cti/ics-attack/x-mitre-analytic/x-mitre-analytic--d3023733-5874-4746-a947-65925514e382.json

{
    "type": "bundle",
    "id": "bundle--65fd5b44-0b53-420b-91e5-a6c04f640372",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "x-mitre-analytic",
            "id": "x-mitre-analytic--d3023733-5874-4746-a947-65925514e382",
            "created": "2025-10-21T15:10:28.402Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/detectionstrategies/DET0771#AN1903",
                    "external_id": "AN1903"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2025-10-21T15:10:28.402Z",
            "name": "Analytic 1903",
            "description": "Monitor for device alarms produced when device management passwords are changed, although not all devices will produce such alarms.\nMonitor for device credential changes observable in automation or management network protocols.",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "3.3.0",
            "x_mitre_domains": [
                "ics-attack"
            ],
            "x_mitre_platforms": [
                "None"
            ],
            "x_mitre_log_source_references": [
                {
                    "x_mitre_data_component_ref": "x-mitre-data-component--9d56be63-3501-4dd3-bb5f-63c580833298",
                    "name": "Operational Databases",
                    "channel": "None"
                },
                {
                    "x_mitre_data_component_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
                    "name": "Network Traffic",
                    "channel": "None"
                }
            ],
            "x_mitre_deprecated": false
        }
    ]
}