Console
    Start free

    ThreatDetectionOpportunity

    Threat Detection Opportunity.

    JSON representation 
     { 
 "summary" 
 : 
 string 
 , 
 "mitreInfo" 
 : 
 { 
 object (  MitreInfo 
 
) 
 } 
 , 
 "supportingEvidence" 
 : 
 [ 
 string 
 ] 
 , 
 "observables" 
 : 
 { 
 object (  ObservableCollection 
 
) 
 } 
 , 
 "logTypes" 
 : 
 [ 
 string 
 ] 
 }
    Fields
    summary

    string

    Concise, one sentence summary.
    mitreInfo

    object ( MitreInfo )

    MITRE ATT&CK details for the Threat Detection Opportunity.
    supportingEvidence[]

    string

    Free-form text of supporting evidence for the Threat Detection Opportunity extracted from the threat.
    observables

    object ( ObservableCollection )

    Detection opportunity observables - hostnames, IP's, etc.
    logTypes[]

    string

    Output only. Resource names of log types associated with the Threat Detection Opportunity.

    MitreInfo

    MITRE ATT&CK details for the Threat Detection Opportunity.

    JSON representation 
     { 
 "tactics" 
 : 
 [ 
 string 
 ] 
 , 
 "techniques" 
 : 
 [ 
 string 
 ] 
 , 
 "platform" 
 : 
 string 
 , 
 "procedure" 
 : 
 string 
 , 
 "detectionStrategy" 
 : 
 string 
 }
    Fields
    tactics[]

    string

    Optional. MITRE ATT&CK tactics.
    techniques[]

    string

    Optional. MITRE ATT&CK techniques.
    platform

    string

    Platform the technique is associated with.
    procedure

    string

    MITRE ATT&CK procedure.
    detectionStrategy

    string

    Detection strategy for the Threat Detection Opportunity.

    ObservableCollection

    Detection opportunity observables.

    JSON representation 
     { 
 "atomics" 
 : 
 { 
 object (  AtomicIndicatorCollection 
 
) 
 } 
 , 
 "procedures" 
 : 
 { 
 object (  ProcedureCollection 
 
) 
 } 
 }
    Fields
    atomics

    object ( AtomicIndicatorCollection )

    Context-free IOCs.
    procedures

    object ( ProcedureCollection )

    Context-dependent tactics, techniques, and procedures.

    AtomicIndicatorCollection

    Context-free IOCs.

    JSON representation 
     { 
 "hashes" 
 : 
 [ 
 string 
 ] 
 , 
 "domains" 
 : 
 [ 
 string 
 ] 
 , 
 "urls" 
 : 
 [ 
 string 
 ] 
 , 
 "ipAddresses" 
 : 
 [ 
 string 
 ] 
 , 
 "emails" 
 : 
 [ 
 string 
 ] 
 , 
 "ports" 
 : 
 [ 
 integer 
 ] 
 }
    Fields
    hashes[]

    string

    File hashes associated with the threat.
    domains[]

    string

    Domains associated with the threat.
    urls[]

    string

    URLs associated with the threat.
    ipAddresses[]

    string

    IP addresses associated with the threat.
    emails[]

    string

    Email addresses associated with the threat.
    ports[]

    integer

    Ports associated with the threat.

    ProcedureCollection

    Context-dependent tactics, techniques, and procedures.

    JSON representation 
     { 
 "files" 
 : 
 [ 
 string 
 ] 
 , 
 "registryKeys" 
 : 
 [ 
 string 
 ] 
 , 
 "processes" 
 : 
 [ 
 string 
 ] 
 , 
 "parentProcesses" 
 : 
 [ 
 string 
 ] 
 , 
 "userAccounts" 
 : 
 [ 
 string 
 ] 
 }
    Fields
    files[]

    string

    Files associated with the threat.
    registryKeys[]

    string

    Registry keys associated with the threat.
    processes[]

    string

    Processes associated with the threat.
    parentProcesses[]

    string

    Parent process names associated with the threat.
    userAccounts[]

    string

    User accounts associated with the threat.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: