interProcessCommunicationDescription', { defaultMessage: 'Inter-Process Communication (T1559)' }), id: 'T1559', name: 'Inter-Process Communication', reference: 'https://attack.mitre.org/techniques/T1559', tactics: ['execution'], value: 'interProcessCommunication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.internalSpearphishingDescription', { defaultMessage: 'Internal Spearphishing (T1534)' }), id: 'T1534', name: 'Internal Spearphishing', reference: 'https://attack.mitre.org/techniques/T1534', tactics: ['lateral-movement'], value: 'internalSpearphishing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.lateralToolTransferDescription', { defaultMessage: 'Lateral Tool Transfer (T1570)' }), id: 'T1570', name: 'Lateral Tool Transfer', reference: 'https://attack.mitre.org/techniques/T1570', tactics: ['lateral-movement'], value: 'lateralToolTransfer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.masqueradingDescription', { defaultMessage: 'Masquerading (T1036)' }), id: 'T1036', name: 'Masquerading', reference: 'https://attack.mitre.org/techniques/T1036', tactics: ['defense-evasion'], value: 'masquerading' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyAuthenticationProcessDescription', { defaultMessage: 'Modify Authentication Process (T1556)' }), id: 'T1556', name: 'Modify Authentication Process', reference: 'https://attack.mitre.org/techniques/T1556', tactics: ['credential-access', 'defense-evasion', 'persistence'], value: 'modifyAuthenticationProcess' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyCloudComputeInfrastructureDescription', { defaultMessage: 'Modify Cloud Compute Infrastructure (T1578)' }), id: 'T1578', name: 'Modify Cloud Compute Infrastructure', reference: 'https://attack.mitre.org/techniques/T1578', tactics: ['defense-evasion'], value: 'modifyCloudComputeInfrastructure' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifyRegistryDescription', { defaultMessage: 'Modify Registry (T1112)' }), id: 'T1112', name: 'Modify Registry', reference: 'https://attack.mitre.org/techniques/T1112', tactics: ['defense-evasion'], value: 'modifyRegistry' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.modifySystemImageDescription', { defaultMessage: 'Modify System Image (T1601)' }), id: 'T1601', name: 'Modify System Image', reference: 'https://attack.mitre.org/techniques/T1601', tactics: ['defense-evasion'], value: 'modifySystemImage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationInterceptionDescription', { defaultMessage: 'Multi-Factor Authentication Interception (T1111)' }), id: 'T1111', name: 'Multi-Factor Authentication Interception', reference: 'https://attack.mitre.org/techniques/T1111', tactics: ['credential-access'], value: 'multiFactorAuthenticationInterception' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiFactorAuthenticationRequestGenerationDescription', { defaultMessage: 'Multi-Factor Authentication Request Generation (T1621)' }), id: 'T1621', name: 'Multi-Factor Authentication Request Generation', reference: 'https://attack.mitre.org/techniques/T1621', tactics: ['credential-access'], value: 'multiFactorAuthenticationRequestGeneration' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.multiStageChannelsDescription', { defaultMessage: 'Multi-Stage Channels (T1104)' }), id: 'T1104', name: 'Multi-Stage Channels', reference: 'https://attack.mitre.org/techniques/T1104', tactics: ['command-and-control'], value: 'multiStageChannels' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.nativeApiDescription', { defaultMessage: 'Native API (T1106)' }), id: 'T1106', name: 'Native API', reference: 'https://attack.mitre.org/techniques/T1106', tactics: ['execution'], value: 'nativeApi' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkBoundaryBridgingDescription', { defaultMessage: 'Network Boundary Bridging (T1599)' }), id: 'T1599', name: 'Network Boundary Bridging', reference: 'https://attack.mitre.org/techniques/T1599', tactics: ['defense-evasion'], value: 'networkBoundaryBridging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkDenialOfServiceDescription', { defaultMessage: 'Network Denial of Service (T1498)' }), id: 'T1498', name: 'Network Denial of Service', reference: 'https://attack.mitre.org/techniques/T1498', tactics: ['impact'], value: 'networkDenialOfService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkServiceDiscoveryDescription', { defaultMessage: 'Network Service Discovery (T1046)' }), id: 'T1046', name: 'Network Service Discovery', reference: 'https://attack.mitre.org/techniques/T1046', tactics: ['discovery'], value: 'networkServiceDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkShareDiscoveryDescription', { defaultMessage: 'Network Share Discovery (T1135)' }), id: 'T1135', name: 'Network Share Discovery', reference: 'https://attack.mitre.org/techniques/T1135', tactics: ['discovery'], value: 'networkShareDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.networkSniffingDescription', { defaultMessage: 'Network Sniffing (T1040)' }), id: 'T1040', name: 'Network Sniffing', reference: 'https://attack.mitre.org/techniques/T1040', tactics: ['credential-access', 'discovery'], value: 'networkSniffing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonApplicationLayerProtocolDescription', { defaultMessage: 'Non-Application Layer Protocol (T1095)' }), id: 'T1095', name: 'Non-Application Layer Protocol', reference: 'https://attack.mitre.org/techniques/T1095', tactics: ['command-and-control'], value: 'nonApplicationLayerProtocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.nonStandardPortDescription', { defaultMessage: 'Non-Standard Port (T1571)' }), id: 'T1571', name: 'Non-Standard Port', reference: 'https://attack.mitre.org/techniques/T1571', tactics: ['command-and-control'], value: 'nonStandardPort' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.osCredentialDumpingDescription', { defaultMessage: 'OS Credential Dumping (T1003)' }), id: 'T1003', name: 'OS Credential Dumping', reference: 'https://attack.mitre.org/techniques/T1003', tactics: ['credential-access'], value: 'osCredentialDumping' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.obfuscatedFilesOrInformationDescription', { defaultMessage: 'Obfuscated Files or Information (T1027)' }), id: 'T1027', name: 'Obfuscated Files or Information', reference: 'https://attack.mitre.org/techniques/T1027', tactics: ['defense-evasion'], value: 'obfuscatedFilesOrInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.obtainCapabilitiesDescription', { defaultMessage: 'Obtain Capabilities (T1588)' }), id: 'T1588', name: 'Obtain Capabilities', reference: 'https://attack.mitre.org/techniques/T1588', tactics: ['resource-development'], value: 'obtainCapabilities' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.officeApplicationStartupDescription', { defaultMessage: 'Office Application Startup (T1137)' }), id: 'T1137', name: 'Office Application Startup', reference: 'https://attack.mitre.org/techniques/T1137', tactics: ['persistence'], value: 'officeApplicationStartup' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.passwordPolicyDiscoveryDescription', { defaultMessage: 'Password Policy Discovery (T1201)' }), id: 'T1201', name: 'Password Policy Discovery', reference: 'https://attack.mitre.org/techniques/T1201', tactics: ['discovery'], value: 'passwordPolicyDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.peripheralDeviceDiscoveryDescription', { defaultMessage: 'Peripheral Device Discovery (T1120)' }), id: 'T1120', name: 'Peripheral Device Discovery', reference: 'https://attack.mitre.org/techniques/T1120', tactics: ['discovery'], value: 'peripheralDeviceDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.permissionGroupsDiscoveryDescription', { defaultMessage: 'Permission Groups Discovery (T1069)' }), id: 'T1069', name: 'Permission Groups Discovery', reference: 'https://attack.mitre.org/techniques/T1069', tactics: ['discovery'], value: 'permissionGroupsDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingDescription', { defaultMessage: 'Phishing (T1566)' }), id: 'T1566', name: 'Phishing', reference: 'https://attack.mitre.org/techniques/T1566', tactics: ['initial-access'], value: 'phishing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.phishingForInformationDescription', { defaultMessage: 'Phishing for Information (T1598)' }), id: 'T1598', name: 'Phishing for Information', reference: 'https://attack.mitre.org/techniques/T1598', tactics: ['reconnaissance'], value: 'phishingForInformation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.plistFileModificationDescription', { defaultMessage: 'Plist File Modification (T1647)' }), id: 'T1647', name: 'Plist File Modification', reference: 'https://attack.mitre.org/techniques/T1647', tactics: ['defense-evasion'], value: 'plistFileModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.preOsBootDescription', { defaultMessage: 'Pre-OS Boot (T1542)' }), id: 'T1542', name: 'Pre-OS Boot', reference: 'https://attack.mitre.org/techniques/T1542', tactics: ['defense-evasion', 'persistence'], value: 'preOsBoot' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.processDiscoveryDescription', { defaultMessage: 'Process Discovery (T1057)' }), id: 'T1057', name: 'Process Discovery', reference: 'https://attack.mitre.org/techniques/T1057', tactics: ['discovery'], value: 'processDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.processInjectionDescription', { defaultMessage: 'Process Injection (T1055)' }), id: 'T1055', name: 'Process Injection', reference: 'https://attack.mitre.org/techniques/T1055', tactics: ['defense-evasion', 'privilege-escalation'], value: 'processInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.protocolTunnelingDescription', { defaultMessage: 'Protocol Tunneling (T1572)' }), id: 'T1572', name: 'Protocol Tunneling', reference: 'https://attack.mitre.org/techniques/T1572', tactics: ['command-and-control'], value: 'protocolTunneling' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.proxyDescription', { defaultMessage: 'Proxy (T1090)' }), id: 'T1090', name: 'Proxy', reference: 'https://attack.mitre.org/techniques/T1090', tactics: ['command-and-control'], value: 'proxy' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.queryRegistryDescription', { defaultMessage: 'Query Registry (T1012)' }), id: 'T1012', name: 'Query Registry', reference: 'https://attack.mitre.org/techniques/T1012', tactics: ['discovery'], value: 'queryRegistry' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.reflectiveCodeLoadingDescription', { defaultMessage: 'Reflective Code Loading (T1620)' }), id: 'T1620', name: 'Reflective Code Loading', reference: 'https://attack.mitre.org/techniques/T1620', tactics: ['defense-evasion'], value: 'reflectiveCodeLoading' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteAccessSoftwareDescription', { defaultMessage: 'Remote Access Software (T1219)' }), id: 'T1219', name: 'Remote Access Software', reference: 'https://attack.mitre.org/techniques/T1219', tactics: ['command-and-control'], value: 'remoteAccessSoftware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServiceSessionHijackingDescription', { defaultMessage: 'Remote Service Session Hijacking (T1563)' }), id: 'T1563', name: 'Remote Service Session Hijacking', reference: 'https://attack.mitre.org/techniques/T1563', tactics: ['lateral-movement'], value: 'remoteServiceSessionHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteServicesDescription', { defaultMessage: 'Remote Services (T1021)' }), id: 'T1021', name: 'Remote Services', reference: 'https://attack.mitre.org/techniques/T1021', tactics: ['lateral-movement'], value: 'remoteServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.remoteSystemDiscoveryDescription', { defaultMessage: 'Remote System Discovery (T1018)' }), id: 'T1018', name: 'Remote System Discovery', reference: 'https://attack.mitre.org/techniques/T1018', tactics: ['discovery'], value: 'remoteSystemDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.replicationThroughRemovableMediaDescription', { defaultMessage: 'Replication Through Removable Media (T1091)' }), id: 'T1091', name: 'Replication Through Removable Media', reference: 'https://attack.mitre.org/techniques/T1091', tactics: ['lateral-movement', 'initial-access'], value: 'replicationThroughRemovableMedia' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.resourceHijackingDescription', { defaultMessage: 'Resource Hijacking (T1496)' }), id: 'T1496', name: 'Resource Hijacking', reference: 'https://attack.mitre.org/techniques/T1496', tactics: ['impact'], value: 'resourceHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.rogueDomainControllerDescription', { defaultMessage: 'Rogue Domain Controller (T1207)' }), id: 'T1207', name: 'Rogue Domain Controller', reference: 'https://attack.mitre.org/techniques/T1207', tactics: ['defense-evasion'], value: 'rogueDomainController' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.rootkitDescription', { defaultMessage: 'Rootkit (T1014)' }), id: 'T1014', name: 'Rootkit', reference: 'https://attack.mitre.org/techniques/T1014', tactics: ['defense-evasion'], value: 'rootkit' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTaskJobDescription', { defaultMessage: 'Scheduled Task/Job (T1053)' }), id: 'T1053', name: 'Scheduled Task/Job', reference: 'https://attack.mitre.org/techniques/T1053', tactics: ['execution', 'persistence', 'privilege-escalation'], value: 'scheduledTaskJob' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.scheduledTransferDescription', { defaultMessage: 'Scheduled Transfer (T1029)' }), id: 'T1029', name: 'Scheduled Transfer', reference: 'https://attack.mitre.org/techniques/T1029', tactics: ['exfiltration'], value: 'scheduledTransfer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.screenCaptureDescription', { defaultMessage: 'Screen Capture (T1113)' }), id: 'T1113', name: 'Screen Capture', reference: 'https://attack.mitre.org/techniques/T1113', tactics: ['collection'], value: 'screenCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchClosedSourcesDescription', { defaultMessage: 'Search Closed Sources (T1597)' }), id: 'T1597', name: 'Search Closed Sources', reference: 'https://attack.mitre.org/techniques/T1597', tactics: ['reconnaissance'], value: 'searchClosedSources' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenTechnicalDatabasesDescription', { defaultMessage: 'Search Open Technical Databases (T1596)' }), id: 'T1596', name: 'Search Open Technical Databases', reference: 'https://attack.mitre.org/techniques/T1596', tactics: ['reconnaissance'], value: 'searchOpenTechnicalDatabases' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchOpenWebsitesDomainsDescription', { defaultMessage: 'Search Open Websites/Domains (T1593)' }), id: 'T1593', name: 'Search Open Websites/Domains', reference: 'https://attack.mitre.org/techniques/T1593', tactics: ['reconnaissance'], value: 'searchOpenWebsitesDomains' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.searchVictimOwnedWebsitesDescription', { defaultMessage: 'Search Victim-Owned Websites (T1594)' }), id: 'T1594', name: 'Search Victim-Owned Websites', reference: 'https://attack.mitre.org/techniques/T1594', tactics: ['reconnaissance'], value: 'searchVictimOwnedWebsites' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverSoftwareComponentDescription', { defaultMessage: 'Server Software Component (T1505)' }), id: 'T1505', name: 'Server Software Component', reference: 'https://attack.mitre.org/techniques/T1505', tactics: ['persistence'], value: 'serverSoftwareComponent' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.serverlessExecutionDescription', { defaultMessage: 'Serverless Execution (T1648)' }), id: 'T1648', name: 'Serverless Execution', reference: 'https://attack.mitre.org/techniques/T1648', tactics: ['execution'], value: 'serverlessExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.serviceStopDescription', { defaultMessage: 'Service Stop (T1489)' }), id: 'T1489', name: 'Service Stop', reference: 'https://attack.mitre.org/techniques/T1489', tactics: ['impact'], value: 'serviceStop' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.sharedModulesDescription', { defaultMessage: 'Shared Modules (T1129)' }), id: 'T1129', name: 'Shared Modules', reference: 'https://attack.mitre.org/techniques/T1129', tactics: ['execution'], value: 'sharedModules' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDeploymentToolsDescription', { defaultMessage: 'Software Deployment Tools (T1072)' }), id: 'T1072', name: 'Software Deployment Tools', reference: 'https://attack.mitre.org/techniques/T1072', tactics: ['execution', 'lateral-movement'], value: 'softwareDeploymentTools' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.softwareDiscoveryDescription', { defaultMessage: 'Software Discovery (T1518)' }), id: 'T1518', name: 'Software Discovery', reference: 'https://attack.mitre.org/techniques/T1518', tactics: ['discovery'], value: 'softwareDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.stageCapabilitiesDescription', { defaultMessage: 'Stage Capabilities (T1608)' }), id: 'T1608', name: 'Stage Capabilities', reference: 'https://attack.mitre.org/techniques/T1608', tactics: ['resource-development'], value: 'stageCapabilities' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealApplicationAccessTokenDescription', { defaultMessage: 'Steal Application Access Token (T1528)' }), id: 'T1528', name: 'Steal Application Access Token', reference: 'https://attack.mitre.org/techniques/T1528', tactics: ['credential-access'], value: 'stealApplicationAccessToken' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealWebSessionCookieDescription', { defaultMessage: 'Steal Web Session Cookie (T1539)' }), id: 'T1539', name: 'Steal Web Session Cookie', reference: 'https://attack.mitre.org/techniques/T1539', tactics: ['credential-access'], value: 'stealWebSessionCookie' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeAuthenticationCertificatesDescription', { defaultMessage: 'Steal or Forge Authentication Certificates (T1649)' }), id: 'T1649', name: 'Steal or Forge Authentication Certificates', reference: 'https://attack.mitre.org/techniques/T1649', tactics: ['credential-access'], value: 'stealOrForgeAuthenticationCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.stealOrForgeKerberosTicketsDescription', { defaultMessage: 'Steal or Forge Kerberos Tickets (T1558)' }), id: 'T1558', name: 'Steal or Forge Kerberos Tickets', reference: 'https://attack.mitre.org/techniques/T1558', tactics: ['credential-access'], value: 'stealOrForgeKerberosTickets' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.subvertTrustControlsDescription', { defaultMessage: 'Subvert Trust Controls (T1553)' }), id: 'T1553', name: 'Subvert Trust Controls', reference: 'https://attack.mitre.org/techniques/T1553', tactics: ['defense-evasion'], value: 'subvertTrustControls' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.supplyChainCompromiseDescription', { defaultMessage: 'Supply Chain Compromise (T1195)' }), id: 'T1195', name: 'Supply Chain Compromise', reference: 'https://attack.mitre.org/techniques/T1195', tactics: ['initial-access'], value: 'supplyChainCompromise' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemBinaryProxyExecutionDescription', { defaultMessage: 'System Binary Proxy Execution (T1218)' }), id: 'T1218', name: 'System Binary Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1218', tactics: ['defense-evasion'], value: 'systemBinaryProxyExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemInformationDiscoveryDescription', { defaultMessage: 'System Information Discovery (T1082)' }), id: 'T1082', name: 'System Information Discovery', reference: 'https://attack.mitre.org/techniques/T1082', tactics: ['discovery'], value: 'systemInformationDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemLocationDiscoveryDescription', { defaultMessage: 'System Location Discovery (T1614)' }), id: 'T1614', name: 'System Location Discovery', reference: 'https://attack.mitre.org/techniques/T1614', tactics: ['discovery'], value: 'systemLocationDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConfigurationDiscoveryDescription', { defaultMessage: 'System Network Configuration Discovery (T1016)' }), id: 'T1016', name: 'System Network Configuration Discovery', reference: 'https://attack.mitre.org/techniques/T1016', tactics: ['discovery'], value: 'systemNetworkConfigurationDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemNetworkConnectionsDiscoveryDescription', { defaultMessage: 'System Network Connections Discovery (T1049)' }), id: 'T1049', name: 'System Network Connections Discovery', reference: 'https://attack.mitre.org/techniques/T1049', tactics: ['discovery'], value: 'systemNetworkConnectionsDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemOwnerUserDiscoveryDescription', { defaultMessage: 'System Owner/User Discovery (T1033)' }), id: 'T1033', name: 'System Owner/User Discovery', reference: 'https://attack.mitre.org/techniques/T1033', tactics: ['discovery'], value: 'systemOwnerUserDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemScriptProxyExecutionDescription', { defaultMessage: 'System Script Proxy Execution (T1216)' }), id: 'T1216', name: 'System Script Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1216', tactics: ['defense-evasion'], value: 'systemScriptProxyExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServiceDiscoveryDescription', { defaultMessage: 'System Service Discovery (T1007)' }), id: 'T1007', name: 'System Service Discovery', reference: 'https://attack.mitre.org/techniques/T1007', tactics: ['discovery'], value: 'systemServiceDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemServicesDescription', { defaultMessage: 'System Services (T1569)' }), id: 'T1569', name: 'System Services', reference: 'https://attack.mitre.org/techniques/T1569', tactics: ['execution'], value: 'systemServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemShutdownRebootDescription', { defaultMessage: 'System Shutdown/Reboot (T1529)' }), id: 'T1529', name: 'System Shutdown/Reboot', reference: 'https://attack.mitre.org/techniques/T1529', tactics: ['impact'], value: 'systemShutdownReboot' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.systemTimeDiscoveryDescription', { defaultMessage: 'System Time Discovery (T1124)' }), id: 'T1124', name: 'System Time Discovery', reference: 'https://attack.mitre.org/techniques/T1124', tactics: ['discovery'], value: 'systemTimeDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.taintSharedContentDescription', { defaultMessage: 'Taint Shared Content (T1080)' }), id: 'T1080', name: 'Taint Shared Content', reference: 'https://attack.mitre.org/techniques/T1080', tactics: ['lateral-movement'], value: 'taintSharedContent' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.templateInjectionDescription', { defaultMessage: 'Template Injection (T1221)' }), id: 'T1221', name: 'Template Injection', reference: 'https://attack.mitre.org/techniques/T1221', tactics: ['defense-evasion'], value: 'templateInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.trafficSignalingDescription', { defaultMessage: 'Traffic Signaling (T1205)' }), id: 'T1205', name: 'Traffic Signaling', reference: 'https://attack.mitre.org/techniques/T1205', tactics: ['defense-evasion', 'persistence', 'command-and-control'], value: 'trafficSignaling' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.transferDataToCloudAccountDescription', { defaultMessage: 'Transfer Data to Cloud Account (T1537)' }), id: 'T1537', name: 'Transfer Data to Cloud Account', reference: 'https://attack.mitre.org/techniques/T1537', tactics: ['exfiltration'], value: 'transferDataToCloudAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedDeveloperUtilitiesProxyExecutionDescription', { defaultMessage: 'Trusted Developer Utilities Proxy Execution (T1127)' }), id: 'T1127', name: 'Trusted Developer Utilities Proxy Execution', reference: 'https://attack.mitre.org/techniques/T1127', tactics: ['defense-evasion'], value: 'trustedDeveloperUtilitiesProxyExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.trustedRelationshipDescription', { defaultMessage: 'Trusted Relationship (T1199)' }), id: 'T1199', name: 'Trusted Relationship', reference: 'https://attack.mitre.org/techniques/T1199', tactics: ['initial-access'], value: 'trustedRelationship' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.unsecuredCredentialsDescription', { defaultMessage: 'Unsecured Credentials (T1552)' }), id: 'T1552', name: 'Unsecured Credentials', reference: 'https://attack.mitre.org/techniques/T1552', tactics: ['credential-access'], value: 'unsecuredCredentials' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.unusedUnsupportedCloudRegionsDescription', { defaultMessage: 'Unused/Unsupported Cloud Regions (T1535)' }), id: 'T1535', name: 'Unused/Unsupported Cloud Regions', reference: 'https://attack.mitre.org/techniques/T1535', tactics: ['defense-evasion'], value: 'unusedUnsupportedCloudRegions' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.useAlternateAuthenticationMaterialDescription', { defaultMessage: 'Use Alternate Authentication Material (T1550)' }), id: 'T1550', name: 'Use Alternate Authentication Material', reference: 'https://attack.mitre.org/techniques/T1550', tactics: ['defense-evasion', 'lateral-movement'], value: 'useAlternateAuthenticationMaterial' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.userExecutionDescription', { defaultMessage: 'User Execution (T1204)' }), id: 'T1204', name: 'User Execution', reference: 'https://attack.mitre.org/techniques/T1204', tactics: ['execution'], value: 'userExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.validAccountsDescription', { defaultMessage: 'Valid Accounts (T1078)' }), id: 'T1078', name: 'Valid Accounts', reference: 'https://attack.mitre.org/techniques/T1078', tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], value: 'validAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.videoCaptureDescription', { defaultMessage: 'Video Capture (T1125)' }), id: 'T1125', name: 'Video Capture', reference: 'https://attack.mitre.org/techniques/T1125', tactics: ['collection'], value: 'videoCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.virtualizationSandboxEvasionDescription', { defaultMessage: 'Virtualization/Sandbox Evasion (T1497)' }), id: 'T1497', name: 'Virtualization/Sandbox Evasion', reference: 'https://attack.mitre.org/techniques/T1497', tactics: ['defense-evasion', 'discovery'], value: 'virtualizationSandboxEvasion' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.weakenEncryptionDescription', { defaultMessage: 'Weaken Encryption (T1600)' }), id: 'T1600', name: 'Weaken Encryption', reference: 'https://attack.mitre.org/techniques/T1600', tactics: ['defense-evasion'], value: 'weakenEncryption' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.webServiceDescription', { defaultMessage: 'Web Service (T1102)' }), id: 'T1102', name: 'Web Service', reference: 'https://attack.mitre.org/techniques/T1102', tactics: ['command-and-control'], value: 'webService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.windowsManagementInstrumentationDescription', { defaultMessage: 'Windows Management Instrumentation (T1047)' }), id: 'T1047', name: 'Windows Management Instrumentation', reference: 'https://attack.mitre.org/techniques/T1047', tactics: ['execution'], value: 'windowsManagementInstrumentation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackTechniques.xslScriptProcessingDescription', { defaultMessage: 'XSL Script Processing (T1220)' }), id: 'T1220', name: 'XSL Script Processing', reference: 'https://attack.mitre.org/techniques/T1220', tactics: ['defense-evasion'], value: 'xslScriptProcessing' }]; exports.techniques = techniques; const subtechniques = [{ label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.etcPasswdAndEtcShadowT1003Description', { defaultMessage: '/etc/passwd and /etc/shadow (T1003.008)' }), id: 'T1003.008', name: '/etc/passwd and /etc/shadow', reference: 'https://attack.mitre.org/techniques/T1003/008', tactics: ['credential-access'], techniqueId: 'T1003', value: 'etcPasswdAndEtcShadow' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.arpCachePoisoningT1557Description', { defaultMessage: 'ARP Cache Poisoning (T1557.002)' }), id: 'T1557.002', name: 'ARP Cache Poisoning', reference: 'https://attack.mitre.org/techniques/T1557/002', tactics: ['credential-access', 'collection'], techniqueId: 'T1557', value: 'arpCachePoisoning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asRepRoastingT1558Description', { defaultMessage: 'AS-REP Roasting (T1558.004)' }), id: 'T1558.004', name: 'AS-REP Roasting', reference: 'https://attack.mitre.org/techniques/T1558/004', tactics: ['credential-access'], techniqueId: 'T1558', value: 'asRepRoasting' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.accessibilityFeaturesT1546Description', { defaultMessage: 'Accessibility Features (T1546.008)' }), id: 'T1546.008', name: 'Accessibility Features', reference: 'https://attack.mitre.org/techniques/T1546/008', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'accessibilityFeatures' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.activeSetupT1547Description', { defaultMessage: 'Active Setup (T1547.014)' }), id: 'T1547.014', name: 'Active Setup', reference: 'https://attack.mitre.org/techniques/T1547/014', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'activeSetup' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.addInsT1137Description', { defaultMessage: 'Add-ins (T1137.006)' }), id: 'T1137.006', name: 'Add-ins', reference: 'https://attack.mitre.org/techniques/T1137/006', tactics: ['persistence'], techniqueId: 'T1137', value: 'addIns' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudCredentialsT1098Description', { defaultMessage: 'Additional Cloud Credentials (T1098.001)' }), id: 'T1098.001', name: 'Additional Cloud Credentials', reference: 'https://attack.mitre.org/techniques/T1098/001', tactics: ['persistence'], techniqueId: 'T1098', value: 'additionalCloudCredentials' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalCloudRolesT1098Description', { defaultMessage: 'Additional Cloud Roles (T1098.003)' }), id: 'T1098.003', name: 'Additional Cloud Roles', reference: 'https://attack.mitre.org/techniques/T1098/003', tactics: ['persistence'], techniqueId: 'T1098', value: 'additionalCloudRoles' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.additionalEmailDelegatePermissionsT1098Description', { defaultMessage: 'Additional Email Delegate Permissions (T1098.002)' }), id: 'T1098.002', name: 'Additional Email Delegate Permissions', reference: 'https://attack.mitre.org/techniques/T1098/002', tactics: ['persistence'], techniqueId: 'T1098', value: 'additionalEmailDelegatePermissions' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appCertDlLsT1546Description', { defaultMessage: 'AppCert DLLs (T1546.009)' }), id: 'T1546.009', name: 'AppCert DLLs', reference: 'https://attack.mitre.org/techniques/T1546/009', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'appCertDlLs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appInitDlLsT1546Description', { defaultMessage: 'AppInit DLLs (T1546.010)' }), id: 'T1546.010', name: 'AppInit DLLs', reference: 'https://attack.mitre.org/techniques/T1546/010', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'appInitDlLs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.appleScriptT1059Description', { defaultMessage: 'AppleScript (T1059.002)' }), id: 'T1059.002', name: 'AppleScript', reference: 'https://attack.mitre.org/techniques/T1059/002', tactics: ['execution'], techniqueId: 'T1059', value: 'appleScript' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationAccessTokenT1550Description', { defaultMessage: 'Application Access Token (T1550.001)' }), id: 'T1550.001', name: 'Application Access Token', reference: 'https://attack.mitre.org/techniques/T1550/001', tactics: ['defense-evasion', 'lateral-movement'], techniqueId: 'T1550', value: 'applicationAccessToken' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationExhaustionFloodT1499Description', { defaultMessage: 'Application Exhaustion Flood (T1499.003)' }), id: 'T1499.003', name: 'Application Exhaustion Flood', reference: 'https://attack.mitre.org/techniques/T1499/003', tactics: ['impact'], techniqueId: 'T1499', value: 'applicationExhaustionFlood' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationShimmingT1546Description', { defaultMessage: 'Application Shimming (T1546.011)' }), id: 'T1546.011', name: 'Application Shimming', reference: 'https://attack.mitre.org/techniques/T1546/011', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'applicationShimming' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.applicationOrSystemExploitationT1499Description', { defaultMessage: 'Application or System Exploitation (T1499.004)' }), id: 'T1499.004', name: 'Application or System Exploitation', reference: 'https://attack.mitre.org/techniques/T1499/004', tactics: ['impact'], techniqueId: 'T1499', value: 'applicationOrSystemExploitation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaCustomMethodT1560Description', { defaultMessage: 'Archive via Custom Method (T1560.003)' }), id: 'T1560.003', name: 'Archive via Custom Method', reference: 'https://attack.mitre.org/techniques/T1560/003', tactics: ['collection'], techniqueId: 'T1560', value: 'archiveViaCustomMethod' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaLibraryT1560Description', { defaultMessage: 'Archive via Library (T1560.002)' }), id: 'T1560.002', name: 'Archive via Library', reference: 'https://attack.mitre.org/techniques/T1560/002', tactics: ['collection'], techniqueId: 'T1560', value: 'archiveViaLibrary' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.archiveViaUtilityT1560Description', { defaultMessage: 'Archive via Utility (T1560.001)' }), id: 'T1560.001', name: 'Archive via Utility', reference: 'https://attack.mitre.org/techniques/T1560/001', tactics: ['collection'], techniqueId: 'T1560', value: 'archiveViaUtility' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asymmetricCryptographyT1573Description', { defaultMessage: 'Asymmetric Cryptography (T1573.002)' }), id: 'T1573.002', name: 'Asymmetric Cryptography', reference: 'https://attack.mitre.org/techniques/T1573/002', tactics: ['command-and-control'], techniqueId: 'T1573', value: 'asymmetricCryptography' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.asynchronousProcedureCallT1055Description', { defaultMessage: 'Asynchronous Procedure Call (T1055.004)' }), id: 'T1055.004', name: 'Asynchronous Procedure Call', reference: 'https://attack.mitre.org/techniques/T1055/004', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'asynchronousProcedureCall' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.atT1053Description', { defaultMessage: 'At (T1053.002)' }), id: 'T1053.002', name: 'At', reference: 'https://attack.mitre.org/techniques/T1053/002', tactics: ['execution', 'persistence', 'privilege-escalation'], techniqueId: 'T1053', value: 'at' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.authenticationPackageT1547Description', { defaultMessage: 'Authentication Package (T1547.002)' }), id: 'T1547.002', name: 'Authentication Package', reference: 'https://attack.mitre.org/techniques/T1547/002', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'authenticationPackage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bashHistoryT1552Description', { defaultMessage: 'Bash History (T1552.003)' }), id: 'T1552.003', name: 'Bash History', reference: 'https://attack.mitre.org/techniques/T1552/003', tactics: ['credential-access'], techniqueId: 'T1552', value: 'bashHistory' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bidirectionalCommunicationT1102Description', { defaultMessage: 'Bidirectional Communication (T1102.002)' }), id: 'T1102.002', name: 'Bidirectional Communication', reference: 'https://attack.mitre.org/techniques/T1102/002', tactics: ['command-and-control'], techniqueId: 'T1102', value: 'bidirectionalCommunication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.binaryPaddingT1027Description', { defaultMessage: 'Binary Padding (T1027.001)' }), id: 'T1027.001', name: 'Binary Padding', reference: 'https://attack.mitre.org/techniques/T1027/001', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'binaryPadding' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bootkitT1542Description', { defaultMessage: 'Bootkit (T1542.003)' }), id: 'T1542.003', name: 'Bootkit', reference: 'https://attack.mitre.org/techniques/T1542/003', tactics: ['persistence', 'defense-evasion'], techniqueId: 'T1542', value: 'bootkit' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.botnetT1583Description', { defaultMessage: 'Botnet (T1583.005)' }), id: 'T1583.005', name: 'Botnet', reference: 'https://attack.mitre.org/techniques/T1583/005', tactics: ['resource-development'], techniqueId: 'T1583', value: 'botnet' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.botnetT1584Description', { defaultMessage: 'Botnet (T1584.005)' }), id: 'T1584.005', name: 'Botnet', reference: 'https://attack.mitre.org/techniques/T1584/005', tactics: ['resource-development'], techniqueId: 'T1584', value: 'botnet' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.businessRelationshipsT1591Description', { defaultMessage: 'Business Relationships (T1591.002)' }), id: 'T1591.002', name: 'Business Relationships', reference: 'https://attack.mitre.org/techniques/T1591/002', tactics: ['reconnaissance'], techniqueId: 'T1591', value: 'businessRelationships' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.bypassUserAccountControlT1548Description', { defaultMessage: 'Bypass User Account Control (T1548.002)' }), id: 'T1548.002', name: 'Bypass User Account Control', reference: 'https://attack.mitre.org/techniques/T1548/002', tactics: ['privilege-escalation', 'defense-evasion'], techniqueId: 'T1548', value: 'bypassUserAccountControl' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cdNsT1596Description', { defaultMessage: 'CDNs (T1596.004)' }), id: 'T1596.004', name: 'CDNs', reference: 'https://attack.mitre.org/techniques/T1596/004', tactics: ['reconnaissance'], techniqueId: 'T1596', value: 'cdNs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cmstpT1218Description', { defaultMessage: 'CMSTP (T1218.003)' }), id: 'T1218.003', name: 'CMSTP', reference: 'https://attack.mitre.org/techniques/T1218/003', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'cmstp' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.corProfilerT1574Description', { defaultMessage: 'COR_PROFILER (T1574.012)' }), id: 'T1574.012', name: 'COR_PROFILER', reference: 'https://attack.mitre.org/techniques/T1574/012', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'corProfiler' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cachedDomainCredentialsT1003Description', { defaultMessage: 'Cached Domain Credentials (T1003.005)' }), id: 'T1003.005', name: 'Cached Domain Credentials', reference: 'https://attack.mitre.org/techniques/T1003/005', tactics: ['credential-access'], techniqueId: 'T1003', value: 'cachedDomainCredentials' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.changeDefaultFileAssociationT1546Description', { defaultMessage: 'Change Default File Association (T1546.001)' }), id: 'T1546.001', name: 'Change Default File Association', reference: 'https://attack.mitre.org/techniques/T1546/001', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'changeDefaultFileAssociation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.chatMessagesT1552Description', { defaultMessage: 'Chat Messages (T1552.008)' }), id: 'T1552.008', name: 'Chat Messages', reference: 'https://attack.mitre.org/techniques/T1552/008', tactics: ['credential-access'], techniqueId: 'T1552', value: 'chatMessages' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearCommandHistoryT1070Description', { defaultMessage: 'Clear Command History (T1070.003)' }), id: 'T1070.003', name: 'Clear Command History', reference: 'https://attack.mitre.org/techniques/T1070/003', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearCommandHistory' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearLinuxOrMacSystemLogsT1070Description', { defaultMessage: 'Clear Linux or Mac System Logs (T1070.002)' }), id: 'T1070.002', name: 'Clear Linux or Mac System Logs', reference: 'https://attack.mitre.org/techniques/T1070/002', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearLinuxOrMacSystemLogs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearMailboxDataT1070Description', { defaultMessage: 'Clear Mailbox Data (T1070.008)' }), id: 'T1070.008', name: 'Clear Mailbox Data', reference: 'https://attack.mitre.org/techniques/T1070/008', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearMailboxData' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearNetworkConnectionHistoryAndConfigurationsT1070Description', { defaultMessage: 'Clear Network Connection History and Configurations (T1070.007)' }), id: 'T1070.007', name: 'Clear Network Connection History and Configurations', reference: 'https://attack.mitre.org/techniques/T1070/007', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearNetworkConnectionHistoryAndConfigurations' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearPersistenceT1070Description', { defaultMessage: 'Clear Persistence (T1070.009)' }), id: 'T1070.009', name: 'Clear Persistence', reference: 'https://attack.mitre.org/techniques/T1070/009', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearPersistence' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clearWindowsEventLogsT1070Description', { defaultMessage: 'Clear Windows Event Logs (T1070.001)' }), id: 'T1070.001', name: 'Clear Windows Event Logs', reference: 'https://attack.mitre.org/techniques/T1070/001', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'clearWindowsEventLogs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.clientConfigurationsT1592Description', { defaultMessage: 'Client Configurations (T1592.004)' }), id: 'T1592.004', name: 'Client Configurations', reference: 'https://attack.mitre.org/techniques/T1592/004', tactics: ['reconnaissance'], techniqueId: 'T1592', value: 'clientConfigurations' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudApiT1059Description', { defaultMessage: 'Cloud API (T1059.009)' }), id: 'T1059.009', name: 'Cloud API', reference: 'https://attack.mitre.org/techniques/T1059/009', tactics: ['execution'], techniqueId: 'T1059', value: 'cloudApi' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1087Description', { defaultMessage: 'Cloud Account (T1087.004)' }), id: 'T1087.004', name: 'Cloud Account', reference: 'https://attack.mitre.org/techniques/T1087/004', tactics: ['discovery'], techniqueId: 'T1087', value: 'cloudAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountT1136Description', { defaultMessage: 'Cloud Account (T1136.003)' }), id: 'T1136.003', name: 'Cloud Account', reference: 'https://attack.mitre.org/techniques/T1136/003', tactics: ['persistence'], techniqueId: 'T1136', value: 'cloudAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1586Description', { defaultMessage: 'Cloud Accounts (T1586.003)' }), id: 'T1586.003', name: 'Cloud Accounts', reference: 'https://attack.mitre.org/techniques/T1586/003', tactics: ['resource-development'], techniqueId: 'T1586', value: 'cloudAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1585Description', { defaultMessage: 'Cloud Accounts (T1585.003)' }), id: 'T1585.003', name: 'Cloud Accounts', reference: 'https://attack.mitre.org/techniques/T1585/003', tactics: ['resource-development'], techniqueId: 'T1585', value: 'cloudAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudAccountsT1078Description', { defaultMessage: 'Cloud Accounts (T1078.004)' }), id: 'T1078.004', name: 'Cloud Accounts', reference: 'https://attack.mitre.org/techniques/T1078/004', tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], techniqueId: 'T1078', value: 'cloudAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudGroupsT1069Description', { defaultMessage: 'Cloud Groups (T1069.003)' }), id: 'T1069.003', name: 'Cloud Groups', reference: 'https://attack.mitre.org/techniques/T1069/003', tactics: ['discovery'], techniqueId: 'T1069', value: 'cloudGroups' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudInstanceMetadataApiT1552Description', { defaultMessage: 'Cloud Instance Metadata API (T1552.005)' }), id: 'T1552.005', name: 'Cloud Instance Metadata API', reference: 'https://attack.mitre.org/techniques/T1552/005', tactics: ['credential-access'], techniqueId: 'T1552', value: 'cloudInstanceMetadataApi' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cloudServicesT1021Description', { defaultMessage: 'Cloud Services (T1021.007)' }), id: 'T1021.007', name: 'Cloud Services', reference: 'https://attack.mitre.org/techniques/T1021/007', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'cloudServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeRepositoriesT1593Description', { defaultMessage: 'Code Repositories (T1593.003)' }), id: 'T1593.003', name: 'Code Repositories', reference: 'https://attack.mitre.org/techniques/T1593/003', tactics: ['reconnaissance'], techniqueId: 'T1593', value: 'codeRepositories' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeRepositoriesT1213Description', { defaultMessage: 'Code Repositories (T1213.003)' }), id: 'T1213.003', name: 'Code Repositories', reference: 'https://attack.mitre.org/techniques/T1213/003', tactics: ['collection'], techniqueId: 'T1213', value: 'codeRepositories' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningT1553Description', { defaultMessage: 'Code Signing (T1553.002)' }), id: 'T1553.002', name: 'Code Signing', reference: 'https://attack.mitre.org/techniques/T1553/002', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'codeSigning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningCertificatesT1587Description', { defaultMessage: 'Code Signing Certificates (T1587.002)' }), id: 'T1587.002', name: 'Code Signing Certificates', reference: 'https://attack.mitre.org/techniques/T1587/002', tactics: ['resource-development'], techniqueId: 'T1587', value: 'codeSigningCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningCertificatesT1588Description', { defaultMessage: 'Code Signing Certificates (T1588.003)' }), id: 'T1588.003', name: 'Code Signing Certificates', reference: 'https://attack.mitre.org/techniques/T1588/003', tactics: ['resource-development'], techniqueId: 'T1588', value: 'codeSigningCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.codeSigningPolicyModificationT1553Description', { defaultMessage: 'Code Signing Policy Modification (T1553.006)' }), id: 'T1553.006', name: 'Code Signing Policy Modification', reference: 'https://attack.mitre.org/techniques/T1553/006', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'codeSigningPolicyModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.commandObfuscationT1027Description', { defaultMessage: 'Command Obfuscation (T1027.010)' }), id: 'T1027.010', name: 'Command Obfuscation', reference: 'https://attack.mitre.org/techniques/T1027/010', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'commandObfuscation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compileAfterDeliveryT1027Description', { defaultMessage: 'Compile After Delivery (T1027.004)' }), id: 'T1027.004', name: 'Compile After Delivery', reference: 'https://attack.mitre.org/techniques/T1027/004', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'compileAfterDelivery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compiledHtmlFileT1218Description', { defaultMessage: 'Compiled HTML File (T1218.001)' }), id: 'T1218.001', name: 'Compiled HTML File', reference: 'https://attack.mitre.org/techniques/T1218/001', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'compiledHtmlFile' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentFirmwareT1542Description', { defaultMessage: 'Component Firmware (T1542.002)' }), id: 'T1542.002', name: 'Component Firmware', reference: 'https://attack.mitre.org/techniques/T1542/002', tactics: ['persistence', 'defense-evasion'], techniqueId: 'T1542', value: 'componentFirmware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentObjectModelT1559Description', { defaultMessage: 'Component Object Model (T1559.001)' }), id: 'T1559.001', name: 'Component Object Model', reference: 'https://attack.mitre.org/techniques/T1559/001', tactics: ['execution'], techniqueId: 'T1559', value: 'componentObjectModel' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.componentObjectModelHijackingT1546Description', { defaultMessage: 'Component Object Model Hijacking (T1546.015)' }), id: 'T1546.015', name: 'Component Object Model Hijacking', reference: 'https://attack.mitre.org/techniques/T1546/015', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'componentObjectModelHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseHardwareSupplyChainT1195Description', { defaultMessage: 'Compromise Hardware Supply Chain (T1195.003)' }), id: 'T1195.003', name: 'Compromise Hardware Supply Chain', reference: 'https://attack.mitre.org/techniques/T1195/003', tactics: ['initial-access'], techniqueId: 'T1195', value: 'compromiseHardwareSupplyChain' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseSoftwareDependenciesAndDevelopmentToolsT1195Description', { defaultMessage: 'Compromise Software Dependencies and Development Tools (T1195.001)' }), id: 'T1195.001', name: 'Compromise Software Dependencies and Development Tools', reference: 'https://attack.mitre.org/techniques/T1195/001', tactics: ['initial-access'], techniqueId: 'T1195', value: 'compromiseSoftwareDependenciesAndDevelopmentTools' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.compromiseSoftwareSupplyChainT1195Description', { defaultMessage: 'Compromise Software Supply Chain (T1195.002)' }), id: 'T1195.002', name: 'Compromise Software Supply Chain', reference: 'https://attack.mitre.org/techniques/T1195/002', tactics: ['initial-access'], techniqueId: 'T1195', value: 'compromiseSoftwareSupplyChain' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.confluenceT1213Description', { defaultMessage: 'Confluence (T1213.001)' }), id: 'T1213.001', name: 'Confluence', reference: 'https://attack.mitre.org/techniques/T1213/001', tactics: ['collection'], techniqueId: 'T1213', value: 'confluence' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.containerApiT1552Description', { defaultMessage: 'Container API (T1552.007)' }), id: 'T1552.007', name: 'Container API', reference: 'https://attack.mitre.org/techniques/T1552/007', tactics: ['credential-access'], techniqueId: 'T1552', value: 'containerApi' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.containerOrchestrationJobT1053Description', { defaultMessage: 'Container Orchestration Job (T1053.007)' }), id: 'T1053.007', name: 'Container Orchestration Job', reference: 'https://attack.mitre.org/techniques/T1053/007', tactics: ['execution', 'persistence', 'privilege-escalation'], techniqueId: 'T1053', value: 'containerOrchestrationJob' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.controlPanelT1218Description', { defaultMessage: 'Control Panel (T1218.002)' }), id: 'T1218.002', name: 'Control Panel', reference: 'https://attack.mitre.org/techniques/T1218/002', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'controlPanel' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createCloudInstanceT1578Description', { defaultMessage: 'Create Cloud Instance (T1578.002)' }), id: 'T1578.002', name: 'Create Cloud Instance', reference: 'https://attack.mitre.org/techniques/T1578/002', tactics: ['defense-evasion'], techniqueId: 'T1578', value: 'createCloudInstance' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createProcessWithTokenT1134Description', { defaultMessage: 'Create Process with Token (T1134.002)' }), id: 'T1134.002', name: 'Create Process with Token', reference: 'https://attack.mitre.org/techniques/T1134/002', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1134', value: 'createProcessWithToken' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.createSnapshotT1578Description', { defaultMessage: 'Create Snapshot (T1578.001)' }), id: 'T1578.001', name: 'Create Snapshot', reference: 'https://attack.mitre.org/techniques/T1578/001', tactics: ['defense-evasion'], techniqueId: 'T1578', value: 'createSnapshot' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialApiHookingT1056Description', { defaultMessage: 'Credential API Hooking (T1056.004)' }), id: 'T1056.004', name: 'Credential API Hooking', reference: 'https://attack.mitre.org/techniques/T1056/004', tactics: ['collection', 'credential-access'], techniqueId: 'T1056', value: 'credentialApiHooking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialStuffingT1110Description', { defaultMessage: 'Credential Stuffing (T1110.004)' }), id: 'T1110.004', name: 'Credential Stuffing', reference: 'https://attack.mitre.org/techniques/T1110/004', tactics: ['credential-access'], techniqueId: 'T1110', value: 'credentialStuffing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsT1589Description', { defaultMessage: 'Credentials (T1589.001)' }), id: 'T1589.001', name: 'Credentials', reference: 'https://attack.mitre.org/techniques/T1589/001', tactics: ['reconnaissance'], techniqueId: 'T1589', value: 'credentials' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsInFilesT1552Description', { defaultMessage: 'Credentials In Files (T1552.001)' }), id: 'T1552.001', name: 'Credentials In Files', reference: 'https://attack.mitre.org/techniques/T1552/001', tactics: ['credential-access'], techniqueId: 'T1552', value: 'credentialsInFiles' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsFromWebBrowsersT1555Description', { defaultMessage: 'Credentials from Web Browsers (T1555.003)' }), id: 'T1555.003', name: 'Credentials from Web Browsers', reference: 'https://attack.mitre.org/techniques/T1555/003', tactics: ['credential-access'], techniqueId: 'T1555', value: 'credentialsFromWebBrowsers' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.credentialsInRegistryT1552Description', { defaultMessage: 'Credentials in Registry (T1552.002)' }), id: 'T1552.002', name: 'Credentials in Registry', reference: 'https://attack.mitre.org/techniques/T1552/002', tactics: ['credential-access'], techniqueId: 'T1552', value: 'credentialsInRegistry' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.cronT1053Description', { defaultMessage: 'Cron (T1053.003)' }), id: 'T1053.003', name: 'Cron', reference: 'https://attack.mitre.org/techniques/T1053/003', tactics: ['execution', 'persistence', 'privilege-escalation'], techniqueId: 'T1053', value: 'cron' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dcSyncT1003Description', { defaultMessage: 'DCSync (T1003.006)' }), id: 'T1003.006', name: 'DCSync', reference: 'https://attack.mitre.org/techniques/T1003/006', tactics: ['credential-access'], techniqueId: 'T1003', value: 'dcSync' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dhcpSpoofingT1557Description', { defaultMessage: 'DHCP Spoofing (T1557.003)' }), id: 'T1557.003', name: 'DHCP Spoofing', reference: 'https://attack.mitre.org/techniques/T1557/003', tactics: ['credential-access', 'collection'], techniqueId: 'T1557', value: 'dhcpSpoofing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dllSearchOrderHijackingT1574Description', { defaultMessage: 'DLL Search Order Hijacking (T1574.001)' }), id: 'T1574.001', name: 'DLL Search Order Hijacking', reference: 'https://attack.mitre.org/techniques/T1574/001', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'dllSearchOrderHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dllSideLoadingT1574Description', { defaultMessage: 'DLL Side-Loading (T1574.002)' }), id: 'T1574.002', name: 'DLL Side-Loading', reference: 'https://attack.mitre.org/techniques/T1574/002', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'dllSideLoading' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1590Description', { defaultMessage: 'DNS (T1590.002)' }), id: 'T1590.002', name: 'DNS', reference: 'https://attack.mitre.org/techniques/T1590/002', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'dns' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsT1071Description', { defaultMessage: 'DNS (T1071.004)' }), id: 'T1071.004', name: 'DNS', reference: 'https://attack.mitre.org/techniques/T1071/004', tactics: ['command-and-control'], techniqueId: 'T1071', value: 'dns' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsCalculationT1568Description', { defaultMessage: 'DNS Calculation (T1568.003)' }), id: 'T1568.003', name: 'DNS Calculation', reference: 'https://attack.mitre.org/techniques/T1568/003', tactics: ['command-and-control'], techniqueId: 'T1568', value: 'dnsCalculation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsServerT1583Description', { defaultMessage: 'DNS Server (T1583.002)' }), id: 'T1583.002', name: 'DNS Server', reference: 'https://attack.mitre.org/techniques/T1583/002', tactics: ['resource-development'], techniqueId: 'T1583', value: 'dnsServer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsServerT1584Description', { defaultMessage: 'DNS Server (T1584.002)' }), id: 'T1584.002', name: 'DNS Server', reference: 'https://attack.mitre.org/techniques/T1584/002', tactics: ['resource-development'], techniqueId: 'T1584', value: 'dnsServer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dnsPassiveDnsT1596Description', { defaultMessage: 'DNS/Passive DNS (T1596.001)' }), id: 'T1596.001', name: 'DNS/Passive DNS', reference: 'https://attack.mitre.org/techniques/T1596/001', tactics: ['reconnaissance'], techniqueId: 'T1596', value: 'dnsPassiveDns' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deadDropResolverT1102Description', { defaultMessage: 'Dead Drop Resolver (T1102.001)' }), id: 'T1102.001', name: 'Dead Drop Resolver', reference: 'https://attack.mitre.org/techniques/T1102/001', tactics: ['command-and-control'], techniqueId: 'T1102', value: 'deadDropResolver' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.defaultAccountsT1078Description', { defaultMessage: 'Default Accounts (T1078.001)' }), id: 'T1078.001', name: 'Default Accounts', reference: 'https://attack.mitre.org/techniques/T1078/001', tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], techniqueId: 'T1078', value: 'defaultAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deleteCloudInstanceT1578Description', { defaultMessage: 'Delete Cloud Instance (T1578.003)' }), id: 'T1578.003', name: 'Delete Cloud Instance', reference: 'https://attack.mitre.org/techniques/T1578/003', tactics: ['defense-evasion'], techniqueId: 'T1578', value: 'deleteCloudInstance' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.determinePhysicalLocationsT1591Description', { defaultMessage: 'Determine Physical Locations (T1591.001)' }), id: 'T1591.001', name: 'Determine Physical Locations', reference: 'https://attack.mitre.org/techniques/T1591/001', tactics: ['reconnaissance'], techniqueId: 'T1591', value: 'determinePhysicalLocations' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.deviceRegistrationT1098Description', { defaultMessage: 'Device Registration (T1098.005)' }), id: 'T1098.005', name: 'Device Registration', reference: 'https://attack.mitre.org/techniques/T1098/005', tactics: ['persistence'], techniqueId: 'T1098', value: 'deviceRegistration' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1596Description', { defaultMessage: 'Digital Certificates (T1596.003)' }), id: 'T1596.003', name: 'Digital Certificates', reference: 'https://attack.mitre.org/techniques/T1596/003', tactics: ['reconnaissance'], techniqueId: 'T1596', value: 'digitalCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1588Description', { defaultMessage: 'Digital Certificates (T1588.004)' }), id: 'T1588.004', name: 'Digital Certificates', reference: 'https://attack.mitre.org/techniques/T1588/004', tactics: ['resource-development'], techniqueId: 'T1588', value: 'digitalCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.digitalCertificatesT1587Description', { defaultMessage: 'Digital Certificates (T1587.003)' }), id: 'T1587.003', name: 'Digital Certificates', reference: 'https://attack.mitre.org/techniques/T1587/003', tactics: ['resource-development'], techniqueId: 'T1587', value: 'digitalCertificates' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.directNetworkFloodT1498Description', { defaultMessage: 'Direct Network Flood (T1498.001)' }), id: 'T1498.001', name: 'Direct Network Flood', reference: 'https://attack.mitre.org/techniques/T1498/001', tactics: ['impact'], techniqueId: 'T1498', value: 'directNetworkFlood' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCloudLogsT1562Description', { defaultMessage: 'Disable Cloud Logs (T1562.008)' }), id: 'T1562.008', name: 'Disable Cloud Logs', reference: 'https://attack.mitre.org/techniques/T1562/008', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'disableCloudLogs' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableCryptoHardwareT1600Description', { defaultMessage: 'Disable Crypto Hardware (T1600.002)' }), id: 'T1600.002', name: 'Disable Crypto Hardware', reference: 'https://attack.mitre.org/techniques/T1600/002', tactics: ['defense-evasion'], techniqueId: 'T1600', value: 'disableCryptoHardware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableWindowsEventLoggingT1562Description', { defaultMessage: 'Disable Windows Event Logging (T1562.002)' }), id: 'T1562.002', name: 'Disable Windows Event Logging', reference: 'https://attack.mitre.org/techniques/T1562/002', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'disableWindowsEventLogging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyCloudFirewallT1562Description', { defaultMessage: 'Disable or Modify Cloud Firewall (T1562.007)' }), id: 'T1562.007', name: 'Disable or Modify Cloud Firewall', reference: 'https://attack.mitre.org/techniques/T1562/007', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'disableOrModifyCloudFirewall' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifySystemFirewallT1562Description', { defaultMessage: 'Disable or Modify System Firewall (T1562.004)' }), id: 'T1562.004', name: 'Disable or Modify System Firewall', reference: 'https://attack.mitre.org/techniques/T1562/004', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'disableOrModifySystemFirewall' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.disableOrModifyToolsT1562Description', { defaultMessage: 'Disable or Modify Tools (T1562.001)' }), id: 'T1562.001', name: 'Disable or Modify Tools', reference: 'https://attack.mitre.org/techniques/T1562/001', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'disableOrModifyTools' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.diskContentWipeT1561Description', { defaultMessage: 'Disk Content Wipe (T1561.001)' }), id: 'T1561.001', name: 'Disk Content Wipe', reference: 'https://attack.mitre.org/techniques/T1561/001', tactics: ['impact'], techniqueId: 'T1561', value: 'diskContentWipe' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.diskStructureWipeT1561Description', { defaultMessage: 'Disk Structure Wipe (T1561.002)' }), id: 'T1561.002', name: 'Disk Structure Wipe', reference: 'https://attack.mitre.org/techniques/T1561/002', tactics: ['impact'], techniqueId: 'T1561', value: 'diskStructureWipe' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.distributedComponentObjectModelT1021Description', { defaultMessage: 'Distributed Component Object Model (T1021.003)' }), id: 'T1021.003', name: 'Distributed Component Object Model', reference: 'https://attack.mitre.org/techniques/T1021/003', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'distributedComponentObjectModel' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1087Description', { defaultMessage: 'Domain Account (T1087.002)' }), id: 'T1087.002', name: 'Domain Account', reference: 'https://attack.mitre.org/techniques/T1087/002', tactics: ['discovery'], techniqueId: 'T1087', value: 'domainAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountT1136Description', { defaultMessage: 'Domain Account (T1136.002)' }), id: 'T1136.002', name: 'Domain Account', reference: 'https://attack.mitre.org/techniques/T1136/002', tactics: ['persistence'], techniqueId: 'T1136', value: 'domainAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainAccountsT1078Description', { defaultMessage: 'Domain Accounts (T1078.002)' }), id: 'T1078.002', name: 'Domain Accounts', reference: 'https://attack.mitre.org/techniques/T1078/002', tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], techniqueId: 'T1078', value: 'domainAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainControllerAuthenticationT1556Description', { defaultMessage: 'Domain Controller Authentication (T1556.001)' }), id: 'T1556.001', name: 'Domain Controller Authentication', reference: 'https://attack.mitre.org/techniques/T1556/001', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'domainControllerAuthentication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainFrontingT1090Description', { defaultMessage: 'Domain Fronting (T1090.004)' }), id: 'T1090.004', name: 'Domain Fronting', reference: 'https://attack.mitre.org/techniques/T1090/004', tactics: ['command-and-control'], techniqueId: 'T1090', value: 'domainFronting' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainGenerationAlgorithmsT1568Description', { defaultMessage: 'Domain Generation Algorithms (T1568.002)' }), id: 'T1568.002', name: 'Domain Generation Algorithms', reference: 'https://attack.mitre.org/techniques/T1568/002', tactics: ['command-and-control'], techniqueId: 'T1568', value: 'domainGenerationAlgorithms' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainGroupsT1069Description', { defaultMessage: 'Domain Groups (T1069.002)' }), id: 'T1069.002', name: 'Domain Groups', reference: 'https://attack.mitre.org/techniques/T1069/002', tactics: ['discovery'], techniqueId: 'T1069', value: 'domainGroups' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainPropertiesT1590Description', { defaultMessage: 'Domain Properties (T1590.001)' }), id: 'T1590.001', name: 'Domain Properties', reference: 'https://attack.mitre.org/techniques/T1590/001', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'domainProperties' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainTrustModificationT1484Description', { defaultMessage: 'Domain Trust Modification (T1484.002)' }), id: 'T1484.002', name: 'Domain Trust Modification', reference: 'https://attack.mitre.org/techniques/T1484/002', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1484', value: 'domainTrustModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainsT1583Description', { defaultMessage: 'Domains (T1583.001)' }), id: 'T1583.001', name: 'Domains', reference: 'https://attack.mitre.org/techniques/T1583/001', tactics: ['resource-development'], techniqueId: 'T1583', value: 'domains' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.domainsT1584Description', { defaultMessage: 'Domains (T1584.001)' }), id: 'T1584.001', name: 'Domains', reference: 'https://attack.mitre.org/techniques/T1584/001', tactics: ['resource-development'], techniqueId: 'T1584', value: 'domains' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.doubleFileExtensionT1036Description', { defaultMessage: 'Double File Extension (T1036.007)' }), id: 'T1036.007', name: 'Double File Extension', reference: 'https://attack.mitre.org/techniques/T1036/007', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'doubleFileExtension' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.downgradeAttackT1562Description', { defaultMessage: 'Downgrade Attack (T1562.010)' }), id: 'T1562.010', name: 'Downgrade Attack', reference: 'https://attack.mitre.org/techniques/T1562/010', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'downgradeAttack' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.downgradeSystemImageT1601Description', { defaultMessage: 'Downgrade System Image (T1601.002)' }), id: 'T1601.002', name: 'Downgrade System Image', reference: 'https://attack.mitre.org/techniques/T1601/002', tactics: ['defense-evasion'], techniqueId: 'T1601', value: 'downgradeSystemImage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.driveByTargetT1608Description', { defaultMessage: 'Drive-by Target (T1608.004)' }), id: 'T1608.004', name: 'Drive-by Target', reference: 'https://attack.mitre.org/techniques/T1608/004', tactics: ['resource-development'], techniqueId: 'T1608', value: 'driveByTarget' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dylibHijackingT1574Description', { defaultMessage: 'Dylib Hijacking (T1574.004)' }), id: 'T1574.004', name: 'Dylib Hijacking', reference: 'https://attack.mitre.org/techniques/T1574/004', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'dylibHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicApiResolutionT1027Description', { defaultMessage: 'Dynamic API Resolution (T1027.007)' }), id: 'T1027.007', name: 'Dynamic API Resolution', reference: 'https://attack.mitre.org/techniques/T1027/007', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'dynamicApiResolution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicDataExchangeT1559Description', { defaultMessage: 'Dynamic Data Exchange (T1559.002)' }), id: 'T1559.002', name: 'Dynamic Data Exchange', reference: 'https://attack.mitre.org/techniques/T1559/002', tactics: ['execution'], techniqueId: 'T1559', value: 'dynamicDataExchange' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicLinkerHijackingT1574Description', { defaultMessage: 'Dynamic Linker Hijacking (T1574.006)' }), id: 'T1574.006', name: 'Dynamic Linker Hijacking', reference: 'https://attack.mitre.org/techniques/T1574/006', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'dynamicLinkerHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.dynamicLinkLibraryInjectionT1055Description', { defaultMessage: 'Dynamic-link Library Injection (T1055.001)' }), id: 'T1055.001', name: 'Dynamic-link Library Injection', reference: 'https://attack.mitre.org/techniques/T1055/001', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'dynamicLinkLibraryInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.elevatedExecutionWithPromptT1548Description', { defaultMessage: 'Elevated Execution with Prompt (T1548.004)' }), id: 'T1548.004', name: 'Elevated Execution with Prompt', reference: 'https://attack.mitre.org/techniques/T1548/004', tactics: ['privilege-escalation', 'defense-evasion'], techniqueId: 'T1548', value: 'elevatedExecutionWithPrompt' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountT1087Description', { defaultMessage: 'Email Account (T1087.003)' }), id: 'T1087.003', name: 'Email Account', reference: 'https://attack.mitre.org/techniques/T1087/003', tactics: ['discovery'], techniqueId: 'T1087', value: 'emailAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1586Description', { defaultMessage: 'Email Accounts (T1586.002)' }), id: 'T1586.002', name: 'Email Accounts', reference: 'https://attack.mitre.org/techniques/T1586/002', tactics: ['resource-development'], techniqueId: 'T1586', value: 'emailAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAccountsT1585Description', { defaultMessage: 'Email Accounts (T1585.002)' }), id: 'T1585.002', name: 'Email Accounts', reference: 'https://attack.mitre.org/techniques/T1585/002', tactics: ['resource-development'], techniqueId: 'T1585', value: 'emailAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailAddressesT1589Description', { defaultMessage: 'Email Addresses (T1589.002)' }), id: 'T1589.002', name: 'Email Addresses', reference: 'https://attack.mitre.org/techniques/T1589/002', tactics: ['reconnaissance'], techniqueId: 'T1589', value: 'emailAddresses' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailForwardingRuleT1114Description', { defaultMessage: 'Email Forwarding Rule (T1114.003)' }), id: 'T1114.003', name: 'Email Forwarding Rule', reference: 'https://attack.mitre.org/techniques/T1114/003', tactics: ['collection'], techniqueId: 'T1114', value: 'emailForwardingRule' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emailHidingRulesT1564Description', { defaultMessage: 'Email Hiding Rules (T1564.008)' }), id: 'T1564.008', name: 'Email Hiding Rules', reference: 'https://attack.mitre.org/techniques/T1564/008', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'emailHidingRules' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.embeddedPayloadsT1027Description', { defaultMessage: 'Embedded Payloads (T1027.009)' }), id: 'T1027.009', name: 'Embedded Payloads', reference: 'https://attack.mitre.org/techniques/T1027/009', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'embeddedPayloads' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.emondT1546Description', { defaultMessage: 'Emond (T1546.014)' }), id: 'T1546.014', name: 'Emond', reference: 'https://attack.mitre.org/techniques/T1546/014', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'emond' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.employeeNamesT1589Description', { defaultMessage: 'Employee Names (T1589.003)' }), id: 'T1589.003', name: 'Employee Names', reference: 'https://attack.mitre.org/techniques/T1589/003', tactics: ['reconnaissance'], techniqueId: 'T1589', value: 'employeeNames' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.environmentalKeyingT1480Description', { defaultMessage: 'Environmental Keying (T1480.001)' }), id: 'T1480.001', name: 'Environmental Keying', reference: 'https://attack.mitre.org/techniques/T1480/001', tactics: ['defense-evasion'], techniqueId: 'T1480', value: 'environmentalKeying' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.executableInstallerFilePermissionsWeaknessT1574Description', { defaultMessage: 'Executable Installer File Permissions Weakness (T1574.005)' }), id: 'T1574.005', name: 'Executable Installer File Permissions Weakness', reference: 'https://attack.mitre.org/techniques/T1574/005', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'executableInstallerFilePermissionsWeakness' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverAsymmetricEncryptedNonC2ProtocolT1048Description', { defaultMessage: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol (T1048.002)' }), id: 'T1048.002', name: 'Exfiltration Over Asymmetric Encrypted Non-C2 Protocol', reference: 'https://attack.mitre.org/techniques/T1048/002', tactics: ['exfiltration'], techniqueId: 'T1048', value: 'exfiltrationOverAsymmetricEncryptedNonC2Protocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverBluetoothT1011Description', { defaultMessage: 'Exfiltration Over Bluetooth (T1011.001)' }), id: 'T1011.001', name: 'Exfiltration Over Bluetooth', reference: 'https://attack.mitre.org/techniques/T1011/001', tactics: ['exfiltration'], techniqueId: 'T1011', value: 'exfiltrationOverBluetooth' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverSymmetricEncryptedNonC2ProtocolT1048Description', { defaultMessage: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol (T1048.001)' }), id: 'T1048.001', name: 'Exfiltration Over Symmetric Encrypted Non-C2 Protocol', reference: 'https://attack.mitre.org/techniques/T1048/001', tactics: ['exfiltration'], techniqueId: 'T1048', value: 'exfiltrationOverSymmetricEncryptedNonC2Protocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUnencryptedNonC2ProtocolT1048Description', { defaultMessage: 'Exfiltration Over Unencrypted Non-C2 Protocol (T1048.003)' }), id: 'T1048.003', name: 'Exfiltration Over Unencrypted Non-C2 Protocol', reference: 'https://attack.mitre.org/techniques/T1048/003', tactics: ['exfiltration'], techniqueId: 'T1048', value: 'exfiltrationOverUnencryptedNonC2Protocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationOverUsbT1052Description', { defaultMessage: 'Exfiltration over USB (T1052.001)' }), id: 'T1052.001', name: 'Exfiltration over USB', reference: 'https://attack.mitre.org/techniques/T1052/001', tactics: ['exfiltration'], techniqueId: 'T1052', value: 'exfiltrationOverUsb' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCloudStorageT1567Description', { defaultMessage: 'Exfiltration to Cloud Storage (T1567.002)' }), id: 'T1567.002', name: 'Exfiltration to Cloud Storage', reference: 'https://attack.mitre.org/techniques/T1567/002', tactics: ['exfiltration'], techniqueId: 'T1567', value: 'exfiltrationToCloudStorage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToCodeRepositoryT1567Description', { defaultMessage: 'Exfiltration to Code Repository (T1567.001)' }), id: 'T1567.001', name: 'Exfiltration to Code Repository', reference: 'https://attack.mitre.org/techniques/T1567/001', tactics: ['exfiltration'], techniqueId: 'T1567', value: 'exfiltrationToCodeRepository' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exfiltrationToTextStorageSitesT1567Description', { defaultMessage: 'Exfiltration to Text Storage Sites (T1567.003)' }), id: 'T1567.003', name: 'Exfiltration to Text Storage Sites', reference: 'https://attack.mitre.org/techniques/T1567/003', tactics: ['exfiltration'], techniqueId: 'T1567', value: 'exfiltrationToTextStorageSites' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exploitsT1587Description', { defaultMessage: 'Exploits (T1587.004)' }), id: 'T1587.004', name: 'Exploits', reference: 'https://attack.mitre.org/techniques/T1587/004', tactics: ['resource-development'], techniqueId: 'T1587', value: 'exploits' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.exploitsT1588Description', { defaultMessage: 'Exploits (T1588.005)' }), id: 'T1588.005', name: 'Exploits', reference: 'https://attack.mitre.org/techniques/T1588/005', tactics: ['resource-development'], techniqueId: 'T1588', value: 'exploits' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.externalDefacementT1491Description', { defaultMessage: 'External Defacement (T1491.002)' }), id: 'T1491.002', name: 'External Defacement', reference: 'https://attack.mitre.org/techniques/T1491/002', tactics: ['impact'], techniqueId: 'T1491', value: 'externalDefacement' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.externalProxyT1090Description', { defaultMessage: 'External Proxy (T1090.002)' }), id: 'T1090.002', name: 'External Proxy', reference: 'https://attack.mitre.org/techniques/T1090/002', tactics: ['command-and-control'], techniqueId: 'T1090', value: 'externalProxy' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.extraWindowMemoryInjectionT1055Description', { defaultMessage: 'Extra Window Memory Injection (T1055.011)' }), id: 'T1055.011', name: 'Extra Window Memory Injection', reference: 'https://attack.mitre.org/techniques/T1055/011', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'extraWindowMemoryInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fastFluxDnsT1568Description', { defaultMessage: 'Fast Flux DNS (T1568.001)' }), id: 'T1568.001', name: 'Fast Flux DNS', reference: 'https://attack.mitre.org/techniques/T1568/001', tactics: ['command-and-control'], techniqueId: 'T1568', value: 'fastFluxDns' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fileDeletionT1070Description', { defaultMessage: 'File Deletion (T1070.004)' }), id: 'T1070.004', name: 'File Deletion', reference: 'https://attack.mitre.org/techniques/T1070/004', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'fileDeletion' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.fileTransferProtocolsT1071Description', { defaultMessage: 'File Transfer Protocols (T1071.002)' }), id: 'T1071.002', name: 'File Transfer Protocols', reference: 'https://attack.mitre.org/techniques/T1071/002', tactics: ['command-and-control'], techniqueId: 'T1071', value: 'fileTransferProtocols' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.filelessStorageT1027Description', { defaultMessage: 'Fileless Storage (T1027.011)' }), id: 'T1027.011', name: 'Fileless Storage', reference: 'https://attack.mitre.org/techniques/T1027/011', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'filelessStorage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.firmwareT1592Description', { defaultMessage: 'Firmware (T1592.003)' }), id: 'T1592.003', name: 'Firmware', reference: 'https://attack.mitre.org/techniques/T1592/003', tactics: ['reconnaissance'], techniqueId: 'T1592', value: 'firmware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.guiInputCaptureT1056Description', { defaultMessage: 'GUI Input Capture (T1056.002)' }), id: 'T1056.002', name: 'GUI Input Capture', reference: 'https://attack.mitre.org/techniques/T1056/002', tactics: ['collection', 'credential-access'], techniqueId: 'T1056', value: 'guiInputCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.gatekeeperBypassT1553Description', { defaultMessage: 'Gatekeeper Bypass (T1553.001)' }), id: 'T1553.001', name: 'Gatekeeper Bypass', reference: 'https://attack.mitre.org/techniques/T1553/001', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'gatekeeperBypass' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.goldenTicketT1558Description', { defaultMessage: 'Golden Ticket (T1558.001)' }), id: 'T1558.001', name: 'Golden Ticket', reference: 'https://attack.mitre.org/techniques/T1558/001', tactics: ['credential-access'], techniqueId: 'T1558', value: 'goldenTicket' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.groupPolicyModificationT1484Description', { defaultMessage: 'Group Policy Modification (T1484.001)' }), id: 'T1484.001', name: 'Group Policy Modification', reference: 'https://attack.mitre.org/techniques/T1484/001', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1484', value: 'groupPolicyModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.groupPolicyPreferencesT1552Description', { defaultMessage: 'Group Policy Preferences (T1552.006)' }), id: 'T1552.006', name: 'Group Policy Preferences', reference: 'https://attack.mitre.org/techniques/T1552/006', tactics: ['credential-access'], techniqueId: 'T1552', value: 'groupPolicyPreferences' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.htmlSmugglingT1027Description', { defaultMessage: 'HTML Smuggling (T1027.006)' }), id: 'T1027.006', name: 'HTML Smuggling', reference: 'https://attack.mitre.org/techniques/T1027/006', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'htmlSmuggling' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hardwareT1592Description', { defaultMessage: 'Hardware (T1592.001)' }), id: 'T1592.001', name: 'Hardware', reference: 'https://attack.mitre.org/techniques/T1592/001', tactics: ['reconnaissance'], techniqueId: 'T1592', value: 'hardware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenFileSystemT1564Description', { defaultMessage: 'Hidden File System (T1564.005)' }), id: 'T1564.005', name: 'Hidden File System', reference: 'https://attack.mitre.org/techniques/T1564/005', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'hiddenFileSystem' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenFilesAndDirectoriesT1564Description', { defaultMessage: 'Hidden Files and Directories (T1564.001)' }), id: 'T1564.001', name: 'Hidden Files and Directories', reference: 'https://attack.mitre.org/techniques/T1564/001', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'hiddenFilesAndDirectories' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenUsersT1564Description', { defaultMessage: 'Hidden Users (T1564.002)' }), id: 'T1564.002', name: 'Hidden Users', reference: 'https://attack.mitre.org/techniques/T1564/002', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'hiddenUsers' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hiddenWindowT1564Description', { defaultMessage: 'Hidden Window (T1564.003)' }), id: 'T1564.003', name: 'Hidden Window', reference: 'https://attack.mitre.org/techniques/T1564/003', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'hiddenWindow' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.hybridIdentityT1556Description', { defaultMessage: 'Hybrid Identity (T1556.007)' }), id: 'T1556.007', name: 'Hybrid Identity', reference: 'https://attack.mitre.org/techniques/T1556/007', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'hybridIdentity' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.iisComponentsT1505Description', { defaultMessage: 'IIS Components (T1505.004)' }), id: 'T1505.004', name: 'IIS Components', reference: 'https://attack.mitre.org/techniques/T1505/004', tactics: ['persistence'], techniqueId: 'T1505', value: 'iisComponents' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ipAddressesT1590Description', { defaultMessage: 'IP Addresses (T1590.005)' }), id: 'T1590.005', name: 'IP Addresses', reference: 'https://attack.mitre.org/techniques/T1590/005', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'ipAddresses' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.identifyBusinessTempoT1591Description', { defaultMessage: 'Identify Business Tempo (T1591.003)' }), id: 'T1591.003', name: 'Identify Business Tempo', reference: 'https://attack.mitre.org/techniques/T1591/003', tactics: ['reconnaissance'], techniqueId: 'T1591', value: 'identifyBusinessTempo' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.identifyRolesT1591Description', { defaultMessage: 'Identify Roles (T1591.004)' }), id: 'T1591.004', name: 'Identify Roles', reference: 'https://attack.mitre.org/techniques/T1591/004', tactics: ['reconnaissance'], techniqueId: 'T1591', value: 'identifyRoles' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.imageFileExecutionOptionsInjectionT1546Description', { defaultMessage: 'Image File Execution Options Injection (T1546.012)' }), id: 'T1546.012', name: 'Image File Execution Options Injection', reference: 'https://attack.mitre.org/techniques/T1546/012', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'imageFileExecutionOptionsInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.impairCommandHistoryLoggingT1562Description', { defaultMessage: 'Impair Command History Logging (T1562.003)' }), id: 'T1562.003', name: 'Impair Command History Logging', reference: 'https://attack.mitre.org/techniques/T1562/003', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'impairCommandHistoryLogging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.indicatorBlockingT1562Description', { defaultMessage: 'Indicator Blocking (T1562.006)' }), id: 'T1562.006', name: 'Indicator Blocking', reference: 'https://attack.mitre.org/techniques/T1562/006', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'indicatorBlocking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.indicatorRemovalFromToolsT1027Description', { defaultMessage: 'Indicator Removal from Tools (T1027.005)' }), id: 'T1027.005', name: 'Indicator Removal from Tools', reference: 'https://attack.mitre.org/techniques/T1027/005', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'indicatorRemovalFromTools' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installDigitalCertificateT1608Description', { defaultMessage: 'Install Digital Certificate (T1608.003)' }), id: 'T1608.003', name: 'Install Digital Certificate', reference: 'https://attack.mitre.org/techniques/T1608/003', tactics: ['resource-development'], techniqueId: 'T1608', value: 'installDigitalCertificate' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installRootCertificateT1553Description', { defaultMessage: 'Install Root Certificate (T1553.004)' }), id: 'T1553.004', name: 'Install Root Certificate', reference: 'https://attack.mitre.org/techniques/T1553/004', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'installRootCertificate' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installUtilT1218Description', { defaultMessage: 'InstallUtil (T1218.004)' }), id: 'T1218.004', name: 'InstallUtil', reference: 'https://attack.mitre.org/techniques/T1218/004', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'installUtil' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.installerPackagesT1546Description', { defaultMessage: 'Installer Packages (T1546.016)' }), id: 'T1546.016', name: 'Installer Packages', reference: 'https://attack.mitre.org/techniques/T1546/016', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'installerPackages' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internalDefacementT1491Description', { defaultMessage: 'Internal Defacement (T1491.001)' }), id: 'T1491.001', name: 'Internal Defacement', reference: 'https://attack.mitre.org/techniques/T1491/001', tactics: ['impact'], techniqueId: 'T1491', value: 'internalDefacement' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internalProxyT1090Description', { defaultMessage: 'Internal Proxy (T1090.001)' }), id: 'T1090.001', name: 'Internal Proxy', reference: 'https://attack.mitre.org/techniques/T1090/001', tactics: ['command-and-control'], techniqueId: 'T1090', value: 'internalProxy' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.internetConnectionDiscoveryT1016Description', { defaultMessage: 'Internet Connection Discovery (T1016.001)' }), id: 'T1016.001', name: 'Internet Connection Discovery', reference: 'https://attack.mitre.org/techniques/T1016/001', tactics: ['discovery'], techniqueId: 'T1016', value: 'internetConnectionDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.invalidCodeSignatureT1036Description', { defaultMessage: 'Invalid Code Signature (T1036.001)' }), id: 'T1036.001', name: 'Invalid Code Signature', reference: 'https://attack.mitre.org/techniques/T1036/001', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'invalidCodeSignature' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.javaScriptT1059Description', { defaultMessage: 'JavaScript (T1059.007)' }), id: 'T1059.007', name: 'JavaScript', reference: 'https://attack.mitre.org/techniques/T1059/007', tactics: ['execution'], techniqueId: 'T1059', value: 'javaScript' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.junkDataT1001Description', { defaultMessage: 'Junk Data (T1001.001)' }), id: 'T1001.001', name: 'Junk Data', reference: 'https://attack.mitre.org/techniques/T1001/001', tactics: ['command-and-control'], techniqueId: 'T1001', value: 'junkData' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kerberoastingT1558Description', { defaultMessage: 'Kerberoasting (T1558.003)' }), id: 'T1558.003', name: 'Kerberoasting', reference: 'https://attack.mitre.org/techniques/T1558/003', tactics: ['credential-access'], techniqueId: 'T1558', value: 'kerberoasting' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kernelModulesAndExtensionsT1547Description', { defaultMessage: 'Kernel Modules and Extensions (T1547.006)' }), id: 'T1547.006', name: 'Kernel Modules and Extensions', reference: 'https://attack.mitre.org/techniques/T1547/006', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'kernelModulesAndExtensions' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.kernelCallbackTableT1574Description', { defaultMessage: 'KernelCallbackTable (T1574.013)' }), id: 'T1574.013', name: 'KernelCallbackTable', reference: 'https://attack.mitre.org/techniques/T1574/013', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'kernelCallbackTable' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.keychainT1555Description', { defaultMessage: 'Keychain (T1555.001)' }), id: 'T1555.001', name: 'Keychain', reference: 'https://attack.mitre.org/techniques/T1555/001', tactics: ['credential-access'], techniqueId: 'T1555', value: 'keychain' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.keyloggingT1056Description', { defaultMessage: 'Keylogging (T1056.001)' }), id: 'T1056.001', name: 'Keylogging', reference: 'https://attack.mitre.org/techniques/T1056/001', tactics: ['collection', 'credential-access'], techniqueId: 'T1056', value: 'keylogging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lcLoadDylibAdditionT1546Description', { defaultMessage: 'LC_LOAD_DYLIB Addition (T1546.006)' }), id: 'T1546.006', name: 'LC_LOAD_DYLIB Addition', reference: 'https://attack.mitre.org/techniques/T1546/006', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'lcLoadDylibAddition' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.llmnrNbtNsPoisoningAndSmbRelayT1557Description', { defaultMessage: 'LLMNR/NBT-NS Poisoning and SMB Relay (T1557.001)' }), id: 'T1557.001', name: 'LLMNR/NBT-NS Poisoning and SMB Relay', reference: 'https://attack.mitre.org/techniques/T1557/001', tactics: ['credential-access', 'collection'], techniqueId: 'T1557', value: 'llmnrNbtNsPoisoningAndSmbRelay' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsaSecretsT1003Description', { defaultMessage: 'LSA Secrets (T1003.004)' }), id: 'T1003.004', name: 'LSA Secrets', reference: 'https://attack.mitre.org/techniques/T1003/004', tactics: ['credential-access'], techniqueId: 'T1003', value: 'lsaSecrets' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassDriverT1547Description', { defaultMessage: 'LSASS Driver (T1547.008)' }), id: 'T1547.008', name: 'LSASS Driver', reference: 'https://attack.mitre.org/techniques/T1547/008', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'lsassDriver' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.lsassMemoryT1003Description', { defaultMessage: 'LSASS Memory (T1003.001)' }), id: 'T1003.001', name: 'LSASS Memory', reference: 'https://attack.mitre.org/techniques/T1003/001', tactics: ['credential-access'], techniqueId: 'T1003', value: 'lsassMemory' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchAgentT1543Description', { defaultMessage: 'Launch Agent (T1543.001)' }), id: 'T1543.001', name: 'Launch Agent', reference: 'https://attack.mitre.org/techniques/T1543/001', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1543', value: 'launchAgent' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchDaemonT1543Description', { defaultMessage: 'Launch Daemon (T1543.004)' }), id: 'T1543.004', name: 'Launch Daemon', reference: 'https://attack.mitre.org/techniques/T1543/004', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1543', value: 'launchDaemon' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.launchctlT1569Description', { defaultMessage: 'Launchctl (T1569.001)' }), id: 'T1569.001', name: 'Launchctl', reference: 'https://attack.mitre.org/techniques/T1569/001', tactics: ['execution'], techniqueId: 'T1569', value: 'launchctl' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.linkTargetT1608Description', { defaultMessage: 'Link Target (T1608.005)' }), id: 'T1608.005', name: 'Link Target', reference: 'https://attack.mitre.org/techniques/T1608/005', tactics: ['resource-development'], techniqueId: 'T1608', value: 'linkTarget' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.linuxAndMacFileAndDirectoryPermissionsModificationT1222Description', { defaultMessage: 'Linux and Mac File and Directory Permissions Modification (T1222.002)' }), id: 'T1222.002', name: 'Linux and Mac File and Directory Permissions Modification', reference: 'https://attack.mitre.org/techniques/T1222/002', tactics: ['defense-evasion'], techniqueId: 'T1222', value: 'linuxAndMacFileAndDirectoryPermissionsModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.listPlantingT1055Description', { defaultMessage: 'ListPlanting (T1055.015)' }), id: 'T1055.015', name: 'ListPlanting', reference: 'https://attack.mitre.org/techniques/T1055/015', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'listPlanting' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1087Description', { defaultMessage: 'Local Account (T1087.001)' }), id: 'T1087.001', name: 'Local Account', reference: 'https://attack.mitre.org/techniques/T1087/001', tactics: ['discovery'], techniqueId: 'T1087', value: 'localAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountT1136Description', { defaultMessage: 'Local Account (T1136.001)' }), id: 'T1136.001', name: 'Local Account', reference: 'https://attack.mitre.org/techniques/T1136/001', tactics: ['persistence'], techniqueId: 'T1136', value: 'localAccount' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localAccountsT1078Description', { defaultMessage: 'Local Accounts (T1078.003)' }), id: 'T1078.003', name: 'Local Accounts', reference: 'https://attack.mitre.org/techniques/T1078/003', tactics: ['defense-evasion', 'persistence', 'privilege-escalation', 'initial-access'], techniqueId: 'T1078', value: 'localAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localDataStagingT1074Description', { defaultMessage: 'Local Data Staging (T1074.001)' }), id: 'T1074.001', name: 'Local Data Staging', reference: 'https://attack.mitre.org/techniques/T1074/001', tactics: ['collection'], techniqueId: 'T1074', value: 'localDataStaging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localEmailCollectionT1114Description', { defaultMessage: 'Local Email Collection (T1114.001)' }), id: 'T1114.001', name: 'Local Email Collection', reference: 'https://attack.mitre.org/techniques/T1114/001', tactics: ['collection'], techniqueId: 'T1114', value: 'localEmailCollection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.localGroupsT1069Description', { defaultMessage: 'Local Groups (T1069.001)' }), id: 'T1069.001', name: 'Local Groups', reference: 'https://attack.mitre.org/techniques/T1069/001', tactics: ['discovery'], techniqueId: 'T1069', value: 'localGroups' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginHookT1037Description', { defaultMessage: 'Login Hook (T1037.002)' }), id: 'T1037.002', name: 'Login Hook', reference: 'https://attack.mitre.org/techniques/T1037/002', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1037', value: 'loginHook' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.loginItemsT1547Description', { defaultMessage: 'Login Items (T1547.015)' }), id: 'T1547.015', name: 'Login Items', reference: 'https://attack.mitre.org/techniques/T1547/015', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'loginItems' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.logonScriptWindowsT1037Description', { defaultMessage: 'Logon Script (Windows) (T1037.001)' }), id: 'T1037.001', name: 'Logon Script (Windows)', reference: 'https://attack.mitre.org/techniques/T1037/001', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1037', value: 'logonScriptWindows' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mmcT1218Description', { defaultMessage: 'MMC (T1218.014)' }), id: 'T1218.014', name: 'MMC', reference: 'https://attack.mitre.org/techniques/T1218/014', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'mmc' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.msBuildT1127Description', { defaultMessage: 'MSBuild (T1127.001)' }), id: 'T1127.001', name: 'MSBuild', reference: 'https://attack.mitre.org/techniques/T1127/001', tactics: ['defense-evasion'], techniqueId: 'T1127', value: 'msBuild' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mailProtocolsT1071Description', { defaultMessage: 'Mail Protocols (T1071.003)' }), id: 'T1071.003', name: 'Mail Protocols', reference: 'https://attack.mitre.org/techniques/T1071/003', tactics: ['command-and-control'], techniqueId: 'T1071', value: 'mailProtocols' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.makeAndImpersonateTokenT1134Description', { defaultMessage: 'Make and Impersonate Token (T1134.003)' }), id: 'T1134.003', name: 'Make and Impersonate Token', reference: 'https://attack.mitre.org/techniques/T1134/003', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1134', value: 'makeAndImpersonateToken' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.maliciousFileT1204Description', { defaultMessage: 'Malicious File (T1204.002)' }), id: 'T1204.002', name: 'Malicious File', reference: 'https://attack.mitre.org/techniques/T1204/002', tactics: ['execution'], techniqueId: 'T1204', value: 'maliciousFile' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.maliciousImageT1204Description', { defaultMessage: 'Malicious Image (T1204.003)' }), id: 'T1204.003', name: 'Malicious Image', reference: 'https://attack.mitre.org/techniques/T1204/003', tactics: ['execution'], techniqueId: 'T1204', value: 'maliciousImage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.maliciousLinkT1204Description', { defaultMessage: 'Malicious Link (T1204.001)' }), id: 'T1204.001', name: 'Malicious Link', reference: 'https://attack.mitre.org/techniques/T1204/001', tactics: ['execution'], techniqueId: 'T1204', value: 'maliciousLink' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.malvertisingT1583Description', { defaultMessage: 'Malvertising (T1583.008)' }), id: 'T1583.008', name: 'Malvertising', reference: 'https://attack.mitre.org/techniques/T1583/008', tactics: ['resource-development'], techniqueId: 'T1583', value: 'malvertising' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.malwareT1587Description', { defaultMessage: 'Malware (T1587.001)' }), id: 'T1587.001', name: 'Malware', reference: 'https://attack.mitre.org/techniques/T1587/001', tactics: ['resource-development'], techniqueId: 'T1587', value: 'malware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.malwareT1588Description', { defaultMessage: 'Malware (T1588.001)' }), id: 'T1588.001', name: 'Malware', reference: 'https://attack.mitre.org/techniques/T1588/001', tactics: ['resource-development'], techniqueId: 'T1588', value: 'malware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.markOfTheWebBypassT1553Description', { defaultMessage: 'Mark-of-the-Web Bypass (T1553.005)' }), id: 'T1553.005', name: 'Mark-of-the-Web Bypass', reference: 'https://attack.mitre.org/techniques/T1553/005', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'markOfTheWebBypass' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.masqueradeFileTypeT1036Description', { defaultMessage: 'Masquerade File Type (T1036.008)' }), id: 'T1036.008', name: 'Masquerade File Type', reference: 'https://attack.mitre.org/techniques/T1036/008', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'masqueradeFileType' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.masqueradeTaskOrServiceT1036Description', { defaultMessage: 'Masquerade Task or Service (T1036.004)' }), id: 'T1036.004', name: 'Masquerade Task or Service', reference: 'https://attack.mitre.org/techniques/T1036/004', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'masqueradeTaskOrService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.matchLegitimateNameOrLocationT1036Description', { defaultMessage: 'Match Legitimate Name or Location (T1036.005)' }), id: 'T1036.005', name: 'Match Legitimate Name or Location', reference: 'https://attack.mitre.org/techniques/T1036/005', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'matchLegitimateNameOrLocation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mavinjectT1218Description', { defaultMessage: 'Mavinject (T1218.013)' }), id: 'T1218.013', name: 'Mavinject', reference: 'https://attack.mitre.org/techniques/T1218/013', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'mavinject' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.mshtaT1218Description', { defaultMessage: 'Mshta (T1218.005)' }), id: 'T1218.005', name: 'Mshta', reference: 'https://attack.mitre.org/techniques/T1218/005', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'mshta' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.msiexecT1218Description', { defaultMessage: 'Msiexec (T1218.007)' }), id: 'T1218.007', name: 'Msiexec', reference: 'https://attack.mitre.org/techniques/T1218/007', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'msiexec' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.multiFactorAuthenticationT1556Description', { defaultMessage: 'Multi-Factor Authentication (T1556.006)' }), id: 'T1556.006', name: 'Multi-Factor Authentication', reference: 'https://attack.mitre.org/techniques/T1556/006', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'multiFactorAuthentication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.multiHopProxyT1090Description', { defaultMessage: 'Multi-hop Proxy (T1090.003)' }), id: 'T1090.003', name: 'Multi-hop Proxy', reference: 'https://attack.mitre.org/techniques/T1090/003', tactics: ['command-and-control'], techniqueId: 'T1090', value: 'multiHopProxy' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ntdsT1003Description', { defaultMessage: 'NTDS (T1003.003)' }), id: 'T1003.003', name: 'NTDS', reference: 'https://attack.mitre.org/techniques/T1003/003', tactics: ['credential-access'], techniqueId: 'T1003', value: 'ntds' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ntfsFileAttributesT1564Description', { defaultMessage: 'NTFS File Attributes (T1564.004)' }), id: 'T1564.004', name: 'NTFS File Attributes', reference: 'https://attack.mitre.org/techniques/T1564/004', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'ntfsFileAttributes' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.netshHelperDllT1546Description', { defaultMessage: 'Netsh Helper DLL (T1546.007)' }), id: 'T1546.007', name: 'Netsh Helper DLL', reference: 'https://attack.mitre.org/techniques/T1546/007', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'netshHelperDll' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkAddressTranslationTraversalT1599Description', { defaultMessage: 'Network Address Translation Traversal (T1599.001)' }), id: 'T1599.001', name: 'Network Address Translation Traversal', reference: 'https://attack.mitre.org/techniques/T1599/001', tactics: ['defense-evasion'], techniqueId: 'T1599', value: 'networkAddressTranslationTraversal' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceAuthenticationT1556Description', { defaultMessage: 'Network Device Authentication (T1556.004)' }), id: 'T1556.004', name: 'Network Device Authentication', reference: 'https://attack.mitre.org/techniques/T1556/004', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'networkDeviceAuthentication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceCliT1059Description', { defaultMessage: 'Network Device CLI (T1059.008)' }), id: 'T1059.008', name: 'Network Device CLI', reference: 'https://attack.mitre.org/techniques/T1059/008', tactics: ['execution'], techniqueId: 'T1059', value: 'networkDeviceCli' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkDeviceConfigurationDumpT1602Description', { defaultMessage: 'Network Device Configuration Dump (T1602.002)' }), id: 'T1602.002', name: 'Network Device Configuration Dump', reference: 'https://attack.mitre.org/techniques/T1602/002', tactics: ['collection'], techniqueId: 'T1602', value: 'networkDeviceConfigurationDump' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkLogonScriptT1037Description', { defaultMessage: 'Network Logon Script (T1037.003)' }), id: 'T1037.003', name: 'Network Logon Script', reference: 'https://attack.mitre.org/techniques/T1037/003', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1037', value: 'networkLogonScript' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkProviderDllT1556Description', { defaultMessage: 'Network Provider DLL (T1556.008)' }), id: 'T1556.008', name: 'Network Provider DLL', reference: 'https://attack.mitre.org/techniques/T1556/008', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'networkProviderDll' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkSecurityAppliancesT1590Description', { defaultMessage: 'Network Security Appliances (T1590.006)' }), id: 'T1590.006', name: 'Network Security Appliances', reference: 'https://attack.mitre.org/techniques/T1590/006', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'networkSecurityAppliances' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkShareConnectionRemovalT1070Description', { defaultMessage: 'Network Share Connection Removal (T1070.005)' }), id: 'T1070.005', name: 'Network Share Connection Removal', reference: 'https://attack.mitre.org/techniques/T1070/005', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'networkShareConnectionRemoval' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkTopologyT1590Description', { defaultMessage: 'Network Topology (T1590.004)' }), id: 'T1590.004', name: 'Network Topology', reference: 'https://attack.mitre.org/techniques/T1590/004', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'networkTopology' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.networkTrustDependenciesT1590Description', { defaultMessage: 'Network Trust Dependencies (T1590.003)' }), id: 'T1590.003', name: 'Network Trust Dependencies', reference: 'https://attack.mitre.org/techniques/T1590/003', tactics: ['reconnaissance'], techniqueId: 'T1590', value: 'networkTrustDependencies' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.nonStandardEncodingT1132Description', { defaultMessage: 'Non-Standard Encoding (T1132.002)' }), id: 'T1132.002', name: 'Non-Standard Encoding', reference: 'https://attack.mitre.org/techniques/T1132/002', tactics: ['command-and-control'], techniqueId: 'T1132', value: 'nonStandardEncoding' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.osExhaustionFloodT1499Description', { defaultMessage: 'OS Exhaustion Flood (T1499.001)' }), id: 'T1499.001', name: 'OS Exhaustion Flood', reference: 'https://attack.mitre.org/techniques/T1499/001', tactics: ['impact'], techniqueId: 'T1499', value: 'osExhaustionFlood' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.odbcconfT1218Description', { defaultMessage: 'Odbcconf (T1218.008)' }), id: 'T1218.008', name: 'Odbcconf', reference: 'https://attack.mitre.org/techniques/T1218/008', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'odbcconf' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.officeTemplateMacrosT1137Description', { defaultMessage: 'Office Template Macros (T1137.001)' }), id: 'T1137.001', name: 'Office Template Macros', reference: 'https://attack.mitre.org/techniques/T1137/001', tactics: ['persistence'], techniqueId: 'T1137', value: 'officeTemplateMacros' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.officeTestT1137Description', { defaultMessage: 'Office Test (T1137.002)' }), id: 'T1137.002', name: 'Office Test', reference: 'https://attack.mitre.org/techniques/T1137/002', tactics: ['persistence'], techniqueId: 'T1137', value: 'officeTest' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.oneWayCommunicationT1102Description', { defaultMessage: 'One-Way Communication (T1102.003)' }), id: 'T1102.003', name: 'One-Way Communication', reference: 'https://attack.mitre.org/techniques/T1102/003', tactics: ['command-and-control'], techniqueId: 'T1102', value: 'oneWayCommunication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookFormsT1137Description', { defaultMessage: 'Outlook Forms (T1137.003)' }), id: 'T1137.003', name: 'Outlook Forms', reference: 'https://attack.mitre.org/techniques/T1137/003', tactics: ['persistence'], techniqueId: 'T1137', value: 'outlookForms' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookHomePageT1137Description', { defaultMessage: 'Outlook Home Page (T1137.004)' }), id: 'T1137.004', name: 'Outlook Home Page', reference: 'https://attack.mitre.org/techniques/T1137/004', tactics: ['persistence'], techniqueId: 'T1137', value: 'outlookHomePage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.outlookRulesT1137Description', { defaultMessage: 'Outlook Rules (T1137.005)' }), id: 'T1137.005', name: 'Outlook Rules', reference: 'https://attack.mitre.org/techniques/T1137/005', tactics: ['persistence'], techniqueId: 'T1137', value: 'outlookRules' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.parentPidSpoofingT1134Description', { defaultMessage: 'Parent PID Spoofing (T1134.004)' }), id: 'T1134.004', name: 'Parent PID Spoofing', reference: 'https://attack.mitre.org/techniques/T1134/004', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1134', value: 'parentPidSpoofing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passTheHashT1550Description', { defaultMessage: 'Pass the Hash (T1550.002)' }), id: 'T1550.002', name: 'Pass the Hash', reference: 'https://attack.mitre.org/techniques/T1550/002', tactics: ['defense-evasion', 'lateral-movement'], techniqueId: 'T1550', value: 'passTheHash' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passTheTicketT1550Description', { defaultMessage: 'Pass the Ticket (T1550.003)' }), id: 'T1550.003', name: 'Pass the Ticket', reference: 'https://attack.mitre.org/techniques/T1550/003', tactics: ['defense-evasion', 'lateral-movement'], techniqueId: 'T1550', value: 'passTheTicket' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordCrackingT1110Description', { defaultMessage: 'Password Cracking (T1110.002)' }), id: 'T1110.002', name: 'Password Cracking', reference: 'https://attack.mitre.org/techniques/T1110/002', tactics: ['credential-access'], techniqueId: 'T1110', value: 'passwordCracking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordFilterDllT1556Description', { defaultMessage: 'Password Filter DLL (T1556.002)' }), id: 'T1556.002', name: 'Password Filter DLL', reference: 'https://attack.mitre.org/techniques/T1556/002', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'passwordFilterDll' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordGuessingT1110Description', { defaultMessage: 'Password Guessing (T1110.001)' }), id: 'T1110.001', name: 'Password Guessing', reference: 'https://attack.mitre.org/techniques/T1110/001', tactics: ['credential-access'], techniqueId: 'T1110', value: 'passwordGuessing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordManagersT1555Description', { defaultMessage: 'Password Managers (T1555.005)' }), id: 'T1555.005', name: 'Password Managers', reference: 'https://attack.mitre.org/techniques/T1555/005', tactics: ['credential-access'], techniqueId: 'T1555', value: 'passwordManagers' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.passwordSprayingT1110Description', { defaultMessage: 'Password Spraying (T1110.003)' }), id: 'T1110.003', name: 'Password Spraying', reference: 'https://attack.mitre.org/techniques/T1110/003', tactics: ['credential-access'], techniqueId: 'T1110', value: 'passwordSpraying' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.patchSystemImageT1601Description', { defaultMessage: 'Patch System Image (T1601.001)' }), id: 'T1601.001', name: 'Patch System Image', reference: 'https://attack.mitre.org/techniques/T1601/001', tactics: ['defense-evasion'], techniqueId: 'T1601', value: 'patchSystemImage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionByPathEnvironmentVariableT1574Description', { defaultMessage: 'Path Interception by PATH Environment Variable (T1574.007)' }), id: 'T1574.007', name: 'Path Interception by PATH Environment Variable', reference: 'https://attack.mitre.org/techniques/T1574/007', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'pathInterceptionByPathEnvironmentVariable' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionBySearchOrderHijackingT1574Description', { defaultMessage: 'Path Interception by Search Order Hijacking (T1574.008)' }), id: 'T1574.008', name: 'Path Interception by Search Order Hijacking', reference: 'https://attack.mitre.org/techniques/T1574/008', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'pathInterceptionBySearchOrderHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pathInterceptionByUnquotedPathT1574Description', { defaultMessage: 'Path Interception by Unquoted Path (T1574.009)' }), id: 'T1574.009', name: 'Path Interception by Unquoted Path', reference: 'https://attack.mitre.org/techniques/T1574/009', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'pathInterceptionByUnquotedPath' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pluggableAuthenticationModulesT1556Description', { defaultMessage: 'Pluggable Authentication Modules (T1556.003)' }), id: 'T1556.003', name: 'Pluggable Authentication Modules', reference: 'https://attack.mitre.org/techniques/T1556/003', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'pluggableAuthenticationModules' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portKnockingT1205Description', { defaultMessage: 'Port Knocking (T1205.001)' }), id: 'T1205.001', name: 'Port Knocking', reference: 'https://attack.mitre.org/techniques/T1205/001', tactics: ['defense-evasion', 'persistence', 'command-and-control'], techniqueId: 'T1205', value: 'portKnocking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portMonitorsT1547Description', { defaultMessage: 'Port Monitors (T1547.010)' }), id: 'T1547.010', name: 'Port Monitors', reference: 'https://attack.mitre.org/techniques/T1547/010', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'portMonitors' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.portableExecutableInjectionT1055Description', { defaultMessage: 'Portable Executable Injection (T1055.002)' }), id: 'T1055.002', name: 'Portable Executable Injection', reference: 'https://attack.mitre.org/techniques/T1055/002', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'portableExecutableInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.powerShellT1059Description', { defaultMessage: 'PowerShell (T1059.001)' }), id: 'T1059.001', name: 'PowerShell', reference: 'https://attack.mitre.org/techniques/T1059/001', tactics: ['execution'], techniqueId: 'T1059', value: 'powerShell' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.powerShellProfileT1546Description', { defaultMessage: 'PowerShell Profile (T1546.013)' }), id: 'T1546.013', name: 'PowerShell Profile', reference: 'https://attack.mitre.org/techniques/T1546/013', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'powerShellProfile' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.printProcessorsT1547Description', { defaultMessage: 'Print Processors (T1547.012)' }), id: 'T1547.012', name: 'Print Processors', reference: 'https://attack.mitre.org/techniques/T1547/012', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'printProcessors' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.privateKeysT1552Description', { defaultMessage: 'Private Keys (T1552.004)' }), id: 'T1552.004', name: 'Private Keys', reference: 'https://attack.mitre.org/techniques/T1552/004', tactics: ['credential-access'], techniqueId: 'T1552', value: 'privateKeys' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procFilesystemT1003Description', { defaultMessage: 'Proc Filesystem (T1003.007)' }), id: 'T1003.007', name: 'Proc Filesystem', reference: 'https://attack.mitre.org/techniques/T1003/007', tactics: ['credential-access'], techniqueId: 'T1003', value: 'procFilesystem' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.procMemoryT1055Description', { defaultMessage: 'Proc Memory (T1055.009)' }), id: 'T1055.009', name: 'Proc Memory', reference: 'https://attack.mitre.org/techniques/T1055/009', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'procMemory' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processArgumentSpoofingT1564Description', { defaultMessage: 'Process Argument Spoofing (T1564.010)' }), id: 'T1564.010', name: 'Process Argument Spoofing', reference: 'https://attack.mitre.org/techniques/T1564/010', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'processArgumentSpoofing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processDoppelgangingT1055Description', { defaultMessage: 'Process Doppelgänging (T1055.013)' }), id: 'T1055.013', name: 'Process Doppelgänging', reference: 'https://attack.mitre.org/techniques/T1055/013', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'processDoppelganging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.processHollowingT1055Description', { defaultMessage: 'Process Hollowing (T1055.012)' }), id: 'T1055.012', name: 'Process Hollowing', reference: 'https://attack.mitre.org/techniques/T1055/012', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'processHollowing' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.protocolImpersonationT1001Description', { defaultMessage: 'Protocol Impersonation (T1001.003)' }), id: 'T1001.003', name: 'Protocol Impersonation', reference: 'https://attack.mitre.org/techniques/T1001/003', tactics: ['command-and-control'], techniqueId: 'T1001', value: 'protocolImpersonation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.ptraceSystemCallsT1055Description', { defaultMessage: 'Ptrace System Calls (T1055.008)' }), id: 'T1055.008', name: 'Ptrace System Calls', reference: 'https://attack.mitre.org/techniques/T1055/008', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'ptraceSystemCalls' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pubPrnT1216Description', { defaultMessage: 'PubPrn (T1216.001)' }), id: 'T1216.001', name: 'PubPrn', reference: 'https://attack.mitre.org/techniques/T1216/001', tactics: ['defense-evasion'], techniqueId: 'T1216', value: 'pubPrn' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.purchaseTechnicalDataT1597Description', { defaultMessage: 'Purchase Technical Data (T1597.002)' }), id: 'T1597.002', name: 'Purchase Technical Data', reference: 'https://attack.mitre.org/techniques/T1597/002', tactics: ['reconnaissance'], techniqueId: 'T1597', value: 'purchaseTechnicalData' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.pythonT1059Description', { defaultMessage: 'Python (T1059.006)' }), id: 'T1059.006', name: 'Python', reference: 'https://attack.mitre.org/techniques/T1059/006', tactics: ['execution'], techniqueId: 'T1059', value: 'python' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rcScriptsT1037Description', { defaultMessage: 'RC Scripts (T1037.004)' }), id: 'T1037.004', name: 'RC Scripts', reference: 'https://attack.mitre.org/techniques/T1037/004', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1037', value: 'rcScripts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rdpHijackingT1563Description', { defaultMessage: 'RDP Hijacking (T1563.002)' }), id: 'T1563.002', name: 'RDP Hijacking', reference: 'https://attack.mitre.org/techniques/T1563/002', tactics: ['lateral-movement'], techniqueId: 'T1563', value: 'rdpHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rommoNkitT1542Description', { defaultMessage: 'ROMMONkit (T1542.004)' }), id: 'T1542.004', name: 'ROMMONkit', reference: 'https://attack.mitre.org/techniques/T1542/004', tactics: ['defense-evasion', 'persistence'], techniqueId: 'T1542', value: 'rommoNkit' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reOpenedApplicationsT1547Description', { defaultMessage: 'Re-opened Applications (T1547.007)' }), id: 'T1547.007', name: 'Re-opened Applications', reference: 'https://attack.mitre.org/techniques/T1547/007', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'reOpenedApplications' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reduceKeySpaceT1600Description', { defaultMessage: 'Reduce Key Space (T1600.001)' }), id: 'T1600.001', name: 'Reduce Key Space', reference: 'https://attack.mitre.org/techniques/T1600/001', tactics: ['defense-evasion'], techniqueId: 'T1600', value: 'reduceKeySpace' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reflectionAmplificationT1498Description', { defaultMessage: 'Reflection Amplification (T1498.002)' }), id: 'T1498.002', name: 'Reflection Amplification', reference: 'https://attack.mitre.org/techniques/T1498/002', tactics: ['impact'], techniqueId: 'T1498', value: 'reflectionAmplification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.registryRunKeysStartupFolderT1547Description', { defaultMessage: 'Registry Run Keys / Startup Folder (T1547.001)' }), id: 'T1547.001', name: 'Registry Run Keys / Startup Folder', reference: 'https://attack.mitre.org/techniques/T1547/001', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'registryRunKeysStartupFolder' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.regsvcsRegasmT1218Description', { defaultMessage: 'Regsvcs/Regasm (T1218.009)' }), id: 'T1218.009', name: 'Regsvcs/Regasm', reference: 'https://attack.mitre.org/techniques/T1218/009', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'regsvcsRegasm' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.regsvr32T1218Description', { defaultMessage: 'Regsvr32 (T1218.010)' }), id: 'T1218.010', name: 'Regsvr32', reference: 'https://attack.mitre.org/techniques/T1218/010', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'regsvr32' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteDataStagingT1074Description', { defaultMessage: 'Remote Data Staging (T1074.002)' }), id: 'T1074.002', name: 'Remote Data Staging', reference: 'https://attack.mitre.org/techniques/T1074/002', tactics: ['collection'], techniqueId: 'T1074', value: 'remoteDataStaging' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteDesktopProtocolT1021Description', { defaultMessage: 'Remote Desktop Protocol (T1021.001)' }), id: 'T1021.001', name: 'Remote Desktop Protocol', reference: 'https://attack.mitre.org/techniques/T1021/001', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'remoteDesktopProtocol' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.remoteEmailCollectionT1114Description', { defaultMessage: 'Remote Email Collection (T1114.002)' }), id: 'T1114.002', name: 'Remote Email Collection', reference: 'https://attack.mitre.org/techniques/T1114/002', tactics: ['collection'], techniqueId: 'T1114', value: 'remoteEmailCollection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.renameSystemUtilitiesT1036Description', { defaultMessage: 'Rename System Utilities (T1036.003)' }), id: 'T1036.003', name: 'Rename System Utilities', reference: 'https://attack.mitre.org/techniques/T1036/003', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'renameSystemUtilities' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.resourceForkingT1564Description', { defaultMessage: 'Resource Forking (T1564.009)' }), id: 'T1564.009', name: 'Resource Forking', reference: 'https://attack.mitre.org/techniques/T1564/009', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'resourceForking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.reversibleEncryptionT1556Description', { defaultMessage: 'Reversible Encryption (T1556.005)' }), id: 'T1556.005', name: 'Reversible Encryption', reference: 'https://attack.mitre.org/techniques/T1556/005', tactics: ['credential-access', 'defense-evasion', 'persistence'], techniqueId: 'T1556', value: 'reversibleEncryption' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.revertCloudInstanceT1578Description', { defaultMessage: 'Revert Cloud Instance (T1578.004)' }), id: 'T1578.004', name: 'Revert Cloud Instance', reference: 'https://attack.mitre.org/techniques/T1578/004', tactics: ['defense-evasion'], techniqueId: 'T1578', value: 'revertCloudInstance' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rightToLeftOverrideT1036Description', { defaultMessage: 'Right-to-Left Override (T1036.002)' }), id: 'T1036.002', name: 'Right-to-Left Override', reference: 'https://attack.mitre.org/techniques/T1036/002', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'rightToLeftOverride' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.runVirtualInstanceT1564Description', { defaultMessage: 'Run Virtual Instance (T1564.006)' }), id: 'T1564.006', name: 'Run Virtual Instance', reference: 'https://attack.mitre.org/techniques/T1564/006', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'runVirtualInstance' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.rundll32T1218Description', { defaultMessage: 'Rundll32 (T1218.011)' }), id: 'T1218.011', name: 'Rundll32', reference: 'https://attack.mitre.org/techniques/T1218/011', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'rundll32' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.runtimeDataManipulationT1565Description', { defaultMessage: 'Runtime Data Manipulation (T1565.003)' }), id: 'T1565.003', name: 'Runtime Data Manipulation', reference: 'https://attack.mitre.org/techniques/T1565/003', tactics: ['impact'], techniqueId: 'T1565', value: 'runtimeDataManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.samlTokensT1606Description', { defaultMessage: 'SAML Tokens (T1606.002)' }), id: 'T1606.002', name: 'SAML Tokens', reference: 'https://attack.mitre.org/techniques/T1606/002', tactics: ['credential-access'], techniqueId: 'T1606', value: 'samlTokens' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.seoPoisoningT1608Description', { defaultMessage: 'SEO Poisoning (T1608.006)' }), id: 'T1608.006', name: 'SEO Poisoning', reference: 'https://attack.mitre.org/techniques/T1608/006', tactics: ['resource-development'], techniqueId: 'T1608', value: 'seoPoisoning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sidHistoryInjectionT1134Description', { defaultMessage: 'SID-History Injection (T1134.005)' }), id: 'T1134.005', name: 'SID-History Injection', reference: 'https://attack.mitre.org/techniques/T1134/005', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1134', value: 'sidHistoryInjection' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sipAndTrustProviderHijackingT1553Description', { defaultMessage: 'SIP and Trust Provider Hijacking (T1553.003)' }), id: 'T1553.003', name: 'SIP and Trust Provider Hijacking', reference: 'https://attack.mitre.org/techniques/T1553/003', tactics: ['defense-evasion'], techniqueId: 'T1553', value: 'sipAndTrustProviderHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.smbWindowsAdminSharesT1021Description', { defaultMessage: 'SMB/Windows Admin Shares (T1021.002)' }), id: 'T1021.002', name: 'SMB/Windows Admin Shares', reference: 'https://attack.mitre.org/techniques/T1021/002', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'smbWindowsAdminShares' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.snmpMibDumpT1602Description', { defaultMessage: 'SNMP (MIB Dump) (T1602.001)' }), id: 'T1602.001', name: 'SNMP (MIB Dump)', reference: 'https://attack.mitre.org/techniques/T1602/001', tactics: ['collection'], techniqueId: 'T1602', value: 'snmpMibDump' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sqlStoredProceduresT1505Description', { defaultMessage: 'SQL Stored Procedures (T1505.001)' }), id: 'T1505.001', name: 'SQL Stored Procedures', reference: 'https://attack.mitre.org/techniques/T1505/001', tactics: ['persistence'], techniqueId: 'T1505', value: 'sqlStoredProcedures' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshT1021Description', { defaultMessage: 'SSH (T1021.004)' }), id: 'T1021.004', name: 'SSH', reference: 'https://attack.mitre.org/techniques/T1021/004', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'ssh' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshAuthorizedKeysT1098Description', { defaultMessage: 'SSH Authorized Keys (T1098.004)' }), id: 'T1098.004', name: 'SSH Authorized Keys', reference: 'https://attack.mitre.org/techniques/T1098/004', tactics: ['persistence'], techniqueId: 'T1098', value: 'sshAuthorizedKeys' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sshHijackingT1563Description', { defaultMessage: 'SSH Hijacking (T1563.001)' }), id: 'T1563.001', name: 'SSH Hijacking', reference: 'https://attack.mitre.org/techniques/T1563/001', tactics: ['lateral-movement'], techniqueId: 'T1563', value: 'sshHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.safeModeBootT1562Description', { defaultMessage: 'Safe Mode Boot (T1562.009)' }), id: 'T1562.009', name: 'Safe Mode Boot', reference: 'https://attack.mitre.org/techniques/T1562/009', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'safeModeBoot' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scanDatabasesT1596Description', { defaultMessage: 'Scan Databases (T1596.005)' }), id: 'T1596.005', name: 'Scan Databases', reference: 'https://attack.mitre.org/techniques/T1596/005', tactics: ['reconnaissance'], techniqueId: 'T1596', value: 'scanDatabases' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scanningIpBlocksT1595Description', { defaultMessage: 'Scanning IP Blocks (T1595.001)' }), id: 'T1595.001', name: 'Scanning IP Blocks', reference: 'https://attack.mitre.org/techniques/T1595/001', tactics: ['reconnaissance'], techniqueId: 'T1595', value: 'scanningIpBlocks' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.scheduledTaskT1053Description', { defaultMessage: 'Scheduled Task (T1053.005)' }), id: 'T1053.005', name: 'Scheduled Task', reference: 'https://attack.mitre.org/techniques/T1053/005', tactics: ['execution', 'persistence', 'privilege-escalation'], techniqueId: 'T1053', value: 'scheduledTask' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.screensaverT1546Description', { defaultMessage: 'Screensaver (T1546.002)' }), id: 'T1546.002', name: 'Screensaver', reference: 'https://attack.mitre.org/techniques/T1546/002', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'screensaver' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.searchEnginesT1593Description', { defaultMessage: 'Search Engines (T1593.002)' }), id: 'T1593.002', name: 'Search Engines', reference: 'https://attack.mitre.org/techniques/T1593/002', tactics: ['reconnaissance'], techniqueId: 'T1593', value: 'searchEngines' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securityAccountManagerT1003Description', { defaultMessage: 'Security Account Manager (T1003.002)' }), id: 'T1003.002', name: 'Security Account Manager', reference: 'https://attack.mitre.org/techniques/T1003/002', tactics: ['credential-access'], techniqueId: 'T1003', value: 'securityAccountManager' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitySoftwareDiscoveryT1518Description', { defaultMessage: 'Security Software Discovery (T1518.001)' }), id: 'T1518.001', name: 'Security Software Discovery', reference: 'https://attack.mitre.org/techniques/T1518/001', tactics: ['discovery'], techniqueId: 'T1518', value: 'securitySoftwareDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitySupportProviderT1547Description', { defaultMessage: 'Security Support Provider (T1547.005)' }), id: 'T1547.005', name: 'Security Support Provider', reference: 'https://attack.mitre.org/techniques/T1547/005', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'securitySupportProvider' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.securitydMemoryT1555Description', { defaultMessage: 'Securityd Memory (T1555.002)' }), id: 'T1555.002', name: 'Securityd Memory', reference: 'https://attack.mitre.org/techniques/T1555/002', tactics: ['credential-access'], techniqueId: 'T1555', value: 'securitydMemory' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverT1583Description', { defaultMessage: 'Server (T1583.004)' }), id: 'T1583.004', name: 'Server', reference: 'https://attack.mitre.org/techniques/T1583/004', tactics: ['resource-development'], techniqueId: 'T1583', value: 'server' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverT1584Description', { defaultMessage: 'Server (T1584.004)' }), id: 'T1584.004', name: 'Server', reference: 'https://attack.mitre.org/techniques/T1584/004', tactics: ['resource-development'], techniqueId: 'T1584', value: 'server' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverlessT1583Description', { defaultMessage: 'Serverless (T1583.007)' }), id: 'T1583.007', name: 'Serverless', reference: 'https://attack.mitre.org/techniques/T1583/007', tactics: ['resource-development'], techniqueId: 'T1583', value: 'serverless' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serverlessT1584Description', { defaultMessage: 'Serverless (T1584.007)' }), id: 'T1584.007', name: 'Serverless', reference: 'https://attack.mitre.org/techniques/T1584/007', tactics: ['resource-development'], techniqueId: 'T1584', value: 'serverless' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serviceExecutionT1569Description', { defaultMessage: 'Service Execution (T1569.002)' }), id: 'T1569.002', name: 'Service Execution', reference: 'https://attack.mitre.org/techniques/T1569/002', tactics: ['execution'], techniqueId: 'T1569', value: 'serviceExecution' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.serviceExhaustionFloodT1499Description', { defaultMessage: 'Service Exhaustion Flood (T1499.002)' }), id: 'T1499.002', name: 'Service Exhaustion Flood', reference: 'https://attack.mitre.org/techniques/T1499/002', tactics: ['impact'], techniqueId: 'T1499', value: 'serviceExhaustionFlood' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.servicesFilePermissionsWeaknessT1574Description', { defaultMessage: 'Services File Permissions Weakness (T1574.010)' }), id: 'T1574.010', name: 'Services File Permissions Weakness', reference: 'https://attack.mitre.org/techniques/T1574/010', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'servicesFilePermissionsWeakness' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.servicesRegistryPermissionsWeaknessT1574Description', { defaultMessage: 'Services Registry Permissions Weakness (T1574.011)' }), id: 'T1574.011', name: 'Services Registry Permissions Weakness', reference: 'https://attack.mitre.org/techniques/T1574/011', tactics: ['persistence', 'privilege-escalation', 'defense-evasion'], techniqueId: 'T1574', value: 'servicesRegistryPermissionsWeakness' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.setuidAndSetgidT1548Description', { defaultMessage: 'Setuid and Setgid (T1548.001)' }), id: 'T1548.001', name: 'Setuid and Setgid', reference: 'https://attack.mitre.org/techniques/T1548/001', tactics: ['privilege-escalation', 'defense-evasion'], techniqueId: 'T1548', value: 'setuidAndSetgid' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sharepointT1213Description', { defaultMessage: 'Sharepoint (T1213.002)' }), id: 'T1213.002', name: 'Sharepoint', reference: 'https://attack.mitre.org/techniques/T1213/002', tactics: ['collection'], techniqueId: 'T1213', value: 'sharepoint' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.shortcutModificationT1547Description', { defaultMessage: 'Shortcut Modification (T1547.009)' }), id: 'T1547.009', name: 'Shortcut Modification', reference: 'https://attack.mitre.org/techniques/T1547/009', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'shortcutModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.silverTicketT1558Description', { defaultMessage: 'Silver Ticket (T1558.002)' }), id: 'T1558.002', name: 'Silver Ticket', reference: 'https://attack.mitre.org/techniques/T1558/002', tactics: ['credential-access'], techniqueId: 'T1558', value: 'silverTicket' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaT1593Description', { defaultMessage: 'Social Media (T1593.001)' }), id: 'T1593.001', name: 'Social Media', reference: 'https://attack.mitre.org/techniques/T1593/001', tactics: ['reconnaissance'], techniqueId: 'T1593', value: 'socialMedia' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1586Description', { defaultMessage: 'Social Media Accounts (T1586.001)' }), id: 'T1586.001', name: 'Social Media Accounts', reference: 'https://attack.mitre.org/techniques/T1586/001', tactics: ['resource-development'], techniqueId: 'T1586', value: 'socialMediaAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socialMediaAccountsT1585Description', { defaultMessage: 'Social Media Accounts (T1585.001)' }), id: 'T1585.001', name: 'Social Media Accounts', reference: 'https://attack.mitre.org/techniques/T1585/001', tactics: ['resource-development'], techniqueId: 'T1585', value: 'socialMediaAccounts' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.socketFiltersT1205Description', { defaultMessage: 'Socket Filters (T1205.002)' }), id: 'T1205.002', name: 'Socket Filters', reference: 'https://attack.mitre.org/techniques/T1205/002', tactics: ['defense-evasion', 'persistence', 'command-and-control'], techniqueId: 'T1205', value: 'socketFilters' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.softwareT1592Description', { defaultMessage: 'Software (T1592.002)' }), id: 'T1592.002', name: 'Software', reference: 'https://attack.mitre.org/techniques/T1592/002', tactics: ['reconnaissance'], techniqueId: 'T1592', value: 'software' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.softwarePackingT1027Description', { defaultMessage: 'Software Packing (T1027.002)' }), id: 'T1027.002', name: 'Software Packing', reference: 'https://attack.mitre.org/techniques/T1027/002', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'softwarePacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spaceAfterFilenameT1036Description', { defaultMessage: 'Space after Filename (T1036.006)' }), id: 'T1036.006', name: 'Space after Filename', reference: 'https://attack.mitre.org/techniques/T1036/006', tactics: ['defense-evasion'], techniqueId: 'T1036', value: 'spaceAfterFilename' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingAttachmentT1566Description', { defaultMessage: 'Spearphishing Attachment (T1566.001)' }), id: 'T1566.001', name: 'Spearphishing Attachment', reference: 'https://attack.mitre.org/techniques/T1566/001', tactics: ['initial-access'], techniqueId: 'T1566', value: 'spearphishingAttachment' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingAttachmentT1598Description', { defaultMessage: 'Spearphishing Attachment (T1598.002)' }), id: 'T1598.002', name: 'Spearphishing Attachment', reference: 'https://attack.mitre.org/techniques/T1598/002', tactics: ['reconnaissance'], techniqueId: 'T1598', value: 'spearphishingAttachment' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingLinkT1566Description', { defaultMessage: 'Spearphishing Link (T1566.002)' }), id: 'T1566.002', name: 'Spearphishing Link', reference: 'https://attack.mitre.org/techniques/T1566/002', tactics: ['initial-access'], techniqueId: 'T1566', value: 'spearphishingLink' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingLinkT1598Description', { defaultMessage: 'Spearphishing Link (T1598.003)' }), id: 'T1598.003', name: 'Spearphishing Link', reference: 'https://attack.mitre.org/techniques/T1598/003', tactics: ['reconnaissance'], techniqueId: 'T1598', value: 'spearphishingLink' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingServiceT1598Description', { defaultMessage: 'Spearphishing Service (T1598.001)' }), id: 'T1598.001', name: 'Spearphishing Service', reference: 'https://attack.mitre.org/techniques/T1598/001', tactics: ['reconnaissance'], techniqueId: 'T1598', value: 'spearphishingService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spearphishingViaServiceT1566Description', { defaultMessage: 'Spearphishing via Service (T1566.003)' }), id: 'T1566.003', name: 'Spearphishing via Service', reference: 'https://attack.mitre.org/techniques/T1566/003', tactics: ['initial-access'], techniqueId: 'T1566', value: 'spearphishingViaService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.spoofSecurityAlertingT1562Description', { defaultMessage: 'Spoof Security Alerting (T1562.011)' }), id: 'T1562.011', name: 'Spoof Security Alerting', reference: 'https://attack.mitre.org/techniques/T1562/011', tactics: ['defense-evasion'], techniqueId: 'T1562', value: 'spoofSecurityAlerting' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.standardEncodingT1132Description', { defaultMessage: 'Standard Encoding (T1132.001)' }), id: 'T1132.001', name: 'Standard Encoding', reference: 'https://attack.mitre.org/techniques/T1132/001', tactics: ['command-and-control'], techniqueId: 'T1132', value: 'standardEncoding' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.startupItemsT1037Description', { defaultMessage: 'Startup Items (T1037.005)' }), id: 'T1037.005', name: 'Startup Items', reference: 'https://attack.mitre.org/techniques/T1037/005', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1037', value: 'startupItems' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.steganographyT1027Description', { defaultMessage: 'Steganography (T1027.003)' }), id: 'T1027.003', name: 'Steganography', reference: 'https://attack.mitre.org/techniques/T1027/003', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'steganography' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.steganographyT1001Description', { defaultMessage: 'Steganography (T1001.002)' }), id: 'T1001.002', name: 'Steganography', reference: 'https://attack.mitre.org/techniques/T1001/002', tactics: ['command-and-control'], techniqueId: 'T1001', value: 'steganography' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.storedDataManipulationT1565Description', { defaultMessage: 'Stored Data Manipulation (T1565.001)' }), id: 'T1565.001', name: 'Stored Data Manipulation', reference: 'https://attack.mitre.org/techniques/T1565/001', tactics: ['impact'], techniqueId: 'T1565', value: 'storedDataManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.strippedPayloadsT1027Description', { defaultMessage: 'Stripped Payloads (T1027.008)' }), id: 'T1027.008', name: 'Stripped Payloads', reference: 'https://attack.mitre.org/techniques/T1027/008', tactics: ['defense-evasion'], techniqueId: 'T1027', value: 'strippedPayloads' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.sudoAndSudoCachingT1548Description', { defaultMessage: 'Sudo and Sudo Caching (T1548.003)' }), id: 'T1548.003', name: 'Sudo and Sudo Caching', reference: 'https://attack.mitre.org/techniques/T1548/003', tactics: ['privilege-escalation', 'defense-evasion'], techniqueId: 'T1548', value: 'sudoAndSudoCaching' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.symmetricCryptographyT1573Description', { defaultMessage: 'Symmetric Cryptography (T1573.001)' }), id: 'T1573.001', name: 'Symmetric Cryptography', reference: 'https://attack.mitre.org/techniques/T1573/001', tactics: ['command-and-control'], techniqueId: 'T1573', value: 'symmetricCryptography' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemChecksT1497Description', { defaultMessage: 'System Checks (T1497.001)' }), id: 'T1497.001', name: 'System Checks', reference: 'https://attack.mitre.org/techniques/T1497/001', tactics: ['defense-evasion', 'discovery'], techniqueId: 'T1497', value: 'systemChecks' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemFirmwareT1542Description', { defaultMessage: 'System Firmware (T1542.001)' }), id: 'T1542.001', name: 'System Firmware', reference: 'https://attack.mitre.org/techniques/T1542/001', tactics: ['persistence', 'defense-evasion'], techniqueId: 'T1542', value: 'systemFirmware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemLanguageDiscoveryT1614Description', { defaultMessage: 'System Language Discovery (T1614.001)' }), id: 'T1614.001', name: 'System Language Discovery', reference: 'https://attack.mitre.org/techniques/T1614/001', tactics: ['discovery'], techniqueId: 'T1614', value: 'systemLanguageDiscovery' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemdServiceT1543Description', { defaultMessage: 'Systemd Service (T1543.002)' }), id: 'T1543.002', name: 'Systemd Service', reference: 'https://attack.mitre.org/techniques/T1543/002', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1543', value: 'systemdService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.systemdTimersT1053Description', { defaultMessage: 'Systemd Timers (T1053.006)' }), id: 'T1053.006', name: 'Systemd Timers', reference: 'https://attack.mitre.org/techniques/T1053/006', tactics: ['execution', 'persistence', 'privilege-escalation'], techniqueId: 'T1053', value: 'systemdTimers' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.tftpBootT1542Description', { defaultMessage: 'TFTP Boot (T1542.005)' }), id: 'T1542.005', name: 'TFTP Boot', reference: 'https://attack.mitre.org/techniques/T1542/005', tactics: ['defense-evasion', 'persistence'], techniqueId: 'T1542', value: 'tftpBoot' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.terminalServicesDllT1505Description', { defaultMessage: 'Terminal Services DLL (T1505.005)' }), id: 'T1505.005', name: 'Terminal Services DLL', reference: 'https://attack.mitre.org/techniques/T1505/005', tactics: ['persistence'], techniqueId: 'T1505', value: 'terminalServicesDll' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threadExecutionHijackingT1055Description', { defaultMessage: 'Thread Execution Hijacking (T1055.003)' }), id: 'T1055.003', name: 'Thread Execution Hijacking', reference: 'https://attack.mitre.org/techniques/T1055/003', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'threadExecutionHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threadLocalStorageT1055Description', { defaultMessage: 'Thread Local Storage (T1055.005)' }), id: 'T1055.005', name: 'Thread Local Storage', reference: 'https://attack.mitre.org/techniques/T1055/005', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'threadLocalStorage' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.threatIntelVendorsT1597Description', { defaultMessage: 'Threat Intel Vendors (T1597.001)' }), id: 'T1597.001', name: 'Threat Intel Vendors', reference: 'https://attack.mitre.org/techniques/T1597/001', tactics: ['reconnaissance'], techniqueId: 'T1597', value: 'threatIntelVendors' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timeBasedEvasionT1497Description', { defaultMessage: 'Time Based Evasion (T1497.003)' }), id: 'T1497.003', name: 'Time Based Evasion', reference: 'https://attack.mitre.org/techniques/T1497/003', tactics: ['defense-evasion', 'discovery'], techniqueId: 'T1497', value: 'timeBasedEvasion' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timeProvidersT1547Description', { defaultMessage: 'Time Providers (T1547.003)' }), id: 'T1547.003', name: 'Time Providers', reference: 'https://attack.mitre.org/techniques/T1547/003', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'timeProviders' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.timestompT1070Description', { defaultMessage: 'Timestomp (T1070.006)' }), id: 'T1070.006', name: 'Timestomp', reference: 'https://attack.mitre.org/techniques/T1070/006', tactics: ['defense-evasion'], techniqueId: 'T1070', value: 'timestomp' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.tokenImpersonationTheftT1134Description', { defaultMessage: 'Token Impersonation/Theft (T1134.001)' }), id: 'T1134.001', name: 'Token Impersonation/Theft', reference: 'https://attack.mitre.org/techniques/T1134/001', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1134', value: 'tokenImpersonationTheft' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.toolT1588Description', { defaultMessage: 'Tool (T1588.002)' }), id: 'T1588.002', name: 'Tool', reference: 'https://attack.mitre.org/techniques/T1588/002', tactics: ['resource-development'], techniqueId: 'T1588', value: 'tool' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.trafficDuplicationT1020Description', { defaultMessage: 'Traffic Duplication (T1020.001)' }), id: 'T1020.001', name: 'Traffic Duplication', reference: 'https://attack.mitre.org/techniques/T1020/001', tactics: ['exfiltration'], techniqueId: 'T1020', value: 'trafficDuplication' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.transmittedDataManipulationT1565Description', { defaultMessage: 'Transmitted Data Manipulation (T1565.002)' }), id: 'T1565.002', name: 'Transmitted Data Manipulation', reference: 'https://attack.mitre.org/techniques/T1565/002', tactics: ['impact'], techniqueId: 'T1565', value: 'transmittedDataManipulation' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.transportAgentT1505Description', { defaultMessage: 'Transport Agent (T1505.002)' }), id: 'T1505.002', name: 'Transport Agent', reference: 'https://attack.mitre.org/techniques/T1505/002', tactics: ['persistence'], techniqueId: 'T1505', value: 'transportAgent' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.trapT1546Description', { defaultMessage: 'Trap (T1546.005)' }), id: 'T1546.005', name: 'Trap', reference: 'https://attack.mitre.org/techniques/T1546/005', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'trap' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.unixShellT1059Description', { defaultMessage: 'Unix Shell (T1059.004)' }), id: 'T1059.004', name: 'Unix Shell', reference: 'https://attack.mitre.org/techniques/T1059/004', tactics: ['execution'], techniqueId: 'T1059', value: 'unixShell' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.unixShellConfigurationModificationT1546Description', { defaultMessage: 'Unix Shell Configuration Modification (T1546.004)' }), id: 'T1546.004', name: 'Unix Shell Configuration Modification', reference: 'https://attack.mitre.org/techniques/T1546/004', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'unixShellConfigurationModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.uploadMalwareT1608Description', { defaultMessage: 'Upload Malware (T1608.001)' }), id: 'T1608.001', name: 'Upload Malware', reference: 'https://attack.mitre.org/techniques/T1608/001', tactics: ['resource-development'], techniqueId: 'T1608', value: 'uploadMalware' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.uploadToolT1608Description', { defaultMessage: 'Upload Tool (T1608.002)' }), id: 'T1608.002', name: 'Upload Tool', reference: 'https://attack.mitre.org/techniques/T1608/002', tactics: ['resource-development'], techniqueId: 'T1608', value: 'uploadTool' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.userActivityBasedChecksT1497Description', { defaultMessage: 'User Activity Based Checks (T1497.002)' }), id: 'T1497.002', name: 'User Activity Based Checks', reference: 'https://attack.mitre.org/techniques/T1497/002', tactics: ['defense-evasion', 'discovery'], techniqueId: 'T1497', value: 'userActivityBasedChecks' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vbaStompingT1564Description', { defaultMessage: 'VBA Stomping (T1564.007)' }), id: 'T1564.007', name: 'VBA Stomping', reference: 'https://attack.mitre.org/techniques/T1564/007', tactics: ['defense-evasion'], techniqueId: 'T1564', value: 'vbaStomping' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vdsoHijackingT1055Description', { defaultMessage: 'VDSO Hijacking (T1055.014)' }), id: 'T1055.014', name: 'VDSO Hijacking', reference: 'https://attack.mitre.org/techniques/T1055/014', tactics: ['defense-evasion', 'privilege-escalation'], techniqueId: 'T1055', value: 'vdsoHijacking' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vncT1021Description', { defaultMessage: 'VNC (T1021.005)' }), id: 'T1021.005', name: 'VNC', reference: 'https://attack.mitre.org/techniques/T1021/005', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'vnc' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.verclsidT1218Description', { defaultMessage: 'Verclsid (T1218.012)' }), id: 'T1218.012', name: 'Verclsid', reference: 'https://attack.mitre.org/techniques/T1218/012', tactics: ['defense-evasion'], techniqueId: 'T1218', value: 'verclsid' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1584Description', { defaultMessage: 'Virtual Private Server (T1584.003)' }), id: 'T1584.003', name: 'Virtual Private Server', reference: 'https://attack.mitre.org/techniques/T1584/003', tactics: ['resource-development'], techniqueId: 'T1584', value: 'virtualPrivateServer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.virtualPrivateServerT1583Description', { defaultMessage: 'Virtual Private Server (T1583.003)' }), id: 'T1583.003', name: 'Virtual Private Server', reference: 'https://attack.mitre.org/techniques/T1583/003', tactics: ['resource-development'], techniqueId: 'T1583', value: 'virtualPrivateServer' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.visualBasicT1059Description', { defaultMessage: 'Visual Basic (T1059.005)' }), id: 'T1059.005', name: 'Visual Basic', reference: 'https://attack.mitre.org/techniques/T1059/005', tactics: ['execution'], techniqueId: 'T1059', value: 'visualBasic' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vulnerabilitiesT1588Description', { defaultMessage: 'Vulnerabilities (T1588.006)' }), id: 'T1588.006', name: 'Vulnerabilities', reference: 'https://attack.mitre.org/techniques/T1588/006', tactics: ['resource-development'], techniqueId: 'T1588', value: 'vulnerabilities' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.vulnerabilityScanningT1595Description', { defaultMessage: 'Vulnerability Scanning (T1595.002)' }), id: 'T1595.002', name: 'Vulnerability Scanning', reference: 'https://attack.mitre.org/techniques/T1595/002', tactics: ['reconnaissance'], techniqueId: 'T1595', value: 'vulnerabilityScanning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.whoisT1596Description', { defaultMessage: 'WHOIS (T1596.002)' }), id: 'T1596.002', name: 'WHOIS', reference: 'https://attack.mitre.org/techniques/T1596/002', tactics: ['reconnaissance'], techniqueId: 'T1596', value: 'whois' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webCookiesT1606Description', { defaultMessage: 'Web Cookies (T1606.001)' }), id: 'T1606.001', name: 'Web Cookies', reference: 'https://attack.mitre.org/techniques/T1606/001', tactics: ['credential-access'], techniqueId: 'T1606', value: 'webCookies' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webPortalCaptureT1056Description', { defaultMessage: 'Web Portal Capture (T1056.003)' }), id: 'T1056.003', name: 'Web Portal Capture', reference: 'https://attack.mitre.org/techniques/T1056/003', tactics: ['collection', 'credential-access'], techniqueId: 'T1056', value: 'webPortalCapture' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webProtocolsT1071Description', { defaultMessage: 'Web Protocols (T1071.001)' }), id: 'T1071.001', name: 'Web Protocols', reference: 'https://attack.mitre.org/techniques/T1071/001', tactics: ['command-and-control'], techniqueId: 'T1071', value: 'webProtocols' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webServicesT1583Description', { defaultMessage: 'Web Services (T1583.006)' }), id: 'T1583.006', name: 'Web Services', reference: 'https://attack.mitre.org/techniques/T1583/006', tactics: ['resource-development'], techniqueId: 'T1583', value: 'webServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webServicesT1584Description', { defaultMessage: 'Web Services (T1584.006)' }), id: 'T1584.006', name: 'Web Services', reference: 'https://attack.mitre.org/techniques/T1584/006', tactics: ['resource-development'], techniqueId: 'T1584', value: 'webServices' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webSessionCookieT1550Description', { defaultMessage: 'Web Session Cookie (T1550.004)' }), id: 'T1550.004', name: 'Web Session Cookie', reference: 'https://attack.mitre.org/techniques/T1550/004', tactics: ['defense-evasion', 'lateral-movement'], techniqueId: 'T1550', value: 'webSessionCookie' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.webShellT1505Description', { defaultMessage: 'Web Shell (T1505.003)' }), id: 'T1505.003', name: 'Web Shell', reference: 'https://attack.mitre.org/techniques/T1505/003', tactics: ['persistence'], techniqueId: 'T1505', value: 'webShell' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsCommandShellT1059Description', { defaultMessage: 'Windows Command Shell (T1059.003)' }), id: 'T1059.003', name: 'Windows Command Shell', reference: 'https://attack.mitre.org/techniques/T1059/003', tactics: ['execution'], techniqueId: 'T1059', value: 'windowsCommandShell' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsCredentialManagerT1555Description', { defaultMessage: 'Windows Credential Manager (T1555.004)' }), id: 'T1555.004', name: 'Windows Credential Manager', reference: 'https://attack.mitre.org/techniques/T1555/004', tactics: ['credential-access'], techniqueId: 'T1555', value: 'windowsCredentialManager' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsFileAndDirectoryPermissionsModificationT1222Description', { defaultMessage: 'Windows File and Directory Permissions Modification (T1222.001)' }), id: 'T1222.001', name: 'Windows File and Directory Permissions Modification', reference: 'https://attack.mitre.org/techniques/T1222/001', tactics: ['defense-evasion'], techniqueId: 'T1222', value: 'windowsFileAndDirectoryPermissionsModification' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsManagementInstrumentationEventSubscriptionT1546Description', { defaultMessage: 'Windows Management Instrumentation Event Subscription (T1546.003)' }), id: 'T1546.003', name: 'Windows Management Instrumentation Event Subscription', reference: 'https://attack.mitre.org/techniques/T1546/003', tactics: ['privilege-escalation', 'persistence'], techniqueId: 'T1546', value: 'windowsManagementInstrumentationEventSubscription' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsRemoteManagementT1021Description', { defaultMessage: 'Windows Remote Management (T1021.006)' }), id: 'T1021.006', name: 'Windows Remote Management', reference: 'https://attack.mitre.org/techniques/T1021/006', tactics: ['lateral-movement'], techniqueId: 'T1021', value: 'windowsRemoteManagement' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.windowsServiceT1543Description', { defaultMessage: 'Windows Service (T1543.003)' }), id: 'T1543.003', name: 'Windows Service', reference: 'https://attack.mitre.org/techniques/T1543/003', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1543', value: 'windowsService' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.winlogonHelperDllT1547Description', { defaultMessage: 'Winlogon Helper DLL (T1547.004)' }), id: 'T1547.004', name: 'Winlogon Helper DLL', reference: 'https://attack.mitre.org/techniques/T1547/004', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'winlogonHelperDll' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.wordlistScanningT1595Description', { defaultMessage: 'Wordlist Scanning (T1595.003)' }), id: 'T1595.003', name: 'Wordlist Scanning', reference: 'https://attack.mitre.org/techniques/T1595/003', tactics: ['reconnaissance'], techniqueId: 'T1595', value: 'wordlistScanning' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.xdgAutostartEntriesT1547Description', { defaultMessage: 'XDG Autostart Entries (T1547.013)' }), id: 'T1547.013', name: 'XDG Autostart Entries', reference: 'https://attack.mitre.org/techniques/T1547/013', tactics: ['persistence', 'privilege-escalation'], techniqueId: 'T1547', value: 'xdgAutostartEntries' }, { label: _i18n.i18n.translate('xpack.securitySolution.detectionEngine.mitreAttackSubtechniques.xpcServicesT1559Description', { defaultMessage: 'XPC Services (T1559.003)' }), id: 'T1559.003', name: 'XPC Services', reference: 'https://attack.mitre.org/techniques/T1559/003', tactics: ['execution'], techniqueId: 'T1559', value: 'xpcServices' }]; /** * A full object of Mitre Attack Threat data that is taken directly from the `mitre_tactics_techniques.ts` file * * Is built alongside and sampled from the data in the file so to always be valid with the most up to date MITRE ATT&CK data */ exports.subtechniques = subtechniques; const getMockThreatData = () => ({ tactic: { name: 'Credential Access', id: 'TA0006', reference: 'https://attack.mitre.org/tactics/TA0006' }, technique: { name: 'OS Credential Dumping', id: 'T1003', reference: 'https://attack.mitre.org/techniques/T1003', tactics: ['credential-access'] }, subtechnique: { name: '/etc/passwd and /etc/shadow', id: 'T1003.008', reference: 'https://attack.mitre.org/techniques/T1003/008', tactics: ['credential-access'], techniqueId: 'T1003' } }); exports.getMockThreatData = getMockThreatData;