Skip to content

Mitre support

Jump to bottom
Samuel Garcés Marín edited this page Jan 15, 2022 · 1 revision

uSIEM lets you access the full list of Mitre-Attack tactics and techniques.

use usiem::components::mitre;
pub const TACTIC_RECONNAISSANCE_ENTERPRISE :  MitreTactics = MitreTactics::TA0043;
pub const TACTIC_RESOURCE_DEVELOPMENT :  MitreTactics = MitreTactics::TA0042;
...

pub enum MitreTactics {
    /// Reconnaissance: The adversary is trying to gather information they can use to plan future operations.
    /// https://attack.mitre.org/tactics/TA0043
    TA0043,
    /// Resource: Development 	The adversary is trying to establish resources they can use to support operations.
    /// https://attack.mitre.org/tactics/TA0042
    TA0042,
    /// Initial: Access 	The adversary is trying to get into your network.
    /// https://attack.mitre.org/tactics/TA0001
    TA0001,
...
}
pub const TECHNIQUE_DATA_OBFUSCATION : MitreTechniques = MitreTechniques::T1001;
pub const TECHNIQUE_DATA_OBFUSCATION_JUNK_DATA : MitreTechniques = MitreTechniques::T1001_001;
...
pub enum MitreTechniques {
    /// Data Obfuscation: Adversaries may obfuscate command and control traffic to make it more difficult to detect. Command and control (C2) communications are hidden (but not necessarily encrypted) in an attempt to make the content more difficult to discover or decipher and to make the communication less conspicuous and hide commands from being seen. This encompasses many methods, such as adding junk data to protocol traffic, using steganography, or impersonating legitimate protocols.
    ///
    /// https://attack.mitre.org/techniques/T1001
    T1001,
    /// Junk Data: Adversaries may add junk data to protocols used for command and control to make detection more difficult. By adding random or meaningless data to the protocols used for command and control, adversaries can prevent trivial methods for decoding, deciphering, or otherwise analyzing the traffic. Examples may include appending/prepending data with junk characters or writing junk characters between significant characters.
    ///
    /// https://attack.mitre.org/techniques/T1001/001
    T1001_001,
...
}
Clone this wiki locally