mitre-data-source
Data sources represent the various subjects/topics of information that can be collected by sensors/logs.
Authors
| Authors and/or Contributors |
|---|
| MITRE |
Cloud Storage - DS0010
Data object storage infrastructure hosted on-premise or by third-party providers, made available to users through network connections and/or APIs(Citation: Amazon S3)(Citation: Azure Blob Storage)(Citation: Google Cloud Storage)
Internal MISP references
UUID 2ce537a2-3b30-4374-9397-31d6460ec0bc which can be used as unique global reference for Cloud Storage - DS0010 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0010 |
| mitre_platforms | ['IaaS'] |
Related clusters
To see the related clusters, click here.
User Account - DS0002
A profile representing a user, device, service, or application used to authenticate and access resources
Internal MISP references
UUID 0b4f86ed-f4ab-46a3-8ed1-175be1974da6 which can be used as unique global reference for User Account - DS0002 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0002 |
| mitre_platforms | ['Azure AD', 'Containers', 'Google Workspace', 'IaaS', 'Linux', 'Office 365', 'SaaS', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Scheduled Job - DS0003
Automated tasks that can be executed at a specific time or on a recurring schedule running in the background (ex: Cron daemon, task scheduler, BITS)(Citation: Microsoft Tasks)
Internal MISP references
UUID c9ddfb51-eb45-4e22-b614-44ac1caa7883 which can be used as unique global reference for Scheduled Job - DS0003 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0003 |
| mitre_platforms | ['Containers', 'Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Malware Repository - DS0004
Information obtained (via shared or submitted samples) regarding malicious software (droppers, backdoors, etc.) used by adversaries
Internal MISP references
UUID b86d9b40-5fbe-4ef1-8dc3-263eff26f495 which can be used as unique global reference for Malware Repository - DS0004 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0004 |
| mitre_platforms | ['PRE'] |
Related clusters
To see the related clusters, click here.
Web Credential - DS0006
Credential material, such as session cookies or tokens, used to authenticate to web applications and services(Citation: Medium Authentication Tokens)(Citation: Auth0 Access Tokens)
Internal MISP references
UUID 1e26f222-e27e-4bfa-830c-fa4b4f18b5e4 which can be used as unique global reference for Web Credential - DS0006 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0006 |
| mitre_platforms | ['Azure AD', 'Google Workspace', 'Linux', 'Office 365', 'SaaS', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Sensor Health - DS0013
Information from host telemetry providing insights about system status, errors, or other notable functional activity
Internal MISP references
UUID 4523e7f3-8de2-4078-96f8-1227eb537159 which can be used as unique global reference for Sensor Health - DS0013 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0013 |
| mitre_platforms | ['Linux', 'Windows', 'macOS', 'Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Application Vetting - DS0041
Application vetting report generated by an external cloud service.
Internal MISP references
UUID e156f007-c5bf-45cc-8dd5-d442ffb0d203 which can be used as unique global reference for Application Vetting - DS0041 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0041 |
| mitre_platforms | ['Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Application Log - DS0015
Events collected by third-party services such as mail servers, web applications, or other appliances (not by the native OS or platform)(Citation: Confluence Logs)
Internal MISP references
UUID 40269753-26bd-437b-986e-159c66dec5e4 which can be used as unique global reference for Application Log - DS0015 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0015 |
| mitre_platforms | ['Google Workspace', 'IaaS', 'Linux', 'Office 365', 'SaaS', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Named Pipe - DS0023
Mechanisms that allow inter-process communication locally or over the network. A named pipe is usually found as a file and processes attach to it(Citation: Microsoft Named Pipes)
Internal MISP references
UUID 221adcd5-cccf-44df-9be6-ef607a6e1c3c which can be used as unique global reference for Named Pipe - DS0023 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0023 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
User Interface - DS0042
Visual activity on the device that could alert the user to potentially malicious behavior.
Internal MISP references
UUID 55ba7d30-887f-42c1-a24e-c4e90aff24b8 which can be used as unique global reference for User Interface - DS0042 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0042 |
| mitre_platforms | ['Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Windows Registry - DS0024
A Windows OS hierarchical database that stores much of the information and settings for software programs, hardware devices, user preferences, and operating-system configurations(Citation: Microsoft Registry)
Internal MISP references
UUID 0f42a24c-e035-4f93-a91c-5f7076bd8da0 which can be used as unique global reference for Windows Registry - DS0024 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0024 |
| mitre_platforms | ['Windows'] |
Related clusters
To see the related clusters, click here.
Cloud Service - DS0025
Infrastructure, platforms, or software that are hosted on-premise or by third-party providers, made available to users through network connections and/or APIs(Citation: Amazon AWS)(Citation: Azure Products)
Internal MISP references
UUID b1ddede4-cafe-4955-ac4c-14b33ac3f647 which can be used as unique global reference for Cloud Service - DS0025 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0025 |
| mitre_platforms | ['Azure AD', 'Google Workspace', 'IaaS', 'Office 365', 'SaaS'] |
Related clusters
To see the related clusters, click here.
Active Directory - DS0026
A database and set of services that allows administrators to manage permissions, access to network resources, and stored data objects (user, group, application, or devices)(Citation: Microsoft AD DS Getting Started)
Internal MISP references
UUID d6188aac-17db-4861-845f-57c369f9b4c8 which can be used as unique global reference for Active Directory - DS0026 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0026 |
| mitre_platforms | ['Azure AD', 'Windows'] |
Related clusters
To see the related clusters, click here.
Logon Session - DS0028
Logon occurring on a system or resource (local, domain, or cloud) to which a user/device is gaining access after successful authentication and authorization(Citation: Microsoft Audit Logon Events)
Internal MISP references
UUID 4358c631-e253-4557-86df-f687d0ef9891 which can be used as unique global reference for Logon Session - DS0028 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0028 |
| mitre_platforms | ['Azure AD', 'Google Workspace', 'IaaS', 'Linux', 'Office 365', 'SaaS', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Network Traffic - DS0029
Data transmitted across a network (ex: Web, DNS, Mail, File, etc.), that is either summarized (ex: Netflow) and/or captured as raw data in an analyzable format (ex: PCAP)
Internal MISP references
UUID c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3 which can be used as unique global reference for Network Traffic - DS0029 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0029 |
| mitre_platforms | ['IaaS', 'Linux', 'Windows', 'macOS', 'Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Network Share - DS0033
A storage resource (typically a folder or drive) made available from one host to others using network protocols, such as Server Message Block (SMB) or Network File System (NFS)(Citation: Microsoft NFS Overview)
Internal MISP references
UUID ba27545a-9c32-47ea-ba6a-cce50f1b326e which can be used as unique global reference for Network Share - DS0033 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0033 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Internet Scan - DS0035
Information obtained (commonly via active network traffic probes or web crawling) regarding various types of resources and servers connected to the public Internet
Internal MISP references
UUID 38fe306c-bdec-4f3d-8521-b72dd32dbd17 which can be used as unique global reference for Internet Scan - DS0035 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0035 |
| mitre_platforms | ['PRE'] |
Related clusters
To see the related clusters, click here.
Domain Name - DS0038
Information obtained (commonly through registration or activity logs) regarding one or more IP addresses registered with human readable names (ex: mitre.org)
Internal MISP references
UUID dd75f457-8dc0-4a24-9ae5-4b61c33af866 which can be used as unique global reference for Domain Name - DS0038 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0038 |
| mitre_platforms | ['PRE'] |
Related clusters
To see the related clusters, click here.
Firmware - DS0001
Computer software that provides low-level control for the hardware and device(s) of a host, such as BIOS or UEFI/EFI
Internal MISP references
UUID ca1cb239-ff6d-4f64-b9d7-41c8556a8b4f which can be used as unique global reference for Firmware - DS0001 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0001 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Snapshot - DS0020
A point-in-time copy of cloud volumes (files, settings, etc.) that can be created and/or deployed in cloud environments(Citation: Microsoft Snapshot)(Citation: Amazon Snapshots)
Internal MISP references
UUID 6d7de3b7-283d-48f9-909c-60d123d9d768 which can be used as unique global reference for Snapshot - DS0020 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0020 |
| mitre_platforms | ['IaaS'] |
Related clusters
To see the related clusters, click here.
Instance - DS0030
A virtual server environment which runs workloads, hosted on-premise or by third-party cloud providers(Citation: Amazon VM)(Citation: Google VM)
Internal MISP references
UUID 45232bc0-e858-440d-aa93-d48c6cf167f0 which can be used as unique global reference for Instance - DS0030 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0030 |
| mitre_platforms | ['IaaS'] |
Related clusters
To see the related clusters, click here.
WMI - DS0005
The infrastructure for management data and operations that enables local and remote management of Windows personal computers and servers(Citation: Microsoft WMI System Classes)(Citation: Microsoft WMI Architecture)
Internal MISP references
UUID 2cd6cc81-d86e-4595-a4f0-43f5519f14e6 which can be used as unique global reference for WMI - DS0005 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0005 |
| mitre_platforms | ['Windows'] |
Related clusters
To see the related clusters, click here.
Image - DS0007
A single file used to deploy a virtual machine/bootable disk into an on-premise or third-party cloud environment(Citation: Microsoft Image)(Citation: Amazon AMI)
Internal MISP references
UUID 1ac0ca69-e07e-4b34-9061-e4588e146c52 which can be used as unique global reference for Image - DS0007 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0007 |
| mitre_platforms | ['IaaS'] |
Related clusters
To see the related clusters, click here.
Kernel - DS0008
A computer program, at the core of a computer OS, that resides in memory and facilitates interactions between hardware and software components(Citation: STIG Audit Kernel Modules)(Citation: Init Man Page)
Internal MISP references
UUID 8765a845-dea1-4cd1-a56f-f54939b7ab9e which can be used as unique global reference for Kernel - DS0008 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0008 |
| mitre_platforms | ['Linux', 'macOS'] |
Related clusters
To see the related clusters, click here.
Process - DS0009
Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures(Citation: Microsoft Processes and Threads)
Internal MISP references
UUID e8b8ede7-337b-4c0c-8c32-5c7872c1ee22 which can be used as unique global reference for Process - DS0009 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0009 |
| mitre_platforms | ['Linux', 'Windows', 'macOS', 'Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Module - DS0011
Executable files consisting of one or more shared classes and interfaces, such as portable executable (PE) format binaries/dynamic link libraries (DLL), executable and linkable format (ELF) binaries/shared libraries, and Mach-O format binaries/shared libraries(Citation: Microsoft LoadLibrary)(Citation: Microsoft Module Class)
Internal MISP references
UUID f424e4b4-a8a4-4c58-a4ae-4f53bfd08563 which can be used as unique global reference for Module - DS0011 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0011 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Persona - DS0021
A malicious online profile representing a user commonly used by adversaries to social engineer or otherwise target victims
Internal MISP references
UUID 3bef4799-906c-409c-ac00-3fb7a1e352e6 which can be used as unique global reference for Persona - DS0021 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0021 |
| mitre_platforms | ['PRE'] |
Related clusters
To see the related clusters, click here.
Script - DS0012
A file or stream containing a list of commands, allowing them to be launched in sequence(Citation: Microsoft PowerShell Logging)(Citation: FireEye PowerShell Logging)(Citation: Microsoft AMSI)
Internal MISP references
UUID 12c1e727-7fa4-49b6-af81-366ed2ce231e which can be used as unique global reference for Script - DS0012 in MISP communities and other software using the MISP galaxy
External references
- https://attack.mitre.org/datasources/DS0012 - webarchive
- https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7 - webarchive
- https://docs.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal - webarchive
- https://www.fireeye.com/blog/threat-research/2016/02/greater_visibilityt.html - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0012 |
| mitre_platforms | ['Windows'] |
Related clusters
To see the related clusters, click here.
Cluster - DS0031
A set of containerized computing resources that are managed together but have separate nodes to execute various tasks and/or applications(Citation: Kube Cluster Admin)(Citation: Kube Cluster Info)
Internal MISP references
UUID c3af32ff-65c5-4ea8-912a-fb4a85197239 which can be used as unique global reference for Cluster - DS0031 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0031 |
| mitre_platforms | ['Containers'] |
Related clusters
To see the related clusters, click here.
Pod - DS0014
A single unit of shared resources within a cluster, comprised of one or more containers(Citation: Kube Kubectl)(Citation: Kube Pod)
Internal MISP references
UUID 06bb1e05-533b-4de3-ae87-9b99910465cf which can be used as unique global reference for Pod - DS0014 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0014 |
| mitre_platforms | ['Containers'] |
Related clusters
To see the related clusters, click here.
Drive - DS0016
A non-volatile data storage device (hard drive, floppy disk, USB flash drive) with at least one formatted partition, typically mounted to the file system and/or assigned a drive letter(Citation: Sysmon EID 9)
Internal MISP references
UUID 61bbbf27-f7c3-46ba-a6bc-48ae76928065 which can be used as unique global reference for Drive - DS0016 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0016 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Command - DS0017
A directive given to a computer program, acting as an interpreter of some kind, in order to perform a specific task(Citation: Confluence Linux Command Line)(Citation: Audit OSX)
Internal MISP references
UUID 73691708-ffb5-4e29-906d-f485f6fa7089 which can be used as unique global reference for Command - DS0017 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0017 |
| mitre_platforms | ['Containers', 'Linux', 'Network', 'Windows', 'macOS', 'Android', 'iOS'] |
Related clusters
To see the related clusters, click here.
Firewall - DS0018
A network security system, running locally on an endpoint or remotely as a service (ex: cloud environment), that monitors and controls incoming/outgoing network traffic based on predefined rules(Citation: AWS Sec Groups VPC)
Internal MISP references
UUID f2f4f4bd-3455-400f-b2ee-104004df0f5b which can be used as unique global reference for Firewall - DS0018 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0018 |
| mitre_platforms | ['Azure AD', 'Google Workspace', 'IaaS', 'Linux', 'Office 365', 'SaaS', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Service - DS0019
A computer process that is configured to execute continuously in the background and perform system tasks, in some cases before any user has logged in(Citation: Microsoft Services)(Citation: Linux Services Run Levels)
Internal MISP references
UUID d710099e-df94-4be4-bf85-cabd30e912bb which can be used as unique global reference for Service - DS0019 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0019 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
File - DS0022
A computer resource object, managed by the I/O system, for storing data (such as images, text, videos, computer programs, or any wide variety of other media).(Citation: Microsoft File Mgmt)
Internal MISP references
UUID 509ed41e-ca42-461e-9058-24602256daf9 which can be used as unique global reference for File - DS0022 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0022 |
| mitre_platforms | ['Linux', 'Network', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Container - DS0032
A standard unit of virtualized software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another(Citation: Docker Docs Container)
Internal MISP references
UUID 072ec5a7-00ba-466f-9057-69751a22a967 which can be used as unique global reference for Container - DS0032 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0032 |
| mitre_platforms | ['Containers'] |
Related clusters
To see the related clusters, click here.
Driver - DS0027
A computer program that operates or controls a particular type of device that is attached to a computer. Provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used(Citation: IOKit Fundamentals)(Citation: Windows Getting Started Drivers)
Internal MISP references
UUID 9ec8c0d7-6137-456f-b829-c5f8b96ba054 which can be used as unique global reference for Driver - DS0027 in MISP communities and other software using the MISP galaxy
External references
- https://attack.mitre.org/datasources/DS0027 - webarchive
- https://developer.apple.com/library/archive/documentation/DeviceDrivers/Conceptual/IOKitFundamentals/Features/Features.html - webarchive
- https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/user-mode-and-kernel-mode - webarchive
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0027 |
| mitre_platforms | ['Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Volume - DS0034
Block object storage hosted on-premise or by third-party providers, typically made available to resources as virtualized hard drives(Citation: Amazon S3)(Citation: Azure Blob Storage)(Citation: Google Cloud Storage)
Internal MISP references
UUID b0b6d26f-3747-4444-ac7a-239a6ff80cb5 which can be used as unique global reference for Volume - DS0034 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0034 |
| mitre_platforms | ['IaaS', 'Linux', 'Windows', 'macOS'] |
Related clusters
To see the related clusters, click here.
Group - DS0036
A collection of multiple user accounts that share the same access rights to the computer and/or network resources and have common security rights(Citation: Amazon IAM Groups)
Internal MISP references
UUID 3c07684f-3794-4536-8f70-21efe700c0ec which can be used as unique global reference for Group - DS0036 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0036 |
| mitre_platforms | ['Azure AD', 'Google Workspace', 'IaaS', 'Office 365', 'SaaS', 'Windows'] |
Related clusters
To see the related clusters, click here.
Certificate - DS0037
A digital document, which highlights information such as the owner's identity, used to instill trust in public keys used while encrypting network communications
Internal MISP references
UUID 29aa4e0e-4a26-4f79-a9bc-1ae66df1c923 which can be used as unique global reference for Certificate - DS0037 in MISP communities and other software using the MISP galaxy
External references
Associated metadata
| Metadata key | Value |
|---|---|
| external_id | DS0037 |
| mitre_platforms | ['PRE'] |
Related clusters
To see the related clusters, click here.