subtechnique

A subtechnique is a term used in cybersecurity taxonomies to denote a more granular category within a broader technique. In frameworks such as MITRE ATT&CK, a subtechnique describes a specific method that an adversary may use to accomplish the objective defined by its parent technique. Subtechniques refine the taxonomy by capturing discrete procedures, providing more precise descriptions than a single technique alone and enabling finer-grained analysis.

Examples of subtechniques include entries under a parent technique such as Phishing, where subtechniques include spearphishing

Subtechniques support more accurate mapping of observed activity to a technique, improving threat intelligence, incident reporting,

Limitations include increased taxonomy size and complexity, which can complicate governance and maintenance. Organizations must ensure