marius/log2ml
1
0
Fork 0
mirror of https://github.com/norandom/log2ml.git synced 2024-10-22 18:35:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
e7fb89f018
log2ml/data_sources_new_3.json

2396 lines
213 KiB
JSON
Raw Normal View History

Sysmon observability setup for lab
2024-06-13 09:21:56 +00:00
{"name": "Data sources new", "versions": {"navigator": "4.9", "layer": "4.5"},
"domain": "enterprise-attack", "description": "description", "filters": {"platforms": ["Windows"]},
"sorting": 0, "layout": {"layout": "flat", "aggregateFunction": "sum", "showAggregateScores": true, "countUnscored": false, "showName": true, "showID": false},
"hideDisable": false, "selectSubtechniquesWithParent": false, "techniques": [{"techniqueID": "T1059.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1564.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1027.013", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1574.014", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "File Creation, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1584.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1548.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1218.015", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1543.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1665", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1216.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Script Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1556.009", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1027.012", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1036.009", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1555.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1016.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1566.004", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1598.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1578.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1659", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Process Creation, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1564.011", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1657", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1656", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1567.004", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Access, Application Log Content, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "20%"}]},
{"techniqueID": "T1098.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1654", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1548.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1653", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Modification, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1021.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1562.012", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1556.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, Windows Registry Key Modification, File Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Creation, Windows Registry Key Modification, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1652", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1027.011", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "WMI Creation, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "WMI Creation, Windows Registry Key Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1027.010", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Script Execution, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1562.011", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status, Process Creation"},
{"name": "ATT&CK data sources", "value": "Host Status, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1552.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1651", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1650", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1036.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Modification, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1567.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1583.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1021.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1205.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Connection Creation, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1608.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1027.009", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1027.008", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1556.007", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Module Load"},
{"name": "ATT&CK data sources", "value": "File Modification, Module Load, Application Log Content, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1546.016", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1027.007", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Module Load"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Module Load, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1593.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1649", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, File Access, Logon Session Creation, Application Log Content, Command Execution, Active Directory Credential Request, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "14%"}], "showSubtechniques": false},
{"techniqueID": "T1070.009", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Windows Registry Key Deletion, Process Creation, File Modification, File Deletion, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Process Creation, Command Execution, File Deletion, User Account Deletion, Scheduled Job Modification, Windows Registry Key Deletion"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1070.008", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Deletion, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Modification, Application Log Content, File Deletion, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1584.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1070.007", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Process Creation, File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "Firewall Rule Modification, Windows Registry Key Modification, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1556.006", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Application Log Content, User Account Modification, User Account Authentication, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1586.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1585.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1648", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1647", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1622", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1621", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Metadata, Logon Session Creation, Application Log Content, User Account Authentication"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1505.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Process Creation, Command Execution, File Modification, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1557.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1059.009", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1595.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1098.005", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Active Directory Object Creation, Application Log Content, User Account Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1574.013", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1556.005", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "User Account Metadata, Script Execution, Command Execution, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1055.015", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Modification, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1564.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1564.009", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1559.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1562.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Process Metadata"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Process Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.015", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1620", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Script Execution, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1619", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1218.014", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.013", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1614.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Access, Process Creation, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1615", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Active Directory Object Access, Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}], "showSubtechniques": false},
{"techniqueID": "T1036.007", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1562.009", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, Process Creation, Windows Registry Key Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Command Execution, Process Creation, Windows Registry Key Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1564.008", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Modification"},
{"name": "ATT&CK data sources", "value": "File Modification, Command Execution, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1505.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, File Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1027.006", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1213.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1553.006", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Windows Registry Key Modification, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1614", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1613", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1552.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1612", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1611", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Volume Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1204.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1053.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1610", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1609", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1608.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1608.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1608.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1608.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1608.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1608", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1016.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1553.005", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1555.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Access, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1484.002", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Active Directory Object Modification, Command Execution, Active Directory Object Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1484.001", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Active Directory Object Creation, Command Execution, Active Directory Object Modification, Active Directory Object Deletion"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1547.014", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Windows Registry Key Creation, Process Creation, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Command Execution, Process Creation, Windows Registry Key Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1606.002", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Logon Session Creation, Web Credential Creation, Web Credential Usage, Logon Session Metadata, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "16%"}]},
{"techniqueID": "T1606.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Web Credential Usage"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1606", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Web Credential Creation, Logon Session Creation, Web Credential Usage"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1555.004", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1059.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1602.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1542.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1542.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1602.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1602", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1601.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1601.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1601", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1600.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1600.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1600", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1556.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1599.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1599", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1020.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1557.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1588.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1053.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1562.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1547.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Driver Load, Module Load, OS API Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, OS API Execution, Module Load, Driver Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1598.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1598.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1598.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1598", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1597.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1597.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1597", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1596.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1596.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1596.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1596.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1596.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1596", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1595.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1595.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1595", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1594", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1593.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1593.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1593", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1592.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1592.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1592.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1592.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1592", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1591.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1591.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1591.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1591.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1591", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1590.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1590", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1589.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1589.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1589.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1589", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1588.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1588", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1587.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1587.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1587.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1587.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1587", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1586.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1586.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1586", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1585.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1585.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1585", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1584.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1584", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1583.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1583", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1564.007", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Script Execution, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1558.004", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Active Directory Credential Request"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1580", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1218.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1205.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1564.006", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Process Creation, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, Service Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1564.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Firmware Modification, File Modification, Windows Registry Key Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1556.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1574.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Windows Registry Key Modification, Module Load, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1562.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1098.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1480.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1059.007", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Script Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1578.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1578.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1578.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1578.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1127.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1027.005", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1562.006", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, Host Status, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Host Status, Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1573.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1573.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1573", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1027.004", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1574.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1546.015", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Module Load, Command Execution, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1071.004", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1071.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1071.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1071.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1572", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "20%"}], "showSubtechniques": false},
{"techniqueID": "T1048.003", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1048.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1048.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Access, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1001.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1001.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1001.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1132.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1132.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1090.004", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "-"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1090.003", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1090.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1090.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1102.003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1102.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1102.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1571", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1074.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, File Creation, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1074.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Windows Registry Key Modification, Command Execution, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1078.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1564.004", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification, OS API Execution"},
{"name": "ATT&CK data sources", "value": "File Modification, OS API Execution, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1564.003", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Script Execution, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1078.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Metadata, User Account Authentication, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1078.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Logon Session Creation, Logon Session Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1078.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1564.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Windows Registry Key Modification, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, User Account Creation, File Modification, User Account Metadata, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1574.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1574.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Module Load, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Module Load, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.007", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Process Creation, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.009", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.011", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Service Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1574.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Service Metadata, File Modification, Process Creation, Module Load, File Creation"},
{"name": "ATT&CK data sources", "value": "Service Metadata, File Creation, File Modification, Module Load, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, Process Creation, Service Metadata"},
{"name": "ATT&CK data sources", "value": "Service Metadata, File Creation, File Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1574", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, File Modification, Service Metadata, Windows Registry Key Modification, Module Load, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Service Metadata, File Creation, File Modification, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1069.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation, Group Enumeration"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1570", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Named Pipe Metadata, Command Execution, Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Network Share Access, Named Pipe Metadata, File Creation, Network Traffic Flow, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1568.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "-"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1204.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1204.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1195.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Host Status"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1195.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1195.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1568.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1052.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Drive Creation, File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1569.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Service Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1569.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1569", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Process Creation, File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Service Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": true},
{"techniqueID": "T1568.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1568", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "20%"}], "showSubtechniques": true},
{"techniqueID": "T1011.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1567.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, File Access, Network Connection Creation, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1567.001", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1059.006", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1059.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Script Execution, Module Load, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1059.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1059.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1059.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1059.001", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Metadata, Process Creation, Command Execution, Module Load"},
{"name": "ATT&CK data sources", "value": "Process Metadata, Script Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1567", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Network Connection Creation, Application Log Content, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}], "showSubtechniques": true},
{"techniqueID": "T1497.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1497.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1497.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1498.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Host Status, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1498.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Host Status"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1566.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1566.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1566.001", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, File Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source]"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1566", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, File Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "20%"}], "showSubtechniques": true},
{"techniqueID": "T1565.003", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Deletion, OS API Execution, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, OS API Execution, File Deletion, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1565.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Network Traffic Content, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1565.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, File Deletion"},
{"name": "ATT&CK data sources", "value": "File Deletion, File Creation, File Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1565", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, File Creation, File Deletion, File Modification"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Creation, File Modification, OS API Execution, File Deletion, Network Traffic Flow, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "57%"}], "showSubtechniques": true},
{"techniqueID": "T1564.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1564", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, File Modification, Windows Registry Key Modification, OS API Execution, File Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, User Account Creation, Firmware Modification, File Modification, User Account Metadata, File Creation, Application Log Content, OS API Execution, Service Creation, Script Execution, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "46%"}], "showSubtechniques": true},
{"techniqueID": "T1563.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Logon Session Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1563.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1563", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Logon Session Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}], "showSubtechniques": true},
{"techniqueID": "T1518.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "Firewall Metadata, OS API Execution, Firewall Enumeration, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1069.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1069.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation, Group Enumeration"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1087.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1087.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1087.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Group Enumeration, OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1087.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Group Enumeration, OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1553.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Windows Registry Key Modification, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Windows Registry Key Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1562.004", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "Firewall Rule Modification, Command Execution, Firewall Disable, Windows Registry Key Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1562.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status, Command Execution"},
{"name": "ATT&CK data sources", "value": "Host Status, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1562.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Host Status, Command Execution, Process Creation, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "Host Status, Windows Registry Key Modification, Windows Registry Key Creation, Application Log Content, Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "71%"}]},
{"techniqueID": "T1562.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Driver Load, Host Status, Process Termination, Service Metadata, Windows Registry Key Modification, Command Execution, Windows Registry Key Deletion"},
{"name": "ATT&CK data sources", "value": "Host Status, Windows Registry Key Modification, Process Termination, Service Metadata, Windows Registry Key Deletion, Driver Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1562", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Modification, OS API Execution, File Modification, File Deletion, Driver Load, Command Execution, Process Termination, Service Metadata, Windows Registry Key Deletion, Host Status, Process Creation, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Host Status, Firewall Rule Modification, Windows Registry Key Modification, Process Termination, Service Metadata, File Modification, Process Creation, Firewall Disable, User Account Modification, OS API Execution, File Deletion, Process Modification, Script Execution, Driver Load, Command Execution, Windows Registry Key Deletion"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1003.004", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1003.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1561.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Drive Access, Drive Modification, Driver Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1561.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Drive Access, Drive Modification, Driver Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1561", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Drive Access, Drive Modification, Driver Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}], "showSubtechniques": true},
{"techniqueID": "T1560.003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Script Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1560.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Script Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1560.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1560", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Script Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1499.004", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Host Status, Network Traffic Content, Application Log Content, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1499.003", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Application Log Content, Host Status"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1499.002", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Host Status, Network Traffic Content, Application Log Content, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1499.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Host Status"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1491.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Network Traffic Content, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1491.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Network Traffic Content, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1114.003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1114.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Command Execution, Application Log Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1114.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1134.005", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, User Account Metadata, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1134.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, OS API Execution, Process Metadata"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Creation, Process Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1134.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1134.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1134.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1213.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1213.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1555.003", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Access, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1555.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1555.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1559.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Script Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1559.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Script Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1559", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access, Module Load, Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Access, Script Execution, Module Load, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1558.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1558.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Metadata, Active Directory Credential Request"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1558", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Logon Session Metadata, Command Execution, Active Directory Credential Request"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}], "showSubtechniques": true},
{"techniqueID": "T1557.001", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Service Creation, Windows Registry Key Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}]},
{"techniqueID": "T1557", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Windows Registry Key Modification, Application Log Content, Service Creation, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "20%"}], "showSubtechniques": true},
{"techniqueID": "T1556.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Module Load, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1556.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access, OS API Execution, File Modification"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, File Modification, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1556", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, Process Access, OS API Execution, File Modification, File Creation, Module Load, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Windows Registry Key Modification, Logon Session Creation, File Creation, File Modification, Application Log Content, User Account Modification, OS API Execution, Module Load, Process Access, User Account Authentication, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "58%"}], "showSubtechniques": true},
{"techniqueID": "T1056.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Metadata, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1056.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification"},
{"name": "ATT&CK data sources", "value": "File Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1056.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Script Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1056.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, OS API Execution, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Modification, Driver Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1555", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Access, Process Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "File Access, OS API Execution, Process Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": true},
{"techniqueID": "T1552.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1003.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1003.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1003.006", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Active Directory Object Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1558.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Active Directory Credential Request"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1552.006", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1003.003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1003.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, File Creation, Command Execution, Windows Registry Key Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1003.001", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Windows Registry Key Modification, Process Access, OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Logon Session Creation, File Creation, OS API Execution, Process Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "85%"}]},
{"techniqueID": "T1110.004", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1110.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1110.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1110.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1021.006", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Network Connection Creation, Command Execution, Service Metadata"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Service Metadata, Network Connection Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1021.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Connection Creation, Process Creation, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1021.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1021.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Process Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Network Connection Creation, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1021.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Network Share Access, Network Connection Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1021.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Network Connection Creation, Network Traffic Flow, Logon Session Metadata, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1554", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Deletion, File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "File Deletion, File Modification, File Metadata, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1036.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1036.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Process Metadata"},
{"name": "ATT&CK data sources", "value": "Process Creation, Process Metadata, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1036.004", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Service Metadata"},
{"name": "ATT&CK data sources", "value": "Service Metadata, Scheduled Job Metadata, Command Execution, Service Creation, Scheduled Job Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}]},
{"techniqueID": "T1036.003", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Process Metadata, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Metadata, File Modification, Command Execution, Process Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1036.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1036.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1553.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Module Load, File Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1553.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1553.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1553", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Windows Registry Key Creation, Process Creation, File Modification, Command Execution, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Windows Registry Key Modification, File Modification, Module Load, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "85%"}], "showSubtechniques": true},
{"techniqueID": "T1027.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1027.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1027.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1222.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1222.001", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Metadata, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1552.004", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1552.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1552.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1552.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1552", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, File Access, Application Log Content, User Account Authentication, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": true},
{"techniqueID": "T1216.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1070.006", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification"},
{"name": "ATT&CK data sources", "value": "File Modification, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1070.005", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Command Execution, Process Creation, User Account Authentication"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1070.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Deletion"},
{"name": "ATT&CK data sources", "value": "File Deletion, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1070.003", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification, File Deletion"},
{"name": "ATT&CK data sources", "value": "File Modification, File Deletion, User Account Authentication, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1550.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1550.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1550.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Active Directory Credential Request, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1550.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Active Directory Credential Request, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1550", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Logon Session Creation, Application Log Content, Web Credential Usage, User Account Authentication, Active Directory Credential Request"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1548.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1548.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1548.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Process Metadata"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Process Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1548.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1548", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification, OS API Execution, Process Metadata, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Process Metadata, User Account Modification, OS API Execution, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1136.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1070.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1070.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Deletion, Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, File Deletion, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1136.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, User Account Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1136.001", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, User Account Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1547.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Module Load, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Modification, Module Load, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.009", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, File Creation, Driver Load, File Modification"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Module Load, Driver Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.007", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1547.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1547.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Module Load, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, Module Load, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, Windows Registry Key Modification, Module Load"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.014", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1546.013", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Command Execution, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Windows Registry Key Modification, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.011", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Module Load, Windows Registry Key Modification, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Windows Registry Key Modification, Module Load"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Module Load, Windows Registry Key Modification, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, OS API Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.009", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Module Load, Command Execution, Windows Registry Key Modification, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, OS API Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.007", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Network Connection Creation, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Network Connection Creation, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.008", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Command Execution, File Modification, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.007", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Windows Registry Key Modification, Module Load, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.006", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1546.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1546.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1546.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Process Creation, Command Execution, WMI Creation"},
{"name": "ATT&CK data sources", "value": "WMI Creation, File Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, Command Execution, Process Creation, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1546.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1547.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification, Windows Registry Key Modification, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Module Load, Windows Registry Key Modification, Command Execution, OS API Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, OS API Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Command Execution, Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Module Load, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.009", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Connection Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1218.011", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Module Load"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Module Load, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}]},
{"techniqueID": "T1547", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Module Load, File Creation, Command Execution, Windows Registry Key Creation, Windows Registry Key Modification, File Modification, Process Creation, Driver Load"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Windows Registry Key Modification, File Creation, File Modification, OS API Execution, Module Load, Driver Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1546", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, WMI Creation, File Creation, Windows Registry Key Modification, File Modification, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "WMI Creation, Windows Registry Key Modification, File Creation, File Modification, Module Load, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "87%"}], "showSubtechniques": true},
{"techniqueID": "T1098.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1098.002", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Group Modification, Application Log Content, User Account Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1098.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1543.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1543.003", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, Windows Registry Key Modification, Process Creation, Command Execution, Windows Registry Key Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, Service Modification, OS API Execution, Service Creation, Driver Load, Network Traffic Flow, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1543.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1543.001", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1037.005", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1037.004", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1055.012", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Process Modification, OS API Execution, Process Access"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, Process Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.013", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1055.011", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.014", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1055.009", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1055.008", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1055.005", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Modification, Process Access, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, Process Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.004", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access, OS API Execution, Process Modification"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, Process Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.003", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Modification, Process Access"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, Process Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access, Process Modification, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Process Access, Process Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1055.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Metadata, Process Access, Process Modification, Module Load, OS API Execution"},
{"name": "ATT&CK data sources", "value": "Process Metadata, OS API Execution, Process Modification, Module Load, Process Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1037.003", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Modification, Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}]},
{"techniqueID": "T1543", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, Process Creation, Windows Registry Key Modification, File Creation, OS API Execution, Windows Registry Key Creation, File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, File Creation, File Modification, Command Execution, OS API Execution, Service Creation, Driver Load, Service Modification, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": true},
{"techniqueID": "T1037.002", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1037.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1542.003", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Drive Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1542.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Firmware Modification, Driver Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}]},
{"techniqueID": "T1542.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Firmware Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1505.003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Creation, File Modification, Application Log Content, Network Traffic Flow, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1505.002", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}]},
{"techniqueID": "T1505.001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}]},
{"techniqueID": "T1053.003", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1053.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Windows Registry Key Creation, File Modification, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Scheduled Job Creation, File Creation, File Modification, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "71%"}]},
{"techniqueID": "T1053.002", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "Scheduled Job Creation, File Modification, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}]},
{"techniqueID": "T1542", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "Firmware Modification, Drive Modification, Network Connection Creation, Driver Metadata, OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1137.001", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Windows Registry Key Modification, Command Execution, Process Creation, File Modification, Windows Registry Key Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1137.004", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1137.003", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1137.005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}]},
{"techniqueID": "T1137.006", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Modification, Process Creation, Command Execution, Windows Registry Key Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1137.002", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, Command Execution, Windows Registry Key Modification, File Creation, File Modification, Module Load, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, Windows Registry Key Modification, File Creation, File Modification, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}]},
{"techniqueID": "T1531", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Deletion, Active Directory Object Modification, User Account Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1539", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access"},
{"name": "ATT&CK data sources", "value": "Process Access, File Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1529", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Host Status, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1518", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Firewall Metadata, OS API Execution, Firewall Enumeration, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}], "showSubtechniques": true},
{"techniqueID": "T1547.013", "comment": "", "enabled": true, "metadata": []},
{"techniqueID": "T1534", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1528", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1535", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1525", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1538", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1530", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1578", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": true},
{"techniqueID": "T1537", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1526", "comment": "", "enabled": true, "metadata": [], "showSubtechniques": false},
{"techniqueID": "T1505", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Creation, File Modification, Application Log Content, Network Traffic Flow, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1499", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Host Status, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "25%"}], "showSubtechniques": true},
{"techniqueID": "T1497", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1498", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Host Status"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1496", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, File Creation, Host Status, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Host Status, Network Traffic Content, File Creation, Network Connection Creation, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "71%"}], "showSubtechniques": false},
{"techniqueID": "T1495", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Firmware Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1491", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Modification, Application Log Content, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1490", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Windows Registry Key Modification, Command Execution, Service Metadata, File Deletion"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Service Metadata, File Deletion, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1489", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Termination, Process Creation, Windows Registry Key Modification, Command Execution, File Modification, OS API Execution, Service Metadata"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Process Termination, Service Metadata, File Modification, OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1486", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Share Access, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": false},
{"techniqueID": "T1485", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Deletion, Process Creation, File Modification, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Modification, File Deletion, Volume Deletion, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": false},
{"techniqueID": "T1484", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Active Directory Object Creation, Application Log Content, Command Execution, Active Directory Object Modification, Active Directory Object Deletion"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "20%"}], "showSubtechniques": true},
{"techniqueID": "T1482", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, OS API Execution, Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}], "showSubtechniques": false},
{"techniqueID": "T1480", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1222", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Metadata, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1221", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Network Connection Creation, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1220", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Creation, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1190", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1213", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Application Log Content, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1218", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Windows Registry Key Modification, Module Load, File Creation, OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Creation, Network Connection Creation, OS API Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1202", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1207", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, User Account Authentication, Active Directory Object Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1212", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": false},
{"techniqueID": "T1201", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "User Account Metadata, Process Creation, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1197", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation, Process Creation, Service Metadata"},
{"name": "ATT&CK data sources", "value": "Service Metadata, Command Execution, Process Creation, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1189", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, Network Connection Creation, Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "60%"}], "showSubtechniques": false},
{"techniqueID": "T1211", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1195", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Host Status"},
{"name": "ATT&CK data sources", "value": "Host Status, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1219", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation, Process Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "40%"}], "showSubtechniques": false},
{"techniqueID": "T1205", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1204", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Network Connection Creation, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Creation, Network Connection Creation, Application Log Content, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1199", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Application Log Content, Logon Session Creation, Logon Session Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1217", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1200", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Drive Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "DHCP [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1210", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1203", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1216", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": true},
{"techniqueID": "T1176", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, Process Creation, File Creation, Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, File Creation, Network Connection Creation, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1185", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Modification, Process Access"},
{"name": "ATT&CK data sources", "value": "Process Access, Process Modification, Logon Session Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1187", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, File Creation, File Modification, Network Traffic Flow"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}], "showSubtechniques": false},
{"techniqueID": "T1137", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Windows Registry Key Modification, File Modification, Process Creation, Module Load, Windows Registry Key Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, File Creation, File Modification, Application Log Content, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "87%"}], "showSubtechniques": true},
{"techniqueID": "T1140", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Modification"},
{"name": "ATT&CK data sources", "value": "File Modification, Script Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1135", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1134", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Metadata, Process Creation"},
{"name": "ATT&CK data sources", "value": "User Account Metadata, Process Metadata, OS API Execution, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": true},
{"techniqueID": "T1136", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation, User Account Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": true},
{"techniqueID": "T1133", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, Network Connection Creation, Application Log Content, Network Traffic Flow, Logon Session Metadata"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "16%"}], "showSubtechniques": false},
{"techniqueID": "T1132", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1129", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Module Load, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1127", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1125", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1124", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1123", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1120", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1119", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Script Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": false},
{"techniqueID": "T1115", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1114", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Logon Session Creation, Network Connection Creation, Application Log Content, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}], "showSubtechniques": true},
{"techniqueID": "T1113", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1112", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, OS API Execution, Command Execution, Windows Registry Key Deletion, Windows Registry Key Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, Windows Registry Key Creation, Process Creation, OS API Execution, Network Traffic Flow, Command Execution, Windows Registry Key Deletion"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "85%"}], "showSubtechniques": false},
{"techniqueID": "T1111", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Driver Load, OS API Execution, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Modification, Driver Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1110", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Command Execution, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": true},
{"techniqueID": "T1106", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Module Load"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Module Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1105", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, File Creation, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Creation, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "42%"}], "showSubtechniques": false},
{"techniqueID": "T1104", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1102", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "33%"}], "showSubtechniques": true},
{"techniqueID": "T1098", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification"},
{"name": "ATT&CK data sources", "value": "File Modification, User Account Modification, Group Modification, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1095", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1092", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Drive Creation, Drive Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": false},
{"techniqueID": "T1091", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Creation"},
{"name": "ATT&CK data sources", "value": "Drive Creation, File Access, Process Creation, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1090", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "Web [DeTT&CT data source]"},
{"name": "Score", "value": "25%"}], "showSubtechniques": true},
{"techniqueID": "T1087", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": true},
{"techniqueID": "T1083", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1082", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1080", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "File Creation, File Modification, Process Creation, Network Share Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1078", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "User Account Authentication, Logon Session Creation, Logon Session Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1074", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Modification, File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Windows Registry Key Modification, Command Execution, File Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1072", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation"},
{"name": "ATT&CK data sources", "value": "Process Creation, Application Log Content"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1071", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true},
{"techniqueID": "T1070", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, File Deletion, OS API Execution, Command Execution, Process Creation, Windows Registry Key Deletion, Windows Registry Key Modification"},
{"name": "ATT&CK data sources", "value": "Firewall Rule Modification, Network Traffic Content, Windows Registry Key Modification, File Modification, Command Execution, Application Log Content, Windows Registry Key Deletion, OS API Execution, File Deletion, User Account Deletion, User Account Authentication, Scheduled Job Modification, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1069", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Group Enumeration, Application Log Content, Command Execution, Process Creation, Group Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}], "showSubtechniques": true},
{"techniqueID": "T1068", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Driver Load"},
{"name": "ATT&CK data sources", "value": "Process Creation, Driver Load"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1059", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Metadata, Process Creation, Module Load, Command Execution"},
{"name": "ATT&CK data sources", "value": "Process Metadata, Script Execution, Module Load, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": true},
{"techniqueID": "T1057", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, OS API Execution, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1056", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Process Creation, Windows Registry Key Modification, Process Metadata, OS API Execution, Driver Load"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Modification, File Modification, Process Metadata, OS API Execution, Driver Load, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": true},
{"techniqueID": "T1055", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Metadata, Process Access, Process Modification, File Modification, OS API Execution, Module Load"},
{"name": "ATT&CK data sources", "value": "File Modification, Process Metadata, OS API Execution, Process Modification, Module Load, Process Access, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "85%"}], "showSubtechniques": true},
{"techniqueID": "T1053", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, File Modification, File Creation"},
{"name": "ATT&CK data sources", "value": "Scheduled Job Creation, File Creation, File Modification, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "80%"}], "showSubtechniques": true},
{"techniqueID": "T1052", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Drive Creation, File Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1049", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1048", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Access, Network Connection Creation, Application Log Content, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "22%"}], "showSubtechniques": true},
{"techniqueID": "T1047", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "WMI Creation, Network Connection Creation, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "WMI Creation, Network Connection Creation, Process Creation, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1046", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1041", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "28%"}], "showSubtechniques": false},
{"techniqueID": "T1040", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1039", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Access, Network Share Access, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": false},
{"techniqueID": "T1037", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification, Windows Registry Key Creation, Command Execution, File Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Creation, File Creation, File Modification, Command Execution, Process Creation, Active Directory Object Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "83%"}], "showSubtechniques": true},
{"techniqueID": "T1036", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, File Modification, Process Metadata, Service Metadata, Command Execution"},
{"name": "ATT&CK data sources", "value": "Service Metadata, Scheduled Job Metadata, File Modification, Command Execution, Process Metadata, OS API Execution, Service Creation, Scheduled Job Modification, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}], "showSubtechniques": true},
{"techniqueID": "T1033", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Access, OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, Network Traffic Content, File Access, OS API Execution, Active Directory Object Access, Network Traffic Flow, Process Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "44%"}], "showSubtechniques": false},
{"techniqueID": "T1030", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1029", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1027", "color": "#7B1FA2", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Windows Registry Key Creation, WMI Creation, OS API Execution, Module Load, File Creation, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "WMI Creation, Windows Registry Key Creation, File Creation, OS API Execution, Script Execution, Module Load, Command Execution, Process Creation, File Metadata"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "77%"}], "showSubtechniques": true},
{"techniqueID": "T1025", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1021", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "WMI Creation, Module Load, Command Execution, Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "WMI Creation, Logon Session Creation, Network Share Access, Network Connection Creation, Module Load, Network Traffic Flow, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "62%"}], "showSubtechniques": true},
{"techniqueID": "T1020", "color": "#E1BEE7", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Network Traffic Content, Network Connection Creation, Script Execution, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "Email [DeTT&CT data source], Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "22%"}], "showSubtechniques": true},
{"techniqueID": "T1018", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Network Connection Creation, Process Creation"},
{"name": "ATT&CK data sources", "value": "File Access, Command Execution, Process Creation, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1016", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Command Execution, Process Creation, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Script Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": true},
{"techniqueID": "T1014", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Modification"},
{"name": "ATT&CK data sources", "value": "Firmware Modification, File Modification, Drive Modification"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "33%"}], "showSubtechniques": false},
{"techniqueID": "T1012", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Windows Registry Key Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "75%"}], "showSubtechniques": false},
{"techniqueID": "T1011", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content, File Access, Network Connection Creation, Network Traffic Flow, Command Execution"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "40%"}], "showSubtechniques": true},
{"techniqueID": "T1010", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Process Creation, Command Execution, OS API Execution"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1008", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "Network Connection Creation"},
{"name": "ATT&CK data sources", "value": "Network Traffic Flow, Network Connection Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": false},
{"techniqueID": "T1007", "color": "#4A148C", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "ATT&CK data sources", "value": "OS API Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "100%"}], "showSubtechniques": false},
{"techniqueID": "T1006", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Creation, Command Execution, Drive Access"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "66%"}], "showSubtechniques": false},
{"techniqueID": "T1005", "color": "#AB47BC", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "OS API Execution, Process Creation, Command Execution"},
{"name": "ATT&CK data sources", "value": "File Access, OS API Execution, Script Execution, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "60%"}], "showSubtechniques": false},
{"techniqueID": "T1003", "color": "#CE93D8", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "File Creation, Process Creation, OS API Execution, Process Access, Command Execution"},
{"name": "ATT&CK data sources", "value": "Windows Registry Key Access, Network Traffic Content, File Access, File Creation, OS API Execution, Active Directory Object Access, Network Traffic Flow, Process Access, Command Execution, Process Creation"},
{"name": "DeTT&CT data sources", "value": "-"},
{"name": "Score", "value": "50%"}], "showSubtechniques": true},
{"techniqueID": "T1001", "comment": "", "enabled": true, "metadata": [{"name": "Applicable to", "value": "Windows workstations"},
{"name": "Available data sources", "value": "-"},
{"name": "ATT&CK data sources", "value": "Network Traffic Content"},
{"name": "DeTT&CT data sources", "value": "Internal DNS [DeTT&CT data source], Web [DeTT&CT data source]"},
{"name": "Score", "value": "0%"}], "showSubtechniques": true}], "showTacticRowBackground": false, "tacticRowBackground": "#dddddd", "selectTechniquesAcrossTactics": true, "legendItems": [{"label": "1-25% of data sources available", "color": "#E1BEE7"},
{"label": "26-50% of data sources available", "color": "#CE93D8"},
{"label": "51-75% of data sources available", "color": "#AB47BC"},
{"label": "76-99% of data sources available", "color": "#7B1FA2"},
{"label": "100% of data sources available", "color": "#4A148C"}]}
Reference in New Issue Copy Permalink