GCP Chronicle – Mappings Explorer

All Mappings

Capability ID	Capability Description	Category	Value	ATT&CK ID	ATT&CK Name
chronicle	Chronicle	detect	minimal	T1021.002	SMB/Windows Admin Shares
chronicle	Chronicle	detect	minimal	T1037	Boot or Logon Initialization Scripts
chronicle	Chronicle	detect	minimal	T1053.005	Scheduled Task
chronicle	Chronicle	detect	minimal	T1218.005	Mshta
chronicle	Chronicle	detect	minimal	T1543.001	Launch Agent
chronicle	Chronicle	detect	minimal	T1543.004	Launch Daemon
chronicle	Chronicle	detect	minimal	T1546.001	Change Default File Association
chronicle	Chronicle	detect	minimal	T1547.001	Registry Run Keys / Startup Folder
chronicle	Chronicle	detect	minimal	T1547	Boot or Logon Autostart Execution
chronicle	Chronicle	detect	minimal	T1546	Event Triggered Execution
chronicle	Chronicle	detect	minimal	T1543	Create or Modify System Process
chronicle	Chronicle	detect	minimal	T1548.002	Bypass User Account Control
chronicle	Chronicle	detect	minimal	T1564.001	Hidden Files and Directories
chronicle	Chronicle	detect	minimal	T1564	Hide Artifacts
chronicle	Chronicle	detect	minimal	T1003.003	NTDS
chronicle	Chronicle	detect	minimal	T1078	Valid Accounts
chronicle	Chronicle	detect	minimal	T1134.005	SID-History Injection
chronicle	Chronicle	detect	minimal	T1003	OS Credential Dumping
chronicle	Chronicle	detect	minimal	T1548	Abuse Elevation Control Mechanism
chronicle	Chronicle	detect	minimal	T1584.002	DNS Server
chronicle	Chronicle	detect	minimal	T1562.004	Disable or Modify System Firewall
chronicle	Chronicle	detect	minimal	T1098.001	Additional Cloud Credentials
chronicle	Chronicle	detect	minimal	T1530	Data from Cloud Storage Object
chronicle	Chronicle	detect	minimal	T1070.002	Clear Linux or Mac System Logs
chronicle	Chronicle	detect	minimal	T1136.001	Local Account
chronicle	Chronicle	detect	minimal	T1098	Account Manipulation
chronicle	Chronicle	detect	minimal	T1106	Native API
chronicle	Chronicle	detect	minimal	T1021.004	SSH
chronicle	Chronicle	detect	minimal	T1578	Modify Cloud Compute Infrastructure
chronicle	Chronicle	detect	minimal	T1052.001	Exfiltration over USB
chronicle	Chronicle	detect	minimal	T1112	Modify Registry
chronicle	Chronicle	detect	minimal	T1021	Remote Services
chronicle	Chronicle	detect	minimal	T1052	Exfiltration Over Physical Medium
chronicle	Chronicle	detect	minimal	T1053	Scheduled Task/Job
chronicle	Chronicle	detect	minimal	T1070	Indicator Removal on Host
chronicle	Chronicle	detect	minimal	T1134	Access Token Manipulation
chronicle	Chronicle	detect	minimal	T1218	Signed Binary Proxy Execution
chronicle	Chronicle	detect	minimal	T1584	Compromise Infrastructure
chronicle	Chronicle	detect	minimal	T1056	Input Capture
chronicle	Chronicle	detect	minimal	T1056.003	Web Portal Capture
chronicle	Chronicle	detect	minimal	T1056.004	Credential API Hooking
chronicle	Chronicle	detect	minimal	T1071.001	Web Protocols
chronicle	Chronicle	detect	minimal	T1071	Application Layer Protocol
chronicle	Chronicle	detect	minimal	T1059	Command and Scripting Interpreter
chronicle	Chronicle	detect	minimal	T1218.010	Regsvr32
chronicle	Chronicle	detect	minimal	T1059.003	Windows Command Shell
chronicle	Chronicle	detect	minimal	T1082	System Information Discovery
chronicle	Chronicle	detect	minimal	T1218.003	CMSTP
chronicle	Chronicle	detect	minimal	T1018	Remote System Discovery
chronicle	Chronicle	detect	minimal	T1552	Unsecured Credentials
chronicle	Chronicle	detect	minimal	T1486	Data Encrypted for Impact
chronicle	Chronicle	detect	minimal	T1204	User Execution
chronicle	Chronicle	detect	minimal	T1036.005	Match Legitimate Name or Location
chronicle	Chronicle	detect	minimal	T1027.004	Compile After Delivery
chronicle	Chronicle	detect	minimal	T1127.001	MSBuild
chronicle	Chronicle	detect	minimal	T1127	Trusted Developer Utilities Proxy Execution
chronicle	Chronicle	detect	minimal	T1190	Exploit Public-Facing Application
chronicle	Chronicle	detect	minimal	T1068	Exploitation for Privilege Escalation
chronicle	Chronicle	detect	minimal	T1036	Masquerading
chronicle	Chronicle	detect	minimal	T1055	Process Injection
chronicle	Chronicle	detect	minimal	T1210	Exploitation of Remote Services
chronicle	Chronicle	detect	minimal	T1037.003	Network Logon Script
chronicle	Chronicle	detect	minimal	T1212	Exploitation for Credential Access
chronicle	Chronicle	detect	minimal	T1505.003	Web Shell
chronicle	Chronicle	detect	minimal	T1059.007	JavaScript
chronicle	Chronicle	detect	minimal	T1560	Archive Collected Data
chronicle	Chronicle	detect	minimal	T1203	Exploitation for Client Execution
chronicle	Chronicle	detect	minimal	T1132	Data Encoding
chronicle	Chronicle	detect	minimal	T1132.001	Standard Encoding
chronicle	Chronicle	detect	minimal	T1195.002	Compromise Software Supply Chain
chronicle	Chronicle	detect	minimal	T1195	Supply Chain Compromise
chronicle	Chronicle	detect	minimal	T1072	Software Deployment Tools
chronicle	Chronicle	detect	minimal	T1546.007	Netsh Helper DLL
chronicle	Chronicle	detect	minimal	T1505	Server Software Component
chronicle	Chronicle	detect	minimal	T1574.007	Path Interception by PATH Environment Variable
chronicle	Chronicle	detect	minimal	T1574	Hijack Execution Flow
chronicle	Chronicle	detect	minimal	T1087.004	Cloud Account
chronicle	Chronicle	detect	minimal	T1087	Account Discovery
chronicle	Chronicle	detect	minimal	T1070.004	File Deletion
chronicle	Chronicle	detect	minimal	T1020	Automated Exfiltration
chronicle	Chronicle	detect	minimal	T1041	Exfiltration Over C2 Channel
chronicle	Chronicle	detect	minimal	T1011	Exfiltration Over Other Network Medium
chronicle	Chronicle	detect	minimal	T1027	Obfuscated Files or Information
chronicle	Chronicle	detect	minimal	T1484	Domain Policy Modification
chronicle	Chronicle	detect	minimal	T1136	Create Account
chronicle	Chronicle	detect	minimal	T1543.003	Windows Service
chronicle	Chronicle	detect	minimal	T1070.006	Timestomp
chronicle	Chronicle	detect	minimal	T1003.001	LSASS Memory
chronicle	Chronicle	detect	minimal	T1137.001	Office Template Macros
chronicle	Chronicle	detect	minimal	T1137	Office Application Startup
chronicle	Chronicle	detect	minimal	T1057	Process Discovery
chronicle	Chronicle	detect	minimal	T1016	System Network Configuration Discovery
chronicle	Chronicle	detect	minimal	T1049	System Network Connections Discovery
chronicle	Chronicle	detect	minimal	T1033	System Owner/User Discovery
chronicle	Chronicle	detect	minimal	T1588.002	Tool
chronicle	Chronicle	detect	minimal	T1588	Obtain Capabilities
chronicle	Chronicle	detect	minimal	T1070.001	Clear Windows Event Logs
chronicle	Chronicle	detect	minimal	T1569.002	Service Execution
chronicle	Chronicle	detect	minimal	T1569	System Services
chronicle	Chronicle	detect	minimal	T1546.008	Accessibility Features
chronicle	Chronicle	detect	minimal	T1048	Exfiltration Over Alternative Protocol
chronicle	Chronicle	detect	minimal	T1105	Ingress Tool Transfer
chronicle	Chronicle	detect	minimal	T1495	Firmware Corruption
chronicle	Chronicle	detect	minimal	T1497	Virtualization/Sandbox Evasion
chronicle	Chronicle	detect	minimal	T1202	Indirect Command Execution
chronicle	Chronicle	detect	minimal	T1546.003	Windows Management Instrumentation Event Subscription

Capabilities

Capability ID	Capability Name	Number of Mappings
chronicle	Chronicle	106

GCP Chronicle Capability Group

All Mappings

Capabilities