# frozen_string_literal: true
# Copyright 2022 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Auto-generated by gapic-generator-ruby. DO NOT EDIT!
module Google
module Cloud
module SecurityCenter
module V1
# MITRE ATT&CK tactics and techniques related to this finding.
# See: https://attack.mitre.org
# @!attribute [rw] primary_tactic
# @return [::Google::Cloud::SecurityCenter::V1::MitreAttack::Tactic]
# The MITRE ATT&CK tactic most closely represented by this finding, if any.
# @!attribute [rw] primary_techniques
# @return [::Array<::Google::Cloud::SecurityCenter::V1::MitreAttack::Technique>]
# The MITRE ATT&CK technique most closely represented by this finding, if
# any. primary_techniques is a repeated field because there are multiple
# levels of MITRE ATT&CK techniques. If the technique most closely
# represented by this finding is a sub-technique (e.g. `SCANNING_IP_BLOCKS`),
# both the sub-technique and its parent technique(s) will be listed (e.g.
# `SCANNING_IP_BLOCKS`, `ACTIVE_SCANNING`).
# @!attribute [rw] additional_tactics
# @return [::Array<::Google::Cloud::SecurityCenter::V1::MitreAttack::Tactic>]
# Additional MITRE ATT&CK tactics related to this finding, if any.
# @!attribute [rw] additional_techniques
# @return [::Array<::Google::Cloud::SecurityCenter::V1::MitreAttack::Technique>]
# Additional MITRE ATT&CK techniques related to this finding, if any, along
# with any of their respective parent techniques.
# @!attribute [rw] version
# @return [::String]
# The MITRE ATT&CK version referenced by the above fields. E.g. "8".
class MitreAttack
include ::Google::Protobuf::MessageExts
extend ::Google::Protobuf::MessageExts::ClassMethods
# MITRE ATT&CK tactics that can be referenced by SCC findings.
# See: https://attack.mitre.org/tactics/enterprise/
module Tactic
# Unspecified value.
TACTIC_UNSPECIFIED = 0
# TA0043
RECONNAISSANCE = 1
# TA0042
RESOURCE_DEVELOPMENT = 2
# TA0001
INITIAL_ACCESS = 5
# TA0002
EXECUTION = 3
# TA0003
PERSISTENCE = 6
# TA0004
PRIVILEGE_ESCALATION = 8
# TA0005
DEFENSE_EVASION = 7
# TA0006
CREDENTIAL_ACCESS = 9
# TA0007
DISCOVERY = 10
# TA0008
LATERAL_MOVEMENT = 11
# TA0009
COLLECTION = 12
# TA0011
COMMAND_AND_CONTROL = 4
# TA0010
EXFILTRATION = 13
# TA0040
IMPACT = 14
end
# MITRE ATT&CK techniques that can be referenced by SCC findings.
# See: https://attack.mitre.org/techniques/enterprise/
# Next ID: 31
module Technique
# Unspecified value.
TECHNIQUE_UNSPECIFIED = 0
# T1595
ACTIVE_SCANNING = 1
# T1595.001
SCANNING_IP_BLOCKS = 2
# T1105
INGRESS_TOOL_TRANSFER = 3
# T1106
NATIVE_API = 4
# T1129
SHARED_MODULES = 5
# T1059
COMMAND_AND_SCRIPTING_INTERPRETER = 6
# T1059.004
UNIX_SHELL = 7
# T1496
RESOURCE_HIJACKING = 8
# T1090
PROXY = 9
# T1090.002
EXTERNAL_PROXY = 10
# T1090.003
MULTI_HOP_PROXY = 11
# T1568
DYNAMIC_RESOLUTION = 12
# T1552
UNSECURED_CREDENTIALS = 13
# T1078
VALID_ACCOUNTS = 14
# T1078.003
LOCAL_ACCOUNTS = 15
# T1078.004
CLOUD_ACCOUNTS = 16
# T1498
NETWORK_DENIAL_OF_SERVICE = 17
# T1069
PERMISSION_GROUPS_DISCOVERY = 18
# T1069.003
CLOUD_GROUPS = 19
# T1567
EXFILTRATION_OVER_WEB_SERVICE = 20
# T1567.002
EXFILTRATION_TO_CLOUD_STORAGE = 21
# T1098
ACCOUNT_MANIPULATION = 22
# T1098.004
SSH_AUTHORIZED_KEYS = 23
# T1543
CREATE_OR_MODIFY_SYSTEM_PROCESS = 24
# T1539
STEAL_WEB_SESSION_COOKIE = 25
# T1578
MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE = 26
# T1190
EXPLOIT_PUBLIC_FACING_APPLICATION = 27
# T1556
MODIFY_AUTHENTICATION_PROCESS = 28
# T1485
DATA_DESTRUCTION = 29
# T1484
DOMAIN_POLICY_MODIFICATION = 30
end
end
end
end
end
end