KnownIntent enum
Known values of Intent that the service accepts.
Fields
| Collection | Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. |
| CommandAndControl | The command and control tactic represents how adversaries communicate with systems under their control within a target network. |
| CredentialAccess | Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. |
| DefenseEvasion | Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. |
| Discovery | Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. |
| Execution | The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. |
| Exfiltration | Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. |
| Exploitation | Exploitation is the stage where an attacker manages to get a foothold on the attacked resource. This stage is relevant for compute hosts and resources such as user accounts, certificates etc. |
| Impact | Impact events primarily try to directly reduce the availability or integrity of a system, service, or network; including manipulation of data to impact a business or operational process. |
| InitialAccess | InitialAccess is the stage where an attacker manages to get foothold on the attacked resource. |
| LateralMovement | Lateral movement consists of techniques that enable an adversary to access and control remote systems on a network and could, but does not necessarily, include execution of tools on remote systems. |
| Persistence | Persistence is any access, action, or configuration change to a system that gives a threat actor a persistent presence on that system. |
| PreAttack | PreAttack could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. This step is usually detected as an attempt, originating from outside the network, to scan the target system and find a way in. Further details on the PreAttack stage can be read in MITRE Pre-Att&ck matrix. |
| PrivilegeEscalation | Privilege escalation is the result of actions that allow an adversary to obtain a higher level of permissions on a system or network. |
| Probing | Probing could be either an attempt to access a certain resource regardless of a malicious intent, or a failed attempt to gain access to a target system to gather information prior to exploitation. |
| Unknown | Unknown |