Skip to content

MITRE Map

The catalog as an ATT&CK matrix: one column per tactic, one cell per technique, with the events that produce evidence for it. Click a technique ID for its context page, an event for its detail page, or filter the matrix by provider.

Provider
TA0001 Initial Access 9
TA0002 Execution 24
TA0003 Persistence 77
T1053 Scheduled Task/Job
TA0004 Privilege Escalation 63
TA0005 Stealth 17
TA0112 Defense Impairment 96
T1685 Disable or Modify Tools
ArchiveFindings CreateFilter CreateIPSet DeleteAccessKey DeleteAlarms DeleteBucket DeleteBucketPolicy DeleteConfigRule DeleteConfigurationRecorder DeleteDeliveryChannel DeleteDetector DeleteLoginProfile DeleteMembers DeleteRolePermissionsBoundary DeleteRolePolicy DeleteRuleGroup DeleteUser DeleteUserPermissionsBoundary DeleteUserPolicy DeleteWebACL DetachRolePolicy DetachUserPolicy DisassociateFromMasterAccount DisassociateMembers google.cloud.securitycenter.v1.SecurityCenter.SetMute LeaveOrganization Microsoft.Authorization/locks/delete Microsoft.Compute/virtualMachines/delete Microsoft.EventHub/namespaces/eventhubs/delete Microsoft.HybridCompute/machines/extensions/delete Microsoft.Insights/activityLogAlerts/delete Microsoft.Insights/metricAlerts/delete Microsoft.KeyVault/vaults/delete Microsoft.KeyVault/vaults/secrets/delete Microsoft.RecoveryServices/vaults/backupProtectedItems/delete Microsoft.Security/alertsSuppressionRules/write Microsoft.Security/autoProvisioningSettings/write Microsoft.Security/pricings/write Microsoft.Security/securitySolutions/delete Microsoft.Storage/storageAccounts/delete ModifyImageAttribute ModifyInstanceAttribute PutBucketAcl PutBucketLifecycle PutBucketLifecycleConfiguration PutBucketPolicy PutBucketPublicAccessBlock PutRolePermissionsBoundary PutUserPermissionsBoundary RemoveAccountFromOrganization ScheduleKeyDeletion secretmanager.secrets.delete SecretManagerService.DestroySecretVersion Securitycenter.settings.update StopConfigurationRecorder StopMonitoringMembers storage.buckets.delete storage.setIamPermissions TerminateInstances Update Conditional Access Policy Update named location UpdateDetector UpdateFindingsFeedback UpdateIPSet VaultPatch
T1578 Modify Cloud Compute Infrastructure
TA0006 Credential Access 33
TA0007 Discovery 16
TA0008 Lateral Movement 25
TA0009 Collection 24
TA0010 Exfiltration 24
TA0040 Impact 35