Created
July 19, 2021 16:44
-
-
Save drewchurch/dc8e4d0eb4f711c0b1569babdd7212b0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "name": "AA21-200A Splunk Security Content", | |
| "versions": { | |
| "attack": "9", | |
| "navigator": "4.3", | |
| "layer": "4.2" | |
| }, | |
| "domain": "enterprise-attack", | |
| "description": "", | |
| "filters": { | |
| "platforms": [ | |
| "Linux", | |
| "macOS", | |
| "Windows", | |
| "Azure AD", | |
| "Office 365", | |
| "SaaS", | |
| "IaaS", | |
| "Google Workspace", | |
| "PRE", | |
| "Network", | |
| "Containers" | |
| ] | |
| }, | |
| "sorting": 0, | |
| "layout": { | |
| "layout": "side", | |
| "aggregateFunction": "average", | |
| "showID": false, | |
| "showName": true, | |
| "showAggregateScores": false, | |
| "countUnscored": false | |
| }, | |
| "hideDisabled": false, | |
| "techniques": [ | |
| { | |
| "techniqueID": "T1059", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.001", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.002", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.003", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.004", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.005", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.006", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.007", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1059.008", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1074", | |
| "tactic": "collection", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1074.001", | |
| "tactic": "collection", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1074.002", | |
| "tactic": "collection", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1189", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1585", | |
| "tactic": "resource-development", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1585.001", | |
| "tactic": "resource-development", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1585.002", | |
| "tactic": "resource-development", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1041", | |
| "tactic": "exfiltration", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1190", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1203", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1589", | |
| "tactic": "reconnaissance", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1589.001", | |
| "tactic": "reconnaissance", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1589.002", | |
| "tactic": "reconnaissance", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1589.003", | |
| "tactic": "reconnaissance", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027.001", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027.002", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027.003", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027.004", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1027.005", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1566", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1566.001", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1566.002", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1566.003", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1204", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1204.001", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1204.002", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1204.003", | |
| "tactic": "execution", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078", | |
| "tactic": "persistence", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078", | |
| "tactic": "privilege-escalation", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.001", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.001", | |
| "tactic": "persistence", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.001", | |
| "tactic": "privilege-escalation", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.001", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.002", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.002", | |
| "tactic": "persistence", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.002", | |
| "tactic": "privilege-escalation", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.002", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.003", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.003", | |
| "tactic": "persistence", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.003", | |
| "tactic": "privilege-escalation", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.003", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.004", | |
| "tactic": "defense-evasion", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.004", | |
| "tactic": "persistence", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.004", | |
| "tactic": "privilege-escalation", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| }, | |
| { | |
| "techniqueID": "T1078.004", | |
| "tactic": "initial-access", | |
| "color": "#31a354", | |
| "comment": "", | |
| "enabled": true, | |
| "metadata": [], | |
| "showSubtechniques": false | |
| } | |
| ], | |
| "gradient": { | |
| "colors": [ | |
| "#ff6666", | |
| "#ffe766", | |
| "#8ec843" | |
| ], | |
| "minValue": 0, | |
| "maxValue": 100 | |
| }, | |
| "legendItems": [], | |
| "metadata": [], | |
| "showTacticRowBackground": false, | |
| "tacticRowBackground": "#dddddd", | |
| "selectTechniquesAcrossTactics": true, | |
| "selectSubtechniquesWithParent": true | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment