cti-ATT-CK-v13.1/ics-attack/relationship/relationship--0d540b53-6a5d-4f56-9dee-47707443b149.json

{
    "type": "bundle",
    "id": "bundle--3e1707d1-792b-4529-92ba-64dbdecdf633",
    "spec_version": "2.0",
    "objects": [
        {
            "type": "relationship",
            "id": "relationship--0d540b53-6a5d-4f56-9dee-47707443b149",
            "created": "2022-05-11T16:22:58.806Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "modified": "2022-09-30T16:00:14.208Z",
            "description": "Monitor ICS automation network protocols for functions related to reading an operational process state (e.g., \u201cRead\u201d function codes in protocols like DNP3 or Modbus). In some cases, there may be multiple ways to monitor an operational process\u2019 state, one of which is typically used in the operational environment. Monitor for the operating mode being checked in unexpected ways.",
            "relationship_type": "detects",
            "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
            "target_ref": "attack-pattern--2d0d40ad-22fa-4cc8-b264-072557e1364b",
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}