Security Command Center V2 API - Module Google::Cloud::SecurityCenter::V2::MitreAttack::Technique (v1.3.0)
Stay organized with collections
Save and categorize content based on your preferences.
Reference documentation and code samples for the Security Command Center V2 API module Google::Cloud::SecurityCenter::V2::MitreAttack::Technique.
MITRE ATT&CK techniques that can be referenced by Security Command Center
findings. See: https://attack.mitre.org/techniques/enterprise/
Constants
TECHNIQUE_UNSPECIFIED
value: 0
Unspecified value.
DATA_OBFUSCATION
DATA_OBFUSCATION_STEGANOGRAPHY
OS_CREDENTIAL_DUMPING
OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM
OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW
DATA_FROM_LOCAL_SYSTEM
AUTOMATED_EXFILTRATION
OBFUSCATED_FILES_OR_INFO
STEGANOGRAPHY
COMPILE_AFTER_DELIVERY
COMMAND_OBFUSCATION
SCHEDULED_TRANSFER
SYSTEM_OWNER_USER_DISCOVERY
MASQUERADING
MATCH_LEGITIMATE_NAME_OR_LOCATION
BOOT_OR_LOGON_INITIALIZATION_SCRIPTS
STARTUP_ITEMS
NETWORK_SERVICE_DISCOVERY
SCHEDULED_TASK_JOB
SCHEDULED_TASK_JOB_CRON
CONTAINER_ORCHESTRATION_JOB
PROCESS_INJECTION
PROCESS_DISCOVERY
COMMAND_AND_SCRIPTING_INTERPRETER
UNIX_SHELL
PYTHON
EXPLOITATION_FOR_PRIVILEGE_ESCALATION
PERMISSION_GROUPS_DISCOVERY
CLOUD_GROUPS
INDICATOR_REMOVAL
INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS
INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY
INDICATOR_REMOVAL_FILE_DELETION
INDICATOR_REMOVAL_TIMESTOMP
INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA
APPLICATION_LAYER_PROTOCOL
DNS
VALID_ACCOUNTS
DEFAULT_ACCOUNTS
LOCAL_ACCOUNTS
CLOUD_ACCOUNTS
FILE_AND_DIRECTORY_DISCOVERY
ACCOUNT_DISCOVERY_LOCAL_ACCOUNT
PROXY
EXTERNAL_PROXY
MULTI_HOP_PROXY
ACCOUNT_MANIPULATION
ADDITIONAL_CLOUD_CREDENTIALS
ADDITIONAL_CLOUD_ROLES
SSH_AUTHORIZED_KEYS
ADDITIONAL_CONTAINER_CLUSTER_ROLES
MULTI_STAGE_CHANNELS
NATIVE_API
BRUTE_FORCE
AUTOMATED_COLLECTION
SHARED_MODULES
DATA_ENCODING
STANDARD_ENCODING
ACCESS_TOKEN_MANIPULATION
TOKEN_IMPERSONATION_OR_THEFT
CREATE_ACCOUNT
LOCAL_ACCOUNT
DEOBFUSCATE_DECODE_FILES_OR_INFO
EXPLOIT_PUBLIC_FACING_APPLICATION
SUPPLY_CHAIN_COMPROMISE
EXPLOITATION_FOR_CLIENT_EXECUTION
USER_EXECUTION
LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION
DOMAIN_POLICY_MODIFICATION
DATA_DESTRUCTION
DATA_ENCRYPTED_FOR_IMPACT
SERVICE_STOP
INHIBIT_SYSTEM_RECOVERY
FIRMWARE_CORRUPTION
RESOURCE_HIJACKING
NETWORK_DENIAL_OF_SERVICE
CLOUD_SERVICE_DISCOVERY
STEAL_APPLICATION_ACCESS_TOKEN
ACCOUNT_ACCESS_REMOVAL
TRANSFER_DATA_TO_CLOUD_ACCOUNT
STEAL_WEB_SESSION_COOKIE
CREATE_OR_MODIFY_SYSTEM_PROCESS
EVENT_TRIGGERED_EXECUTION
BOOT_OR_LOGON_AUTOSTART_EXECUTION
KERNEL_MODULES_AND_EXTENSIONS
SHORTCUT_MODIFICATION
ABUSE_ELEVATION_CONTROL_MECHANISM
ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID
ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING
UNSECURED_CREDENTIALS
CREDENTIALS_IN_FILES
BASH_HISTORY
PRIVATE_KEYS
SUBVERT_TRUST_CONTROL
INSTALL_ROOT_CERTIFICATE
COMPROMISE_HOST_SOFTWARE_BINARY
CREDENTIALS_FROM_PASSWORD_STORES
MODIFY_AUTHENTICATION_PROCESS
PLUGGABLE_AUTHENTICATION_MODULES
MULTI_FACTOR_AUTHENTICATION
IMPAIR_DEFENSES
INDICATOR_BLOCKING
DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM
HIDE_ARTIFACTS
HIDDEN_FILES_AND_DIRECTORIES
HIDDEN_USERS
EXFILTRATION_OVER_WEB_SERVICE
EXFILTRATION_TO_CLOUD_STORAGE
DYNAMIC_RESOLUTION
HIJACK_EXECUTION_FLOW
HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING
MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE
CREATE_SNAPSHOT
CLOUD_INFRASTRUCTURE_DISCOVERY
DEVELOP_CAPABILITIES
DEVELOP_CAPABILITIES_MALWARE
OBTAIN_CAPABILITIES
OBTAIN_CAPABILITIES_MALWARE
OBTAIN_CAPABILITIES_VULNERABILITIES
ACTIVE_SCANNING
SCANNING_IP_BLOCKS
STAGE_CAPABILITIES
UPLOAD_MALWARE
CONTAINER_ADMINISTRATION_COMMAND
DEPLOY_CONTAINER
ESCAPE_TO_HOST
CONTAINER_AND_RESOURCE_DISCOVERY
REFLECTIVE_CODE_LOADING
STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES
FINANCIAL_THEFT
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-09 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# Security Command Center V2 API - Module Google::Cloud::SecurityCenter::V2::MitreAttack::Technique (v1.3.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.3.0 (latest)](/ruby/docs/reference/google-cloud-security_center-v2/latest/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [1.2.0](/ruby/docs/reference/google-cloud-security_center-v2/1.2.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [1.1.1](/ruby/docs/reference/google-cloud-security_center-v2/1.1.1/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [1.0.0](/ruby/docs/reference/google-cloud-security_center-v2/1.0.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.6.0](/ruby/docs/reference/google-cloud-security_center-v2/0.6.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.5.0](/ruby/docs/reference/google-cloud-security_center-v2/0.5.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.4.1](/ruby/docs/reference/google-cloud-security_center-v2/0.4.1/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.3.0](/ruby/docs/reference/google-cloud-security_center-v2/0.3.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.2.0](/ruby/docs/reference/google-cloud-security_center-v2/0.2.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique)\n- [0.1.0](/ruby/docs/reference/google-cloud-security_center-v2/0.1.0/Google-Cloud-SecurityCenter-V2-MitreAttack-Technique) \nReference documentation and code samples for the Security Command Center V2 API module Google::Cloud::SecurityCenter::V2::MitreAttack::Technique.\n\nMITRE ATT\\&CK techniques that can be referenced by Security Command Center\nfindings. See: \u003chttps://attack.mitre.org/techniques/enterprise/\u003e\n\nConstants\n---------\n\n### TECHNIQUE_UNSPECIFIED\n\n**value:** 0 \nUnspecified value.\n\n### DATA_OBFUSCATION\n\n**value:** 70 \nT1001\n\n### DATA_OBFUSCATION_STEGANOGRAPHY\n\n**value:** 71 \nT1001.002\n\n### OS_CREDENTIAL_DUMPING\n\n**value:** 114 \nT1003\n\n### OS_CREDENTIAL_DUMPING_PROC_FILESYSTEM\n\n**value:** 115 \nT1003.007\n\n### OS_CREDENTIAL_DUMPING_ETC_PASSWORD_AND_ETC_SHADOW\n\n**value:** 122 \nT1003.008\n\n### DATA_FROM_LOCAL_SYSTEM\n\n**value:** 117 \nT1005\n\n### AUTOMATED_EXFILTRATION\n\n**value:** 68 \nT1020\n\n### OBFUSCATED_FILES_OR_INFO\n\n**value:** 72 \nT1027\n\n### STEGANOGRAPHY\n\n**value:** 73 \nT1027.003\n\n### COMPILE_AFTER_DELIVERY\n\n**value:** 74 \nT1027.004\n\n### COMMAND_OBFUSCATION\n\n**value:** 75 \nT1027.010\n\n### SCHEDULED_TRANSFER\n\n**value:** 120 \nT1029\n\n### SYSTEM_OWNER_USER_DISCOVERY\n\n**value:** 118 \nT1033\n\n### MASQUERADING\n\n**value:** 49 \nT1036\n\n### MATCH_LEGITIMATE_NAME_OR_LOCATION\n\n**value:** 50 \nT1036.005\n\n### BOOT_OR_LOGON_INITIALIZATION_SCRIPTS\n\n**value:** 37 \nT1037\n\n### STARTUP_ITEMS\n\n**value:** 38 \nT1037.005\n\n### NETWORK_SERVICE_DISCOVERY\n\n**value:** 32 \nT1046\n\n### SCHEDULED_TASK_JOB\n\n**value:** 89 \nT1053\n\n### SCHEDULED_TASK_JOB_CRON\n\n**value:** 119 \nT1053.003\n\n### CONTAINER_ORCHESTRATION_JOB\n\n**value:** 90 \nT1053.007\n\n### PROCESS_INJECTION\n\n**value:** 93 \nT1055\n\n### INPUT_CAPTURE\n\n**value:** 103 \nT1056\n\n### INPUT_CAPTURE_KEYLOGGING\n\n**value:** 104 \nT1056.001\n\n### PROCESS_DISCOVERY\n\n**value:** 56 \nT1057\n\n### COMMAND_AND_SCRIPTING_INTERPRETER\n\n**value:** 6 \nT1059\n\n### UNIX_SHELL\n\n**value:** 7 \nT1059.004\n\n### PYTHON\n\n**value:** 59 \nT1059.006\n\n### EXPLOITATION_FOR_PRIVILEGE_ESCALATION\n\n**value:** 63 \nT1068\n\n### PERMISSION_GROUPS_DISCOVERY\n\n**value:** 18 \nT1069\n\n### CLOUD_GROUPS\n\n**value:** 19 \nT1069.003\n\n### INDICATOR_REMOVAL\n\n**value:** 123 \nT1070\n\n### INDICATOR_REMOVAL_CLEAR_LINUX_OR_MAC_SYSTEM_LOGS\n\n**value:** 124 \nT1070.002\n\n### INDICATOR_REMOVAL_CLEAR_COMMAND_HISTORY\n\n**value:** 125 \nT1070.003\n\n### INDICATOR_REMOVAL_FILE_DELETION\n\n**value:** 64 \nT1070.004\n\n### INDICATOR_REMOVAL_TIMESTOMP\n\n**value:** 128 \nT1070.006\n\n### INDICATOR_REMOVAL_CLEAR_MAILBOX_DATA\n\n**value:** 126 \nT1070.008\n\n### APPLICATION_LAYER_PROTOCOL\n\n**value:** 45 \nT1071\n\n### DNS\n\n**value:** 46 \nT1071.004\n\n### SOFTWARE_DEPLOYMENT_TOOLS\n\n**value:** 47 \nT1072\n\n### VALID_ACCOUNTS\n\n**value:** 14 \nT1078\n\n### DEFAULT_ACCOUNTS\n\n**value:** 35 \nT1078.001\n\n### LOCAL_ACCOUNTS\n\n**value:** 15 \nT1078.003\n\n### CLOUD_ACCOUNTS\n\n**value:** 16 \nT1078.004\n\n### FILE_AND_DIRECTORY_DISCOVERY\n\n**value:** 121 \nT1083\n\n### ACCOUNT_DISCOVERY_LOCAL_ACCOUNT\n\n**value:** 116 \nT1087.001\n\n### PROXY\n\n**value:** 9 \nT1090\n\n### EXTERNAL_PROXY\n\n**value:** 10 \nT1090.002\n\n### MULTI_HOP_PROXY\n\n**value:** 11 \nT1090.003\n\n### ACCOUNT_MANIPULATION\n\n**value:** 22 \nT1098\n\n### ADDITIONAL_CLOUD_CREDENTIALS\n\n**value:** 40 \nT1098.001\n\n### ADDITIONAL_CLOUD_ROLES\n\n**value:** 67 \nT1098.003\n\n### SSH_AUTHORIZED_KEYS\n\n**value:** 23 \nT1098.004\n\n### ADDITIONAL_CONTAINER_CLUSTER_ROLES\n\n**value:** 58 \nT1098.006\n\n### MULTI_STAGE_CHANNELS\n\n**value:** 76 \nT1104\n\n### INGRESS_TOOL_TRANSFER\n\n**value:** 3 \nT1105\n\n### NATIVE_API\n\n**value:** 4 \nT1106\n\n### BRUTE_FORCE\n\n**value:** 44 \nT1110\n\n### AUTOMATED_COLLECTION\n\n**value:** 94 \nT1119\n\n### SHARED_MODULES\n\n**value:** 5 \nT1129\n\n### DATA_ENCODING\n\n**value:** 77 \nT1132\n\n### STANDARD_ENCODING\n\n**value:** 78 \nT1132.001\n\n### ACCESS_TOKEN_MANIPULATION\n\n**value:** 33 \nT1134\n\n### TOKEN_IMPERSONATION_OR_THEFT\n\n**value:** 39 \nT1134.001\n\n### CREATE_ACCOUNT\n\n**value:** 79 \nT1136\n\n### LOCAL_ACCOUNT\n\n**value:** 80 \nT1136.001\n\n### DEOBFUSCATE_DECODE_FILES_OR_INFO\n\n**value:** 95 \nT1140\n\n### EXPLOIT_PUBLIC_FACING_APPLICATION\n\n**value:** 27 \nT1190\n\n### SUPPLY_CHAIN_COMPROMISE\n\n**value:** 129 \nT1195\n\n### COMPROMISE_SOFTWARE_DEPENDENCIES_AND_DEVELOPMENT_TOOLS\n\n**value:** 130 \nT1195.001\n\n### EXPLOITATION_FOR_CLIENT_EXECUTION\n\n**value:** 134 \nT1203\n\n### USER_EXECUTION\n\n**value:** 69 \nT1204\n\n### LINUX_AND_MAC_FILE_AND_DIRECTORY_PERMISSIONS_MODIFICATION\n\n**value:** 135 \nT1222.002\n\n### DOMAIN_POLICY_MODIFICATION\n\n**value:** 30 \nT1484\n\n### DATA_DESTRUCTION\n\n**value:** 29 \nT1485\n\n### DATA_ENCRYPTED_FOR_IMPACT\n\n**value:** 132 \nT1486\n\n### SERVICE_STOP\n\n**value:** 52 \nT1489\n\n### INHIBIT_SYSTEM_RECOVERY\n\n**value:** 36 \nT1490\n\n### FIRMWARE_CORRUPTION\n\n**value:** 81 \nT1495\n\n### RESOURCE_HIJACKING\n\n**value:** 8 \nT1496\n\n### NETWORK_DENIAL_OF_SERVICE\n\n**value:** 17 \nT1498\n\n### CLOUD_SERVICE_DISCOVERY\n\n**value:** 48 \nT1526\n\n### STEAL_APPLICATION_ACCESS_TOKEN\n\n**value:** 42 \nT1528\n\n### ACCOUNT_ACCESS_REMOVAL\n\n**value:** 51 \nT1531\n\n### TRANSFER_DATA_TO_CLOUD_ACCOUNT\n\n**value:** 91 \nT1537\n\n### STEAL_WEB_SESSION_COOKIE\n\n**value:** 25 \nT1539\n\n### CREATE_OR_MODIFY_SYSTEM_PROCESS\n\n**value:** 24 \nT1543\n\n### EVENT_TRIGGERED_EXECUTION\n\n**value:** 65 \nT1546\n\n### BOOT_OR_LOGON_AUTOSTART_EXECUTION\n\n**value:** 82 \nT1547\n\n### KERNEL_MODULES_AND_EXTENSIONS\n\n**value:** 83 \nT1547.006\n\n### SHORTCUT_MODIFICATION\n\n**value:** 127 \nT1547.009\n\n### ABUSE_ELEVATION_CONTROL_MECHANISM\n\n**value:** 34 \nT1548\n\n### ABUSE_ELEVATION_CONTROL_MECHANISM_SETUID_AND_SETGID\n\n**value:** 136 \nT1548.001\n\n### ABUSE_ELEVATION_CONTROL_MECHANISM_SUDO_AND_SUDO_CACHING\n\n**value:** 109 \nT1548.003\n\n### UNSECURED_CREDENTIALS\n\n**value:** 13 \nT1552\n\n### CREDENTIALS_IN_FILES\n\n**value:** 105 \nT1552.001\n\n### BASH_HISTORY\n\n**value:** 96 \nT1552.003\n\n### PRIVATE_KEYS\n\n**value:** 97 \nT1552.004\n\n### SUBVERT_TRUST_CONTROL\n\n**value:** 106 \nT1553\n\n### INSTALL_ROOT_CERTIFICATE\n\n**value:** 107 \nT1553.004\n\n### COMPROMISE_HOST_SOFTWARE_BINARY\n\n**value:** 84 \nT1554\n\n### CREDENTIALS_FROM_PASSWORD_STORES\n\n**value:** 98 \nT1555\n\n### MODIFY_AUTHENTICATION_PROCESS\n\n**value:** 28 \nT1556\n\n### PLUGGABLE_AUTHENTICATION_MODULES\n\n**value:** 108 \nT1556.003\n\n### MULTI_FACTOR_AUTHENTICATION\n\n**value:** 137 \nT1556.006\n\n### IMPAIR_DEFENSES\n\n**value:** 31 \nT1562\n\n### DISABLE_OR_MODIFY_TOOLS\n\n**value:** 55 \nT1562.001\n\n### INDICATOR_BLOCKING\n\n**value:** 110 \nT1562.006\n\n### DISABLE_OR_MODIFY_LINUX_AUDIT_SYSTEM\n\n**value:** 111 \nT1562.012\n\n### HIDE_ARTIFACTS\n\n**value:** 85 \nT1564\n\n### HIDDEN_FILES_AND_DIRECTORIES\n\n**value:** 86 \nT1564.001\n\n### HIDDEN_USERS\n\n**value:** 87 \nT1564.002\n\n### EXFILTRATION_OVER_WEB_SERVICE\n\n**value:** 20 \nT1567\n\n### EXFILTRATION_TO_CLOUD_STORAGE\n\n**value:** 21 \nT1567.002\n\n### DYNAMIC_RESOLUTION\n\n**value:** 12 \nT1568\n\n### LATERAL_TOOL_TRANSFER\n\n**value:** 41 \nT1570\n\n### HIJACK_EXECUTION_FLOW\n\n**value:** 112 \nT1574\n\n### HIJACK_EXECUTION_FLOW_DYNAMIC_LINKER_HIJACKING\n\n**value:** 113 \nT1574.006\n\n### MODIFY_CLOUD_COMPUTE_INFRASTRUCTURE\n\n**value:** 26 \nT1578\n\n### CREATE_SNAPSHOT\n\n**value:** 54 \nT1578.001\n\n### CLOUD_INFRASTRUCTURE_DISCOVERY\n\n**value:** 53 \nT1580\n\n### DEVELOP_CAPABILITIES\n\n**value:** 99 \nT1587\n\n### DEVELOP_CAPABILITIES_MALWARE\n\n**value:** 100 \nT1587.001\n\n### OBTAIN_CAPABILITIES\n\n**value:** 43 \nT1588\n\n### OBTAIN_CAPABILITIES_MALWARE\n\n**value:** 101 \nT1588.001\n\n### OBTAIN_CAPABILITIES_VULNERABILITIES\n\n**value:** 133 \nT1588.006\n\n### ACTIVE_SCANNING\n\n**value:** 1 \nT1595\n\n### SCANNING_IP_BLOCKS\n\n**value:** 2 \nT1595.001\n\n### STAGE_CAPABILITIES\n\n**value:** 88 \nT1608\n\n### UPLOAD_MALWARE\n\n**value:** 102 \nT1608.001\n\n### CONTAINER_ADMINISTRATION_COMMAND\n\n**value:** 60 \nT1609\n\n### DEPLOY_CONTAINER\n\n**value:** 66 \nT1610\n\n### ESCAPE_TO_HOST\n\n**value:** 61 \nT1611\n\n### CONTAINER_AND_RESOURCE_DISCOVERY\n\n**value:** 57 \nT1613\n\n### REFLECTIVE_CODE_LOADING\n\n**value:** 92 \nT1620\n\n### STEAL_OR_FORGE_AUTHENTICATION_CERTIFICATES\n\n**value:** 62 \nT1649\n\n### FINANCIAL_THEFT\n\n**value:** 131 \nT1657"]]
