elastic
diff --git a/‎detection_rules/etc/api_schemas/master/master.base.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.base.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.eql.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.eql.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.esql.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.esql.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.machine_learning.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.machine_learning.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.new_terms.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.new_terms.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.query.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.query.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.threat_match.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.threat_match.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/api_schemas/master/master.threshold.json‎
Lines changed: 7 additions & 5 deletions b/‎detection_rules/etc/api_schemas/master/master.threshold.json‎
Lines changed: 7 additions & 5 deletions
diff --git a/‎detection_rules/etc/attack-technique-redirects.json‎
Lines changed: 1 addition & 1 deletion b/‎detection_rules/etc/attack-technique-redirects.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎detection_rules/etc/attack-v18.0.0.json.gz‎
-7.15 MB b/‎detection_rules/etc/attack-v18.0.0.json.gz‎
-7.15 MB
@@ -188,7 +188,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -296,8 +296,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -310,7 +312,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -331,7 +333,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -345,7 +347,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -261,7 +261,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -369,8 +369,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -383,7 +385,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -404,7 +406,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -418,7 +420,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -255,7 +255,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -363,8 +363,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -377,7 +379,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -398,7 +400,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -412,7 +414,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -249,7 +249,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -357,8 +357,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -371,7 +373,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -392,7 +394,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -406,7 +408,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -294,7 +294,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -402,8 +402,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -416,7 +418,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -437,7 +439,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -451,7 +453,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -259,7 +259,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -367,8 +367,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -381,7 +383,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -402,7 +404,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -416,7 +418,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -259,7 +259,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -367,8 +367,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -381,7 +383,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -402,7 +404,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -416,7 +418,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -245,7 +245,7 @@
     },
     "risk_score": {
       "maximum": 100,
-      "minimum": 1,
+      "minimum": 0,
       "type": "integer"
     },
     "risk_score_mapping": {
@@ -353,8 +353,10 @@
         "properties": {
           "framework": {
             "enum": [
-              "MITRE ATT&CK"
+              "MITRE ATT&CK",
+              "MITRE ATLAS"
             ],
+            "enumNames": [],
             "type": "string"
           },
           "tactic": {
@@ -367,7 +369,7 @@
                 "type": "string"
               },
               "reference": {
-                "pattern": "^https://attack.mitre.org/tactics/TA[0-9]+/$",
+                "pattern": "^(https://attack.mitre.org/tactics/TA[0-9]+/|https://atlas.mitre.org/tactics/AML\\.TA[0-9]+/)$",
                 "type": "string"
               }
             },
@@ -388,7 +390,7 @@
                   "type": "string"
                 },
                 "reference": {
-                  "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/$",
+                  "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+/)$",
                   "type": "string"
                 },
                 "subtechnique": {
@@ -402,7 +404,7 @@
                         "type": "string"
                       },
                       "reference": {
-                        "pattern": "^https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/$",
+                        "pattern": "^(https://attack.mitre.org/techniques/T[0-9]+/[0-9]+/|https://atlas.mitre.org/techniques/AML\\.T[0-9]+\\.[0-9]+/)$",
                         "type": "string"
                       }
                     },
 
@@ -133,5 +133,5 @@
     "T1547.011": "T1647",
     "T1574.002": "T1574.001"
   },
-  "saved_date": "Tue Nov 11 12:54:18 2025"
+  "saved_date": "Mon Dec  8 17:34:00 2025"
 }
Original file line number	Diff line number	Diff line change
`@@ -133,5 +133,5 @@`
`133`	`133`	`"T1547.011": "T1647",`
`134`	`134`	`"T1574.002": "T1574.001"`
`135`	`135`	`},`
`136`		`- "saved_date": "Tue Nov 11 12:54:18 2025"`
	`136`	`+ "saved_date": "Mon Dec 8 17:34:00 2025"`
`137`	`137`	`}`