Automated commit to rebuild the static site

Signed-off-by: Build and Push Automation Script <>
mitre-attack · Feb 29, 2024 · f32da3d · f32da3d
1 parent 34360ca
commit f32da3d
Show file tree

Hide file tree

Showing 11 changed files with 489 additions and 485 deletions.
diff --git a/docs/analytics/CAR-2021-05-010/index.md b/docs/analytics/CAR-2021-05-010/index.md
@@ -47,7 +47,7 @@ Pseudocode implementation of the Splunk search below
 ```
 processes = search Process:Create
 certutil_downloads = filter processes where (
- (exe = C:\Windows\System32\net.exe OR exe = C:\Windows\System32\net1.exe ) AND command_line = * -exportPFX * )
+ (exe = C:\Windows\System32\net.exe OR exe = C:\Windows\System32\net1.exe ) AND (command_line = *localgroup* OR command_line = */add* OR command_line = *user* ))
 output certutil_downloads
 
 ```

diff --git a/docs/analytics/by_technique/index.md b/docs/analytics/by_technique/index.md
diff --git a/docs/car_attack/car_attack.json b/docs/car_attack/car_attack.json
diff --git a/docs/data/analytics.json b/docs/data/analytics.json
diff --git a/docs/sensors/auditd_2.8.md b/docs/sensors/auditd_2.8.md
@@ -23,17 +23,12 @@ auditd is the userspace component to the Linux Auditing System. It's responsible
 | `message` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 | `start` | | | | |✓|✓| | | | |✓| | | | |✓| | | | |✓|✓|✓| | | |✓|
 
-### [file](../data_model/file)
+### [driver](../data_model/driver)
 
-| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `create` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `delete` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `modify` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `write` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
+|---|---|---|---|---|---|---|---|---|---|---|
+| `load` | | | |✓|✓|✓| |✓|✓| | |
+| `unload` | | | | | | | | | | | |
 
 ### [process](../data_model/process)
 
@@ -43,12 +38,17 @@ auditd is the userspace component to the Linux Auditing System. It's responsible
 | `create` | | |✓|✓| |✓| | | |✓| |✓| | | | |✓|✓|✓|✓| | | | | | | | |✓|
 | `terminate` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 
-### [driver](../data_model/driver)
+### [file](../data_model/file)
 
-| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
-|---|---|---|---|---|---|---|---|---|---|---|
-| `load` | | | |✓|✓|✓| |✓|✓| | |
-| `unload` | | | | | | | | | | | |
+| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `create` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `delete` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `modify` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `write` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
 
 
 

diff --git a/docs/sensors/autoruns_13.98.md b/docs/sensors/autoruns_13.98.md
@@ -14,17 +14,14 @@ Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Wi
 
 ## Data Model Coverage
 
-### [file](../data_model/file)
+### [registry](../data_model/registry)
 
-| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `create` | ✓| |✓| |✓|✓|✓| | |✓|✓| |✓| | | | | | | |✓|✓| |✓| | |
-| `delete` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `modify` | ✓| |✓| |✓|✓|✓| | |✓|✓| |✓| | | | | | | |✓|✓| |✓| | |
-| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `timestomp` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `write` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| | `data` | `fqdn` | `hive` | `hostname` | `image_path` | `key` | `new_content` | `pid` | `type` | `user` | `value` |
+|---|---|---|---|---|---|---|---|---|---|---|
+| `add` | ✓|✓|✓|✓| |✓| | |✓| |✓|
+| `key_edit` | ✓|✓|✓|✓| |✓|✓| |✓| |✓|
+| `remove` | | | | | | | | | | | |
+| `value_edit` | ✓|✓|✓|✓| |✓|✓| |✓| |✓|
 
 ### [service](../data_model/service)
 
@@ -36,14 +33,17 @@ Autoruns reports Explorer shell extensions, toolbars, browser helper objects, Wi
 | `start` | | | | | | | | | | |
 | `stop` | | | | | | | | | | |
 
-### [registry](../data_model/registry)
+### [file](../data_model/file)
 
-| | `data` | `fqdn` | `hive` | `hostname` | `image_path` | `key` | `new_content` | `pid` | `type` | `user` | `value` |
-|---|---|---|---|---|---|---|---|---|---|---|
-| `add` | ✓|✓|✓|✓| |✓| | |✓| |✓|
-| `key_edit` | ✓|✓|✓|✓| |✓|✓| |✓| |✓|
-| `remove` | | | | | | | | | | | |
-| `value_edit` | ✓|✓|✓|✓| |✓|✓| |✓| |✓|
+| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `create` | ✓| |✓| |✓|✓|✓| | |✓|✓| |✓| | | | | | | |✓|✓| |✓| | |
+| `delete` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `modify` | ✓| |✓| |✓|✓|✓| | |✓|✓| |✓| | | | | | | |✓|✓| |✓| | |
+| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `timestomp` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `write` | | | | | | | | | | | | | | | | | | | | | | | | | | |
 
 
 

diff --git a/docs/sensors/osquery_4.1.2.md b/docs/sensors/osquery_4.1.2.md
@@ -22,17 +22,12 @@ osquery exposes an operating system as a high-performance relational database. T
 | `message` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 | `start` | | | | |✓|✓| | | | |✓| | | | |✓| | | | |✓|✓|✓| | | |✓|
 
-### [file](../data_model/file)
+### [driver](../data_model/driver)
 
-| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `create` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `delete` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `modify` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
-| `write` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
+|---|---|---|---|---|---|---|---|---|---|---|
+| `load` | | | |✓|✓|✓| |✓|✓| | |
+| `unload` | | | | | | | | | | | |
 
 ### [process](../data_model/process)
 
@@ -42,12 +37,17 @@ osquery exposes an operating system as a high-performance relational database. T
 | `create` | | |✓|✓| |✓| | | |✓| |✓| | | | |✓|✓|✓|✓| | | | | | | | |✓|
 | `terminate` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 
-### [driver](../data_model/driver)
+### [file](../data_model/file)
 
-| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
-|---|---|---|---|---|---|---|---|---|---|---|
-| `load` | | | |✓|✓|✓| |✓|✓| | |
-| `unload` | | | | | | | | | | | |
+| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `create` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `delete` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `modify` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
+| `write` | | |✓| |✓|✓| | | | |✓| |✓| | | | |✓|✓| |✓|✓| | | |✓|
 
 
 

diff --git a/docs/sensors/osquery_4.6.0.md b/docs/sensors/osquery_4.6.0.md
@@ -22,17 +22,12 @@ osquery exposes an operating system as a high-performance relational database. T
 | `message` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 | `start` | | | | |✓|✓| | | | |✓| | | | |✓| | | | |✓|✓|✓| | | |✓|
 
-### [file](../data_model/file)
+### [driver](../data_model/driver)
 
-| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `create` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | |✓|✓|
-| `delete` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | |✓|✓|
-| `modify` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
-| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
-| `write` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
+| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
+|---|---|---|---|---|---|---|---|---|---|---|
+| `load` | | | |✓|✓|✓| |✓|✓| | |
+| `unload` | | | | | | | | | | | |
 
 ### [process](../data_model/process)
 
@@ -42,12 +37,17 @@ osquery exposes an operating system as a high-performance relational database. T
 | `create` | | |✓|✓|✓|✓| | | |✓| |✓| | | | |✓|✓|✓|✓| | | | | | | |✓| |
 | `terminate` | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |
 
-### [driver](../data_model/driver)
+### [file](../data_model/file)
 
-| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
-|---|---|---|---|---|---|---|---|---|---|---|
-| `load` | | | |✓|✓|✓| |✓|✓| | |
-| `unload` | | | | | | | | | | | |
+| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `create` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | |✓|✓|
+| `delete` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | |✓|✓|
+| `modify` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
+| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `timestomp` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
+| `write` | | |✓| |✓|✓| | | | |✓| |✓| |✓| | |✓|✓| |✓|✓| | | |✓|
 
 
 

diff --git a/docs/sensors/sysmon_10.4.md b/docs/sensors/sysmon_10.4.md
@@ -14,26 +14,6 @@ Sysmon is a freely available program from Microsoft that is provided as part of
 
 ## Data Model Coverage
 
-### [flow](../data_model/flow)
-
-| | `application_protocol` | `content` | `dest_fqdn` | `dest_hostname` | `dest_ip` | `dest_port` | `end_time` | `exe` | `fqdn` | `hostname` | `image_path` | `in_bytes` | `network_direction` | `out_bytes` | `packet_count` | `pid` | `ppid` | `proto_info` | `src_fqdn` | `src_hostname` | `src_ip` | `src_port` | `start_time` | `tcp_flags` | `transport_protocol` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `end` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `message` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `start` | | | |✓|✓|✓| | | | |✓| | | | |✓| | | |✓|✓|✓|✓| | | |✓|
-
-### [file](../data_model/file)
-
-| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
-|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
-| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `create` | | |✓| |✓| |✓| | | |✓| | | | | | |✓| | | | | | | | |
-| `delete` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-| `timestomp` | | |✓| |✓| |✓| | | |✓| | | | | | |✓| |✓| | | | | | |
-| `write` | | | | | | | | | | | | | | | | | | | | | | | | | | |
-
 ### [registry](../data_model/registry)
 
 | | `data` | `fqdn` | `hive` | `hostname` | `image_path` | `key` | `new_content` | `pid` | `type` | `user` | `value` |
@@ -43,13 +23,28 @@ Sysmon is a freely available program from Microsoft that is provided as part of
 | `remove` | |✓|✓| |✓|✓| |✓| | |✓|
 | `value_edit` | | | | | | | | | | | |
 
+### [flow](../data_model/flow)
+
+| | `application_protocol` | `content` | `dest_fqdn` | `dest_hostname` | `dest_ip` | `dest_port` | `end_time` | `exe` | `fqdn` | `hostname` | `image_path` | `in_bytes` | `network_direction` | `out_bytes` | `packet_count` | `pid` | `ppid` | `proto_info` | `src_fqdn` | `src_hostname` | `src_ip` | `src_port` | `start_time` | `tcp_flags` | `transport_protocol` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `end` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `message` | | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `start` | | | |✓|✓|✓| | | | |✓| | | | |✓| | | |✓|✓|✓|✓| | | |✓|
+
 ### [module](../data_model/module)
 
 | | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `module_path` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `tid` |
 |---|---|---|---|---|---|---|---|---|---|---|---|---|
 | `load` | |✓| |✓|✓| |✓|✓|✓|✓| |✓| |
 | `unload` | | | | | | | | | | | | | |
 
+### [driver](../data_model/driver)
+
+| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
+|---|---|---|---|---|---|---|---|---|---|---|
+| `load` | |✓| |✓|✓| | |✓|✓| |✓|
+| `unload` | | | | | | | | | | | |
+
 ### [process](../data_model/process)
 
 | | `access_level` | `call_trace` | `command_line` | `current_working_directory` | `env_vars` | `exe` | `fqdn` | `guid` | `hostname` | `image_path` | `integrity_level` | `md5_hash` | `parent_command_line` | `parent_exe` | `parent_guid` | `parent_image_path` | `pid` | `ppid` | `sha1_hash` | `sha256_hash` | `sid` | `signature_valid` | `signer` | `target_address` | `target_guid` | `target_name` | `target_pid` | `uid` | `user` |
@@ -67,12 +62,17 @@ Sysmon is a freely available program from Microsoft that is provided as part of
 | `suspend` | | | | | | | | | | | | | | | |
 | `terminate` | | | | | | | | | | | | | | | |
 
-### [driver](../data_model/driver)
+### [file](../data_model/file)
 
-| | `base_address` | `fqdn` | `hostname` | `image_path` | `md5_hash` | `module_name` | `pid` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` |
-|---|---|---|---|---|---|---|---|---|---|---|
-| `load` | |✓| |✓|✓| | |✓|✓| |✓|
-| `unload` | | | | | | | | | | | |
+| | `company` | `content` | `creation_time` | `extension` | `file_name` | `file_path` | `fqdn` | `gid` | `group` | `hostname` | `image_path` | `link_target` | `md5_hash` | `mime_type` | `mode` | `owner` | `owner_uid` | `pid` | `ppid` | `previous_creation_time` | `sha1_hash` | `sha256_hash` | `signature_valid` | `signer` | `uid` | `user` |
+|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
+| `acl_modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `create` | | |✓| |✓| |✓| | | |✓| | | | | | |✓| | | | | | | | |
+| `delete` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `modify` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `read` | | | | | | | | | | | | | | | | | | | | | | | | | | |
+| `timestomp` | | |✓| |✓| |✓| | | |✓| | | | | | |✓| |✓| | | | | | |
+| `write` | | | | | | | | | | | | | | | | | | | | | | | | | | |