Mengintegrasikan MITRE ATT&CK dengan Google Security Operations
Versi integrasi: 16.0
Dokumen ini menjelaskan cara mengintegrasikan MITRE ATT&CK dengan Google Security Operations (Google SecOps).
Kasus penggunaan
Integrasi MITRE ATT&CK menggunakan kemampuan Google SecOps untuk mendukung kasus penggunaan berikut:
Korelasi ancaman taktis: Secara otomatis mengidentifikasi Kumpulan Intrusi (grup ancaman yang diketahui) yang terkait dengan teknik atau taktik serangan berbahaya tertentu yang diamati dalam pemberitahuan, sehingga memberikan konteks langsung tentang pelaku ancaman di balik aktivitas tersebut.
Analisis Kesenjangan Mitigasi: Untuk teknik serangan yang ditandai, secara otomatis ambil dan analisis Mitigasi terkait yang tersedia dalam framework MITRE ATT&CK. Hal ini memungkinkan tim keamanan memverifikasi apakah kontrol pertahanan saat ini sudah memadai atau apakah penerapan patch atau alat diperlukan.
Pengayaan dan Prioritas Insiden: Perkaya insiden keamanan dengan menambahkan informasi teknik yang mendetail (termasuk deskripsi, metode deteksi, dan sumber data) langsung ke dinding kasus, sehingga membantu analis memahami metodologi serangan dengan cepat dan memprioritaskan langkah-langkah respons.
Analisis Teknik Historis: Cari detail komprehensif tentang Teknik MITRE ATT&CK apa pun berdasarkan ID-nya (seperti T1050), sehingga memfasilitasi perburuan ancaman proaktif dan memberikan pengetahuan yang kredibel untuk pelatihan dan pelaporan keamanan.
Parameter integrasi
Integrasi MITRE ATT&CK memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
API Root |
Wajib. Alamat URL instance repositori CTI MITRE ATT&CK. |
Verify SSL |
Opsional. Jika dipilih, integrasi akan memvalidasi sertifikat SSL saat terhubung ke server MITRE ATT&CK. Diaktifkan secara default. |
Untuk mengetahui petunjuk tentang cara mengonfigurasi integrasi di Google SecOps, lihat Mengonfigurasi integrasi.
Anda dapat melakukan perubahan di tahap selanjutnya, jika diperlukan. Setelah mengonfigurasi instance integrasi, Anda dapat menggunakannya dalam playbook. Untuk mengetahui informasi selengkapnya tentang cara mengonfigurasi dan mendukung beberapa instance, lihat Mendukung beberapa instance.
Tindakan
Untuk mengetahui informasi selengkapnya tentang tindakan, lihat Merespons tindakan tertunda dari Ruang Kerja Anda dan Melakukan tindakan manual.
Mendapatkan Intrusi Terkait
Gunakan tindakan Dapatkan Intrusi Terkait untuk mengambil informasi tentang Kumpulan Intrusi (grup penyerang yang diketahui) yang ditautkan ke Teknik MITRE ATT&CK tertentu.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tindakan Get Associated Intrusions memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
Technique ID |
Wajib. ID (ID, Nama, atau ID Eksternal) yang digunakan untuk menemukan set intrusi terkait. |
Identifier Type |
Wajib. Jenis ID yang diberikan di Kemungkinan nilainya adalah sebagai berikut:
Nilai defaultnya adalah |
Max Intrusions to Return |
Opsional. Jumlah maksimum set intrusi yang akan diambil. Nilai defaultnya adalah |
Output tindakan
Tindakan Get Associated Intrusions memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil JSON
Contoh berikut menunjukkan output hasil JSON yang diterima saat menggunakan tindakan Get Associated Intrusions:
[
{
"created_by_ref":"identity--generic-ref-a1b2c3d4e5f6",
"description":"[ADVERSARY GROUP 01](https://attack.mitre.org/groups/G0001) is a threat group that has been active since at least 2014. The group ...",
"created":"2017-12-14T16:46:06.044Z",
"x_mitre_contributors":["Security Researcher A, Organization B"],
"modified":"2019-07-17T13:11:37.402Z",
"name":"ADVERSARY GROUP 01",
"object_marking_refs":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"x_mitre_version":"2.0",
"aliases":["ADVERSARY-01","ThreatGroup A","CyberSquad X","T-C-00"],
"type":"intrusion-set",
"id":"intrusion-set--a1b2c3d4-e5f6-7g8h-9i0j-1k2l3m4n5o6p",
"external_references":
[
{
"url":"https://attack.mitre.org/groups/G0001",
"source_name":"mitre-attack",
"external_id":"G0001"
},{
"source_name":"ADVERSARY GROUP 01",
"description":"(Citation: SecurityVendor A May 2017) (Citation: Research Org B Nov 2017)(Citation: SecurityFirm C May 2017)"
}]},{
"created_by_ref":"identity--generic-ref-a1b2c3d4e5f6",
"name":"ADVERSARY GROUP 02",
"created":"2018-01-16T16:13:52.465Z",
"description":"[ADVERSARY GROUP 02](https://attack.mitre.org/groups/G0002) is a cyber espionage group with...",
"modified":"2019-03-22T19:57:36.804Z",
"object_marking_refs":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"external_references": [
{
"url":"https://attack.mitre.org/groups/G0002",
"source_name":"mitre-attack",
"external_id":"G0002"
},{
"source_name":"ADVERSARY GROUP 02",
"description":"(Citation: Trend Research Daserf Nov 2017)"
}],
"x_mitre_version":"1.0",
"type":"intrusion-set",
"id":"intrusion-set--b1c2d3e4-f5g6-7h8i-9j0k-1l2m3n4o5p6q",
"aliases":["ADVERSARY-02","ResearchGroup Z","Tango"]
},{
"created_by_ref":"identity--generic-ref-a1b2c3d4e5f6",
"name":"ADVERSARY GROUP 03",
"created":"2018-01-16T16:13:52.465Z",
"description":"[ADVERSARY GROUP 03](https://attack.mitre.org/groups/G0003) is a cyber espionage group that has been ...",
"modified":"2019-05-03T16:42:19.026Z",
"object_marking_refs":["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"external_references":
[{
"url":"https://attack.mitre.org/groups/G0003",
"source_name":"mitre-attack",
"external_id":"G0003"
},{
"source_name":"ADVERSARY GROUP 03",
"description":"(Citation: ClearSky Analysis March 2017) (Citation: ClearSky Report July 2017) (Citation: Research Nov 2015)"
},],
"x_mitre_version":"1.1",
"type":"intrusion-set",
"id":"intrusion-set--c1d2e3f4-g5h6-7i8j-9k0l-1m2n3o4p5q6r",
"aliases":["ADVERSARY-03"]
}
]
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Get Associated Intrusions:
| Nama hasil skrip | Nilai |
|---|---|
is_success |
true atau false |
Mendapatkan Mitigasi
Gunakan tindakan Dapatkan Mitigasi untuk mengambil strategi Mitigasi yang terkait dengan Teknik MITRE ATT&CK tertentu.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tindakan Get Mitigations memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
Technique ID |
Wajib. ID (Nama, ID Internal, atau ID Eksternal) yang digunakan untuk menemukan mitigasi terkait untuk Teknik MITRE ATT&CK. |
Identifier Type |
Wajib. Jenis ID yang diberikan di Kemungkinan nilainya adalah sebagai berikut:
Nilai defaultnya adalah |
Max Mitigations to Return |
Opsional. Jumlah maksimum kontrol mitigasi yang akan diambil. Nilai defaultnya adalah |
Output tindakan
Tindakan Get Mitigations memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil JSON
Contoh berikut menunjukkan output hasil JSON yang diterima saat menggunakan tindakan Get Mitigations:
[
{
"created_by_ref": "identity--generic-ref-a1b2c3d4e5f6",
"description": "Examine and restrict unnecessary system utilities, third-party tools, or software capable of file encryption. Audit and/or block these tools using application control methods (Citation: Resource A 2010), such as Whitelisting Policy (Citation: Security Blog C 2016) or Software Restriction Mechanisms (Citation: Security Guide D 2014) where applicable. (Citation: Tech Ref E)",
"created": "2018-10-17T00:14:20.652Z",
"x_mitre_deprecated": true,
"modified": "2019-07-24T14:26:14.411Z",
"object_marking_refs": ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"external_references": [
{
"url": "https://attack.mitre.org/mitigations/T9000",
"source_name": "mitre-attack",
"external_id": "T9000"
},
{
"url": "http://www.generic-security.org/whitepapers/application/app-whitelisting-33599",
"source_name": "Resource A 2010",
"description": "General Author, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014."
},
{
"url": "http://blog.generic-cert.org/2016/01/windows-commands-abused-by-attackers.html",
"source_name": "Security Blog C 2016",
"description": "Researcher X. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016."
},
{
"url": "https://www.generic-agency.gov/ia-guidance/tech-briefs/app-whitelisting.cfm",
"source_name": "Security Guide D 2014",
"description": "Government Agency Directorate. (2014, August). Application Whitelisting Using Policy Engine. Retrieved March 31, 2016."
},
{
"url": "http://technet.generic-corp.com/magazine/2008.06.srp.aspx",
"source_name": "Tech Ref E 2008",
"description": "Author C, & Author D. P. (2008, June). Application Lockdown with Restriction Policies. Retrieved November 18, 2014."
},
{
"url": "https://technet.generic-corp.com/library/ee791851.aspx",
"source_name": "Tech Ref F",
"description": "Generic Corp. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016."
}
],
"x_mitre_version": "1.0",
"type": "course-of-action",
"id": "course-of-action--a1b2c3d4-e5f6-7g8h-9i0j-1k2l3m4n5o6p",
"name": "File Encryption Mitigation"
}
]
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Get Mitigations:
| Nama hasil skrip | Nilai |
|---|---|
is_success |
true atau false |
Mendapatkan Detail Teknik
Gunakan tindakan Dapatkan Detail Teknik untuk mengambil informasi yang komprehensif dan mendetail tentang Teknik MITRE ATT&CK tertentu.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tindakan Get Technique Details memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
Technique Identifier |
Wajib. Daftar ID yang dipisahkan koma (Nama, ID Internal, atau ID Eksternal) yang digunakan untuk menemukan informasi mendetail tentang Teknik MITRE ATT&CK. |
Identifier Type |
Wajib. Jenis ID yang diberikan di Kemungkinan nilainya adalah sebagai berikut:
Nilai defaultnya adalah |
Create Insights |
Opsional. Jika dipilih, tindakan ini akan menghasilkan insight keamanan terpisah untuk setiap Teknik MITRE ATT&CK yang diproses. Dinonaktifkan secara default. |
Output tindakan
Tindakan Get Technique Details memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil JSON
Contoh berikut menunjukkan output hasil JSON yang diterima saat menggunakan tindakan Get Technique Details:
{
"created_by_ref": "identity--generic-ref-a1b2c3d4e5f6",
"external_references": [
{
"url": "https://attack.mitre.org/techniques/T9000",
"external_id": "T9000",
"source_name": "mitre-attack"
},
{
"url": "http://www.security-research.org/~author/DetectingEncryptedTraffic.pdf",
"source_name": "Research Group A 2013",
"description": "Author, H., Co-Author, C., & Co-Author, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015."
},
{
"url": "https://generic-wiki.org/FileSignatures",
"source_name": "Wiki File Header Signatures",
"description": "Generic Wiki. (2016, March 31). List of file signatures. Retrieved April 22, 2016."
}
],
"created": "2017-05-31T21:30:30.26Z",
"x_mitre_platforms": ["Linux", "macOS", "Windows"],
"type": "attack-pattern",
"description": "Sensitive data is encrypted prior to exfiltration to conceal the information from detection tools or to make the activity less conspicuous upon defender inspection. The encryption process uses a utility, programming library, or custom script and is separate from any encryption used by the command and control or file transfer protocol. Common archive formats capable of encryption include RAR and zip.\\n\\nOther exfiltration techniques may be used to transfer the encrypted information out of the network, such as [Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1041) and [Exfiltration Over Alternate Protocol](https://attack.mitre.org/techniques/T1048)",
"kill_chain_phases": [
{
"phase_name": "exfiltration",
"kill_chain_name": "mitre-attack"
}
],
"modified": "2018-10-17T00:14:20.652Z",
"id": "attack-pattern--a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"object_marking_refs": ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"x_mitre_network_requirements": false,
"x_mitre_version": "1.0",
"x_mitre_data_sources": ["File monitoring", "Process monitoring", "Process command-line parameters", "Binary file metadata"],
"x_mitre_detection": "Encrypted files and related execution software can be detected through various means. Monitoring processes and command-line arguments for known encryption utilities may reveal suspicious activity. A process loading a key operating system DLL may be utilized to perform encryption. \\n\\nNetwork traffic analysis can reveal high entropy data indicative of encrypted transmission (Citation: Research Group A 2013). If the communications channel is unencrypted, network intrusion or DLP systems can detect encrypted files in transit by analyzing file headers (Citation: Wiki File Header Signatures).",
"name": "Data Encryption for Exfiltration"
}
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Get Technique Details:
| Nama hasil skrip | Nilai |
|---|---|
is_success |
true atau false |
Mendapatkan Detail Teknik
Gunakan tindakan Get Techniques Details untuk mengambil informasi yang komprehensif dan mendetail tentang Teknik MITRE ATT&CK.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tindakan Get Techniques Details memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
Technique Identifier |
Wajib. Daftar ID yang dipisahkan koma (Nama, ID Internal, atau ID Eksternal) yang digunakan untuk menemukan informasi mendetail tentang Teknik MITRE ATT&CK. |
Identifier Type |
Wajib. Jenis ID yang diberikan di Kemungkinan nilainya adalah sebagai berikut:
Nilai defaultnya adalah |
Output tindakan
Tindakan Get Techniques Details memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil JSON
Contoh berikut menunjukkan output hasil JSON yang diterima saat menggunakan tindakan Get Techniques Details:
[
{
"Entity": "course-of-action--generic-ref-1a2b3c4d5e6f",
"EntityResult": {
"created_by_ref": "identity--generic-ref-a1b2c3d4e5f6",
"external_references": [
{
"url": "https://attack.mitre.org/techniques/T9000",
"external_id": "T9000",
"source_name": "mitre-attack"
},
{
"url": "http://www.security-research.org/~author/encrypted-botnet-traffic.pdf",
"source_name": "Research Group A 2013",
"description": "Author, H., Co-Author, C., & Massey, D. (2013, April). Detecting encrypted botnet traffic. Retrieved August 19, 2015."
},
{
"url": "https://generic-wiki.org/FileHeaderSignatures",
"source_name": "Wiki File Header Signatures",
"description": "Generic Wiki. (2016, March 31). List of file signatures. Retrieved April 22, 2016."
}
],
"created": "2017-05-31T21:30:30.26Z",
"x_mitre_platforms": ["Linux", "macOS", "Windows"],
"type": "attack-pattern",
"description": "Sensitive data is encrypted prior to exfiltration to conceal the information from detection tools or to make the activity less conspicuous upon defender inspection. The encryption process uses a utility, programming library, or custom script and is separate from any encryption used by the command and control or file transfer protocol. Common archive formats capable of encryption include RAR and zip.\\n\\nOther exfiltration techniques likely apply as well to transfer the information out of the network, such as [Exfiltration Over Command and Control Channel](https://attack.mitre.org/techniques/T1041) and [Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1048)",
"kill_chain_phases": [
{
"phase_name": "exfiltration",
"kill_chain_name": "mitre-attack"
}
],
"modified": "2018-10-17T00:14:20.652Z",
"id": "attack-pattern--a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",
"object_marking_refs": ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"x_mitre_network_requirements": false,
"x_mitre_version": "1.0",
"x_mitre_data_sources": [
"File monitoring",
"Process monitoring",
"Process command-line parameters",
"Binary file metadata"
],
"x_mitre_detection": "Encryption software and encrypted files can be detected in many ways. Common utilities that may be present on the system or brought in by an adversary may be detectable through process monitoring and monitoring for command-line arguments for known encryption utilities. This may yield a significant amount of benign events, depending on how systems in the environment are typically used. The encryption key is often stated within command-line invocation of the software. A process that loads the Windows DLL crypt32.dll may be used to perform encryption, decryption, or verification of file signatures. Network traffic may also be analyzed for entropy to determine if encrypted data is being transmitted. (Citation: Research Group A 2013) If the communications channel is unencrypted, encrypted files of known file types can be detected in transit during exfiltration with a network intrusion detection or data loss prevention system analyzing file headers. (Citation: Wiki File Header Signatures)",
"name": "Data Encryption for Exfiltration"
}
}
]
Pesan output
Tindakan Get Techniques Details dapat menampilkan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
|
Tindakan berhasil. |
Error executing action "Get Technique Details". Reason:
ERROR_REASON |
Tindakan gagal. Periksa koneksi ke server, parameter input, atau kredensial. |
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Get Techniques Details:
| Nama hasil skrip | Nilai |
|---|---|
is_success |
true atau false |
Mendapatkan Mitigasi Teknik
Gunakan tindakan Get Techniques Mitigations untuk mengambil strategi Mitigasi yang terkait dengan daftar Teknik serangan MITRE tertentu.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tindakan Get Techniques Mitigations memerlukan parameter berikut:
| Parameter | Deskripsi |
|---|---|
Technique ID |
Wajib. Daftar ID yang dipisahkan koma (Nama, ID Internal, atau ID Eksternal) yang digunakan untuk menemukan mitigasi terkait untuk Teknik MITRE ATT&CK. |
Identifier Type |
Wajib. Jenis ID yang diberikan di Kemungkinan nilainya adalah sebagai berikut:
Nilai defaultnya adalah |
Max Mitigations to Return |
Opsional. Jumlah maksimum kontrol mitigasi yang akan diambil. Nilai defaultnya adalah |
Output tindakan
Tindakan Get Techniques Mitigations memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil JSON
Contoh berikut menunjukkan output hasil JSON yang diterima saat menggunakan tindakan Get Techniques Mitigations:
[
{
"Entity": "course-of-action--generic-ref-1a2b3c4d5e6f",
"EntityResult": {
"mitigations": [
{
"created_by_ref": "identity--generic-ref-a1b2c3d4e5f6",
"description": "Examine and restrict unnecessary system utilities, third-party tools, or software capable of file encryption. Audit and/or block these tools using application control methods (Citation: Research Org A 2010) such as Whitelisting Policy (Citation: Security Blog C 2016) or Software Restriction Mechanisms (Citation: Security Guide D 2014) where appropriate. (Citation: Tech Ref E)",
"created": "2018-10-17T00:14:20.652Z",
"x_mitre_deprecated": true,
"modified": "2019-07-24T14:26:14.411Z",
"object_marking_refs": ["marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"],
"external_references": [
{
"url": "https://attack.mitre.org/mitigations/T9000",
"source_name": "mitre-attack",
"external_id": "T9000"
},
{
"url": "http://www.generic-security.org/whitepapers/application/app-whitelisting-33599",
"source_name": "Research Org A 2010",
"description": "Generic Author, J. (2010, December). Application Whitelisting: Panacea or Propaganda?. Retrieved November 18, 2014."
},
{
"url": "http://blog.generic-cert.org/2016/01/windows-commands-abused-by-attackers.html",
"source_name": "Security Blog C 2016",
"description": "Researcher X. (2016, January 26). Windows Commands Abused by Attackers. Retrieved February 2, 2016."
},
{
"url": "https://www.generic-agency.gov/ia-guidance/tech-briefs/app-whitelisting.cfm",
"source_name": "Security Guide D 2014",
"description": "Government Agency Directorate. (2014, August). Application Whitelisting Using Policy Engine. Retrieved March 31, 2016."
},
{
"url": "http://technet.generic-corp.com/magazine/2008.06.srp.aspx",
"source_name": "Tech Ref E 2008",
"description": "Author C, & Author D. P. (2008, June). Application Lockdown with Restriction Policies. Retrieved November 18, 2014."
},
{
"url": "https://technet.generic-corp.com/library/ee791851.aspx",
"source_name": "Tech Ref F",
"description": "Generic Corp. (2012, June 27). Using Software Restriction Policies and AppLocker Policies. Retrieved April 7, 2016."
}
],
"x_mitre_version": "1.0",
"type": "course-of-action",
"id": "course-of-action--a1b2c3d4-e5f6-7g8h-9i0j-1k2l3m4n5o6p",
"name": "File Encryption Mitigation"
}
]
}
}
]
Pesan output
Tindakan Get Techniques Mitigations dapat menampilkan pesan output berikut:
| Pesan output | Deskripsi pesan |
|---|---|
|
Tindakan berhasil. |
Error executing action "Get Techniques Mitigations". Reason:
ERROR_REASON |
Tindakan gagal. Periksa koneksi ke server, parameter input, atau kredensial. |
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Get Techniques Mitigations:
| Nama hasil skrip | Nilai |
|---|---|
is_success |
true atau false |
Ping
Gunakan tindakan Ping untuk menguji konektivitas ke MITRE ATT&CK.
Tindakan ini tidak berjalan di entity Google SecOps.
Input tindakan
Tidak ada.
Output tindakan
Tindakan Ping memberikan output berikut:
| Jenis output tindakan | Ketersediaan |
|---|---|
| Lampiran repositori kasus | Tidak tersedia |
| Link repositori kasus | Tidak tersedia |
| Tabel repositori kasus | Tidak tersedia |
| Tabel pengayaan | Tidak tersedia |
| Hasil JSON | Tidak tersedia |
| Pesan output | Tersedia |
| Hasil skrip | Tersedia |
Hasil skrip
Tabel berikut mencantumkan nilai untuk output hasil skrip saat menggunakan tindakan Ping:
| Nama hasil skrip | Nilai |
|---|---|
| is_success | true atau false |
Perlu bantuan lain? Dapatkan jawaban dari anggota Komunitas dan profesional Google SecOps.