1{ 2 "name": "Query which has Mitre Attack Data", 3 "description": "Example query which has Mitre Attack Data as threat", 4 "risk_score": 1, 5 "severity": "high", 6 "type": "query", 7 "query": "user.name: root or user.name: admin", 8 "threat": [ 9 { 10 "framework": "MITRE ATT&CK", 11 "tactic": { 12 "id": "TA0040", 13 "name": "impact", 14 "reference": "https://attack.mitre.org/tactics/TA0040/" 15 }, 16 "technique": [ 17 { 18 "id": "T1499", 19 "name": "endpoint denial of service", 20 "reference": "https://attack.mitre.org/techniques/T1499/" 21 } 22 ] 23 }, 24 { 25 "framework": "MITRE ATT&CK", 26 "tactic": { 27 "id": "T1020", 28 "name": "Automated Exfiltration", 29 "reference": "https://attack.mitre.org/techniques/T1020/" 30 }, 31 "technique": [ 32 { 33 "id": "T1002", 34 "name": "Data Compressed", 35 "reference": "https://attack.mitre.org/techniques/T1002/" 36 } 37 ] 38 } 39 ] 40} 41