@mitre-attack/attack-data-model
Version:
A TypeScript API for the MITRE ATT&CK data model
864 lines (862 loc) • 69.9 kB
TypeScript
import { z } from 'zod/v4';
import { MarkingDefinition } from '../smo/marking-definition.schema.js';
import { Relationship } from '../sro/relationship.schema.js';
import { Analytic } from './analytic.schema.js';
import { Asset } from './asset.schema.js';
import { Campaign } from './campaign.schema.js';
import { Collection } from './collection.schema.js';
import { DataComponent } from './data-component.schema.js';
import { DataSource } from './data-source.schema.js';
import { DetectionStrategy } from './detection-strategy.schema.js';
import { Group } from './group.schema.js';
import { Identity } from './identity.schema.js';
import { Malware } from './malware.schema.js';
import { Matrix } from './matrix.schema.js';
import { Mitigation } from './mitigation.schema.js';
import { Tactic } from './tactic.schema.js';
import { Technique } from './technique.schema.js';
import { Tool } from './tool.schema.js';
import '../common/property-schemas/stix-id.js';
import '../common/property-schemas/stix-type.js';
type AttackObject = Malware | Asset | Campaign | Collection | DataComponent | DataSource | Identity | Matrix | Tool | Tactic | Technique | Group | Mitigation | DetectionStrategy | Analytic | Relationship | MarkingDefinition;
declare const attackObjectsSchema: z.ZodTypeAny;
type AttackObjects = z.infer<typeof attackObjectsSchema>;
declare const stixBundleSchema: z.ZodObject<{
id: z.ZodString & z.ZodType<`bundle--${string}`, string, z.core.$ZodTypeInternals<`bundle--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
objects: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
external_references: z.ZodOptional<z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-collection--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-collection--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
created_by_ref: z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>;
object_marking_refs: z.ZodArray<z.ZodString>;
description: z.ZodString;
x_mitre_contents: z.ZodArray<z.ZodObject<{
object_ref: z.ZodString;
object_modified: z.ZodISODateTime;
}, z.core.$strip>>;
x_mitre_modified_by_ref: z.ZodOptional<z.ZodLiteral<`identity--${string}`>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-analytic--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-analytic--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodString;
x_mitre_platforms: z.ZodArray<z.ZodEnum<{
"Field Controller/RTU/PLC/IED": "Field Controller/RTU/PLC/IED";
"Network Devices": "Network Devices";
"Data Historian": "Data Historian";
"Google Workspace": "Google Workspace";
"Office Suite": "Office Suite";
ESXi: "ESXi";
"Identity Provider": "Identity Provider";
Containers: "Containers";
"Azure AD": "Azure AD";
"Engineering Workstation": "Engineering Workstation";
"Control Server": "Control Server";
"Human-Machine Interface": "Human-Machine Interface";
Windows: "Windows";
Linux: "Linux";
IaaS: "IaaS";
None: "None";
iOS: "iOS";
PRE: "PRE";
SaaS: "SaaS";
"Input/Output Server": "Input/Output Server";
macOS: "macOS";
Android: "Android";
"Safety Instrumented System/Protection Relay": "Safety Instrumented System/Protection Relay";
Embedded: "Embedded";
}>>;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_log_source_references: z.ZodOptional<z.ZodArray<z.ZodObject<{
x_mitre_data_component_ref: z.ZodString & z.ZodType<`x-mitre-data-component--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-data-component--${string}`, string>>;
name: z.ZodString;
channel: z.ZodString;
}, z.core.$strip>>>;
x_mitre_mutable_elements: z.ZodOptional<z.ZodArray<z.ZodObject<{
field: z.ZodString;
description: z.ZodString;
}, z.core.$strip>>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_modified_by_ref: z.ZodOptional<z.ZodLiteral<`identity--${string}`>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-asset--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-asset--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodOptional<z.ZodString>;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_platforms: z.ZodOptional<z.ZodArray<z.ZodEnum<{
"Field Controller/RTU/PLC/IED": "Field Controller/RTU/PLC/IED";
"Network Devices": "Network Devices";
"Data Historian": "Data Historian";
"Google Workspace": "Google Workspace";
"Office Suite": "Office Suite";
ESXi: "ESXi";
"Identity Provider": "Identity Provider";
Containers: "Containers";
"Azure AD": "Azure AD";
"Engineering Workstation": "Engineering Workstation";
"Control Server": "Control Server";
"Human-Machine Interface": "Human-Machine Interface";
Windows: "Windows";
Linux: "Linux";
IaaS: "IaaS";
None: "None";
iOS: "iOS";
PRE: "PRE";
SaaS: "SaaS";
"Input/Output Server": "Input/Output Server";
macOS: "macOS";
Android: "Android";
"Safety Instrumented System/Protection Relay": "Safety Instrumented System/Protection Relay";
Embedded: "Embedded";
}>>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_contributors: z.ZodOptional<z.ZodArray<z.ZodString>>;
x_mitre_sectors: z.ZodOptional<z.ZodArray<z.ZodEnum<{
Electric: "Electric";
"Water and Wastewater": "Water and Wastewater";
Manufacturing: "Manufacturing";
Rail: "Rail";
Maritime: "Maritime";
General: "General";
}>>>;
x_mitre_related_assets: z.ZodOptional<z.ZodArray<z.ZodObject<{
name: z.ZodString;
related_asset_sectors: z.ZodOptional<z.ZodArray<z.ZodEnum<{
Electric: "Electric";
"Water and Wastewater": "Water and Wastewater";
Manufacturing: "Manufacturing";
Rail: "Rail";
Maritime: "Maritime";
General: "General";
}>>>;
description: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>>;
x_mitre_modified_by_ref: z.ZodOptional<z.ZodLiteral<`identity--${string}`>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodNonOptional<z.ZodOptional<z.ZodBoolean>>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`campaign--${string}`, string, z.core.$ZodTypeInternals<`campaign--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodString;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
x_mitre_contributors: z.ZodOptional<z.ZodArray<z.ZodString>>;
aliases: z.ZodArray<z.ZodString>;
first_seen: z.ZodISODateTime;
last_seen: z.ZodISODateTime;
x_mitre_first_seen_citation: z.ZodCustom<string, string>;
x_mitre_last_seen_citation: z.ZodCustom<string, string>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
external_references: z.ZodOptional<z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-data-component--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-data-component--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodString;
created_by_ref: z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>;
object_marking_refs: z.ZodArray<z.ZodString>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
x_mitre_data_source_ref: z.ZodOptional<z.ZodString & z.ZodType<`x-mitre-data-source--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-data-source--${string}`, string>>>;
x_mitre_log_sources: z.ZodOptional<z.ZodArray<z.ZodObject<{
name: z.ZodString;
channel: z.ZodString;
}, z.core.$strict>>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-data-source--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-data-source--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodString;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_platforms: z.ZodOptional<z.ZodArray<z.ZodEnum<{
"Field Controller/RTU/PLC/IED": "Field Controller/RTU/PLC/IED";
"Network Devices": "Network Devices";
"Data Historian": "Data Historian";
"Google Workspace": "Google Workspace";
"Office Suite": "Office Suite";
ESXi: "ESXi";
"Identity Provider": "Identity Provider";
Containers: "Containers";
"Azure AD": "Azure AD";
"Engineering Workstation": "Engineering Workstation";
"Control Server": "Control Server";
"Human-Machine Interface": "Human-Machine Interface";
Windows: "Windows";
Linux: "Linux";
IaaS: "IaaS";
None: "None";
iOS: "iOS";
PRE: "PRE";
SaaS: "SaaS";
"Input/Output Server": "Input/Output Server";
macOS: "macOS";
Android: "Android";
"Safety Instrumented System/Protection Relay": "Safety Instrumented System/Protection Relay";
Embedded: "Embedded";
}>>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
x_mitre_contributors: z.ZodOptional<z.ZodArray<z.ZodString>>;
x_mitre_collection_layers: z.ZodArray<z.ZodEnum<{
"Cloud Control Plane": "Cloud Control Plane";
Host: "Host";
Report: "Report";
Container: "Container";
Device: "Device";
OSINT: "OSINT";
Network: "Network";
}>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-detection-strategy--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-detection-strategy--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
x_mitre_contributors: z.ZodArray<z.ZodString>;
x_mitre_analytic_refs: z.ZodArray<z.ZodString & z.ZodType<`x-mitre-analytic--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-analytic--${string}`, string>>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodOptional<z.ZodArray<z.ZodString>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`intrusion-set--${string}`, string, z.core.$ZodTypeInternals<`intrusion-set--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodOptional<z.ZodString>;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_contributors: z.ZodOptional<z.ZodArray<z.ZodString>>;
x_mitre_modified_by_ref: z.ZodOptional<z.ZodLiteral<`identity--${string}`>>;
aliases: z.ZodOptional<z.ZodArray<z.ZodString>>;
first_seen: z.ZodOptional<z.ZodISODateTime>;
last_seen: z.ZodOptional<z.ZodISODateTime>;
goals: z.ZodOptional<z.ZodArray<z.ZodString>>;
resource_level: z.ZodOptional<z.ZodEnum<{
individual: "individual";
organization: "organization";
club: "club";
contest: "contest";
team: "team";
government: "government";
}>>;
primary_motivation: z.ZodOptional<z.ZodEnum<{
accidental: "accidental";
coercion: "coercion";
dominance: "dominance";
ideology: "ideology";
notoriety: "notoriety";
"organizational-gain": "organizational-gain";
"personal-gain": "personal-gain";
"personal-satisfaction": "personal-satisfaction";
revenge: "revenge";
unpredictable: "unpredictable";
}>>;
secondary_motivations: z.ZodOptional<z.ZodArray<z.ZodEnum<{
accidental: "accidental";
coercion: "coercion";
dominance: "dominance";
ideology: "ideology";
notoriety: "notoriety";
"organizational-gain": "organizational-gain";
"personal-gain": "personal-gain";
"personal-satisfaction": "personal-satisfaction";
revenge: "revenge";
unpredictable: "unpredictable";
}>>>;
}, z.core.$strict>, z.ZodObject<{
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
id: z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>;
description: z.ZodOptional<z.ZodString>;
lang: z.ZodOptional<z.ZodString>;
spec_version: z.ZodLiteral<"2.1">;
created_by_ref: z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>;
name: z.ZodString;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
revoked: z.ZodOptional<z.ZodBoolean>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
external_references: z.ZodOptional<z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>>;
object_marking_refs: z.ZodArray<z.ZodString>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
identity_class: z.ZodEnum<{
group: "group";
individual: "individual";
system: "system";
organization: "organization";
class: "class";
unspecified: "unspecified";
}>;
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
sectors: z.ZodOptional<z.ZodArray<z.ZodEnum<{
government: "government";
agriculture: "agriculture";
aerospace: "aerospace";
automotive: "automotive";
chemical: "chemical";
commercial: "commercial";
communications: "communications";
construction: "construction";
defense: "defense";
education: "education";
energy: "energy";
entertainment: "entertainment";
"financial-services": "financial-services";
"government-emergency-services": "government-emergency-services";
"government-local": "government-local";
"government-national": "government-national";
"government-public-services": "government-public-services";
"government-regional": "government-regional";
healthcare: "healthcare";
"hospitality-leisure": "hospitality-leisure";
infrastructure: "infrastructure";
"infrastructure-dams": "infrastructure-dams";
"infrastructure-nuclear": "infrastructure-nuclear";
"infrastructure-water": "infrastructure-water";
insurance: "insurance";
manufacturing: "manufacturing";
mining: "mining";
"non-profit": "non-profit";
pharmaceuticals: "pharmaceuticals";
retail: "retail";
technology: "technology";
telecommunications: "telecommunications";
transportation: "transportation";
utilities: "utilities";
}>>>;
contact_information: z.ZodOptional<z.ZodString>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
object_marking_refs: z.ZodOptional<z.ZodArray<z.ZodString>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`malware--${string}`, string, z.core.$ZodTypeInternals<`malware--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
created_by_ref: z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>;
description: z.ZodString;
x_mitre_platforms: z.ZodOptional<z.ZodArray<z.ZodEnum<{
"Field Controller/RTU/PLC/IED": "Field Controller/RTU/PLC/IED";
"Network Devices": "Network Devices";
"Data Historian": "Data Historian";
"Google Workspace": "Google Workspace";
"Office Suite": "Office Suite";
ESXi: "ESXi";
"Identity Provider": "Identity Provider";
Containers: "Containers";
"Azure AD": "Azure AD";
"Engineering Workstation": "Engineering Workstation";
"Control Server": "Control Server";
"Human-Machine Interface": "Human-Machine Interface";
Windows: "Windows";
Linux: "Linux";
IaaS: "IaaS";
None: "None";
iOS: "iOS";
PRE: "PRE";
SaaS: "SaaS";
"Input/Output Server": "Input/Output Server";
macOS: "macOS";
Android: "Android";
"Safety Instrumented System/Protection Relay": "Safety Instrumented System/Protection Relay";
Embedded: "Embedded";
}>>>;
x_mitre_contributors: z.ZodOptional<z.ZodArray<z.ZodString>>;
x_mitre_aliases: z.ZodOptional<z.ZodArray<z.ZodString>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
aliases: z.ZodOptional<z.ZodArray<z.ZodString>>;
is_family: z.ZodBoolean;
malware_types: z.ZodOptional<z.ZodArray<z.ZodEnum<{
unknown: "unknown";
adware: "adware";
backdoor: "backdoor";
bot: "bot";
bootkit: "bootkit";
ddos: "ddos";
downloader: "downloader";
dropper: "dropper";
"exploit-kit": "exploit-kit";
keylogger: "keylogger";
ransomware: "ransomware";
"remote-access-trojan": "remote-access-trojan";
"resource-exploitation": "resource-exploitation";
"rogue-security-software": "rogue-security-software";
rootkit: "rootkit";
"screen-capture": "screen-capture";
spyware: "spyware";
trojan: "trojan";
virus: "virus";
webshell: "webshell";
wiper: "wiper";
worm: "worm";
}>>>;
kill_chain_phases: z.ZodOptional<z.ZodArray<z.ZodObject<{
phase_name: z.ZodString;
kill_chain_name: z.ZodEnum<{
"mitre-attack": "mitre-attack";
"mitre-mobile-attack": "mitre-mobile-attack";
"mitre-ics-attack": "mitre-ics-attack";
}>;
}, z.core.$strict>>>;
first_seen: z.ZodOptional<z.ZodISODateTime>;
last_seen: z.ZodOptional<z.ZodISODateTime>;
external_references: z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
architecture_execution_envs: z.ZodOptional<z.ZodArray<z.ZodEnum<{
alpha: "alpha";
arm: "arm";
"ia-64": "ia-64";
mips: "mips";
powerpc: "powerpc";
sparc: "sparc";
x86: "x86";
"x86-64": "x86-64";
}>>>;
implementation_languages: z.ZodOptional<z.ZodArray<z.ZodEnum<{
"x86-64": "x86-64";
applescript: "applescript";
bash: "bash";
c: "c";
"c++": "c++";
"c#": "c#";
go: "go";
java: "java";
javascript: "javascript";
lua: "lua";
"objective-c": "objective-c";
perl: "perl";
php: "php";
powershell: "powershell";
python: "python";
ruby: "ruby";
scala: "scala";
swift: "swift";
typescript: "typescript";
"visual-basic": "visual-basic";
"x86-32": "x86-32";
}>>>;
capabilities: z.ZodOptional<z.ZodArray<z.ZodEnum<{
"accesses-remote-machines": "accesses-remote-machines";
"anti-debugging": "anti-debugging";
"anti-disassembly": "anti-disassembly";
"anti-emulation": "anti-emulation";
"anti-memory-forensics": "anti-memory-forensics";
"anti-sandbox": "anti-sandbox";
"anti-vm": "anti-vm";
"captures-input-peripherals": "captures-input-peripherals";
"captures-output-peripherals": "captures-output-peripherals";
"captures-system-state-data": "captures-system-state-data";
"cleans-traces-of-infection": "cleans-traces-of-infection";
"commits-fraud": "commits-fraud";
"communicates-with-c2": "communicates-with-c2";
"compromises-data-integrity": "compromises-data-integrity";
"compromises-data-availability": "compromises-data-availability";
"compromises-system-availability": "compromises-system-availability";
"controls-local-machine": "controls-local-machine";
"degrades-security-software": "degrades-security-software";
"degrades-system-updates": "degrades-system-updates";
"determines-c2-server": "determines-c2-server";
"emails-spam": "emails-spam";
"escalates-privileges": "escalates-privileges";
"evades-av": "evades-av";
"exfiltrates-data": "exfiltrates-data";
"fingerprints-host": "fingerprints-host";
"hides-artifacts": "hides-artifacts";
"hides-executing-code": "hides-executing-code";
"infects-files": "infects-files";
"infects-remote-machines": "infects-remote-machines";
"installs-other-components": "installs-other-components";
"persists-after-system-reboot": "persists-after-system-reboot";
"prevents-artifact-access": "prevents-artifact-access";
"prevents-artifact-deletion": "prevents-artifact-deletion";
"probes-network-environment": "probes-network-environment";
"self-modifies": "self-modifies";
"steals-authentication-credentials": "steals-authentication-credentials";
"violates-system-operational-integrity": "violates-system-operational-integrity";
}>>>;
sample_refs: z.ZodOptional<z.ZodArray<z.ZodUnion<readonly [z.ZodString & z.ZodType<`artifact--${string}`, string, z.core.$ZodTypeInternals<`artifact--${string}`, string>>, z.ZodString & z.ZodType<`file--${string}`, string, z.core.$ZodTypeInternals<`file--${string}`, string>>]>>>;
operating_system_refs: z.ZodOptional<z.ZodArray<z.ZodUnion<[z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">, ...z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">[]]>>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
created_by_ref: z.ZodNonOptional<z.ZodOptional<z.ZodString & z.ZodType<`identity--${string}`, string, z.core.$ZodTypeInternals<`identity--${string}`, string>>>>;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;
external_references: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodObject<{
source_name: z.ZodString;
description: z.ZodOptional<z.ZodString>;
url: z.ZodOptional<z.ZodURL>;
external_id: z.ZodOptional<z.ZodString>;
}, z.core.$strip>>>>;
object_marking_refs: z.ZodNonOptional<z.ZodOptional<z.ZodArray<z.ZodString>>>;
granular_markings: z.ZodOptional<z.ZodArray<z.ZodObject<{
lang: z.ZodOptional<z.ZodString>;
marking_ref: z.ZodOptional<z.ZodString>;
selectors: z.ZodArray<z.ZodString>;
}, z.core.$strip>>>;
extensions: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodObject<{
extension_type: z.ZodEnum<{
"new-sdo": "new-sdo";
"new-sco": "new-sco";
"new-sro": "new-sro";
"property-extension": "property-extension";
"toplevel-property-extension": "toplevel-property-extension";
}>;
}, z.core.$catchall<z.ZodUnknown>>, z.ZodRecord<z.ZodString, z.ZodUnknown>]>>>;
name: z.ZodString;
x_mitre_attack_spec_version: z.ZodString;
x_mitre_version: z.ZodString;
x_mitre_old_attack_id: z.ZodOptional<z.ZodString & z.ZodType<`MOB-M${number}` | `MOB-S${number}`, string, z.core.$ZodTypeInternals<`MOB-M${number}` | `MOB-S${number}`, string>>>;
x_mitre_deprecated: z.ZodOptional<z.ZodBoolean>;
id: z.ZodString & z.ZodType<`x-mitre-matrix--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-matrix--${string}`, string>>;
type: z.ZodLiteral<"file" | "attack-pattern" | "bundle" | "campaign" | "course-of-action" | "extension-definition" | "identity" | "intrusion-set" | "malware" | "tool" | "marking-definition" | "x-mitre-analytic" | "x-mitre-data-component" | "x-mitre-detection-strategy" | "x-mitre-tactic" | "x-mitre-asset" | "x-mitre-data-source" | "x-mitre-matrix" | "x-mitre-collection" | "relationship" | "artifact">;
description: z.ZodString;
x_mitre_domains: z.ZodArray<z.ZodEnum<{
"enterprise-attack": "enterprise-attack";
"mobile-attack": "mobile-attack";
"ics-attack": "ics-attack";
}>>;
x_mitre_modified_by_ref: z.ZodLiteral<`identity--${string}`>;
tactic_refs: z.ZodArray<z.ZodString & z.ZodType<`x-mitre-tactic--${string}`, string, z.core.$ZodTypeInternals<`x-mitre-tactic--${string}`, string>>>;
}, z.core.$strict>, z.ZodObject<{
spec_version: z.ZodLiteral<"2.1">;
created: z.ZodISODateTime;
modified: z.ZodISODateTime;
labels: z.ZodOptional<z.ZodArray<z.ZodString>>;
revoked: z.ZodOptional<z.ZodBoolean>;
confidence: z.ZodOptional<z.ZodOptional<z.ZodNumber>>;
lang: z.ZodOptional<z.ZodString>;