{"da_to_off":{"head":{"vars":["off_artifact_label","off_artifact_rel_label","off_tech_label","off_tech_id","off_tactic_rel_label","off_tactic_label","off_artifact","off_artifact_rel","off_tech","off_tactic_rel","off_tactic"]},"results":{"bindings":[{"off_artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Remote Service Session Hijacking"},"off_tech_id":{"type":"literal","value":"T1563"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Lateral Movement"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1563"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0008"}},{"off_artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Remote Desktop Protocol"},"off_tech_id":{"type":"literal","value":"T1021.001"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Lateral Movement"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.001"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0008"}},{"off_artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"SSH"},"off_tech_id":{"type":"literal","value":"T1021.004"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Lateral Movement"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1021.004"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0008"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Additional Cloud Credentials"},"off_tech_id":{"type":"literal","value":"T1098.001"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Privilege Escalation"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0004"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Windows Management Instrumentation Event Subscription"},"off_tech_id":{"type":"literal","value":"T1546.003"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Privilege Escalation"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0004"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"may-create"},"off_tech_label":{"type":"literal","value":"Accessibility Features"},"off_tech_id":{"type":"literal","value":"T1546.008"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Privilege Escalation"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#may-create"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0004"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Rogue Domain Controller"},"off_tech_id":{"type":"literal","value":"T1207"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Defense Evasion"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1207"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0005"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"may-create"},"off_tech_label":{"type":"literal","value":"Windows Management Instrumentation"},"off_tech_id":{"type":"literal","value":"T1047"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Execution"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#may-create"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1047"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0002"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Additional Cloud Credentials"},"off_tech_id":{"type":"literal","value":"T1098.001"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Persistence"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1098.001"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0003"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"Windows Management Instrumentation Event Subscription"},"off_tech_id":{"type":"literal","value":"T1546.003"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Persistence"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.003"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0003"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"may-create"},"off_tech_label":{"type":"literal","value":"Accessibility Features"},"off_tech_id":{"type":"literal","value":"T1546.008"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Persistence"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#may-create"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1546.008"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0003"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"produces"},"off_tech_label":{"type":"literal","value":"DCSync"},"off_tech_id":{"type":"literal","value":"T1003.006"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Credential Access"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#produces"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1003.006"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0006"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"may-create"},"off_tech_label":{"type":"literal","value":"Password Spraying"},"off_tech_id":{"type":"literal","value":"T1110.003"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Credential Access"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#may-create"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.003"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0006"}},{"off_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"off_artifact_rel_label":{"type":"literal","value":"may-create"},"off_tech_label":{"type":"literal","value":"Credential Stuffing"},"off_tech_id":{"type":"literal","value":"T1110.004"},"off_tactic_rel_label":{"type":"literal","value":"enables"},"off_tactic_label":{"type":"literal","value":"Credential Access"},"off_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"},"off_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#may-create"},"off_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#T1110.004"},"off_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"off_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#TA0006"}}]}},"da_to_def":{"head":{"vars":["def_tactic_label","def_tactic_rel_label","def_tech_parent_is_toplevel","def_tech_parent_label","def_tech_label","def_artifact_rel_label","def_artifact_label","def_tactic","def_tactic_rel","def_tech","def_artifact_rel","def_artifact"]},"results":{"bindings":[{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Administrative Network Activity Analysis"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Intranet Administrative Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkActivityAnalysis"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#IntranetAdministrativeNetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Client-server Payload Profiling"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Client-serverPayloadProfiling"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Network Traffic Community Deviation"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficCommunityDeviation"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Per Host Download-Upload Ratio Analysis"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#PerHostDownload-UploadRatioAnalysis"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Protocol Metadata Anomaly Detection"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#ProtocolMetadataAnomalyDetection"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Remote Terminal Session Detection"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#RemoteTerminalSessionDetection"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Network Traffic Signature Analysis"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficSignatureAnalysis"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Traffic Analysis"},"def_tech_label":{"type":"literal","value":"Application Protocol Command Analysis"},"def_artifact_rel_label":{"type":"literal","value":"monitors"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#ApplicationProtocolCommandAnalysis"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#monitors"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Detect"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"User Behavior Analysis"},"def_tech_label":{"type":"literal","value":"User Geolocation Logon Pattern Analysis"},"def_artifact_rel_label":{"type":"literal","value":"analyzes"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Detect"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#UserGeolocationLogonPatternAnalysis"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#analyzes"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}},{"def_tactic_label":{"type":"literal","value":"Isolate"},"def_tactic_rel_label":{"type":"literal","value":"enables"},"def_tech_parent_is_toplevel":{"datatype":"http://www.w3.org/2001/XMLSchema#boolean","type":"literal","value":"true"},"def_tech_parent_label":{"type":"literal","value":"Network Isolation"},"def_tech_label":{"type":"literal","value":"Network Traffic Filtering"},"def_artifact_rel_label":{"type":"literal","value":"filters"},"def_artifact_label":{"type":"literal","value":"Network Traffic"},"def_tactic":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#Isolate"},"def_tactic_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#enables"},"def_tech":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTrafficFiltering"},"def_artifact_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#filters"},"def_artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"}}]}},"neighbors":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[{"@id":"d3f:AdministrativeNetworkTraffic","rdfs:label":["Administrative Network Traffic"],"rdfs:subClassOf":[{"@id":"d3f:NetworkTraffic"}]},{"@id":"d3f:DomainName","rdfs:label":["Domain Name"]},{"@id":"d3f:NetworkPacket","rdfs:label":["Network Packet"]},{"@id":"d3f:NetworkTraffic","d3f:contains":[{"@id":"d3f:NetworkPacket"}],"d3f:may-contain":[{"@id":"d3f:DomainName"},{"@id":"d3f:RemoteCommand"}],"d3f:originates-from":[{"@id":"d3f:PhysicalLocation"}],"d3f:outbound":[{"@id":"d3f:may-contain"},{"@id":"d3f:originates-from"},{"@id":"d3f:contains"}],"rdfs:label":["Network Traffic"]},{"@id":"d3f:PhysicalLocation","rdfs:label":["Physical Location"]},{"@id":"d3f:RemoteCommand","rdfs:label":["Remote Command"]}]},"da_to_weak":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[]},"sensors":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[{"@id":"d3f:NetworkProtocolAnalyzer","d3f:monitors":[{"@id":"d3f:NetworkTraffic"}],"d3f:outbound":[{"@id":"d3f:monitors"}],"rdfs:label":["Network Protocol Analyzer"]},{"@id":"d3f:NetworkTraffic","rdfs:label":["Network Traffic"]},{"@id":"d3f:monitors","rdfs:label":["monitors"]}]},"da_to_events":{"head":{"vars":["event","event_parent","event_rel","event_rel_inverse","artifact","artifact_parent","event_label","event_parent_label","event_rel_label","event_rel_inverse_label","artifact_label","artifact_parent_label"]},"results":{"bindings":[{"event":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkEvent"},"event_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#DigitalEvent"},"event_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#has-participant"},"event_rel_inverse":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#participates-in"},"artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"artifact_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"},"event_label":{"type":"literal","value":"Network Event"},"event_parent_label":{"type":"literal","value":"Digital Event"},"event_rel_label":{"type":"literal","value":"has-participant"},"event_rel_inverse_label":{"type":"literal","value":"participates-in"},"artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"artifact_parent_label":{"type":"literal","value":"Network Traffic"}},{"event":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#OTConnectionCommandEvent"},"event_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#OTNetworkManagementCommandEvent"},"event_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#has-participant"},"event_rel_inverse":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#participates-in"},"artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"artifact_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"},"event_label":{"type":"literal","value":"OT Connection Command Event"},"event_parent_label":{"type":"literal","value":"OT Network Management Command Event"},"event_rel_label":{"type":"literal","value":"has-participant"},"event_rel_inverse_label":{"type":"literal","value":"participates-in"},"artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"artifact_parent_label":{"type":"literal","value":"Network Traffic"}},{"event":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#OTRemoteModeCommandEvent"},"event_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#OTModifyDeviceOperatingModeCommandEvent"},"event_rel":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#has-participant"},"event_rel_inverse":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#participates-in"},"artifact":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#AdministrativeNetworkTraffic"},"artifact_parent":{"type":"uri","value":"http://d3fend.mitre.org/ontologies/d3fend.owl#NetworkTraffic"},"event_label":{"type":"literal","value":"OT Remote Mode Command Event"},"event_parent_label":{"type":"literal","value":"OT Modify Device Operating Mode Command Event"},"event_rel_label":{"type":"literal","value":"has-participant"},"event_rel_inverse_label":{"type":"literal","value":"participates-in"},"artifact_label":{"type":"literal","value":"Administrative Network Traffic"},"artifact_parent_label":{"type":"literal","value":"Network Traffic"}}]}},"artifactld":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[{"@id":"d3f:AdministrativeNetworkTraffic","@type":["owl:NamedIndividual","owl:Class"],"d3f:definition":"Administrative network traffic is network traffic related to the remote administration or control of hosts or devices through a standard remote administrative protocol.  Remote shells, terminals, RDP, and VNC are examples of these protocols, which are typically only used by administrators.","rdfs:label":"Administrative Network Traffic","rdfs:seeAlso":{"@id":"http://dbpedia.org/resource/Remote_administration"},"rdfs:subClassOf":{"@id":"d3f:NetworkTraffic"}},{"@id":"d3f:NetworkTraffic"},{"@id":"http://dbpedia.org/resource/Remote_administration"}]},"da_graph":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[{"@id":"d3f:AdministrativeNetworkTraffic","rdfs:hasSubClass":{"@id":"d3f:IntranetAdministrativeNetworkTraffic"},"rdfs:label":"Administrative Network Traffic"},{"@id":"d3f:Artifact","rdfs:hasSubClass":{"@id":"d3f:DigitalArtifact"},"rdfs:label":"Artifact"},{"@id":"d3f:DigitalArtifact","rdfs:hasSubClass":{"@id":"d3f:DigitalInformationBearer"},"rdfs:label":"Digital Artifact"},{"@id":"d3f:DigitalInformationBearer","rdfs:hasSubClass":{"@id":"d3f:NetworkTraffic"},"rdfs:label":"Digital Information Bearer"},{"@id":"d3f:IntranetAdministrativeNetworkTraffic","rdfs:label":"Intranet Administrative Network Traffic"},{"@id":"d3f:IntranetNetworkTraffic","rdfs:hasSubClass":{"@id":"d3f:IntranetAdministrativeNetworkTraffic"},"rdfs:label":"Intranet Network Traffic"},{"@id":"d3f:NetworkTraffic","rdfs:hasSubClass":[{"@id":"d3f:AdministrativeNetworkTraffic"},{"@id":"d3f:IntranetNetworkTraffic"}],"rdfs:label":"Network Traffic"}]},"description":{"@context":{"rdfs":"http://www.w3.org/2000/01/rdf-schema#","owl":"http://www.w3.org/2002/07/owl#","d3f":"http://d3fend.mitre.org/ontologies/d3fend.owl#","skos":"http://www.w3.org/2004/02/skos/core#"},"@graph":[{"@id":"d3f:AdministrativeNetworkTraffic","@type":["owl:NamedIndividual","owl:Class"],"d3f:definition":"Administrative network traffic is network traffic related to the remote administration or control of hosts or devices through a standard remote administrative protocol.  Remote shells, terminals, RDP, and VNC are examples of these protocols, which are typically only used by administrators.","rdfs:label":"Administrative Network Traffic","rdfs:seeAlso":{"@id":"http://dbpedia.org/resource/Remote_administration"},"rdfs:subClassOf":{"@id":"d3f:NetworkTraffic"}},{"@id":"d3f:NetworkTraffic"},{"@id":"http://dbpedia.org/resource/Remote_administration"}]}}