mitre-attack
diff --git a/‎CHANGELOG.md‎
Lines changed: 22 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 22 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎USAGE.md‎
Lines changed: 12 additions & 12 deletions b/‎USAGE.md‎
Lines changed: 12 additions & 12 deletions
@@ -1,5 +1,27 @@
 # Changes to ATT&CK in STIX 2.1
 
+## 28 October 2025 - ATT&CK Spec v3.3.0
+
+Changes to ATT&CK in STIX for the October 2025 ATT&CK Content Release (ATT&CK v18.0)
+
+* Added Analytic objects. For detailed information about the representation of Analytics in ATT&CK/STIX, please see the [ATT&CK Data Model schema documentation](https://mitre-attack.github.io/attack-data-model/docs/reference/schemas/sdo/analytic.schema).
+* Added Detection Strategy objects. For detailed information about the representation of Detection Strategies in ATT&CK/STIX, please see the [ATT&CK Data Model schema documentation](https://mitre-attack.github.io/attack-data-model/docs/reference/schemas/sdo/detection-strategy.schema).
+* Deprecated Data Source objects. These objects will be removed in ATT&CK Spec v4.
+* Modified Data Component objects:
+  * Assigned an ATT&CK ID to each Data Component object.
+  * Added the `x_mitre_log_sources` property. See the [ATT&CK Data Model schema documentation](https://mitre-attack.github.io/attack-data-model/docs/reference/schemas/sdo/data-component.schema#xmitrelogsources) for a description of this new property.
+  * Deprecated the `x_mitre_data_source_ref` property. This property will be removed from the spec entirely in ATT&CK Spec v4.
+* Modified Technique objects:
+  * Deprecated the following properties, which will be removed from the spec entirely in ATT&CK Spec v4.
+    * `x_mitre_detection`
+    * `x_mitre_system_requirements`
+    * `x_mitre_permissions_required`
+    * `x_mitre_effective_permissions`
+    * `x_mitre_data_sources`
+    * `x_mitre_defense_bypassed`
+    * `x_mitre_remote_support`
+* Deprecated the `x_mitre_data_component` `--detects-->` `attack-pattern` relationship object. These will be removed in ATT&CK Spec v4. This has been replaced by the `x_mitre_detection_strategy` `--detects-->` `attack-pattern` relationship object.
+
 ## 22 April 2025
 
 There are no changes to the data model in the April 2025 ATT&CK Content Release (ATT&CK v17.0)
 
@@ -58,7 +58,7 @@ The Usage document includes documentation of the ATT&CK data model as well as co
 
 ## Notice 
 
-Copyright 2020-2024 The MITRE Corporation. Approved for public release. Case number 19-3504.
+Copyright 2020-2025 The MITRE Corporation. Approved for public release. Case number 19-3504.
 
 This project makes use of ATT&CK®
 
 
@@ -89,7 +89,7 @@ You can see a full list of the classes which have versioned imports [here](https
 
 ### taxii2client
 
-At present there is no TAXII 2.1/STIX 2.1 server for the content of this repository. If you wish to access ATT&CK via TAXII you will need to use our TAXII 2.0/STIX 2.0 server instead. Please see our [MITRE/CTI GitHub repository](https://github.com/mitre/cti), and [the accompanying docs for our TAXII 2.0 server](https://github.com/mitre/cti/blob/master/USAGE.md#access-from-the-attck-taxii-server), for information about using that version of the dataset.
+Information on the TAXII 2.1/STIX2.1 server can be found in [the TAXII server repository](https://github.com/mitre-attack/attack-workbench-taxii-server).
 
 ## Access local content
 
@@ -124,7 +124,7 @@ def get_attack_version(domain, version):
     ms.load_from_file(os.path.join(domain, f"{domain}-{version}.json"))
     return ms
 
-src = get_attack_version("enterprise-attack", "6.2")
+src = get_attack_version("enterprise-attack", "18.0")
 ```
 
 ## Access live content
@@ -136,7 +136,7 @@ Some users may instead prefer to access "live" ATT&CK content over the internet.
 
 ### Access from the ATT&CK TAXII server
 
-At present there is no TAXII 2.1/STIX 2.1 server for the content of this repository. If you wish to access ATT&CK via TAXII you will need to use our TAXII 2.0/STIX 2.0 server instead. Please see our [MITRE/CTI GitHub repository](https://github.com/mitre/cti), and [the accompanying docs for our TAXII 2.0 server](https://github.com/mitre/cti/blob/master/USAGE.md#access-from-the-attck-taxii-server), for information about using that version of the dataset.
+Information on the TAXII 2.1/STIX2.1 server can be found in [the TAXII server repository](https://github.com/mitre-attack/attack-workbench-taxii-server).
 
 ### Access the most recent version from GitHub via requests
 
@@ -167,12 +167,12 @@ def get_data_from_version(domain, version):
     stix_json = requests.get(f"https://raw.githubusercontent.com/mitre-attack/attack-stix-data/master/{domain}/{domain}-{version}.json").json()
     return MemoryStore(stix_data=stix_json["objects"])
 
-src = get_data_from_version("enterprise-attack", "6.2")
+src = get_data_from_version("enterprise-attack", "18.0")
 ```
 
 ## Getting a list of versions
 
-The [collection index](/index.json) on this repository contains a full list of versions for each domain of ATT&CK. See our [collections document](https://github.com/center-for-threat-informed-defense/attack-workbench-frontend/blob/master/docs/collections.md#collection-indexes) for more information about the format of collection indexes. You can also find a human-readable version of that file in [index.md](/index.md).
+The [collection index](/index.json) on this repository contains a full list of versions for each domain of ATT&CK. See our [collections document](https://github.com/center-for-threat-informed-defense/attack-workbench-frontend/blob/main/docs/collections.md#collection-indexes) for more information about the format of collection indexes. You can also find a human-readable version of that file in [index.md](/index.md).
 
 The collection index was added in the upgrade to STIX 2.1 and is not available for [the STIX 2.0 dataset](https://github.com/mitre/cti).
 
@@ -743,14 +743,14 @@ def parent_technique_of(thesrc):
     """return subtechnique_id => {technique, relationship} describing the parent technique of the subtechnique"""
     return get_related(thesrc, "attack-pattern", "subtechnique-of", "attack-pattern")[0]
 
-# technique:data-component
-def datacomponent_detects_techniques(thesrc):
-    """return datacomponent_id => {technique, relationship} describing the detections of each data component"""
-    return get_related(thesrc, "x-mitre-data-component", "detects", "attack-pattern")
+# detectionstrategy:technique
+def detectionstrategy_detects_techniques(thesrc):
+    """return detectionstrategy_id => {technique, relationship} describing the detections of each detection strategy"""
+    return get_related(thesrc, "x-mitre-detection-strategy", "detects", "attack-pattern")
 
-def technique_detected_by_datacomponents(thesrc):
-    """return technique_id => {datacomponent, relationship} describing the data components that can detect the technique"""
-    return get_related(thesrc, "x-mitre-data-component", "detects", "attack-pattern", reverse=True)
+def technique_detected_by_detectionstrategies(thesrc):
+    """return technique_id => {detectionstrategy, relationship} describing the detection strategies that can detect the technique"""
+    return get_related(thesrc, "x-mitre-detection-strategy", "detects", "attack-pattern", reverse=True)
 
 # Example usage:
 src = MemoryStore()