109 indexed
ATT&CKATT&CK data components
109 MITRE ATT&CK data components — the specific signals within a data source used to detect techniques. Use /search for keyword lookup. Authored by Adam Lundqvist.
Showing 101–109 of 109 · page 3 of 3
| ID | Title | Summary |
|---|---|---|
| Volume Metadata | Volume Metadata | Contextual data about a cloud volume and activity around it, such as id, type, state, and size |
| Volume Modification | Volume Modification | Changes made to a cloud volume, including its settings and control data (ex: AWS modify-volume) |
| Web Credential Creation | Web Credential Creation | Initial construction of new web credential material (ex: Windows EID 1200 or 4769) |
| Web Credential Usage | Web Credential Usage | An attempt by a user to gain access to a network or computing resource by providing web credentials (ex: Windows EID 1202) |
| Windows Registry Key Access | Windows Registry Key Access | Opening a Registry Key, typically to read the associated value (ex: Windows EID 4656) |
| Windows Registry Key Creation | Windows Registry Key Creation | Initial construction of a new Registry Key (ex: Windows EID 4656 or Sysmon EID 12) |
| Windows Registry Key Deletion | Windows Registry Key Deletion | Removal of a Registry Key (ex: Windows EID 4658 or Sysmon EID 12) |
| Windows Registry Key Modification | Windows Registry Key Modification | Changes made to a Registry Key and/or Key value (ex: Windows EID 4657 or Sysmon EID 13|14) |
| WMI Creation | WMI Creation | Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21) |