Attack Pattern Data Model
The Attack Technique data model describes the patterns of attack employed by adversaries to exploit known weaknesses in cyber-enabled capabilities. It extends the Entity model data model.
The following table details the default attributes of the Attack Technique data model:
| Attribute Name | Attribute Type | Relationship Type | Required |
|---|---|---|---|
abstraction | Text | N/A | No |
attackPatterns | Reference (Attack pattern) | IS_RELATED | No |
categories | Text (Multivalued) | N/A | No |
connectorCategories | Text (Multivalued) | N/A | No |
connectorNames | Text (Multivalued) | N/A | No |
consequences | Text | N/A | No |
createdBy | Text | N/A | No |
dataIntegrationTitles | Text (Multivalued) | N/A | No |
dataModelName | Calculated (Text) | N/A | No |
dateCreated | Date Time | N/A | No |
description | Text Area | N/A | No |
detection | Text | N/A | No |
displayName | Calculated (Text) | N/A | Yes |
executionFlow | Text | N/A | No |
flowState | Text | N/A | No |
indicators | Text | N/A | No |
lastUpdated | Date Time | N/A | No |
lifecycleInactiveDate | Date Time | N/A | No |
lifecyclePurgeDate | Date Time | N/A | No |
lifecycleStatus | Single Choice | N/A | No |
likelihoodOfAttack | Text | N/A | No |
mitigations | Text | N/A | No |
name | Text | N/A | No |
prerequisites | Text | N/A | No |
resourcesRequired | Text | N/A | No |
skillsRequired | Text | N/A | No |
sourceStatus | Text | N/A | No |
sourceUids | Text (Multivalued) | N/A | No |
sources | Reference (Source model) | SOURCED_FROM | No |
sourcesIcons | Source data models icons | N/A | No |
summary | Text | N/A | No |
typicalSeverity | Text | N/A | No |
uid | Text | N/A | Yes |
updatedBy | Text | N/A | No |
url | Text | N/A | No |
weaknesses | Reference (Weakness) | EXPLOITS | No |
FOOTNOTES
- The attribute names are used in Brinqa Query Language (BQL) queries and Brinqa Condition Language (BCL) predicates.
- In the Type column, Calculated means that the value of the attribute is computed by executing a script. The text in the parentheses after Calculated denotes the type of the outcome. For additional information, see Calculated attributes.
- In the Type column, Reference means that two data models are related. The name in the parentheses after Reference indicates the other data model.
- The Relationship Type column only applies to the Category and Reference type attributes. You can use the relationship type keyword in BQL queries.