Module Values.TTPsObservedDetailSource

Details tactics, techniques, and procedures (TTPs) used in a potential security event. Tactics are based on MITRE ATT&CK Matrix for Enterprise.

Sourcetype nonrec t = {
  1. tactic : Tactic.t option;
    (*

    The tactic used, identified by the investigation.

    *)
  2. technique : Technique.t option;
    (*

    The technique used, identified by the investigation.

    *)
  3. procedure : Procedure.t option;
    (*

    The procedure used, identified by the investigation.

    *)
  4. ipAddress : IpAddress.t option;
    (*

    The IP address where the tactics, techniques, and procedure (TTP) was observed.

    *)
  5. aPIName : APIName.t option;
    (*

    The name of the API where the tactics, techniques, and procedure (TTP) was observed.

    *)
  6. aPISuccessCount : APISuccessCount.t option;
    (*

    The total number of successful API requests.

    *)
  7. aPIFailureCount : APIFailureCount.t option;
    (*

    The total number of failed API requests.

    *)
}
Sourceval make : ?tactic:??? -> ?technique:??? -> ?procedure:??? -> ?ipAddress:??? -> ?aPIName:??? -> ?aPISuccessCount:??? -> ?aPIFailureCount:??? -> unit -> t
Sourceval to_value : t -> [> `Structure of (string * [> `Long of APISuccessCount.t | `String of Tactic.t ]) list ]
Sourceval to_query : t -> Awso.Client.Query.t
Sourceval of_xml : Awso.Xml.t -> t
Sourceval of_string : string -> t
Sourceval of_json : Yojson.Safe.t -> t
Sourceval to_json : t -> Yojson.Safe.t