MISP
/
misp-galaxy
mirror of https://github.com/MISP/misp-galaxy
2
0
Fork 0
Code Issues Releases Wiki Activity
misp-galaxy/clusters/mitre-data-component.json

10063 lines
278 KiB
JSON
Raw Blame History

{
"authors": [
"MITRE"
],
"category": "data-component",
"description": "Data components are parts of data sources. ",
"name": "mitre-data-component",
"source": "https://github.com/mitre/cti",
"type": "mitre-data-component",
"uuid": "d2c1cf9e-c581-4a70-b1c5-12e6de3f0e83",
"values": [
{
"description": "Opening of an active directory object, typically to collect/read its value (ex: Windows EID 4661)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b",
"type": "detects"
},
{
"dest-uuid": "5c6de881-bc70-4070-855a-7a9631a407f7",
"type": "included-in"
},
{
"dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163",
"type": "detects"
}
],
"uuid": "5c6de881-bc70-4070-855a-7a9631a407f7",
"value": "Active Directory Object Access"
},
{
"description": "Initial construction of a new active directory object (ex: Windows EID 5137)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "18b236d8-7224-488f-9d2f-50076a0f653a",
"type": "included-in"
},
{
"dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee",
"type": "detects"
},
{
"dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a",
"type": "detects"
},
{
"dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163",
"type": "detects"
},
{
"dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215",
"type": "detects"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
}
],
"uuid": "18b236d8-7224-488f-9d2f-50076a0f653a",
"value": "Active Directory Object Creation"
},
{
"description": "A user requested active directory credentials, such as a ticket or token (ex: Windows EID 4769)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "02d090b6-8157-48da-98a2-517f7edd49fc",
"type": "included-in"
},
{
"dest-uuid": "3986e7fd-a8e9-4ecb-bfc6-55920855912b",
"type": "detects"
},
{
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "detects"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "detects"
},
{
"dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1",
"type": "detects"
},
{
"dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"type": "detects"
},
{
"dest-uuid": "f2877f7f-9a4c-4251-879f-1224e3006bee",
"type": "detects"
}
],
"uuid": "02d090b6-8157-48da-98a2-517f7edd49fc",
"value": "Active Directory Credential Request"
},
{
"description": "Removal of an active directory object (ex: Windows EID 5141)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163",
"type": "detects"
},
{
"dest-uuid": "9085a576-636a-455b-91d2-c2921bbe6d1d",
"type": "included-in"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
}
],
"uuid": "9085a576-636a-455b-91d2-c2921bbe6d1d",
"value": "Active Directory Object Deletion"
},
{
"description": "Changes made to an active directory object (ex: Windows EID 5163 or 5136)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee",
"type": "detects"
},
{
"dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee",
"type": "detects"
},
{
"dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a",
"type": "detects"
},
{
"dest-uuid": "5b8b466b-2c81-4fe7-946f-d677a74ae3db",
"type": "included-in"
},
{
"dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163",
"type": "detects"
},
{
"dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
},
{
"dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023",
"type": "detects"
},
{
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
}
],
"uuid": "5b8b466b-2c81-4fe7-946f-d677a74ae3db",
"value": "Active Directory Object Modification"
},
{
"description": "Opening a Registry Key, typically to read the associated value (ex: Windows EID 4656)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "detects"
},
{
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"type": "detects"
},
{
"dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d",
"type": "detects"
},
{
"dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
"type": "detects"
},
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "detects"
},
{
"dest-uuid": "ed0dd8aa-1677-4551-bb7d-8da767617e1b",
"type": "included-in"
}
],
"uuid": "ed0dd8aa-1677-4551-bb7d-8da767617e1b",
"value": "Windows Registry Key Access"
},
{
"description": "Initial construction of a new Registry Key (ex: Windows EID 4656 or Sysmon EID 12)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67",
"type": "detects"
},
{
"dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7f70fae7-a68d-4730-a83a-f260b9606129",
"type": "included-in"
},
{
"dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04",
"type": "detects"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839",
"type": "detects"
},
{
"dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
}
],
"uuid": "7f70fae7-a68d-4730-a83a-f260b9606129",
"value": "Windows Registry Key Creation"
},
{
"description": "Removal of a Registry Key (ex: Windows EID 4658 or Sysmon EID 12)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1177a4c5-31c8-400c-8544-9071166afa0e",
"type": "included-in"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
}
],
"uuid": "1177a4c5-31c8-400c-8544-9071166afa0e",
"value": "Windows Registry Key Deletion"
},
{
"description": "Changes made to a Registry Key and/or Key value (ex: Windows EID 4657 or Sysmon EID 13|14)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "detects"
},
{
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"type": "detects"
},
{
"dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "detects"
},
{
"dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c",
"type": "detects"
},
{
"dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42",
"type": "detects"
},
{
"dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8",
"type": "detects"
},
{
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83",
"type": "detects"
},
{
"dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462",
"type": "detects"
},
{
"dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b",
"type": "detects"
},
{
"dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc",
"type": "detects"
},
{
"dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc",
"type": "detects"
},
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35",
"type": "detects"
},
{
"dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6",
"type": "detects"
},
{
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
"type": "detects"
},
{
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04",
"type": "detects"
},
{
"dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c",
"type": "detects"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
"type": "detects"
},
{
"dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839",
"type": "detects"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
},
{
"dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "da85d358-741a-410d-9433-20d6269a6170",
"type": "included-in"
},
{
"dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49",
"type": "detects"
},
{
"dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
},
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "detects"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "detects"
}
],
"uuid": "da85d358-741a-410d-9433-20d6269a6170",
"value": "Windows Registry Key Modification"
},
{
"description": "An attempt by a user to gain access to a network or computing resource, often by providing credentials (ex: Windows EID 4776 or /var/log/auth.log)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
"type": "detects"
},
{
"dest-uuid": "19bf235b-8620-4997-b5b4-94e0659ed7c3",
"type": "detects"
},
{
"dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d",
"type": "detects"
},
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "detects"
},
{
"dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a",
"type": "detects"
},
{
"dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d",
"type": "detects"
},
{
"dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926",
"type": "detects"
},
{
"dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493",
"type": "detects"
},
{
"dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
},
{
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
"type": "detects"
},
{
"dest-uuid": "a953ca55-921a-44f7-9b8d-3d40141aa17e",
"type": "included-in"
},
{
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
"type": "detects"
},
{
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "detects"
},
{
"dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f",
"type": "detects"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"type": "detects"
},
{
"dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436",
"type": "detects"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"type": "detects"
}
],
"uuid": "a953ca55-921a-44f7-9b8d-3d40141aa17e",
"value": "User Account Authentication"
},
{
"description": "Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "detects"
},
{
"dest-uuid": "09c4c11e-4fa1-4f8c-8dad-3cf8e69ad119",
"type": "detects"
},
{
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "detects"
},
{
"dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff",
"type": "detects"
},
{
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "detects"
},
{
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "detects"
},
{
"dest-uuid": "16cdd21f-da65-4e4f-bc04-dd7d198c7b26",
"type": "detects"
},
{
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
"type": "detects"
},
{
"dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
"type": "detects"
},
{
"dest-uuid": "1d24cdee-9ea2-4189-b08e-af110bf2435d",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7",
"type": "detects"
},
{
"dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230",
"type": "detects"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "detects"
},
{
"dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1",
"type": "detects"
},
{
"dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858",
"type": "detects"
},
{
"dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44",
"type": "detects"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927",
"type": "detects"
},
{
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "detects"
},
{
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
"type": "detects"
},
{
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
"type": "detects"
},
{
"dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b",
"type": "detects"
},
{
"dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "692074ae-bb62-4a5e-a735-02cb6bde458c",
"type": "detects"
},
{
"dest-uuid": "6a5d222a-a7e0-4656-b110-782c33098289",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc",
"type": "detects"
},
{
"dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215",
"type": "detects"
},
{
"dest-uuid": "851e071f-208d-4c79-adc6-5974c85c78f3",
"type": "detects"
},
{
"dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103",
"type": "detects"
},
{
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
"type": "detects"
},
{
"dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493",
"type": "detects"
},
{
"dest-uuid": "9664ad0e-789e-40ac-82e2-d7b17fbe8fb3",
"type": "detects"
},
{
"dest-uuid": "9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa",
"type": "included-in"
},
{
"dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
"type": "detects"
},
{
"dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82",
"type": "detects"
},
{
"dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747",
"type": "detects"
},
{
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
"type": "detects"
},
{
"dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634",
"type": "detects"
},
{
"dest-uuid": "b0533c6e-8fea-4788-874f-b799cacc4b92",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "b2d03cea-aec1-45ca-9744-9ee583c1e1cc",
"type": "detects"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "bb5e59c4-abe7-40c7-8196-e373cb1e5974",
"type": "detects"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "detects"
},
{
"dest-uuid": "bf147104-abf9-4221-95d1-e81585859441",
"type": "detects"
},
{
"dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0",
"type": "detects"
},
{
"dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4",
"type": "detects"
},
{
"dest-uuid": "c9e0c59e-162e-40a4-b8b1-78fab4329ada",
"type": "detects"
},
{
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "detects"
},
{
"dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3",
"type": "detects"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "detects"
},
{
"dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391",
"type": "detects"
},
{
"dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306",
"type": "detects"
},
{
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
"type": "detects"
},
{
"dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
"type": "detects"
},
{
"dest-uuid": "f9e9365a-9ca2-4d9c-8e7c-050d73d1101a",
"type": "detects"
},
{
"dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b",
"type": "detects"
}
],
"uuid": "9c2fa0ae-7abc-485a-97f6-699e3b6cf9fa",
"value": "Application Log Content"
},
{
"description": "Opening of a cloud storage infrastructure, typically to collect/read its value (ex: AWS S3 GetObject)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3298ce88-1628-43b1-87d9-0b5336b193d7",
"type": "detects"
},
{
"dest-uuid": "58ef998c-f3bf-4985-b487-b1005f5c05d1",
"type": "included-in"
},
{
"dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
}
],
"uuid": "58ef998c-f3bf-4985-b487-b1005f5c05d1",
"value": "Cloud Storage Access"
},
{
"description": "Initial construction of a new account (ex: Windows EID 4720 or /etc/passwd logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "635cbe30-392d-4e27-978e-66774357c762",
"type": "detects"
},
{
"dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "a009cb25-4801-4116-9105-80a91cf15c1b",
"type": "detects"
},
{
"dest-uuid": "deb22295-7e37-4a3b-ac6f-c86666fbe63d",
"type": "included-in"
},
{
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
"type": "detects"
}
],
"uuid": "deb22295-7e37-4a3b-ac6f-c86666fbe63d",
"value": "User Account Creation"
},
{
"description": "Removal of an account (ex: Windows EID 4726 or /var/log access/authentication logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "d6257b8e-869c-41c0-8731-fdca40858a91",
"type": "included-in"
}
],
"uuid": "d6257b8e-869c-41c0-8731-fdca40858a91",
"value": "User Account Deletion"
},
{
"description": "Operating system function/method calls executed by a process",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0042a9f5-f053-4769-b3ef-9ad018dfa298",
"type": "detects"
},
{
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
"type": "detects"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
"type": "detects"
},
{
"dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d",
"type": "detects"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6",
"type": "detects"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"type": "detects"
},
{
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "detects"
},
{
"dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f",
"type": "detects"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "detects"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"type": "detects"
},
{
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
"type": "detects"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"type": "detects"
},
{
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
"type": "detects"
},
{
"dest-uuid": "34a80bc4-80f2-46e6-94ff-f3265a4b657c",
"type": "detects"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "detects"
},
{
"dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb",
"type": "detects"
},
{
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
"type": "detects"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a",
"type": "detects"
},
{
"dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06",
"type": "detects"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
},
{
"dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830",
"type": "detects"
},
{
"dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "detects"
},
{
"dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf",
"type": "detects"
},
{
"dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf",
"type": "detects"
},
{
"dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197",
"type": "detects"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "detects"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "detects"
},
{
"dest-uuid": "791481f8-e96a-41be-b089-a088763083d4",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "detects"
},
{
"dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605",
"type": "detects"
},
{
"dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
"type": "detects"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "detects"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662",
"type": "detects"
},
{
"dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d",
"type": "detects"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"type": "detects"
},
{
"dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819",
"type": "detects"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"type": "detects"
},
{
"dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04",
"type": "detects"
},
{
"dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938",
"type": "detects"
},
{
"dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a",
"type": "detects"
},
{
"dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5",
"type": "detects"
},
{
"dest-uuid": "9bde2f9d-a695-4344-bfac-f2dce13d121e",
"type": "included-in"
},
{
"dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b",
"type": "detects"
},
{
"dest-uuid": "a4657bc9-d22f-47d2-a7b7-dd6ec33f3dde",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023",
"type": "detects"
},
{
"dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
"type": "detects"
},
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "detects"
},
{
"dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979",
"type": "detects"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "detects"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
},
{
"dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6",
"type": "detects"
},
{
"dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447",
"type": "detects"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
},
{
"dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49",
"type": "detects"
},
{
"dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58",
"type": "detects"
},
{
"dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744",
"type": "detects"
},
{
"dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391",
"type": "detects"
},
{
"dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f",
"type": "detects"
},
{
"dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4",
"type": "detects"
},
{
"dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99",
"type": "detects"
},
{
"dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5",
"type": "detects"
},
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "detects"
},
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6",
"type": "detects"
}
],
"uuid": "9bde2f9d-a695-4344-bfac-f2dce13d121e",
"value": "OS API Execution"
},
{
"description": "Contextual data about an account, which may include a username, user ID, environmental data, etc.",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "b5d0492b-cda4-421c-8e51-ed2b8d85c5d0",
"type": "included-in"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"type": "detects"
},
{
"dest-uuid": "b7dc639b-24cd-482d-a7f1-8897eda21023",
"type": "detects"
},
{
"dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
}
],
"uuid": "b5d0492b-cda4-421c-8e51-ed2b8d85c5d0",
"value": "User Account Metadata"
},
{
"description": "Changes made to an account, such as permissions and/or membership in specific groups (ex: Windows EID 4738 or /var/log access/authentication logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "2dbbdcd5-92cf-44c0-aea2-fe24783a6bc3",
"type": "detects"
},
{
"dest-uuid": "35d30338-5bfa-41b0-a170-ec06dfd75f64",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "6fa224c7-5091-4595-bf15-3fc9fe2f2c7c",
"type": "detects"
},
{
"dest-uuid": "7decb26c-715c-40cf-b7e0-026f7d7cc215",
"type": "detects"
},
{
"dest-uuid": "890c9858-598c-401d-a4d5-c67ebcdd703a",
"type": "detects"
},
{
"dest-uuid": "8a2f40cf-8325-47f9-96e4-b1ca4c7389bd",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "b24e2a20-3b3d-4bf0-823b-1ed765398fb0",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
},
{
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
"type": "detects"
},
{
"dest-uuid": "d27b0089-2c39-4b6c-84ff-303e48657e77",
"type": "included-in"
},
{
"dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
}
],
"uuid": "d27b0089-2c39-4b6c-84ff-303e48657e77",
"value": "User Account Modification"
},
{
"description": "Opening a network share, which makes the contents available to the requestor (ex: Windows EID 5140 or 5145)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "f5468e67-51c7-4756-9b4f-65707708e7fa",
"type": "included-in"
}
],
"uuid": "f5468e67-51c7-4756-9b4f-65707708e7fa",
"value": "Network Share Access"
},
{
"description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005cc321-08ce-4d17-b1ea-cb5275926520",
"type": "detects"
},
{
"dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b",
"type": "detects"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "detects"
},
{
"dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13",
"type": "detects"
},
{
"dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74",
"type": "detects"
},
{
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "detects"
},
{
"dest-uuid": "181a9f8c-c780-4f1f-91a8-edb770e904ba",
"type": "included-in"
},
{
"dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4",
"type": "detects"
},
{
"dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6",
"type": "detects"
},
{
"dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6",
"type": "detects"
},
{
"dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336",
"type": "detects"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"type": "detects"
},
{
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
"type": "detects"
},
{
"dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"type": "detects"
},
{
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
"type": "detects"
},
{
"dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd",
"type": "detects"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"type": "detects"
},
{
"dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c",
"type": "detects"
},
{
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
"type": "detects"
},
{
"dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1",
"type": "detects"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "800f9819-7007-4540-a520-40e655876800",
"type": "detects"
},
{
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
"type": "detects"
},
{
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "detects"
},
{
"dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91",
"type": "detects"
},
{
"dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "detects"
},
{
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "detects"
},
{
"dest-uuid": "939808a7-121d-467a-b028-4441ee8b7cee",
"type": "detects"
},
{
"dest-uuid": "986f80f7-ff0e-4f48-87bd-0394814bbce5",
"type": "detects"
},
{
"dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab",
"type": "detects"
},
{
"dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
},
{
"dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd",
"type": "detects"
},
{
"dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380",
"type": "detects"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "d916f176-a1ca-4a78-9fdd-4058bc28162e",
"type": "detects"
},
{
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
"type": "detects"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "detects"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
},
{
"dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5",
"type": "detects"
},
{
"dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9",
"type": "detects"
},
{
"dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433",
"type": "detects"
},
{
"dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755",
"type": "detects"
},
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "detects"
}
],
"uuid": "181a9f8c-c780-4f1f-91a8-edb770e904ba",
"value": "Network Connection Creation"
},
{
"description": "Initial construction of new cloud storage infrastructure (ex: AWS S3 CreateBucket)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "59ec10d9-546b-4b8e-bccb-fa85f71e5055",
"type": "included-in"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
}
],
"uuid": "59ec10d9-546b-4b8e-bccb-fa85f71e5055",
"value": "Cloud Storage Creation"
},
{
"description": "Initial construction of new web credential material (ex: Windows EID 1200 or 4769)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "5f7c9def-0ddf-423b-b1f8-fb2ddeed0ce3",
"type": "included-in"
},
{
"dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c",
"type": "detects"
}
],
"uuid": "5f7c9def-0ddf-423b-b1f8-fb2ddeed0ce3",
"value": "Web Credential Creation"
},
{
"description": "Deactivation or stoppage of a cloud service (ex: AWS Cloudtrail StopLogging)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
"type": "detects"
},
{
"dest-uuid": "ec0612c5-2644-4c50-bcac-82586974fedd",
"type": "included-in"
}
],
"uuid": "ec0612c5-2644-4c50-bcac-82586974fedd",
"value": "Cloud Service Disable"
},
{
"description": "Removal of cloud storage infrastructure (ex: AWS S3 DeleteBucket)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "4c41e296-b8d2-4a37-b789-eb565c87c00c",
"type": "included-in"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
}
],
"uuid": "4c41e296-b8d2-4a37-b789-eb565c87c00c",
"value": "Cloud Storage Deletion"
},
{
"description": "An extracted list of cloud storage infrastructure (ex: AWS S3 ListBuckets or ListObjects)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
"type": "detects"
},
{
"dest-uuid": "8565825b-21c8-4518-b75e-cbc4c717a156",
"type": "detects"
},
{
"dest-uuid": "fcc4811f-9cc8-4db5-8097-4d8242a380de",
"type": "included-in"
}
],
"uuid": "fcc4811f-9cc8-4db5-8097-4d8242a380de",
"value": "Cloud Storage Enumeration"
},
{
"description": "An extracted list of cloud services (ex: AWS ECS ListServices)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "8c826308-2760-492f-9e36-4f0f7e23bcac",
"type": "included-in"
},
{
"dest-uuid": "cfb525cc-5494-401d-a82b-2539ca46a561",
"type": "detects"
},
{
"dest-uuid": "e24fcba8-2557-4442-a139-1ee2f2e784db",
"type": "detects"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"type": "detects"
}
],
"uuid": "8c826308-2760-492f-9e36-4f0f7e23bcac",
"value": "Cloud Service Enumeration"
},
{
"description": "Initial construction of a new scheduled job (ex: Windows EID 4698 or /var/log cron logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096",
"type": "detects"
},
{
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21",
"type": "detects"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f42df6f0-6395-4f0c-9376-525a031f00c3",
"type": "included-in"
}
],
"uuid": "f42df6f0-6395-4f0c-9376-525a031f00c3",
"value": "Scheduled Job Creation"
},
{
"description": "Initial construction of a successful new user logon following an authentication attempt. (e.g. Windows EID 4624, /var/log/utmp, or /var/log/wmtp)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b",
"type": "detects"
},
{
"dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771",
"type": "detects"
},
{
"dest-uuid": "0c4b4fda-9062-47da-98b9-ceae2dcf052a",
"type": "detects"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "detects"
},
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6",
"type": "detects"
},
{
"dest-uuid": "45241b9e-9bbc-4826-a2cc-78855e51ca09",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "detects"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
"type": "detects"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "6151cbea-819b-455a-9fa6-99a1cc58797d",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "7ad38ef1-381a-406d-872a-38b136eb5ecc",
"type": "detects"
},
{
"dest-uuid": "7b211ac6-c815-4189-93a9-ab415deca926",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a",
"type": "detects"
},
{
"dest-uuid": "8861073d-d1b8-4941-82ce-dce621d398f0",
"type": "detects"
},
{
"dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c",
"type": "detects"
},
{
"dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493",
"type": "detects"
},
{
"dest-uuid": "9ce98c86-8d30-4043-ba54-0784d478d0b5",
"type": "included-in"
},
{
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
"type": "detects"
},
{
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
"type": "detects"
},
{
"dest-uuid": "b4409cd8-0da9-46e1-a401-a241afd4d1cc",
"type": "detects"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "detects"
},
{
"dest-uuid": "cff94884-3b1c-4987-a70b-6d5643c621c3",
"type": "detects"
},
{
"dest-uuid": "d28ef391-8ed4-45dc-bc4a-2f43abf54416",
"type": "detects"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "detects"
},
{
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e49920b0-6c54-40c1-9571-73723653205f",
"type": "detects"
},
{
"dest-uuid": "e624264c-033a-424d-9fd7-fc9c3bbdb03e",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
},
{
"dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"type": "detects"
}
],
"uuid": "9ce98c86-8d30-4043-ba54-0784d478d0b5",
"value": "Logon Session Creation"
},
{
"description": "Contextual data about cloud storage infrastructure and activity around it such as name, size, or owner",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "e214eb6d-de8f-4154-9015-6d47915fbed1",
"type": "included-in"
}
],
"uuid": "e214eb6d-de8f-4154-9015-6d47915fbed1",
"value": "Cloud Storage Metadata"
},
{
"description": "Contextual data about a cloud service and activity around it such as name, type, or purpose/function",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "b33d36e3-d7ea-4895-8eed-19a08a8f7c4f",
"type": "included-in"
}
],
"uuid": "b33d36e3-d7ea-4895-8eed-19a08a8f7c4f",
"value": "Cloud Service Metadata"
},
{
"description": "Changes made to cloud storage infrastructure, including its settings and/or data (ex: AWS S3 PutObject or PutObjectAcl)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "45977f14-1bcc-4ec4-ac14-a30fd3a11f44",
"type": "included-in"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
}
],
"uuid": "45977f14-1bcc-4ec4-ac14-a30fd3a11f44",
"value": "Cloud Storage Modification"
},
{
"description": "Changes made to a cloud service, including its settings and/or data (ex: AWS CloudTrail DeleteTrail or DeleteConfigRule)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "ca00366b-83a1-4c7b-a0ce-8ff950a7c87f",
"type": "detects"
},
{
"dest-uuid": "cacc40da-4c9e-462c-80d5-fd70a178b12d",
"type": "detects"
},
{
"dest-uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e",
"type": "included-in"
},
{
"dest-uuid": "e848506b-8484-4410-8017-3d235a52f5b3",
"type": "detects"
}
],
"uuid": "e52d89f9-1710-4708-88a5-cbef77c4cd5e",
"value": "Cloud Service Modification"
},
{
"description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "detects"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "04fd5427-79c7-44ea-ae13-11b24778ff1c",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0ad7bc5c-235a-4048-944b-3b286676cb74",
"type": "detects"
},
{
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "detects"
},
{
"dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7",
"type": "detects"
},
{
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
"type": "detects"
},
{
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"type": "detects"
},
{
"dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b",
"type": "detects"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"type": "detects"
},
{
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
"type": "detects"
},
{
"dest-uuid": "24bfaeba-cb0d-4525-b3dc-507c77ecec41",
"type": "detects"
},
{
"dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d",
"type": "detects"
},
{
"dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7",
"type": "detects"
},
{
"dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
"type": "detects"
},
{
"dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230",
"type": "detects"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "detects"
},
{
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
"type": "detects"
},
{
"dest-uuid": "3772e279-27d6-477a-9fe3-c6beb363594c",
"type": "included-in"
},
{
"dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858",
"type": "detects"
},
{
"dest-uuid": "3f886f2a-874f-4333-b794-aa6075009b1c",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"type": "detects"
},
{
"dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c",
"type": "detects"
},
{
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "detects"
},
{
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"type": "detects"
},
{
"dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
"type": "detects"
},
{
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
"type": "detects"
},
{
"dest-uuid": "52759bf1-fe12-4052-ace6-c5b0cf7dd7fd",
"type": "detects"
},
{
"dest-uuid": "5282dd9a-d26d-4e16-88b7-7c0f4553daf4",
"type": "detects"
},
{
"dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b",
"type": "detects"
},
{
"dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4",
"type": "detects"
},
{
"dest-uuid": "564998d8-ab3e-4123-93fb-eccaa6b9714a",
"type": "detects"
},
{
"dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b",
"type": "detects"
},
{
"dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5",
"type": "detects"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd",
"type": "detects"
},
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "detects"
},
{
"dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b",
"type": "detects"
},
{
"dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
"type": "detects"
},
{
"dest-uuid": "69f897fd-12a9-4c89-ad6a-46d2f3c38262",
"type": "detects"
},
{
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c",
"type": "detects"
},
{
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
"type": "detects"
},
{
"dest-uuid": "800f9819-7007-4540-a520-40e655876800",
"type": "detects"
},
{
"dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a",
"type": "detects"
},
{
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
"type": "detects"
},
{
"dest-uuid": "83a766f8-1501-4b3a-a2de-2e2849e8dfc1",
"type": "detects"
},
{
"dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7",
"type": "detects"
},
{
"dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103",
"type": "detects"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "detects"
},
{
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "detects"
},
{
"dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b",
"type": "detects"
},
{
"dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8",
"type": "detects"
},
{
"dest-uuid": "9db0cf3a-a3c9-4012-8268-123b9db6fd82",
"type": "detects"
},
{
"dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747",
"type": "detects"
},
{
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "ad255bfe-a9e6-4b52-a258-8d3462abe842",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18",
"type": "detects"
},
{
"dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928",
"type": "detects"
},
{
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
"type": "detects"
},
{
"dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166",
"type": "detects"
},
{
"dest-uuid": "b8902400-e6c5-4ba2-95aa-2d35b442b118",
"type": "detects"
},
{
"dest-uuid": "ba04e672-da86-4e69-aa15-0eca5db25f43",
"type": "detects"
},
{
"dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
"type": "detects"
},
{
"dest-uuid": "bed04f7d-e48a-4e76-bd0f-4c57fe31fc46",
"type": "detects"
},
{
"dest-uuid": "bf176076-b789-408e-8cba-7275e81c0ada",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b",
"type": "detects"
},
{
"dest-uuid": "c325b232-d5bc-4dde-a3ec-71f3db9e8adc",
"type": "detects"
},
{
"dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4",
"type": "detects"
},
{
"dest-uuid": "ca9d3402-ada3-484d-876a-d717bd6e05f2",
"type": "detects"
},
{
"dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213",
"type": "detects"
},
{
"dest-uuid": "cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f",
"type": "detects"
},
{
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "detects"
},
{
"dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8",
"type": "detects"
},
{
"dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d467bc38-284b-4a00-96ac-125f447799fc",
"type": "detects"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
"type": "detects"
},
{
"dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df",
"type": "detects"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"type": "detects"
},
{
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "ee7ff928-801c-4f34-8a99-3df965e581a5",
"type": "detects"
},
{
"dest-uuid": "eec23884-3fa1-4d8a-ac50-6f104d51e235",
"type": "detects"
},
{
"dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9",
"type": "detects"
},
{
"dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163",
"type": "detects"
},
{
"dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
"type": "detects"
},
{
"dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755",
"type": "detects"
},
{
"dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7",
"type": "detects"
},
{
"dest-uuid": "f7c0689c-4dbd-489b-81be-7cb7c7079ade",
"type": "detects"
},
{
"dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
"type": "detects"
},
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "detects"
}
],
"uuid": "3772e279-27d6-477a-9fe3-c6beb363594c",
"value": "Network Traffic Content"
},
{
"description": "An attempt by a user to gain access to a network or computing resource by providing web credentials (ex: Windows EID 1202)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "51a14c76-dd3b-440b-9c20-2bf91d25a814",
"type": "detects"
},
{
"dest-uuid": "861b8fd2-57f3-4ee1-ab5d-c19c3b8c7a4a",
"type": "detects"
},
{
"dest-uuid": "94cb00a4-b295-4d06-aa2b-5653b9c1be9c",
"type": "detects"
},
{
"dest-uuid": "c3c8c916-2f3c-4e71-94b2-240bdfc996f0",
"type": "detects"
},
{
"dest-uuid": "f005e783-57d4-4837-88ad-dbe7faee1c51",
"type": "detects"
},
{
"dest-uuid": "ff93f688-d7a4-49cf-9c79-a14454da8428",
"type": "included-in"
}
],
"uuid": "ff93f688-d7a4-49cf-9c79-a14454da8428",
"value": "Web Credential Usage"
},
{
"description": "Changes made to a firewall rule, typically to allow/block specific network traffic (ex: Windows EID 4950 or Write/Delete entries within Azure Firewall Rule Collection Activity Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b",
"type": "detects"
},
{
"dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "d2ff4b56-8351-4ed8-b0fb-d8605366005f",
"type": "included-in"
}
],
"uuid": "d2ff4b56-8351-4ed8-b0fb-d8605366005f",
"value": "Firewall Rule Modification"
},
{
"description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "detects"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3",
"type": "detects"
},
{
"dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7",
"type": "detects"
},
{
"dest-uuid": "0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
"type": "detects"
},
{
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "118f61a5-eb3e-4fb6-931f-2096647f4ecd",
"type": "detects"
},
{
"dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
"type": "detects"
},
{
"dest-uuid": "1996eef1-ced3-4d7f-bf94-33298cabbf72",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "29ba5a15-3b7b-4732-b817-65ea8f6468e6",
"type": "detects"
},
{
"dest-uuid": "2b742742-28c3-4e1b-bab7-8350d6300fa7",
"type": "detects"
},
{
"dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
"type": "detects"
},
{
"dest-uuid": "2d3f5b3c-54ca-4f4d-bb1f-849346d31230",
"type": "detects"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "detects"
},
{
"dest-uuid": "355be19c-ffc9-46d5-8d50-d6a036c675b6",
"type": "detects"
},
{
"dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01",
"type": "detects"
},
{
"dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"type": "detects"
},
{
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "detects"
},
{
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
},
{
"dest-uuid": "4eeaf8a9-c86b-4954-a663-9555fb406466",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "4fe28b27-b13c-453e-a386-c2ef362a573b",
"type": "detects"
},
{
"dest-uuid": "4ffc1794-ec3b-45be-9e52-42dbcb2af2de",
"type": "detects"
},
{
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "54b4c251-1f0e-4eba-ba6b-dbc7a6f6f06b",
"type": "detects"
},
{
"dest-uuid": "5502c4e9-24ef-4d5f-8ee9-9e906c2f82c4",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "59ff91cd-1430-4075-8563-e6f15f4f9ff5",
"type": "detects"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "detects"
},
{
"dest-uuid": "5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd",
"type": "detects"
},
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "detects"
},
{
"dest-uuid": "67073dde-d720-45ae-83da-b12d5e73ca3b",
"type": "detects"
},
{
"dest-uuid": "69b8fd78-40e8-4600-ae4d-662c9d7afdb3",
"type": "detects"
},
{
"dest-uuid": "731f4f55-b6d0-41d1-a7a9-072a66389aea",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c",
"type": "detects"
},
{
"dest-uuid": "7bd9c723-2f78-4309-82c5-47cad406572b",
"type": "detects"
},
{
"dest-uuid": "7c46b364-8496-4234-8a56-f7e6727e21e1",
"type": "detects"
},
{
"dest-uuid": "800f9819-7007-4540-a520-40e655876800",
"type": "detects"
},
{
"dest-uuid": "830c9528-df21-472c-8c14-a036bf17d665",
"type": "detects"
},
{
"dest-uuid": "84e02621-8fdf-470f-bd58-993bb6a89d91",
"type": "detects"
},
{
"dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7",
"type": "detects"
},
{
"dest-uuid": "8868cb5b-d575-4a60-acb2-07d37389a2fd",
"type": "detects"
},
{
"dest-uuid": "8982a661-d84c-48c0-b4ec-1db29c6cf3bc",
"type": "detects"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "detects"
},
{
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "detects"
},
{
"dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5",
"type": "detects"
},
{
"dest-uuid": "9a60a291-8960-4387-8a4a-2ab5c18bb50b",
"type": "detects"
},
{
"dest-uuid": "9c99724c-a483-4d60-ad9d-7f004e42e8e8",
"type": "detects"
},
{
"dest-uuid": "9e7452df-5144-4b6e-b04a-b66dd4016747",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a782ebe2-daba-42c7-bc82-e8e9d923162d",
"type": "detects"
},
{
"dest-uuid": "a7f22107-02e5-4982-9067-6625d4a1765a",
"type": "included-in"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "b18eae87-b469-4e14-b454-b171b416bc18",
"type": "detects"
},
{
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
"type": "detects"
},
{
"dest-uuid": "b8017880-4b1e-42de-ad10-ae7ac6705166",
"type": "detects"
},
{
"dest-uuid": "ba04e672-da86-4e69-aa15-0eca5db25f43",
"type": "detects"
},
{
"dest-uuid": "be055942-6e63-49d7-9fa1-9cb7d8a8f3f4",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "c21d5a77-d422-4a69-acd7-2c53c1faa34b",
"type": "detects"
},
{
"dest-uuid": "c3888c54-775d-4b2f-b759-75a2ececcbfd",
"type": "detects"
},
{
"dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4",
"type": "detects"
},
{
"dest-uuid": "cabe189c-a0e3-4965-a473-dcff00f17213",
"type": "detects"
},
{
"dest-uuid": "cca0ccb6-a068-4574-a722-b1556f86833a",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "d0613359-5781-4fd2-b5be-c269270be1f6",
"type": "detects"
},
{
"dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
"type": "detects"
},
{
"dest-uuid": "db8f5003-3b20-48f0-9b76-123e44208120",
"type": "detects"
},
{
"dest-uuid": "defc1257-4db1-4fb3-8ef5-bb77f63146df",
"type": "detects"
},
{
"dest-uuid": "df8b2a25-8bdf-4856-953c-a04372b1c161",
"type": "detects"
},
{
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"type": "detects"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "detects"
},
{
"dest-uuid": "f24faf46-3b26-4dbb-98f2-63460498e433",
"type": "detects"
},
{
"dest-uuid": "f303a39a-6255-4b89-aecc-18c4d8ca7163",
"type": "detects"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f6ad61ee-65f3-4bd0-a3f5-2f0accb36317",
"type": "detects"
},
{
"dest-uuid": "f6dacc85-b37d-458e-b58d-74fc4bbf5755",
"type": "detects"
},
{
"dest-uuid": "f7827069-0bf2-4764-af4f-23fae0d181b7",
"type": "detects"
},
{
"dest-uuid": "f870408c-b1cd-49c7-a5c7-0ef0fc496cc6",
"type": "detects"
},
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "detects"
}
],
"uuid": "a7f22107-02e5-4982-9067-6625d4a1765a",
"value": "Network Traffic Flow"
},
{
"description": "Contextual data about a scheduled job, which may include information such as name, timing, command(s), etc.",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "7b375092-3a61-448d-900a-77c9a4bde4dc",
"type": "included-in"
},
{
"dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
"type": "detects"
}
],
"uuid": "7b375092-3a61-448d-900a-77c9a4bde4dc",
"value": "Scheduled Job Metadata"
},
{
"description": "Changes made to a scheduled job, such as modifications to the execution launch (ex: Windows EID 4702 or /var/log cron logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "faa34cf6-cf32-4dc9-bd6a-8f7a606ff65b",
"type": "included-in"
}
],
"uuid": "faa34cf6-cf32-4dc9-bd6a-8f7a606ff65b",
"value": "Scheduled Job Modification"
},
{
"description": "An object file that contains code to extend the running kernel of an OS, typically used to add support for new hardware (as device drivers) and/or filesystems, or for adding system calls",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "23e4ee78-26f3-4fcf-ba43-ab953962f96c",
"type": "included-in"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
},
{
"dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6",
"type": "detects"
}
],
"uuid": "23e4ee78-26f3-4fcf-ba43-ab953962f96c",
"value": "Kernel Module Load"
},
{
"description": "Contextual data about a logon session, such as username, logon type, access tokens (security context, user SIDs, logon identifiers, and logon SID), and any activity associated within it",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "10d51417-ee35-4589-b1ff-b6df1c334e8d",
"type": "detects"
},
{
"dest-uuid": "1f9c2bae-b441-4f66-a8af-b65946ee72f2",
"type": "detects"
},
{
"dest-uuid": "39b9db72-8b48-4595-a18d-db5bbba3091b",
"type": "included-in"
},
{
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "detects"
},
{
"dest-uuid": "768dce68-8d0d-477a-b01d-0eea98b963a1",
"type": "detects"
},
{
"dest-uuid": "954a1639-f2d6-407d-aef3-4917622ca493",
"type": "detects"
},
{
"dest-uuid": "9fa07bef-9c81-421e-a8e5-ad4366c5a925",
"type": "detects"
},
{
"dest-uuid": "b17a1a56-e99c-403c-8948-561df0cffe81",
"type": "detects"
},
{
"dest-uuid": "c3d4bdd9-2cfe-4a80-9d0c-07a29ecdce8f",
"type": "detects"
},
{
"dest-uuid": "d273434a-448e-4598-8e14-607f4a0d5e27",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
},
{
"dest-uuid": "f232fa7a-025c-4d43-abc7-318e81a73d65",
"type": "detects"
},
{
"dest-uuid": "fdc47f44-dd32-4b99-af5f-209f556f63c2",
"type": "detects"
}
],
"uuid": "39b9db72-8b48-4595-a18d-db5bbba3091b",
"value": "Logon Session Metadata"
},
{
"description": "Contextual data about a named pipe on a system, including pipe name and creating process (ex: Sysmon EIDs 17-18)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "b9a1578e-8653-4103-be23-cb52e0b1816e",
"type": "included-in"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
}
],
"uuid": "b9a1578e-8653-4103-be23-cb52e0b1816e",
"value": "Named Pipe Metadata"
},
{
"description": "API calls utilized by an application that could indicate malicious activity",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0cdd66ad-26ac-4338-a764-4972a1e17ee3",
"type": "detects"
},
{
"dest-uuid": "0d95940f-9583-4e0f-824c-a42c1be47fad",
"type": "detects"
},
{
"dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b",
"type": "detects"
},
{
"dest-uuid": "198ce408-1470-45ee-b47f-7056050d4fc2",
"type": "detects"
},
{
"dest-uuid": "1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
"type": "detects"
},
{
"dest-uuid": "1d44f529-6fe6-489f-8a01-6261ac43f05e",
"type": "detects"
},
{
"dest-uuid": "1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
"type": "detects"
},
{
"dest-uuid": "20b0931a-8952-42ca-975f-775bad295f1a",
"type": "detects"
},
{
"dest-uuid": "233fe2c0-cb41-4765-b454-e0087597fbce",
"type": "detects"
},
{
"dest-uuid": "27d18e87-8f32-4be1-b456-39b90454360f",
"type": "detects"
},
{
"dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258",
"type": "detects"
},
{
"dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c",
"type": "detects"
},
{
"dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
"type": "detects"
},
{
"dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286",
"type": "detects"
},
{
"dest-uuid": "4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
"type": "detects"
},
{
"dest-uuid": "51636761-2e35-44bf-9e56-e337adf97174",
"type": "detects"
},
{
"dest-uuid": "5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
"type": "included-in"
},
{
"dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
"type": "detects"
},
{
"dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1",
"type": "detects"
},
{
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"type": "detects"
},
{
"dest-uuid": "6ffad4be-bfe0-424f-abde-4d9a84a800ad",
"type": "detects"
},
{
"dest-uuid": "702055ac-4e54-4ae9-9527-e23a38e0b160",
"type": "detects"
},
{
"dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e",
"type": "detects"
},
{
"dest-uuid": "74e6003f-c7f4-4047-983b-708cc19b96b6",
"type": "detects"
},
{
"dest-uuid": "7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
"type": "detects"
},
{
"dest-uuid": "789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
"type": "detects"
},
{
"dest-uuid": "8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
"type": "detects"
},
{
"dest-uuid": "9558a84e-2d5e-4872-918e-d847494a8ffc",
"type": "detects"
},
{
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
"type": "detects"
},
{
"dest-uuid": "b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
"type": "detects"
},
{
"dest-uuid": "c4b96c0b-cb58-497a-a1c2-bb447d79d692",
"type": "detects"
},
{
"dest-uuid": "c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
"type": "detects"
},
{
"dest-uuid": "cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
"type": "detects"
},
{
"dest-uuid": "d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
"type": "detects"
},
{
"dest-uuid": "d9e88203-2b5d-405f-a406-2933b1e3d7e4",
"type": "detects"
},
{
"dest-uuid": "dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
"type": "detects"
},
{
"dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780",
"type": "detects"
},
{
"dest-uuid": "f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
"type": "detects"
},
{
"dest-uuid": "f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
"type": "detects"
},
{
"dest-uuid": "fc53309d-ebd5-4573-9242-57024ebdad4f",
"type": "detects"
}
],
"uuid": "5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
"value": "API Calls"
},
{
"description": "Queried domain name system (DNS) registry data highlighting current domain to IP address resolutions (ex: dig/nslookup queries)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "detects"
},
{
"dest-uuid": "2e521444-7295-4dec-96c1-7595b2df7811",
"type": "included-in"
},
{
"dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3",
"type": "detects"
},
{
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5",
"type": "detects"
},
{
"dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
"type": "detects"
}
],
"uuid": "2e521444-7295-4dec-96c1-7595b2df7811",
"value": "Active DNS"
},
{
"description": "Opening of a data storage device with an assigned drive letter or mount point",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9",
"type": "detects"
},
{
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
"type": "detects"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "detects"
},
{
"dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef",
"type": "detects"
},
{
"dest-uuid": "73ff2dcc-24b1-4368-b9dc-706dd9e68354",
"type": "included-in"
},
{
"dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac",
"type": "detects"
}
],
"uuid": "73ff2dcc-24b1-4368-b9dc-706dd9e68354",
"value": "Drive Access"
},
{
"description": "Opening a file, which makes the file contents available to the requestor (ex: Windows EID 4663)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff",
"type": "detects"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "detects"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "detects"
},
{
"dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec",
"type": "detects"
},
{
"dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c",
"type": "detects"
},
{
"dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004",
"type": "detects"
},
{
"dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3",
"type": "detects"
},
{
"dest-uuid": "235b7491-2d2b-4617-9a52-3c0783680f71",
"type": "included-in"
},
{
"dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e",
"type": "detects"
},
{
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
"type": "detects"
},
{
"dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d",
"type": "detects"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "detects"
},
{
"dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0",
"type": "detects"
},
{
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
"type": "detects"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "detects"
},
{
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "detects"
},
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "detects"
},
{
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
"type": "detects"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "detects"
},
{
"dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7",
"type": "detects"
},
{
"dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf",
"type": "detects"
},
{
"dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd",
"type": "detects"
},
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c",
"type": "detects"
},
{
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3",
"type": "detects"
},
{
"dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc",
"type": "detects"
},
{
"dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969",
"type": "detects"
},
{
"dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7",
"type": "detects"
},
{
"dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
"type": "detects"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "detects"
},
{
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
},
{
"dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
"type": "detects"
},
{
"dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447",
"type": "detects"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "detects"
},
{
"dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549",
"type": "detects"
},
{
"dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24",
"type": "detects"
},
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "detects"
}
],
"uuid": "235b7491-2d2b-4617-9a52-3c0783680f71",
"value": "File Access"
},
{
"description": "Opening of a process by another process, typically to read memory of the target process (ex: Sysmon EID 10)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "10ffac09-e42d-4f56-ab20-db94c67d76ff",
"type": "detects"
},
{
"dest-uuid": "1887a270-576a-4049-84de-ef746b2572d6",
"type": "included-in"
},
{
"dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72",
"type": "detects"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "detects"
},
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"type": "detects"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605",
"type": "detects"
},
{
"dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662",
"type": "detects"
},
{
"dest-uuid": "8252f135-ed26-4ce1-ae61-f26e94429a19",
"type": "detects"
},
{
"dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d",
"type": "detects"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"type": "detects"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "detects"
},
{
"dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744",
"type": "detects"
},
{
"dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f",
"type": "detects"
},
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
}
],
"uuid": "1887a270-576a-4049-84de-ef746b2572d6",
"value": "Process Access"
},
{
"description": "Initial construction of a new container (ex: docker create <container_name>)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
},
{
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "a5ae90ca-0c4b-481c-959f-0eb18a7ff953",
"type": "included-in"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
}
],
"uuid": "a5ae90ca-0c4b-481c-959f-0eb18a7ff953",
"value": "Container Creation"
},
{
"description": "Initial construction of a drive letter or mount point to a data storage device",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
"type": "detects"
},
{
"dest-uuid": "3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f",
"type": "included-in"
},
{
"dest-uuid": "64196062-5210-42c3-9a02-563a0d1797ef",
"type": "detects"
},
{
"dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
"type": "detects"
},
{
"dest-uuid": "d40239b3-05ff-46d8-9bdd-b46d13463ef9",
"type": "detects"
},
{
"dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549",
"type": "detects"
}
],
"uuid": "3d6e6b3b-4aa8-40e1-8c47-91db0f313d9f",
"value": "Drive Creation"
},
{
"description": "An extracted list of containers (ex: docker ps)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336",
"type": "detects"
},
{
"dest-uuid": "91b3ed33-d1b5-4c4b-a896-76c55eb3cfd8",
"type": "included-in"
}
],
"uuid": "91b3ed33-d1b5-4c4b-a896-76c55eb3cfd8",
"value": "Container Enumeration"
},
{
"description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662",
"type": "detects"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "detects"
},
{
"dest-uuid": "0259baeb-9f63-4c69-bf10-eb038c390688",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5",
"type": "detects"
},
{
"dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345",
"type": "detects"
},
{
"dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9",
"type": "detects"
},
{
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
"type": "detects"
},
{
"dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff",
"type": "detects"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "detects"
},
{
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "detects"
},
{
"dest-uuid": "1035cdf2-3e5f-446f-a7a7-e8f6d7925967",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "detects"
},
{
"dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc",
"type": "detects"
},
{
"dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0",
"type": "detects"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
},
{
"dest-uuid": "1608f3e1-598a-42f4-a01a-2e252e81728f",
"type": "detects"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "detects"
},
{
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
"type": "detects"
},
{
"dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c",
"type": "detects"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "detects"
},
{
"dest-uuid": "1a80d097-54df-41d8-9d33-34e755ec5e72",
"type": "detects"
},
{
"dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b",
"type": "detects"
},
{
"dest-uuid": "1b7ba276-eedc-4951-a762-0ceea2c030ec",
"type": "detects"
},
{
"dest-uuid": "1bae753e-8e52-4055-a66d-2ead90303ca9",
"type": "detects"
},
{
"dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c",
"type": "detects"
},
{
"dest-uuid": "1e9eb839-294b-48cc-b0d3-c45555a2a004",
"type": "detects"
},
{
"dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "1ecfdab8-7d59-4c98-95d4-dc41970f57fc",
"type": "detects"
},
{
"dest-uuid": "208884f1-7b83-4473-ac22-4e1cf6c41471",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d",
"type": "detects"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"type": "detects"
},
{
"dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "24769ab5-14bd-4f4e-a752-cfb185da53ee",
"type": "detects"
},
{
"dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e",
"type": "detects"
},
{
"dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803",
"type": "detects"
},
{
"dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6",
"type": "detects"
},
{
"dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c",
"type": "detects"
},
{
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
"type": "detects"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"type": "detects"
},
{
"dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107",
"type": "detects"
},
{
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
"type": "detects"
},
{
"dest-uuid": "30973a08-aed9-4edf-8604-9084ce1b5c4f",
"type": "detects"
},
{
"dest-uuid": "3120b9fa-23b8-4500-ae73-09494f607b7d",
"type": "detects"
},
{
"dest-uuid": "315f51f0-6b03-4c1e-bfb2-84740afb8e21",
"type": "detects"
},
{
"dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
"type": "detects"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"type": "detects"
},
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"type": "detects"
},
{
"dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580",
"type": "detects"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"type": "detects"
},
{
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
"type": "detects"
},
{
"dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "detects"
},
{
"dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336",
"type": "detects"
},
{
"dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8",
"type": "detects"
},
{
"dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb",
"type": "detects"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "detects"
},
{
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
},
{
"dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e",
"type": "detects"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "detects"
},
{
"dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "3fc01293-ef5e-41c6-86ce-61f10706b64a",
"type": "detects"
},
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "40597f16-0963-4249-bf4c-ac93b7fb9807",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927",
"type": "detects"
},
{
"dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
"type": "detects"
},
{
"dest-uuid": "43f2776f-b4bd-4118-94b8-fee47e69676d",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "494ab9f0-36e0-4b06-b10d-57285b040a06",
"type": "detects"
},
{
"dest-uuid": "4a2975db-414e-4c0c-bd92-775987514b4b",
"type": "detects"
},
{
"dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830",
"type": "detects"
},
{
"dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470",
"type": "detects"
},
{
"dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0",
"type": "detects"
},
{
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462",
"type": "detects"
},
{
"dest-uuid": "51ea26b1-ff1e-4faa-b1a0-1114cd298c87",
"type": "detects"
},
{
"dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b",
"type": "detects"
},
{
"dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "55bb4471-ff1f-43b4-88c1-c9384ec47abf",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
},
{
"dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "58a3e6aa-4453-4cc8-a51f-4befe80b31a8",
"type": "detects"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "detects"
},
{
"dest-uuid": "5d2be8b9-d24c-4e98-83bf-2f5f79477163",
"type": "detects"
},
{
"dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7",
"type": "detects"
},
{
"dest-uuid": "60b508a1-6a5e-46b1-821a-9f7b78752abf",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "613d08bc-e8f4-4791-80b0-c8b974340dfd",
"type": "detects"
},
{
"dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc",
"type": "detects"
},
{
"dest-uuid": "63220765-d418-44de-8fae-694b3912317d",
"type": "detects"
},
{
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "635cbe30-392d-4e27-978e-66774357c762",
"type": "detects"
},
{
"dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
"type": "detects"
},
{
"dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "677569f9-a8b0-459e-ab24-7f18091fa7bf",
"type": "detects"
},
{
"dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9",
"type": "detects"
},
{
"dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35",
"type": "detects"
},
{
"dest-uuid": "685f917a-e95e-4ba0-ade1-c7d354dae6e0",
"type": "included-in"
},
{
"dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1",
"type": "detects"
},
{
"dest-uuid": "6add2ab5-2711-4e9d-87c8-7a0be8531530",
"type": "detects"
},
{
"dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4",
"type": "detects"
},
{
"dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6",
"type": "detects"
},
{
"dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071",
"type": "detects"
},
{
"dest-uuid": "6faf650d-bf31-4eb4-802d-1000cf38efaf",
"type": "detects"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "detects"
},
{
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"type": "detects"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da",
"type": "detects"
},
{
"dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177",
"type": "detects"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "79a4052e-1a89-4b09-aea6-51f1d11fe19c",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1",
"type": "detects"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "detects"
},
{
"dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
"type": "detects"
},
{
"dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236",
"type": "detects"
},
{
"dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
"type": "detects"
},
{
"dest-uuid": "7d77a07d-02fe-4e88-8bd9-e9c008c01bf0",
"type": "detects"
},
{
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
"type": "detects"
},
{
"dest-uuid": "7de1f7ac-5d0c-4c9c-8873-627202205331",
"type": "detects"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "detects"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327",
"type": "detects"
},
{
"dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d",
"type": "detects"
},
{
"dest-uuid": "818302b2-d640-477b-bf88-873120ce85c4",
"type": "detects"
},
{
"dest-uuid": "8187bd2a-866f-4457-9009-86b0ddedffa3",
"type": "detects"
},
{
"dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497",
"type": "detects"
},
{
"dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d",
"type": "detects"
},
{
"dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc",
"type": "detects"
},
{
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "detects"
},
{
"dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852",
"type": "detects"
},
{
"dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969",
"type": "detects"
},
{
"dest-uuid": "86850eff-2729-40c3-b85e-c4af26da4a2d",
"type": "detects"
},
{
"dest-uuid": "86a96bf6-cf8b-411c-aaeb-8959944d64f7",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "8cdeb020-e31e-4f88-a582-f53dcfbda819",
"type": "detects"
},
{
"dest-uuid": "8d7bd4f5-3a89-4453-9c82-2c8894d5655e",
"type": "detects"
},
{
"dest-uuid": "8e350c1d-ac79-4b5c-bd4e-7476d7e84ec5",
"type": "detects"
},
{
"dest-uuid": "8f104855-e5b7-4077-b1f5-bc3103b41abe",
"type": "detects"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"type": "detects"
},
{
"dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59",
"type": "detects"
},
{
"dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58",
"type": "detects"
},
{
"dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938",
"type": "detects"
},
{
"dest-uuid": "92d7da27-2d91-488e-a00c-059dc162766d",
"type": "detects"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "detects"
},
{
"dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c",
"type": "detects"
},
{
"dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd",
"type": "detects"
},
{
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
"type": "detects"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"type": "detects"
},
{
"dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "a19e86f8-1c0a-4fea-8407-23b73d615776",
"type": "detects"
},
{
"dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6",
"type": "detects"
},
{
"dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d",
"type": "detects"
},
{
"dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
"type": "detects"
},
{
"dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21",
"type": "detects"
},
{
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
},
{
"dest-uuid": "a93494bb-4b80-4ea1-8695-3236a49916fd",
"type": "detects"
},
{
"dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56",
"type": "detects"
},
{
"dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "ae676644-d2d2-41b7-af7e-9bed1b55898c",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b4694861-542c-48ea-9eb1-10d356e7140a",
"type": "detects"
},
{
"dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
"type": "detects"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec",
"type": "detects"
},
{
"dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab",
"type": "detects"
},
{
"dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
"type": "detects"
},
{
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "bf147104-abf9-4221-95d1-e81585859441",
"type": "detects"
},
{
"dest-uuid": "bf1b6176-597c-4600-bfcd-ac989670f96b",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f",
"type": "detects"
},
{
"dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
"type": "detects"
},
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "detects"
},
{
"dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8",
"type": "detects"
},
{
"dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839",
"type": "detects"
},
{
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617",
"type": "detects"
},
{
"dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979",
"type": "detects"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"type": "detects"
},
{
"dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96",
"type": "detects"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "detects"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "detects"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
},
{
"dest-uuid": "d0b4fcdb-d67d-4ed2-99ce-788b12f8c0f4",
"type": "detects"
},
{
"dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584",
"type": "detects"
},
{
"dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253",
"type": "detects"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447",
"type": "detects"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48",
"type": "detects"
},
{
"dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377",
"type": "detects"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"type": "detects"
},
{
"dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
"type": "detects"
},
{
"dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56",
"type": "detects"
},
{
"dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
},
{
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
"type": "detects"
},
{
"dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
"type": "detects"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "detects"
},
{
"dest-uuid": "e3a12395-188d-4051-9a16-ea8e14d07b88",
"type": "detects"
},
{
"dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58",
"type": "detects"
},
{
"dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391",
"type": "detects"
},
{
"dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e",
"type": "detects"
},
{
"dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549",
"type": "detects"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d",
"type": "detects"
},
{
"dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3",
"type": "detects"
},
{
"dest-uuid": "ebb42bbe-62d7-47d7-a55f-3b08b61d792d",
"type": "detects"
},
{
"dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "edf91964-b26e-4b4a-9600-ccacd7d7df24",
"type": "detects"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "detects"
},
{
"dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995",
"type": "detects"
},
{
"dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5",
"type": "detects"
},
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "detects"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
},
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "detects"
},
{
"dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe",
"type": "detects"
},
{
"dest-uuid": "f8ef3a62-3f44-40a4-abca-761ab235c436",
"type": "detects"
},
{
"dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac",
"type": "detects"
},
{
"dest-uuid": "fb8d023d-45be-47e9-bc51-f56bcae6435b",
"type": "detects"
},
{
"dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b",
"type": "detects"
},
{
"dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc",
"type": "detects"
},
{
"dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407",
"type": "detects"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "detects"
}
],
"uuid": "685f917a-e95e-4ba0-ade1-c7d354dae6e0",
"value": "Command Execution"
},
{
"description": "Initial construction of a new file (ex: Sysmon EID 11)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "0533ab23-3f7d-463f-9bd8-634d27e4dee1",
"type": "detects"
},
{
"dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32",
"type": "detects"
},
{
"dest-uuid": "0c8ab3eb-df48-4b9c-ace7-beacaac81cc5",
"type": "detects"
},
{
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "detects"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "1126cab1-c700-412f-a510-61f4937bb096",
"type": "detects"
},
{
"dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e",
"type": "detects"
},
{
"dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b",
"type": "detects"
},
{
"dest-uuid": "1644e709-12d2-41e5-a60f-3470991f5011",
"type": "detects"
},
{
"dest-uuid": "1c34f7aa-9341-4a48-bfab-af22e51aca6c",
"type": "detects"
},
{
"dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e",
"type": "detects"
},
{
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
"type": "detects"
},
{
"dest-uuid": "2b3bfe19-d59a-460d-93bb-2f546adc2d2c",
"type": "included-in"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "detects"
},
{
"dest-uuid": "2e34237d-8574-43f6-aace-ae2915de8597",
"type": "detects"
},
{
"dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34",
"type": "detects"
},
{
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "35187df2-31ed-43b6-a1f5-2f1d3d58d3f1",
"type": "detects"
},
{
"dest-uuid": "359b00ad-9425-420b-bba5-6de8d600cbc0",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42",
"type": "detects"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "detects"
},
{
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
"type": "detects"
},
{
"dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6",
"type": "detects"
},
{
"dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
"type": "detects"
},
{
"dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
"type": "detects"
},
{
"dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
"type": "detects"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2",
"type": "detects"
},
{
"dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "63220765-d418-44de-8fae-694b3912317d",
"type": "detects"
},
{
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
},
{
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7dd95ff6-712e-4056-9626-312ea4ab4c5e",
"type": "detects"
},
{
"dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961",
"type": "detects"
},
{
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "detects"
},
{
"dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3",
"type": "detects"
},
{
"dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103",
"type": "detects"
},
{
"dest-uuid": "90c4a591-d02d-490b-92aa-619d9701ac04",
"type": "detects"
},
{
"dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5",
"type": "detects"
},
{
"dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd",
"type": "detects"
},
{
"dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
"type": "detects"
},
{
"dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6",
"type": "detects"
},
{
"dest-uuid": "a62a8db3-f23a-4d8f-afd6-9dbc77e7813b",
"type": "detects"
},
{
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
"type": "detects"
},
{
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
"type": "detects"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b",
"type": "detects"
},
{
"dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f",
"type": "detects"
},
{
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
},
{
"dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d4dc46e3-5ba5-45b9-8204-010867cacfcb",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56",
"type": "detects"
},
{
"dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
},
{
"dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
"type": "detects"
},
{
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "e6919abc-99f9-4c6c-95a5-14761e7b2add",
"type": "detects"
},
{
"dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "ef67e13e-5598-4adc-bdb2-998225874fa9",
"type": "detects"
},
{
"dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490",
"type": "detects"
},
{
"dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407",
"type": "detects"
}
],
"uuid": "2b3bfe19-d59a-460d-93bb-2f546adc2d2c",
"value": "File Creation"
},
{
"description": "Initial construction of a WMI object, such as a filter, consumer, subscription, binding, or provider (ex: Sysmon EIDs 19-21)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "detects"
},
{
"dest-uuid": "02c5abff-30bf-4703-ab92-1f6072fae939",
"type": "detects"
},
{
"dest-uuid": "05645013-2fed-4066-8bdc-626b2e201dd4",
"type": "included-in"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
}
],
"uuid": "05645013-2fed-4066-8bdc-626b2e201dd4",
"value": "WMI Creation"
},
{
"description": "Initial construction of a new instance (ex: instance.insert within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "b5b0e8ae-7436-4951-950a-7b83c4dd3f2c",
"type": "included-in"
},
{
"dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c",
"type": "detects"
}
],
"uuid": "b5b0e8ae-7436-4951-950a-7b83c4dd3f2c",
"value": "Instance Creation"
},
{
"description": "Initial construction of a virtual machine image (ex: Azure Compute Service Images PUT)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f",
"type": "detects"
},
{
"dest-uuid": "800f9819-7007-4540-a520-40e655876800",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "b008766d-f34f-4ded-b712-659f59aaed6e",
"type": "included-in"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
}
],
"uuid": "b008766d-f34f-4ded-b712-659f59aaed6e",
"value": "Image Creation"
},
{
"description": "Contextual data about a container and activity around it such as name, ID, image, or status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "df508a43-65f5-453f-8b8f-4b5d64e60a21",
"type": "included-in"
}
],
"uuid": "df508a43-65f5-453f-8b8f-4b5d64e60a21",
"value": "Container Metadata"
},
{
"description": "Contextual data about a cluster and activity around it such as name, namespace, age, or status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "fafaa705-ec08-4405-ac62-288c252e520d",
"type": "included-in"
}
],
"uuid": "fafaa705-ec08-4405-ac62-288c252e520d",
"value": "Cluster Metadata"
},
{
"description": "Code, strings, and other signatures that compromise a malicious payload",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "167b48f7-76e9-4fcb-9e8d-7121f7bf56c3",
"type": "included-in"
},
{
"dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0",
"type": "detects"
},
{
"dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970",
"type": "detects"
},
{
"dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1",
"type": "detects"
},
{
"dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf",
"type": "detects"
}
],
"uuid": "167b48f7-76e9-4fcb-9e8d-7121f7bf56c3",
"value": "Malware Content"
},
{
"description": "Network requests made by an application or domains contacted",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "22379609-a99f-4a01-bd7e-70f3e105859d",
"type": "detects"
},
{
"dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258",
"type": "detects"
},
{
"dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
"type": "detects"
},
{
"dest-uuid": "2ccc3d39-9598-4d32-9657-42e1c7095d26",
"type": "detects"
},
{
"dest-uuid": "5abfc5e6-3c56-49e7-ad72-502d01acf28b",
"type": "detects"
},
{
"dest-uuid": "6c49d50f-494d-4150-b774-a655022d20a6",
"type": "detects"
},
{
"dest-uuid": "764ee29e-48d6-4934-8e6b-7a606aaaafc0",
"type": "included-in"
},
{
"dest-uuid": "939808a7-121d-467a-b028-4441ee8b7cee",
"type": "detects"
},
{
"dest-uuid": "948a447c-d783-4ba0-8516-a64140fcacd5",
"type": "detects"
},
{
"dest-uuid": "986f80f7-ff0e-4f48-87bd-0394814bbce5",
"type": "detects"
},
{
"dest-uuid": "c6a146ae-9c63-4606-97ff-e261e76e8380",
"type": "detects"
},
{
"dest-uuid": "d916f176-a1ca-4a78-9fdd-4058bc28162e",
"type": "detects"
},
{
"dest-uuid": "fd211238-f767-4599-8c0d-9dca36624626",
"type": "detects"
}
],
"uuid": "764ee29e-48d6-4934-8e6b-7a606aaaafc0",
"value": "Network Communication"
},
{
"description": "Device configuration options that are not typically utilized by benign applications",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13",
"type": "detects"
},
{
"dest-uuid": "6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
"type": "included-in"
}
],
"uuid": "6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
"value": "Protected Configuration"
},
{
"description": "The initial construction of an executable managed by the OS, that may involve one or more tasks or threads. (e.g. Win EID 4688, Sysmon EID 1, cmd.exe > net use, etc.)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "005cc321-08ce-4d17-b1ea-cb5275926520",
"type": "detects"
},
{
"dest-uuid": "00f90846-cbd1-4fc5-9233-df5c2bf2a662",
"type": "detects"
},
{
"dest-uuid": "01327cde-66c4-4123-bf34-5f258d59457b",
"type": "detects"
},
{
"dest-uuid": "01a5a209-b94c-450b-b7f9-946497d91055",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "03d7999c-1f4c-42cc-8373-e7690d318104",
"type": "detects"
},
{
"dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5",
"type": "detects"
},
{
"dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345",
"type": "detects"
},
{
"dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58",
"type": "detects"
},
{
"dest-uuid": "0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22",
"type": "detects"
},
{
"dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9",
"type": "detects"
},
{
"dest-uuid": "0c2d00da-7742-49e7-9928-4514e5075d32",
"type": "detects"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "detects"
},
{
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
},
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "detects"
},
{
"dest-uuid": "132d5b37-aac5-4378-a8dc-3127b18a73dc",
"type": "detects"
},
{
"dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0",
"type": "detects"
},
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
},
{
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
"type": "detects"
},
{
"dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c",
"type": "detects"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "detects"
},
{
"dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b",
"type": "detects"
},
{
"dest-uuid": "1bae753e-8e52-4055-a66d-2ead90303ca9",
"type": "detects"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"type": "detects"
},
{
"dest-uuid": "1eaebf46-e361-4437-bc23-d5d65a3b92e3",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "215d9700-5881-48b8-8265-6449dbb7195d",
"type": "detects"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"type": "detects"
},
{
"dest-uuid": "22522668-ddf6-470b-a027-9d6866679f67",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d",
"type": "detects"
},
{
"dest-uuid": "232b7f21-adf9-4b42-b936-b9d6f7df856e",
"type": "detects"
},
{
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
"type": "detects"
},
{
"dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e",
"type": "detects"
},
{
"dest-uuid": "28170e17-8384-415c-8486-2e6b294cb803",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "29be378d-262d-4e99-b00d-852d573628e6",
"type": "detects"
},
{
"dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c",
"type": "detects"
},
{
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
"type": "detects"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2cd950a6-16c4-404a-aa01-044322395107",
"type": "detects"
},
{
"dest-uuid": "2db31dcd-54da-405d-acef-b9129b816ed6",
"type": "detects"
},
{
"dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
"type": "detects"
},
{
"dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
"type": "detects"
},
{
"dest-uuid": "322bad5a-1c49-4d23-ab79-76d641794afa",
"type": "detects"
},
{
"dest-uuid": "3257eb21-f9a7-4430-8de1-d8b6e288f529",
"type": "detects"
},
{
"dest-uuid": "341e222a-a6e3-4f6f-b69c-831d792b1580",
"type": "detects"
},
{
"dest-uuid": "3489cfc5-640f-4bb3-a103-9137b97de79f",
"type": "detects"
},
{
"dest-uuid": "348f1eef-964b-4eb6-bb53-69b3dcb0c643",
"type": "detects"
},
{
"dest-uuid": "34a80bc4-80f2-46e6-94ff-f3265a4b657c",
"type": "detects"
},
{
"dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "354a7f88-63fb-41b5-a801-ce3b377b36f1",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336",
"type": "detects"
},
{
"dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8",
"type": "detects"
},
{
"dest-uuid": "37b11151-1776-4f8f-b328-30939fbf2ceb",
"type": "detects"
},
{
"dest-uuid": "389735f1-f21c-4208-b8f0-f8031e7169b8",
"type": "detects"
},
{
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3b0e52ce-517a-4614-a523-1bd5deef6c5e",
"type": "detects"
},
{
"dest-uuid": "3b744087-9945-4a6f-91e8-9dbceda417a4",
"type": "detects"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "detects"
},
{
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
"type": "detects"
},
{
"dest-uuid": "3d1b9d7e-3921-4d25-845a-7d9f15c0da44",
"type": "detects"
},
{
"dest-uuid": "3d20385b-24ef-40e1-9f56-f39750379077",
"type": "included-in"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "3fc9b85a-2862-4363-a64d-d692e3ffbee0",
"type": "detects"
},
{
"dest-uuid": "4061e78c-1284-44b4-9116-73e4ac3912f7",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83",
"type": "detects"
},
{
"dest-uuid": "435dfb86-2697-4867-85b5-2fef496c0517",
"type": "detects"
},
{
"dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927",
"type": "detects"
},
{
"dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
"type": "detects"
},
{
"dest-uuid": "43c9bc06-715b-42db-972f-52d25c09a20c",
"type": "detects"
},
{
"dest-uuid": "451a9977-d255-43c9-b431-66de80130c8c",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4a2975db-414e-4c0c-bd92-775987514b4b",
"type": "detects"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "detects"
},
{
"dest-uuid": "4ae4f953-fe58-4cc8-a327-33257e30a830",
"type": "detects"
},
{
"dest-uuid": "4bc31b94-045b-4752-8920-aebaebdb6470",
"type": "detects"
},
{
"dest-uuid": "4bed873f-0b7d-41d4-b93a-b6905d1f90b0",
"type": "detects"
},
{
"dest-uuid": "4cbc6a62-9e34-4f94-8a19-5c1a11392a49",
"type": "detects"
},
{
"dest-uuid": "4d2a5b3e-340d-4600-9123-309dd63c9bf8",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "4f9ca633-15c5-463c-9724-bdcd54fde541",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "565275d5-fcc3-4b66-b4e7-928e4cac6b8c",
"type": "detects"
},
{
"dest-uuid": "57340c81-c025-4189-8fa0-fc7ede51bae4",
"type": "detects"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2",
"type": "detects"
},
{
"dest-uuid": "5b0ad6f8-6a16-4966-a4ef-d09ea6e2a9f5",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "5e4a2073-9643-44cb-a0b5-e7f4048446c7",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc",
"type": "detects"
},
{
"dest-uuid": "63220765-d418-44de-8fae-694b3912317d",
"type": "detects"
},
{
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "635cbe30-392d-4e27-978e-66774357c762",
"type": "detects"
},
{
"dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
"type": "detects"
},
{
"dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196",
"type": "detects"
},
{
"dest-uuid": "65f2d882-3f41-4d48-8a06-29af77ec9f90",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"type": "detects"
},
{
"dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1",
"type": "detects"
},
{
"dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4",
"type": "detects"
},
{
"dest-uuid": "6d4a7fb3-5a24-42be-ae61-6728a2b581f6",
"type": "detects"
},
{
"dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071",
"type": "detects"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
},
{
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "72b74d71-8169-42aa-92e0-e7b04b9f5a08",
"type": "detects"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "7610cada-1499-41a4-b3dd-46467b68d177",
"type": "detects"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7b50a1d3-4ca7-45d1-989d-a6503f04bfe1",
"type": "detects"
},
{
"dest-uuid": "7bc57495-ea59-4380-be31-a64af124ef18",
"type": "detects"
},
{
"dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236",
"type": "detects"
},
{
"dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
"type": "detects"
},
{
"dest-uuid": "7e150503-88e7-4861-866b-ff1ac82c4475",
"type": "detects"
},
{
"dest-uuid": "808e6329-ca91-4b87-ac2d-8eadc5f8f327",
"type": "detects"
},
{
"dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d",
"type": "detects"
},
{
"dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497",
"type": "detects"
},
{
"dest-uuid": "82caa33e-d11a-433a-94ea-9b5a5fbef81d",
"type": "detects"
},
{
"dest-uuid": "837f9164-50af-4ac0-8219-379d8a74cefc",
"type": "detects"
},
{
"dest-uuid": "840a987a-99bd-4a80-a5c9-0cb2baa6cade",
"type": "detects"
},
{
"dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3",
"type": "detects"
},
{
"dest-uuid": "853c4192-4311-43e1-bfbb-b11b14911852",
"type": "detects"
},
{
"dest-uuid": "866d0d6d-02c6-42bd-aa2f-02907fdc0969",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "8f4a33ec-8b1f-4b80-a2f6-642b2e479580",
"type": "detects"
},
{
"dest-uuid": "910906dd-8c0a-475a-9cc1-5e029e2fad58",
"type": "detects"
},
{
"dest-uuid": "91541e7e-b969-40c6-bbd8-1b5352ec2938",
"type": "detects"
},
{
"dest-uuid": "92a78814-b191-47ca-909c-1ccfe3777414",
"type": "detects"
},
{
"dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a",
"type": "detects"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "detects"
},
{
"dest-uuid": "98034fef-d9fb-4667-8dc4-2eab6231724c",
"type": "detects"
},
{
"dest-uuid": "9c306d8d-cde7-4b4c-b6e8-d0bb16caca36",
"type": "detects"
},
{
"dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd",
"type": "detects"
},
{
"dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
"type": "detects"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"type": "detects"
},
{
"dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6",
"type": "detects"
},
{
"dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d",
"type": "detects"
},
{
"dest-uuid": "a3e1e6c5-9c74-4fc0-a16c-a9d228c17829",
"type": "detects"
},
{
"dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21",
"type": "detects"
},
{
"dest-uuid": "a6937325-9321-4e2e-bb2b-3ed2d40b2a9d",
"type": "detects"
},
{
"dest-uuid": "a750a9f6-0bde-4bb3-9aae-1e2786e9780c",
"type": "detects"
},
{
"dest-uuid": "a9d4b653-6915-42af-98b2-5758c4ceee56",
"type": "detects"
},
{
"dest-uuid": "a9e2cea0-c805-4bf8-9e31-f5f0513a3634",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"type": "detects"
},
{
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
"type": "detects"
},
{
"dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b6075259-dba3-44e9-87c7-e954f37ec0d5",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
"type": "detects"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "b84903f0-c7d5-435d-a69e-de47cc3578c0",
"type": "detects"
},
{
"dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
"type": "detects"
},
{
"dest-uuid": "be2dcee9-a7a7-4e38-afd6-21b31ecc3d63",
"type": "detects"
},
{
"dest-uuid": "bef8aaee-961d-4359-a308-4c2182bcedff",
"type": "detects"
},
{
"dest-uuid": "bf147104-abf9-4221-95d1-e81585859441",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b",
"type": "detects"
},
{
"dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f",
"type": "detects"
},
{
"dest-uuid": "c1b68a96-3c48-49ea-a6c0-9b27359f9c19",
"type": "detects"
},
{
"dest-uuid": "c32f7008-9fea-41f7-8366-5eb9b74bd896",
"type": "detects"
},
{
"dest-uuid": "c48a67ee-b657-45c1-91bf-6cdbe27205f8",
"type": "detects"
},
{
"dest-uuid": "c615231b-f253-4f58-9d47-d5b4cbdb6839",
"type": "detects"
},
{
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617",
"type": "detects"
},
{
"dest-uuid": "c877e33f-1df6-40d6-b1e7-ce70f16f4979",
"type": "detects"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"type": "detects"
},
{
"dest-uuid": "c92e3d68-2349-49e4-a341-7edca2deff96",
"type": "detects"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "detects"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "cc3502b5-30cc-4473-ad48-42d51a6ef6d1",
"type": "detects"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
},
{
"dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253",
"type": "detects"
},
{
"dest-uuid": "d1fcf083-a721-4223-aedf-bf8960798d62",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "d336b553-5da9-46ca-98a8-0b23f49fb447",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "d742a578-d70e-4d0e-96a6-02a9c30204e6",
"type": "detects"
},
{
"dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
"type": "detects"
},
{
"dest-uuid": "da051493-ae9c-4b1b-9760-c009c46c9b56",
"type": "detects"
},
{
"dest-uuid": "dc31fe1e-d722-49da-8f5f-92c7b5aff534",
"type": "detects"
},
{
"dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
},
{
"dest-uuid": "e0033c16-a07e-48aa-8204-7c3ca669998c",
"type": "detects"
},
{
"dest-uuid": "e01be9c5-e763-4caf-aeb7-000b416aef67",
"type": "detects"
},
{
"dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
"type": "detects"
},
{
"dest-uuid": "e358d692-23c0-4a31-9eb6-ecc13a8d7735",
"type": "detects"
},
{
"dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58",
"type": "detects"
},
{
"dest-uuid": "e4dc8c01-417f-458d-9ee0-bb0617c1b391",
"type": "detects"
},
{
"dest-uuid": "e6415f09-df0e-48de-9aba-928c902b7549",
"type": "detects"
},
{
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "eb062747-2193-45de-8fa2-e62549c37ddf",
"type": "detects"
},
{
"dest-uuid": "eb125d40-0b2d-41ac-a71a-3229241c2cd3",
"type": "detects"
},
{
"dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3",
"type": "detects"
},
{
"dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "detects"
},
{
"dest-uuid": "f244b8dd-af6c-4391-a497-fc03627ce995",
"type": "detects"
},
{
"dest-uuid": "f3c544dc-673c-4ef3-accb-53229f1ae077",
"type": "detects"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
},
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "detects"
},
{
"dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe",
"type": "detects"
},
{
"dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac",
"type": "detects"
},
{
"dest-uuid": "fe926152-f431-4baf-956c-4ad3cb0bf23b",
"type": "detects"
},
{
"dest-uuid": "ff25900d-76d5-449b-a351-8824e62fc81b",
"type": "detects"
},
{
"dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc",
"type": "detects"
},
{
"dest-uuid": "ffbcfdb0-de22-4106-9ed3-fc23c8a01407",
"type": "detects"
},
{
"dest-uuid": "ffe59ad3-ad9b-4b9f-b74f-5beb3c309dc1",
"type": "detects"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "detects"
}
],
"uuid": "3d20385b-24ef-40e1-9f56-f39750379077",
"value": "Process Creation"
},
{
"description": "Initial construction of a new pod (ex: kubectl apply|run)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "5263cb33-08cc-4a68-820f-004e1e400d76",
"type": "included-in"
},
{
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
"type": "detects"
}
],
"uuid": "5263cb33-08cc-4a68-820f-004e1e400d76",
"value": "Pod Creation"
},
{
"description": "Queried or logged information highlighting current and expired digital certificates (ex: Certificate transparency)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421",
"type": "detects"
},
{
"dest-uuid": "1dad5aa4-4bb5-45e4-9e42-55d40003cfa6",
"type": "included-in"
},
{
"dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1",
"type": "detects"
}
],
"uuid": "1dad5aa4-4bb5-45e4-9e42-55d40003cfa6",
"value": "Certificate Registration"
},
{
"description": "Logged network traffic in response to a scan showing both protocol header and body values",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "detects"
},
{
"dest-uuid": "04a5a8ab-3bc8-4c83-95c9-55274a89786d",
"type": "detects"
},
{
"dest-uuid": "09312b1a-c3c6-4b45-9844-3ccc78e5d82f",
"type": "detects"
},
{
"dest-uuid": "0dcbbf4f-929c-489a-b66b-9b820d3f7f0e",
"type": "included-in"
},
{
"dest-uuid": "155207c0-7f53-4f13-a06b-0a9907ef5096",
"type": "detects"
},
{
"dest-uuid": "19401639-28d0-4c3c-adcc-bc2ba22f6421",
"type": "detects"
},
{
"dest-uuid": "1cec9319-743b-4840-bb65-431547bce82a",
"type": "detects"
},
{
"dest-uuid": "24286c33-d4a4-4419-85c2-1d094a896c26",
"type": "detects"
},
{
"dest-uuid": "31fe0ba2-62fd-4fd9-9293-4043d84f7fe9",
"type": "detects"
},
{
"dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0",
"type": "detects"
},
{
"dest-uuid": "3ee16395-03f0-4690-a32e-69ce9ada0f9e",
"type": "detects"
},
{
"dest-uuid": "506f6f49-7045-4156-9007-7474cb44ad6d",
"type": "detects"
},
{
"dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337",
"type": "detects"
},
{
"dest-uuid": "774ad5bb-2366-4c13-a8a9-65e50b292e7c",
"type": "detects"
},
{
"dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795",
"type": "detects"
},
{
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "84771bc3-f6a0-403e-b144-01af70e5fda0",
"type": "detects"
},
{
"dest-uuid": "84ae8255-b4f4-4237-b5c5-e717405a9701",
"type": "detects"
},
{
"dest-uuid": "88d31120-5bc7-4ce3-a9c0-7cf147be8e54",
"type": "detects"
},
{
"dest-uuid": "ae797531-3219-49a4-bccf-324ad7a4c7b2",
"type": "detects"
},
{
"dest-uuid": "baf60e1a-afe5-4d31-830f-1b1ba2351884",
"type": "detects"
},
{
"dest-uuid": "c071d8c1-3b3a-4f22-9407-ca4e96921069",
"type": "detects"
},
{
"dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1",
"type": "detects"
},
{
"dest-uuid": "df1bc34d-1634-4c93-b89e-8120994fce77",
"type": "detects"
},
{
"dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5",
"type": "detects"
},
{
"dest-uuid": "e5d550f3-2202-4634-85f2-4a200a1d49b3",
"type": "detects"
},
{
"dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf",
"type": "detects"
}
],
"uuid": "0dcbbf4f-929c-489a-b66b-9b820d3f7f0e",
"value": "Response Content"
},
{
"description": "Initial construction of a new snapshot (ex: AWS create-snapshot)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "3da222e6-53f3-451c-a239-0b405c009432",
"type": "included-in"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1",
"type": "detects"
}
],
"uuid": "3da222e6-53f3-451c-a239-0b405c009432",
"value": "Snapshot Creation"
},
{
"description": "Activation or invocation of a container (ex: docker start or docker restart)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
"type": "detects"
},
{
"dest-uuid": "5fe82895-28e5-4aac-845e-dc886b63be2e",
"type": "included-in"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
}
],
"uuid": "5fe82895-28e5-4aac-845e-dc886b63be2e",
"value": "Container Start"
},
{
"description": "Initial construction of a new service/daemon (ex: Windows EID 4697 or /var/log daemon logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "035bb001-ab69-4a0b-9f6c-2de8b09e1b9d",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "5297a638-1382-4f0c-8472-0d21830bf705",
"type": "included-in"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "650c784b-7504-4df7-ab2c-4ea882384d1e",
"type": "detects"
},
{
"dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
"type": "detects"
},
{
"dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584",
"type": "detects"
},
{
"dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
},
{
"dest-uuid": "f1951e8a-500e-4a26-8803-76d95c4554b4",
"type": "detects"
}
],
"uuid": "5297a638-1382-4f0c-8472-0d21830bf705",
"value": "Service Creation"
},
{
"description": "Initial construction of a cloud volume (ex: AWS create-volume)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "dad75cc7-5bae-4175-adb4-ca1962d8650e",
"type": "included-in"
}
],
"uuid": "dad75cc7-5bae-4175-adb4-ca1962d8650e",
"value": "Volume Creation"
},
{
"description": "Deactivation or stoppage of a cloud service (ex: Write/Delete entries within Azure Firewall Activity Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "5372c5fe-f424-4def-bcd5-d3a8e770f07b",
"type": "detects"
},
{
"dest-uuid": "77532a55-c283-4cd2-bc5d-2d0b65e9d88c",
"type": "detects"
},
{
"dest-uuid": "c97d0171-f6e0-4415-85ff-4082fdb8c72a",
"type": "included-in"
}
],
"uuid": "c97d0171-f6e0-4415-85ff-4082fdb8c72a",
"value": "Firewall Disable"
},
{
"description": "Removal of a file (ex: Sysmon EID 23, macOS ESF EID ES_EVENT_TYPE_AUTH_UNLINK, or Linux commands auditd unlink, rename, rmdir, unlinked, or renameat rules)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292",
"type": "detects"
},
{
"dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36",
"type": "detects"
},
{
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
},
{
"dest-uuid": "6495ae23-3ab4-43c5-a94f-5638a2c31fd2",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "d63a3fb8-9452-4e9d-a60a-54be68d5998c",
"type": "detects"
},
{
"dest-uuid": "e905dad2-00d6-477c-97e8-800427abd0e8",
"type": "included-in"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
}
],
"uuid": "e905dad2-00d6-477c-97e8-800427abd0e8",
"value": "File Deletion"
},
{
"description": "Removal of an instance (ex: instance.delete within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4",
"type": "detects"
},
{
"dest-uuid": "7561ed50-16cb-4826-82c7-c1ddca61785e",
"type": "included-in"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
}
],
"uuid": "7561ed50-16cb-4826-82c7-c1ddca61785e",
"value": "Instance Deletion"
},
{
"description": "Removal of a virtual machine image (ex: Azure Compute Service Images DELETE)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "8b4ca854-ac08-47da-b24f-601b28a39aff",
"type": "included-in"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
}
],
"uuid": "8b4ca854-ac08-47da-b24f-601b28a39aff",
"value": "Image Deletion"
},
{
"description": "Attaching a driver to either user or kernel-mode of a system (ex: Sysmon EID 6)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "09a60ea3-a8d1-4ae5-976e-5783248b72a4",
"type": "detects"
},
{
"dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "detects"
},
{
"dest-uuid": "3551476e-14f5-4e48-a518-e82135329e03",
"type": "included-in"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "b21c3b2d-02e6-45b1-980b-e69051040839",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "dd43c543-bb85-4a6f-aa6e-160d90d06a49",
"type": "detects"
},
{
"dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
"type": "detects"
},
{
"dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac",
"type": "detects"
}
],
"uuid": "3551476e-14f5-4e48-a518-e82135329e03",
"value": "Driver Load"
},
{
"description": "Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "791481f8-e96a-41be-b089-a088763083d4",
"type": "detects"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "f5a9a1dd-82f9-41a3-85b8-13e5b9cd6c79",
"type": "included-in"
}
],
"uuid": "f5a9a1dd-82f9-41a3-85b8-13e5b9cd6c79",
"value": "Driver Metadata"
},
{
"description": "Changes made to a drive letter or mount point of a data storage device",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0af0ca99-357d-4ba1-805f-674fdfb7bef9",
"type": "detects"
},
{
"dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
"type": "detects"
},
{
"dest-uuid": "1988cc35-ced8-4dad-b2d1-7628488fa967",
"type": "detects"
},
{
"dest-uuid": "1b7b1806-7746-41a1-a35d-e48dae25ddba",
"type": "detects"
},
{
"dest-uuid": "4dcd8ba3-2075-4f8b-941e-39884ffaac08",
"type": "included-in"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "fb640c43-aa6b-431e-a961-a279010424ac",
"type": "detects"
}
],
"uuid": "4dcd8ba3-2075-4f8b-941e-39884ffaac08",
"value": "Drive Modification"
},
{
"description": "Logged domain name system (DNS) data highlighting timelines of domain to IP address resolutions (ex: passive DNS)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "detects"
},
{
"dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3",
"type": "detects"
},
{
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "c2f59d25-87fe-44aa-8f83-e8e59d077bf5",
"type": "detects"
},
{
"dest-uuid": "cc150ad8-ecfa-4340-9aaa-d21165873bd4",
"type": "included-in"
},
{
"dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
"type": "detects"
}
],
"uuid": "cc150ad8-ecfa-4340-9aaa-d21165873bd4",
"value": "Passive DNS"
},
{
"description": "Information about domain name assignments and other domain metadata (ex: WHOIS)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "detects"
},
{
"dest-uuid": "40f5caa0-4cb7-4117-89fc-d421bb493df3",
"type": "detects"
},
{
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "f9cc4d06-775f-4ee1-b401-4e2cc0da30ba",
"type": "detects"
},
{
"dest-uuid": "ff9b665a-598b-4bcb-8b2a-a87566aa1256",
"type": "included-in"
}
],
"uuid": "ff9b665a-598b-4bcb-8b2a-a87566aa1256",
"value": "Domain Registration"
},
{
"description": "Removal of a snapshot (ex: AWS delete-snapshot)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "16e07530-764b-4d83-bae0-cdbfc31bf21d",
"type": "included-in"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
}
],
"uuid": "16e07530-764b-4d83-bae0-cdbfc31bf21d",
"value": "Snapshot Deletion"
},
{
"description": "Removal of a a cloud volume (ex: AWS delete-volume)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "3acecdde-c327-4498-9bb8-33a2e63c6c57",
"type": "included-in"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
}
],
"uuid": "3acecdde-c327-4498-9bb8-33a2e63c6c57",
"value": "Volume Deletion"
},
{
"description": "An extracted list of available firewalls and/or their associated settings/rules (ex: Azure Network Firewall CLI Show commands)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "bf91faa8-0049-4870-810a-4df55e0b77ee",
"type": "included-in"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "detects"
},
{
"dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58",
"type": "detects"
}
],
"uuid": "bf91faa8-0049-4870-810a-4df55e0b77ee",
"value": "Firewall Enumeration"
},
{
"description": "An extracted list of available groups and/or their associated settings (ex: AWS list-groups)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
},
{
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
"type": "detects"
},
{
"dest-uuid": "21875073-b0ee-49e3-9077-1e2a885359af",
"type": "detects"
},
{
"dest-uuid": "25659dd6-ea12-45c4-97e6-381e3e4b593e",
"type": "detects"
},
{
"dest-uuid": "2aed01ad-3df3-4410-a8cb-11ea4ded587c",
"type": "detects"
},
{
"dest-uuid": "8e44412e-3238-4d64-8878-4f11e27784fe",
"type": "included-in"
},
{
"dest-uuid": "a01bf75f-00b2-4568-a58f-565ff9bf202b",
"type": "detects"
}
],
"uuid": "8e44412e-3238-4d64-8878-4f11e27784fe",
"value": "Group Enumeration"
},
{
"description": "An extracted list of instances within a cloud environment (ex: instance.list within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "2a80d95f-08c4-48e3-833e-151ef19d90f5",
"type": "included-in"
},
{
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
"type": "detects"
}
],
"uuid": "2a80d95f-08c4-48e3-833e-151ef19d90f5",
"value": "Instance Enumeration"
},
{
"description": "An extracted list of pods within a cluster (ex: kubectl get pods)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0470e792-32f8-46b0-a351-652bc35e9336",
"type": "detects"
},
{
"dest-uuid": "07688e40-a7fa-4436-937f-1216674341a0",
"type": "included-in"
}
],
"uuid": "07688e40-a7fa-4436-937f-1216674341a0",
"value": "Pod Enumeration"
},
{
"description": "An extracted list of snapshops within a cloud environment (ex: AWS describe-snapshots)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
"type": "detects"
},
{
"dest-uuid": "ffd73905-2e51-4f2d-8549-e72fb0eb6c38",
"type": "included-in"
}
],
"uuid": "ffd73905-2e51-4f2d-8549-e72fb0eb6c38",
"value": "Snapshot Enumeration"
},
{
"description": "The execution of a text file that contains code via the interpreter (e.g. Powershell, WMI, Windows EID 4104, etc.)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "09cd431f-eaf4-4d2a-acaf-2a7acfe7ed58",
"type": "detects"
},
{
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "detects"
},
{
"dest-uuid": "143c0cbb-a297-4142-9624-87ffc778980b",
"type": "detects"
},
{
"dest-uuid": "1b20efbf-8063-4fc3-a07d-b575318a301b",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d",
"type": "detects"
},
{
"dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
"type": "detects"
},
{
"dest-uuid": "30208d3e-0d6b-43c8-883e-44462a514619",
"type": "detects"
},
{
"dest-uuid": "3c4a2599-71ee-4405-ba1e-0e28414b4bc5",
"type": "detects"
},
{
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "41868330-6ee2-4d0f-b743-9f2294c3c9b6",
"type": "detects"
},
{
"dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "53ac20cd-aca3-406e-9aa0-9fc7fdc60a5a",
"type": "detects"
},
{
"dest-uuid": "707399d6-ab3e-4963-9315-d9d3818cd6a0",
"type": "detects"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "767dbf9e-df3f-45cb-8998-4903ab5f80c0",
"type": "detects"
},
{
"dest-uuid": "774a3188-6ba9-4dc4-879d-d54ee48a5ce9",
"type": "detects"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "detects"
},
{
"dest-uuid": "9f387817-df83-432a-b56b-a8fb7f71eedd",
"type": "included-in"
},
{
"dest-uuid": "a2029942-0a85-4947-b23c-ca434698171d",
"type": "detects"
},
{
"dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b",
"type": "detects"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "d50955c2-272d-4ac8-95da-10c29dda1c48",
"type": "detects"
},
{
"dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377",
"type": "detects"
},
{
"dest-uuid": "d94b3ae9-8059-4989-8e9f-ea0f601f80a7",
"type": "detects"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"type": "detects"
},
{
"dest-uuid": "f6fe9070-7a65-49ea-ae72-76292f42cebe",
"type": "detects"
}
],
"uuid": "9f387817-df83-432a-b56b-a8fb7f71eedd",
"value": "Script Execution"
},
{
"description": "An extracted list of available volumes within a cloud environment (ex: AWS describe-volumes)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "57a3d31a-d04f-4663-b2da-7df8ec3f8c9d",
"type": "detects"
},
{
"dest-uuid": "ec225357-8197-47a4-a9cd-57741d592877",
"type": "included-in"
}
],
"uuid": "ec225357-8197-47a4-a9cd-57741d592877",
"value": "Volume Enumeration"
},
{
"description": "Contextual data about a firewall and activity around it such as name, policy, or status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "746f095a-f84c-4ccc-90a5-c7caa5c100a2",
"type": "included-in"
},
{
"dest-uuid": "cba37adb-d6fb-4610-b069-dd04c0643384",
"type": "detects"
},
{
"dest-uuid": "e3b6daca-e963-4a69-aee6-ed4fd653ad58",
"type": "detects"
}
],
"uuid": "746f095a-f84c-4ccc-90a5-c7caa5c100a2",
"value": "Firewall Metadata"
},
{
"description": "Contextual data about a file, which may include information such as name, the content (ex: signature, headers, or data/media), user/owner, permissions, etc.",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5",
"type": "detects"
},
{
"dest-uuid": "0533ab23-3f7d-463f-9bd8-634d27e4dee1",
"type": "detects"
},
{
"dest-uuid": "09b130a2-a77e-4af0-a361-f46f9aad1345",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
},
{
"dest-uuid": "11f29a39-0942-4d62-92b6-fe236cf3066e",
"type": "detects"
},
{
"dest-uuid": "191cc6af-1bb2-4344-ab5f-28e496638720",
"type": "detects"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "2f41939b-54c3-41d6-8f8b-35f1ec18ed97",
"type": "detects"
},
{
"dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
"type": "detects"
},
{
"dest-uuid": "32901740-b42c-4fdd-bc02-345b5dc57082",
"type": "detects"
},
{
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
"type": "detects"
},
{
"dest-uuid": "34e793de-0274-4982-9c1a-246ed1c19dee",
"type": "detects"
},
{
"dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"type": "detects"
},
{
"dest-uuid": "5bfccc3f-2326-4112-86cc-c1ece9d8a2b5",
"type": "detects"
},
{
"dest-uuid": "639e87f3-acb6-448a-9645-258f20da4bc5",
"type": "included-in"
},
{
"dest-uuid": "65917ae0-b854-4139-83fe-bf2441cf0196",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9",
"type": "detects"
},
{
"dest-uuid": "7007935a-a8a7-4c0b-bd98-4e85be8ed197",
"type": "detects"
},
{
"dest-uuid": "77eae145-55db-4519-8ae5-77b0c7215d69",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "7e7c2fba-7cca-486c-9582-4c1bb2851961",
"type": "detects"
},
{
"dest-uuid": "887274fc-2d63-4bdc-82f3-fae56d1d5fdc",
"type": "detects"
},
{
"dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "b22e5153-ac28-4cc6-865c-2054e36285cb",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b4b7458f-81f2-4d38-84be-1c5ba0167a52",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "bd369cd9-abb8-41ce-b5bb-fff23ee86c00",
"type": "detects"
},
{
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "bf90d72c-c00b-45e3-b3aa-68560560d4c5",
"type": "detects"
},
{
"dest-uuid": "c2e147a9-d1a8-4074-811a-d8789202d916",
"type": "detects"
},
{
"dest-uuid": "c726e0a2-a57a-4b7b-a973-d0f013246617",
"type": "detects"
},
{
"dest-uuid": "c898c4b5-bf36-4e6e-a4ad-5b8c4c13e35b",
"type": "detects"
},
{
"dest-uuid": "d511a6f6-4a33-41d5-bc95-c343875d1377",
"type": "detects"
},
{
"dest-uuid": "deb98323-e13f-4b0c-8d94-175379069062",
"type": "detects"
},
{
"dest-uuid": "e51137a5-1cdc-499e-911a-abaedaa5ac86",
"type": "detects"
},
{
"dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4",
"type": "detects"
},
{
"dest-uuid": "ec8fc7e2-b356-455c-8db5-2e37be158e7d",
"type": "detects"
},
{
"dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5",
"type": "detects"
}
],
"uuid": "639e87f3-acb6-448a-9645-258f20da4bc5",
"value": "File Metadata"
},
{
"description": "Changes made to firmware, including its settings and/or data, such as MBR (Master Boot Record) and VBR (Volume Boot Record)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
"type": "detects"
},
{
"dest-uuid": "16ab6452-c3c1-497c-a47d-206018ca1ada",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "28abec6c-4443-4b03-8206-07f2e264a6b4",
"type": "detects"
},
{
"dest-uuid": "791481f8-e96a-41be-b089-a088763083d4",
"type": "detects"
},
{
"dest-uuid": "7f0ca133-88c4-40c6-a62f-b3083a7fbc2e",
"type": "detects"
},
{
"dest-uuid": "a6557c75-798f-42e4-be70-ab4502e0a3bc",
"type": "detects"
},
{
"dest-uuid": "b9d031bb-d150-4fc6-8025-688201bf3ffd",
"type": "included-in"
},
{
"dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04",
"type": "detects"
},
{
"dest-uuid": "f5bb433e-bdf6-4781-84bc-35e97e43be89",
"type": "detects"
}
],
"uuid": "b9d031bb-d150-4fc6-8025-688201bf3ffd",
"value": "Firmware Modification"
},
{
"description": "Changes made to a file, or its access permissions and attributes, typically to alter the contents of the targeted file (ex: Windows EID 4670 or Sysmon EID 2)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "005a06c6-14bf-4118-afa0-ebcd8aebb0c9",
"type": "detects"
},
{
"dest-uuid": "03259939-0b57-482f-8eb5-87c0e0d54334",
"type": "detects"
},
{
"dest-uuid": "06c00069-771a-4d57-8ef5-d3718c1a8771",
"type": "detects"
},
{
"dest-uuid": "0cf55441-b176-4332-89e7-2c4c7799d0ff",
"type": "detects"
},
{
"dest-uuid": "0cfe31a7-81fc-472c-bc45-e2808d1066a3",
"type": "detects"
},
{
"dest-uuid": "0f20e3cb-245b-4a61-8a91-2d93f7cb0e9b",
"type": "detects"
},
{
"dest-uuid": "0f2c410d-d740-4ed9-abb1-b8f4a7faf6c3",
"type": "detects"
},
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
},
{
"dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0",
"type": "detects"
},
{
"dest-uuid": "1cfcb312-b8d7-47a4-b560-4b16cc677292",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "1f9012ef-1e10-4e48-915e-e03563435fe8",
"type": "detects"
},
{
"dest-uuid": "208884f1-7b83-4473-ac22-4e1cf6c41471",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "22905430-4901-4c2a-84f6-98243cb173f8",
"type": "detects"
},
{
"dest-uuid": "246fd3c7-f5e3-466d-8787-4c13d9e3b61c",
"type": "detects"
},
{
"dest-uuid": "2acf44aa-542f-4366-b4eb-55ef5747759c",
"type": "detects"
},
{
"dest-uuid": "2bce5b30-7014-4a5d-ade7-12913fe6ac36",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34",
"type": "detects"
},
{
"dest-uuid": "31a0a2ac-c67c-4a7e-b9ed-6a96477d4e8e",
"type": "detects"
},
{
"dest-uuid": "32ad5c86-2bcf-47d8-8fdc-d7f3d79a7490",
"type": "detects"
},
{
"dest-uuid": "34f1d81d-fe88-4f97-bd3b-a3164536255d",
"type": "detects"
},
{
"dest-uuid": "35dd844a-b219-4e2b-a6bb-efa9a75995a9",
"type": "detects"
},
{
"dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8",
"type": "detects"
},
{
"dest-uuid": "3975dbb5-0e1e-4f5b-bae1-cf2ab84b46dc",
"type": "detects"
},
{
"dest-uuid": "3a40f208-a9c1-4efa-a598-4003c3681fb8",
"type": "detects"
},
{
"dest-uuid": "3aef9463-9a7a-43ba-8957-a867e07c1e6a",
"type": "detects"
},
{
"dest-uuid": "3ccef7ae-cb5e-48f6-8302-897105fbf55c",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83",
"type": "detects"
},
{
"dest-uuid": "438c967d-3996-4870-bfc2-3954752a1927",
"type": "detects"
},
{
"dest-uuid": "43ba2b05-cf72-4b6c-8243-03a4aba41ee0",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "47f2d673-ca62-47e9-929b-1b0be9657611",
"type": "detects"
},
{
"dest-uuid": "4ab929c6-ee2d-4fb5-aab4-b14be2ed7179",
"type": "detects"
},
{
"dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc",
"type": "detects"
},
{
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "58af3705-8740-4c68-9329-ec015a7013c2",
"type": "detects"
},
{
"dest-uuid": "5909f20f-3c39-4795-be06-ef1ea40d350b",
"type": "detects"
},
{
"dest-uuid": "5d0d3609-d06d-49e1-b9c9-b544e0c618cb",
"type": "detects"
},
{
"dest-uuid": "63220765-d418-44de-8fae-694b3912317d",
"type": "detects"
},
{
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "6831414d-bb70-42b7-8030-d4e06b2660c9",
"type": "detects"
},
{
"dest-uuid": "69e5226d-05dc-4f15-95d7-44f5ed78d06e",
"type": "detects"
},
{
"dest-uuid": "6b57dc31-b814-4a03-8706-28bc20d739c4",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
},
{
"dest-uuid": "70e52b04-2a0c-4cea-9d18-7149f1df9dc5",
"type": "detects"
},
{
"dest-uuid": "799ace7f-e227-4411-baa0-8868704f2a69",
"type": "detects"
},
{
"dest-uuid": "79a47ad0-fc3b-4821-9f01-a026b1ddba21",
"type": "detects"
},
{
"dest-uuid": "7d20fff9-8751-404e-badd-ccd71bda0236",
"type": "detects"
},
{
"dest-uuid": "7efba77e-3bc4-4ca5-8292-d8201dcd64b5",
"type": "detects"
},
{
"dest-uuid": "810aa4ad-61c9-49cb-993f-daa06199421d",
"type": "detects"
},
{
"dest-uuid": "84572de3-9583-4c73-aabd-06ea88123dd8",
"type": "included-in"
},
{
"dest-uuid": "84601337-6a55-4ad7-9c35-79e0d1ea2ab3",
"type": "detects"
},
{
"dest-uuid": "8c41090b-aa47-4331-986b-8c9a51a91103",
"type": "detects"
},
{
"dest-uuid": "8c4aef43-48d5-49aa-b2af-c0cd58d30c3d",
"type": "detects"
},
{
"dest-uuid": "960c3c86-1480-4d72-b4e0-8c242e84a5c5",
"type": "detects"
},
{
"dest-uuid": "9c45eaa3-8604-4780-8988-b5074dbb9ecd",
"type": "detects"
},
{
"dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
"type": "detects"
},
{
"dest-uuid": "9efb1ea7-c37b-4595-9640-b7680cd84279",
"type": "detects"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "a1b52199-c8c5-438a-9ded-656f1d0888c6",
"type": "detects"
},
{
"dest-uuid": "a542bac9-7bc1-4da7-9a09-96f69e23cc21",
"type": "detects"
},
{
"dest-uuid": "ac9e6b22-11bf-45d7-9181-c1cb08360931",
"type": "detects"
},
{
"dest-uuid": "ae7f3575-0a5e-427e-991b-fe03ad44c754",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b46a801b-fd98-491c-a25a-bca25d6e3001",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b63a34e8-0a61-4c97-a23b-bf8a2ed812e2",
"type": "detects"
},
{
"dest-uuid": "b77cf5f3-6060-475d-bd60-40ccbf28fdc2",
"type": "detects"
},
{
"dest-uuid": "b80d107d-fa0d-4b60-9684-b0433e8bdba0",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "bf96a5a3-3bce-43b7-8597-88545984c07b",
"type": "detects"
},
{
"dest-uuid": "c0dfe7b0-b873-4618-9ff8-53e31f70907f",
"type": "detects"
},
{
"dest-uuid": "c63a348e-ffc2-486a-b9d9-d7f11ec54d99",
"type": "detects"
},
{
"dest-uuid": "cbb66055-0325-4111-aca0-40547b6ad5b0",
"type": "detects"
},
{
"dest-uuid": "ce4b7013-640e-48a9-b501-d0025a95f4bf",
"type": "detects"
},
{
"dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584",
"type": "detects"
},
{
"dest-uuid": "d157f9d2-d09a-4efa-bb2a-64963f94e253",
"type": "detects"
},
{
"dest-uuid": "d201d4cc-214d-4a74-a1ba-b3fa09fd4591",
"type": "detects"
},
{
"dest-uuid": "d245808a-7086-4310-984a-a84aaaa43f8f",
"type": "detects"
},
{
"dest-uuid": "d2c4e5ea-dbdf-4113-805a-b1e2a337fb33",
"type": "detects"
},
{
"dest-uuid": "d456de47-a16f-4e46-8980-e67478a12dcb",
"type": "detects"
},
{
"dest-uuid": "d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c",
"type": "detects"
},
{
"dest-uuid": "d4b96d2c-1032-4b22-9235-2b5b649d0605",
"type": "detects"
},
{
"dest-uuid": "dca670cf-eeec-438f-8185-fd959d9ef211",
"type": "detects"
},
{
"dest-uuid": "dfebc3b7-d19d-450b-81c7-6dafe4184c04",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
},
{
"dest-uuid": "e0232cb0-ded5-4c2e-9dc7-2893142a5c11",
"type": "detects"
},
{
"dest-uuid": "e5cc9e7a-e61a-46a1-b869-55fb6eab058e",
"type": "detects"
},
{
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "ea071aa0-8f17-416f-ab0d-2bab7e79003d",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
"type": "detects"
},
{
"dest-uuid": "f2857333-11d4-45bf-b064-2c28d8525be5",
"type": "detects"
},
{
"dest-uuid": "f3d95a1f-bba2-44ce-9af7-37866cd63fd0",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "fa44a152-ac48-441e-a524-dd7b04b8adcd",
"type": "detects"
},
{
"dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490",
"type": "detects"
},
{
"dest-uuid": "fc74ba38-dc98-461f-8611-b3dbf9978e3d",
"type": "detects"
}
],
"uuid": "84572de3-9583-4c73-aabd-06ea88123dd8",
"value": "File Modification"
},
{
"description": "Contextual data about a group which describes group and activity around it, such as name, permissions, or user accounts within the group",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "15dbf668-795c-41e6-8219-f0447c0e64ce",
"type": "detects"
},
{
"dest-uuid": "16e94db9-b5b1-4cd0-b851-f38fbd0a70f2",
"type": "detects"
},
{
"dest-uuid": "8d8c7cac-94cf-4726-8989-cab33851168c",
"type": "included-in"
}
],
"uuid": "8d8c7cac-94cf-4726-8989-cab33851168c",
"value": "Group Metadata"
},
{
"description": "Changes made to a group, such as membership, name, or permissions (ex: Windows EID 4728 or 4732, AWS IAM UpdateGroup)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "05d5b5b4-ef93-4807-b05f-33d8c5a35bc5",
"type": "included-in"
},
{
"dest-uuid": "a10641f4-87b4-45a3-a906-92a149cb2c27",
"type": "detects"
},
{
"dest-uuid": "e74de37c-a829-446c-937d-56a44f0e9306",
"type": "detects"
}
],
"uuid": "05d5b5b4-ef93-4807-b05f-33d8c5a35bc5",
"value": "Group Modification"
},
{
"description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0bda01d5-4c1d-4062-8ee2-6872334383c3",
"type": "detects"
},
{
"dest-uuid": "0df05477-c572-4ed6-88a9-47c581f548f7",
"type": "detects"
},
{
"dest-uuid": "18cffc21-3260-437e-80e4-4ab8bf2ba5e9",
"type": "detects"
},
{
"dest-uuid": "2bee5ffb-7a7a-4119-b1f2-158151b19ac0",
"type": "detects"
},
{
"dest-uuid": "351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
"type": "detects"
},
{
"dest-uuid": "36b2a1d7-e09e-49bf-b45e-477076c2ec01",
"type": "detects"
},
{
"dest-uuid": "38eb0c22-6caf-46ce-8869-5964bd735858",
"type": "detects"
},
{
"dest-uuid": "39131305-9282-45e4-ac3b-591d2d4fc3ef",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "3f18edba-28f4-4bb9-82c3-8aa60dcac5f7",
"type": "detects"
},
{
"dest-uuid": "46d818a5-67fa-4585-a7fc-ecf15376c8d5",
"type": "detects"
},
{
"dest-uuid": "4eb28bed-d11a-4641-9863-c2ac017d910a",
"type": "detects"
},
{
"dest-uuid": "4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
"type": "detects"
},
{
"dest-uuid": "667e5707-3843-4da8-bd34-88b922526f0d",
"type": "detects"
},
{
"dest-uuid": "670a4d75-103b-4b14-8a9e-4652fa795edd",
"type": "detects"
},
{
"dest-uuid": "74d2a63f-3c7b-4852-92da-02d8fbab16da",
"type": "detects"
},
{
"dest-uuid": "85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
"type": "included-in"
},
{
"dest-uuid": "8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
"type": "detects"
},
{
"dest-uuid": "8f504411-cb96-4dac-a537-8d2bb7679c59",
"type": "detects"
},
{
"dest-uuid": "9558a84e-2d5e-4872-918e-d847494a8ffc",
"type": "detects"
},
{
"dest-uuid": "a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "bef8aaee-961d-4359-a308-4c2182bcedff",
"type": "detects"
},
{
"dest-uuid": "c08366bb-8d11-4921-853f-f0a3b6a2a1da",
"type": "detects"
},
{
"dest-uuid": "c675646d-e204-4aa8-978d-e3d6d65885c4",
"type": "detects"
},
{
"dest-uuid": "c6e17ca2-08b5-4379-9786-89bd05241831",
"type": "detects"
},
{
"dest-uuid": "cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
"type": "detects"
},
{
"dest-uuid": "cd25c1b4-935c-4f0e-ba8d-552f28bc4783",
"type": "detects"
},
{
"dest-uuid": "d74c4a7e-ffbf-432f-9365-7ebf1f787cab",
"type": "detects"
},
{
"dest-uuid": "dfe29258-ce59-421c-9dee-e85cb9fa90cd",
"type": "detects"
},
{
"dest-uuid": "fd339382-bfec-4bf0-8d47-1caedc9e7e57",
"type": "detects"
},
{
"dest-uuid": "ff73aa03-0090-4464-83ac-f89e233c02bc",
"type": "detects"
}
],
"uuid": "85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
"value": "Host Status"
},
{
"description": "Contextual data about an instance and activity around it such as name, type, or status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
"type": "detects"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "45fd904d-6eb0-4b50-8478-a961f09f898b",
"type": "included-in"
},
{
"dest-uuid": "59bd0dec-f8b2-4b9a-9141-37a1e6899761",
"type": "detects"
},
{
"dest-uuid": "70857657-bd0b-4695-ad3e-b13f92cac1b4",
"type": "detects"
},
{
"dest-uuid": "cf1c2504-433f-4c4e-a1f8-91de45a0318c",
"type": "detects"
}
],
"uuid": "45fd904d-6eb0-4b50-8478-a961f09f898b",
"value": "Instance Metadata"
},
{
"description": "Contextual data about a virtual machine image such as name, resource group, state, or type",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f",
"type": "detects"
},
{
"dest-uuid": "b5327dd1-6bf9-4785-a199-25bcbd1f4a9d",
"type": "detects"
},
{
"dest-uuid": "b597a220-6510-4397-b0d8-342cd2c58827",
"type": "included-in"
}
],
"uuid": "b597a220-6510-4397-b0d8-342cd2c58827",
"value": "Image Metadata"
},
{
"description": "Changes made to an instance, including its settings and/or control data (ex: instance.addResourcePolicies or instances.setMetadata within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
"type": "detects"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "45d0ff14-b9c4-41f5-8603-156657c20b75",
"type": "included-in"
}
],
"uuid": "45d0ff14-b9c4-41f5-8603-156657c20b75",
"value": "Instance Modification"
},
{
"description": "Changes made to a virtual machine image, including setting and/or control data (ex: Azure Compute Service Images PATCH)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "071a09b1-8945-46fd-8bb7-6bcc89400963",
"type": "included-in"
},
{
"dest-uuid": "4fd8a28b-4b3a-4cd6-a8cf-85ba5f824a7f",
"type": "detects"
}
],
"uuid": "071a09b1-8945-46fd-8bb7-6bcc89400963",
"value": "Image Modification"
},
{
"description": "Activation or invocation of an instance (ex: instance.start within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
"type": "detects"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "8c32eb4d-805f-4fc5-bf60-c4d476c131b5",
"type": "detects"
},
{
"dest-uuid": "b0c74ef9-c61e-4986-88cb-78da98a355ec",
"type": "detects"
},
{
"dest-uuid": "f8213cde-6b3a-420d-9ab7-41c9af1a919f",
"type": "included-in"
}
],
"uuid": "f8213cde-6b3a-420d-9ab7-41c9af1a919f",
"value": "Instance Start"
},
{
"description": "Deactivation or stoppage of an instance (ex: instance.stop within GCP Audit Logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0708ae90-d0eb-4938-9a76-d0fc94f6eec1",
"type": "detects"
},
{
"dest-uuid": "1361e324-b594-4c0e-a517-20cee32b8d7f",
"type": "included-in"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
}
],
"uuid": "1361e324-b594-4c0e-a517-20cee32b8d7f",
"value": "Instance Stop"
},
{
"description": "Attaching a module into the memory of a process/program, typically to access shared resources/features provided by the module (ex: Sysmon EID 7)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "045d0922-2310-4e60-b5e4-3302302cb3c5",
"type": "detects"
},
{
"dest-uuid": "0a5231ec-41af-4a35-83d0-6bdf11f28c65",
"type": "detects"
},
{
"dest-uuid": "0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d",
"type": "detects"
},
{
"dest-uuid": "10ff21b9-5a01-4268-a1b5-3b55015f1847",
"type": "detects"
},
{
"dest-uuid": "1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf",
"type": "detects"
},
{
"dest-uuid": "232a7e42-cd6e-4902-8fe9-2960f529dd4d",
"type": "detects"
},
{
"dest-uuid": "2c4d4e92-0ccf-4a97-b54c-86d662988a53",
"type": "detects"
},
{
"dest-uuid": "2de47683-f398-448f-b947-9abcc3e32fad",
"type": "detects"
},
{
"dest-uuid": "2f6b4ed7-fef1-44ba-bcb8-1b4beb610b64",
"type": "detects"
},
{
"dest-uuid": "2fee9321-3e71-4cf4-af24-d4d40d355b34",
"type": "detects"
},
{
"dest-uuid": "365be77f-fc0e-42ee-bac8-4faf806d9336",
"type": "detects"
},
{
"dest-uuid": "3731fbcd-0e43-47ae-ae6c-d15e510f0d42",
"type": "detects"
},
{
"dest-uuid": "379809f6-2fac-42c1-bd2e-e9dee70b27f8",
"type": "detects"
},
{
"dest-uuid": "391d824f-0ef1-47a0-b0ee-c59a75e27670",
"type": "detects"
},
{
"dest-uuid": "42fe883a-21ea-4cfb-b94a-78b6476dcc83",
"type": "detects"
},
{
"dest-uuid": "43881e51-ac74-445b-b4c6-f9f9e9bf23fe",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "457c7820-d331-465a-915e-42f85500ccc4",
"type": "detects"
},
{
"dest-uuid": "4933e63b-9b77-476e-ab29-761bc5b7d15a",
"type": "detects"
},
{
"dest-uuid": "4ff5d6a8-c062-4c68-a778-36fc5edd564f",
"type": "detects"
},
{
"dest-uuid": "5095a853-299c-4876-abd7-ac0050fb5462",
"type": "detects"
},
{
"dest-uuid": "543fceb5-cb92-40cb-aacf-6913d4db58bc",
"type": "detects"
},
{
"dest-uuid": "54a649ff-439a-41a4-9856-8d144a2551ba",
"type": "detects"
},
{
"dest-uuid": "54ca26f3-c172-4231-93e5-ccebcac2161f",
"type": "detects"
},
{
"dest-uuid": "61afc315-860c-4364-825d-0d62b2e91edc",
"type": "detects"
},
{
"dest-uuid": "633a100c-b2c9-41bf-9be5-905c1b16c825",
"type": "detects"
},
{
"dest-uuid": "6836813e-8ec8-4375-b459-abb388cb1a35",
"type": "detects"
},
{
"dest-uuid": "68a0c5ed-bee2-4513-830d-5b0d650139bd",
"type": "detects"
},
{
"dest-uuid": "6e3bd510-6b33-41a4-af80-2d80f3ee0071",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "7d57b371-10c2-45e5-b3cc-83a8fb380e4c",
"type": "detects"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "detects"
},
{
"dest-uuid": "98be40f2-c86b-4ade-b6fc-4964932040e5",
"type": "detects"
},
{
"dest-uuid": "acd0ba37-7ba9-4cc5-ac61-796586cd856d",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "b3d682b6-98f2-4fb0-aa3b-b4df007ca70a",
"type": "detects"
},
{
"dest-uuid": "b6301b64-ef57-4cce-bb0b-77026f14a8db",
"type": "detects"
},
{
"dest-uuid": "b83e166d-13d7-4b52-8677-dff90c548fd7",
"type": "detects"
},
{
"dest-uuid": "b8cfed42-6a8a-4989-ad72-541af74475ec",
"type": "detects"
},
{
"dest-uuid": "b97f1d35-4249-4486-a6b5-ee60ccf24fab",
"type": "detects"
},
{
"dest-uuid": "bc0f5e80-91c0-4e04-9fbb-e4e332c85dae",
"type": "detects"
},
{
"dest-uuid": "c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1",
"type": "included-in"
},
{
"dest-uuid": "cc89ecbd-3d33-4a41-bcca-001e702d18fd",
"type": "detects"
},
{
"dest-uuid": "dfd7cc1d-e1d8-4394-a198-97c4cab8aa67",
"type": "detects"
},
{
"dest-uuid": "e64c62cf-9cd7-4a14-94ec-cdaac43ab44b",
"type": "detects"
},
{
"dest-uuid": "ea4c2f9c-9df1-477c-8c42-6da1118f2ac4",
"type": "detects"
},
{
"dest-uuid": "ebbe170d-aa74-4946-8511-9921243415a3",
"type": "detects"
},
{
"dest-uuid": "ed7efd4d-ce28-4a19-a8e6-c58011eb2c7a",
"type": "detects"
},
{
"dest-uuid": "f0589bc3-a6ae-425a-a3d5-5659bfee07f4",
"type": "detects"
},
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "detects"
},
{
"dest-uuid": "f4c1826f-a322-41cd-9557-562100848c84",
"type": "detects"
},
{
"dest-uuid": "f63fe421-b1d1-45c0-b8a7-02cd16ff2bed",
"type": "detects"
},
{
"dest-uuid": "fc742192-19e3-466c-9eb5-964a97b29490",
"type": "detects"
},
{
"dest-uuid": "ffeb0780-356e-4261-b036-cfb6bd234335",
"type": "detects"
}
],
"uuid": "c0a4a086-cc20-4e1e-b7cb-29d99dfa3fb1",
"value": "Module Load"
},
{
"description": "Contextual data about a malicious payload, such as compilation times, file hashes, as well as watermarks or other identifiable configuration information",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "212306d8-efa4-44c9-8c2d-ed3d2e224aa0",
"type": "detects"
},
{
"dest-uuid": "34b3f738-bd64-40e5-a112-29b0542bc8bf",
"type": "detects"
},
{
"dest-uuid": "7807d3a4-a885-4639-a786-c1ed41484970",
"type": "detects"
},
{
"dest-uuid": "93a6e38c-02a5-44d8-9035-b2e08459f31f",
"type": "included-in"
},
{
"dest-uuid": "a2fdce72-04b2-409a-ac10-cc1695f4fce0",
"type": "detects"
},
{
"dest-uuid": "ce0687a0-e692-4b77-964a-0784a8e54ff1",
"type": "detects"
},
{
"dest-uuid": "e7cbc1de-1f79-48ee-abfd-da1241c65a15",
"type": "detects"
},
{
"dest-uuid": "edadea33-549c-4ed1-9783-8f5a5853cbdf",
"type": "detects"
}
],
"uuid": "93a6e38c-02a5-44d8-9035-b2e08459f31f",
"value": "Malware Metadata"
},
{
"description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "120d5519-3098-4e1c-9191-2aa61232f073",
"type": "detects"
},
{
"dest-uuid": "1365fe3b-0f50-455d-b4da-266ce31c23b0",
"type": "detects"
},
{
"dest-uuid": "1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2",
"type": "detects"
},
{
"dest-uuid": "29f1f56c-7b7a-4c14-9e39-59577ea2743c",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "67720091-eee3-4d2d-ae16-8264567f6f5b",
"type": "detects"
},
{
"dest-uuid": "693cdbff-ea73-49c6-ac3f-91e7285c31d1",
"type": "detects"
},
{
"dest-uuid": "7385dfaf-6886-4229-9ecd-6fd678040830",
"type": "detects"
},
{
"dest-uuid": "824add00-99a1-4b15-9a2d-6c5683b7b497",
"type": "detects"
},
{
"dest-uuid": "93591901-3172-4e94-abf8-6034ab26f44a",
"type": "detects"
},
{
"dest-uuid": "970a3432-3237-47ad-bcca-7d8cbb217736",
"type": "detects"
},
{
"dest-uuid": "bb5a00de-e086-4859-a231-fa793f6797e2",
"type": "detects"
},
{
"dest-uuid": "bd5b58a4-a52d-4a29-bc0d-3f1d3968eb6b",
"type": "detects"
},
{
"dest-uuid": "dcaa092b-7de9-4a21-977f-7fcb77e89c48",
"type": "detects"
},
{
"dest-uuid": "ee575f4a-2d4f-48f6-b18b-89067760adc1",
"type": "included-in"
},
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "detects"
},
{
"dest-uuid": "f5946b5e-9408-485f-a7f7-b5efc88909b6",
"type": "detects"
}
],
"uuid": "ee575f4a-2d4f-48f6-b18b-89067760adc1",
"value": "Process Metadata"
},
{
"description": "Contextual data about a pod and activity around it such as name, ID, namespace, or status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "c0edd522-0aef-46b3-8efa-2bd334ce4242",
"type": "included-in"
}
],
"uuid": "c0edd522-0aef-46b3-8efa-2bd334ce4242",
"value": "Pod Metadata"
},
{
"description": "Changes made to a process, or its contents, typically to write and/or execute code in the memory of the target process (ex: Sysmon EID 8)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "41d9846c-f6af-4302-a654-24bba2729bc6",
"type": "detects"
},
{
"dest-uuid": "43e7dc91-05b2-474c-b9ac-2ed4fe101f4d",
"type": "detects"
},
{
"dest-uuid": "544b0346-29ad-41e1-a808-501bb4193f47",
"type": "detects"
},
{
"dest-uuid": "562e9b64-7239-493d-80f4-2bff900d9054",
"type": "detects"
},
{
"dest-uuid": "7c0f17c9-1af6-4628-9cbd-9e45482dd605",
"type": "detects"
},
{
"dest-uuid": "806a49c4-970d-43f9-9acc-ac0ee11e6662",
"type": "detects"
},
{
"dest-uuid": "b200542e-e877-4395-875b-cf1a44537ca4",
"type": "detects"
},
{
"dest-uuid": "d5fca4e4-e47a-487b-873f-3d22f8865e96",
"type": "included-in"
},
{
"dest-uuid": "e49ee9d2-0d98-44ef-85e5-5d3100065744",
"type": "detects"
},
{
"dest-uuid": "ea016b56-ae0e-47fe-967a-cc0ad51af67f",
"type": "detects"
},
{
"dest-uuid": "eb2cb5cb-ae87-4de0-8c35-da2a17aafb99",
"type": "detects"
},
{
"dest-uuid": "f4599aa0-4f85-4a32-80ea-fc39dc965945",
"type": "detects"
}
],
"uuid": "d5fca4e4-e47a-487b-873f-3d22f8865e96",
"value": "Process Modification"
},
{
"description": "Changes made to a pod, including its settings and/or control data (ex: kubectl set|patch|edit)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "56e0d8b8-3e25-49dd-9050-3aa252f5aa92",
"type": "detects"
},
{
"dest-uuid": "672b2ebd-4310-4efe-bf03-7ab005298a74",
"type": "included-in"
}
],
"uuid": "672b2ebd-4310-4efe-bf03-7ab005298a74",
"value": "Pod Modification"
},
{
"description": "Contextual data about an Internet-facing resource gathered from a scan, such as running services or ports",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0458aab9-ad42-4eac-9e22-706a95bafee2",
"type": "detects"
},
{
"dest-uuid": "1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da",
"type": "included-in"
},
{
"dest-uuid": "39cc9f64-cf74-4a48-a4d8-fe98c54a02e0",
"type": "detects"
},
{
"dest-uuid": "60c4b628-4807-4b0b-bbf5-fdac8643c337",
"type": "detects"
},
{
"dest-uuid": "79da0971-3147-4af6-a4f5-e8cd447cd795",
"type": "detects"
},
{
"dest-uuid": "7e3beebd-8bfe-4e7b-a892-e44ab06a75f9",
"type": "detects"
},
{
"dest-uuid": "e196b5c5-8118-4a1c-ab8a-936586ce3db5",
"type": "detects"
}
],
"uuid": "1067aa74-5796-4d9b-b4f1-a4c9eb6fd9da",
"value": "Response Metadata"
},
{
"description": "Contextual data about a snapshot, which may include information such as ID, type, and status",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "8bc66f94-54a9-4be4-bdd1-fe90df643774",
"type": "included-in"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "ed2e45f9-d338-4eb2-8ce5-3a2e03323bc1",
"type": "detects"
}
],
"uuid": "8bc66f94-54a9-4be4-bdd1-fe90df643774",
"value": "Snapshot Metadata"
},
{
"description": "Contextual data about a service/daemon, which may include information such as name, service executable, start type, etc.",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "42e8de7b-37b2-4258-905a-6897815e58e0",
"type": "detects"
},
{
"dest-uuid": "60d0c01d-e2bf-49dd-a453-f8a9c9fa6f65",
"type": "detects"
},
{
"dest-uuid": "70d81154-b187-45f9-8ec5-295d01255979",
"type": "detects"
},
{
"dest-uuid": "74fa567d-bc90-425c-8a41-3c703abb221c",
"type": "included-in"
},
{
"dest-uuid": "7bdca9d5-d500-4d7d-8c52-5fd47baf4c0c",
"type": "detects"
},
{
"dest-uuid": "9e8b28c9-35fe-48ac-a14d-e6cc032dcbcd",
"type": "detects"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
},
{
"dest-uuid": "aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6",
"type": "detects"
},
{
"dest-uuid": "c8e87b83-edbb-48d4-9295-4974897525b7",
"type": "detects"
},
{
"dest-uuid": "f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a",
"type": "detects"
}
],
"uuid": "74fa567d-bc90-425c-8a41-3c703abb221c",
"value": "Service Metadata"
},
{
"description": "Established, compromised, or otherwise acquired social media personas",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "274770e0-2612-4ccf-a678-ef8e7bad365d",
"type": "detects"
},
{
"dest-uuid": "81033c3b-16a4-46e4-8fed-9b030dd03c4a",
"type": "detects"
},
{
"dest-uuid": "8fb2f315-1aca-4cef-ae0d-8105e1f95985",
"type": "included-in"
},
{
"dest-uuid": "b1ccd744-3f78-4a0e-9bb2-2002057f7928",
"type": "detects"
},
{
"dest-uuid": "cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8",
"type": "detects"
}
],
"uuid": "8fb2f315-1aca-4cef-ae0d-8105e1f95985",
"value": "Social Media"
},
{
"description": "Changes made to a snapshop, such as metadata and control data (ex: AWS modify-snapshot-attribute)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "d4bdbdea-eaec-4071-b4f9-5105e12ea4b6",
"type": "detects"
},
{
"dest-uuid": "f1eb6ea9-f3ab-414f-af35-2d5427199984",
"type": "included-in"
}
],
"uuid": "f1eb6ea9-f3ab-414f-af35-2d5427199984",
"value": "Snapshot Modification"
},
{
"description": "Changes made to a service/daemon, such as changes to name, description, and/or start type (ex: Windows EID 7040 or /var/log daemon logs)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "106c0cf6-bf73-4601-9aa8-0945c2715ec5",
"type": "detects"
},
{
"dest-uuid": "17cc750b-e95b-4d7d-9dde-49e0de24148c",
"type": "detects"
},
{
"dest-uuid": "2959d63f-73fd-46a1-abd2-109d7dcede32",
"type": "detects"
},
{
"dest-uuid": "573ad264-1371-4ae0-8482-d2673b719dba",
"type": "detects"
},
{
"dest-uuid": "66531bc6-a509-4868-8314-4d599e91d222",
"type": "included-in"
},
{
"dest-uuid": "d10cbd34-42e3-45c0-84d2-535a09849584",
"type": "detects"
},
{
"dest-uuid": "dfefe2ed-4389-4318-8762-f0272b350a1b",
"type": "detects"
}
],
"uuid": "66531bc6-a509-4868-8314-4d599e91d222",
"value": "Service Modification"
},
{
"description": "Contextual data about a cloud volume and activity around it, such as id, type, state, and size",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0f72bf50-35b3-419d-ab95-70f9b6a818dd",
"type": "included-in"
},
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
}
],
"uuid": "0f72bf50-35b3-419d-ab95-70f9b6a818dd",
"value": "Volume Metadata"
},
{
"description": "Changes made to a cloud volume, including its settings and control data (ex: AWS modify-volume)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "144e007b-e638-431d-a894-45d90c54ab90",
"type": "detects"
},
{
"dest-uuid": "4a5b7ade-8bb5-4853-84ed-23f262002665",
"type": "detects"
},
{
"dest-uuid": "d46272ce-a0fe-4256-855e-738de7bb63ee",
"type": "included-in"
}
],
"uuid": "d46272ce-a0fe-4256-855e-738de7bb63ee",
"value": "Volume Modification"
},
{
"description": "Notifications generated by the OS",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "114fed8b-7eed-4136-8b9c-411c5c7fff4b",
"type": "detects"
},
{
"dest-uuid": "233fe2c0-cb41-4765-b454-e0087597fbce",
"type": "detects"
},
{
"dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
"type": "detects"
},
{
"dest-uuid": "648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
"type": "detects"
},
{
"dest-uuid": "789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
"type": "detects"
},
{
"dest-uuid": "9ef05e3d-52db-4c12-be4f-519214bbe91f",
"type": "detects"
},
{
"dest-uuid": "bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
"type": "included-in"
},
{
"dest-uuid": "d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
"type": "detects"
},
{
"dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780",
"type": "detects"
},
{
"dest-uuid": "ec4c4baa-026f-43e8-8f56-58c36f3162dd",
"type": "detects"
},
{
"dest-uuid": "f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
"type": "detects"
}
],
"uuid": "bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
"value": "System Notifications"
},
{
"description": "Permissions declared in an application's manifest or property list file",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "08ea902d-ecb5-47ed-a453-2798057bb2d3",
"type": "detects"
},
{
"dest-uuid": "0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
"type": "detects"
},
{
"dest-uuid": "11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
"type": "detects"
},
{
"dest-uuid": "1d1b1558-c833-482e-aabb-d07ef6eae63d",
"type": "detects"
},
{
"dest-uuid": "28fdd23d-aee3-4afe-bc3f-5f1f52929258",
"type": "detects"
},
{
"dest-uuid": "2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
"type": "detects"
},
{
"dest-uuid": "3775a580-a1d1-46c4-8147-c614a715f2e9",
"type": "detects"
},
{
"dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
"type": "detects"
},
{
"dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286",
"type": "detects"
},
{
"dest-uuid": "4c58b7c6-a839-4789-bda9-9de33e4d4512",
"type": "detects"
},
{
"dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
"type": "detects"
},
{
"dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4",
"type": "detects"
},
{
"dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc",
"type": "detects"
},
{
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
"type": "detects"
},
{
"dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad",
"type": "detects"
},
{
"dest-uuid": "a8e971b8-8dc7-4514-8249-ae95427ec467",
"type": "detects"
},
{
"dest-uuid": "a9fa0d30-a8ff-45bf-922e-7720da0b7922",
"type": "detects"
},
{
"dest-uuid": "ab7400b7-3476-4776-9545-ef3fa373de63",
"type": "detects"
},
{
"dest-uuid": "b1c95426-2550-4621-8028-ceebf28b3a47",
"type": "detects"
},
{
"dest-uuid": "b1e0bb80-23d4-44f2-b919-7e9c54898f43",
"type": "included-in"
},
{
"dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002",
"type": "detects"
},
{
"dest-uuid": "d446b9f0-06a9-4a8d-97ee-298cfee84f14",
"type": "detects"
},
{
"dest-uuid": "d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
"type": "detects"
},
{
"dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6",
"type": "detects"
},
{
"dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
"type": "detects"
},
{
"dest-uuid": "e2c2249a-eb82-4614-8dd4-9c514dde65e2",
"type": "detects"
},
{
"dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780",
"type": "detects"
},
{
"dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
"type": "detects"
}
],
"uuid": "b1e0bb80-23d4-44f2-b919-7e9c54898f43",
"value": "Permissions Requests"
},
{
"description": "System prompts triggered when an application requests new or additional permissions",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "08e22979-d320-48ed-8711-e7bf94aabb13",
"type": "detects"
},
{
"dest-uuid": "08ea902d-ecb5-47ed-a453-2798057bb2d3",
"type": "detects"
},
{
"dest-uuid": "0b761f2b-197a-40f2-b100-8152cb957c0c",
"type": "detects"
},
{
"dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc",
"type": "detects"
},
{
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
"type": "detects"
},
{
"dest-uuid": "cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
"type": "detects"
},
{
"dest-uuid": "e2f72131-14d1-411f-8e8c-aa3453dd5456",
"type": "included-in"
}
],
"uuid": "e2f72131-14d1-411f-8e8c-aa3453dd5456",
"value": "Permissions Request"
},
{
"description": "Exit of a running process (ex: Sysmon EID 5 or Windows EID 4689)",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "20b0931a-8952-42ca-975f-775bad295f1a",
"type": "detects"
},
{
"dest-uuid": "20fb2507-d71c-455d-9b6d-6104461cf26b",
"type": "detects"
},
{
"dest-uuid": "3d333250-30e4-4a82-9edc-756c68afc529",
"type": "detects"
},
{
"dest-uuid": "61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
"type": "included-in"
},
{
"dest-uuid": "ac08589e-ee59-4935-8667-d845e38fe579",
"type": "detects"
}
],
"uuid": "61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
"value": "Process Termination"
},
{
"description": "Settings visible to the user on the device",
"meta": {
"refs": []
},
"related": [
{
"dest-uuid": "0cdd66ad-26ac-4338-a764-4972a1e17ee3",
"type": "detects"
},
{
"dest-uuid": "0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
"type": "detects"
},
{
"dest-uuid": "11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
"type": "detects"
},
{
"dest-uuid": "1d1b1558-c833-482e-aabb-d07ef6eae63d",
"type": "detects"
},
{
"dest-uuid": "2aa78dfd-cb6f-4c70-9408-137cfd96be49",
"type": "detects"
},
{
"dest-uuid": "351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
"type": "detects"
},
{
"dest-uuid": "39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
"type": "detects"
},
{
"dest-uuid": "498e7b81-238d-404c-aa5e-332904d63286",
"type": "detects"
},
{
"dest-uuid": "4c58b7c6-a839-4789-bda9-9de33e4d4512",
"type": "detects"
},
{
"dest-uuid": "56c2b384-77f8-461f-a71a-76f7888ebfb6",
"type": "included-in"
},
{
"dest-uuid": "6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
"type": "detects"
},
{
"dest-uuid": "73c26732-6422-4081-8b63-6d0ae93d449e",
"type": "detects"
},
{
"dest-uuid": "79cb02f4-ac4e-4335-8b51-425c9573cce1",
"type": "detects"
},
{
"dest-uuid": "99e6295e-741b-4857-b6e5-64989eb039b4",
"type": "detects"
},
{
"dest-uuid": "9c049d7b-c92a-4733-9381-27e2bd2ccadc",
"type": "detects"
},
{
"dest-uuid": "9ef14445-6f35-4ed0-a042-5024f13a9242",
"type": "detects"
},
{
"dest-uuid": "a8c31121-852b-46bd-9ba4-674ae5afe7ad",
"type": "detects"
},
{
"dest-uuid": "a8e971b8-8dc7-4514-8249-ae95427ec467",
"type": "detects"
},
{
"dest-uuid": "a9fa0d30-a8ff-45bf-922e-7720da0b7922",
"type": "detects"
},
{
"dest-uuid": "ab7400b7-3476-4776-9545-ef3fa373de63",
"type": "detects"
},
{
"dest-uuid": "acf8fd2a-dc98-43b4-8d37-64e10728e591",
"type": "detects"
},
{
"dest-uuid": "b1c95426-2550-4621-8028-ceebf28b3a47",
"type": "detects"
},
{
"dest-uuid": "b327a9c0-e709-495c-aa6e-00b042136e2b",
"type": "detects"
},
{
"dest-uuid": "c6421411-ae61-42bb-9098-73fddb315002",
"type": "detects"
},
{
"dest-uuid": "d1f1337e-aea7-454c-86bd-482a98ffaf62",
"type": "detects"
},
{
"dest-uuid": "d8940e76-f9c1-4912-bea6-e21c251370b6",
"type": "detects"
},
{
"dest-uuid": "dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
"type": "detects"
},
{
"dest-uuid": "e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
"type": "detects"
},
{
"dest-uuid": "e422b6fa-4739-46b9-992e-82f1b350c780",
"type": "detects"
},
{
"dest-uuid": "eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
"type": "detects"
},
{
"dest-uuid": "f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
"type": "detects"
},
{
"dest-uuid": "fc53309d-ebd5-4573-9242-57024ebdad4f",
"type": "detects"
},
{
"dest-uuid": "fcb11f06-ce0e-490b-bcc1-04a1623579f0",
"type": "detects"
}
],
"uuid": "56c2b384-77f8-461f-a71a-76f7888ebfb6",
"value": "System Settings"
}
],
"version": 1
}
Reference in New Issue View Git Blame Copy Permalink