CHANGELOG.md

v2.3.2 - 17 January 2020

Improvements

• Updated trademark to registered trademark and updated copyright date to 2020. See issue #125.
• Updated help page to be more legible by increasing page margins.

v2.3.1 - 29 October 2019

Fixes

• Fixes a bug where default_layers specified in config.json would not load. See pull request #109.

v2.3 - 24 October 2019

New Features

Minor

• Technique comments will now be included with excel exports as cell notes. Note: you may have to re-install your node modules for this functionality to be present. See issue #55.
• Minor matrix layout improvements. See issue #106.
• Added support for cloud platforms. See issue #101. Also see Layer File Format Changes, below.
• In layer-layer operations, score expressions are now calculated on an element-by-element basis. This allows the use of normal math operators (e.g a * b) instead of the elementwise operators (e.g a .* b) as were previously required. It also enables the use of ternary operations such as a > b ? a : 0. See issue #81.
• Added the ability to specify multiple default layers in the layerURL query param. See issue #75.

Fixes

• Multiselect interface should now correctly sort software and groups which start with lowercase letters. See issue #99.
• Layer loading should now provide more accurate descriptions when errors are encountered. See issue #103.
• Updated packages to fix vulnerabilities.

Layer File Format Changes

Layer file format updated to version 2.2. Older versions can still be loaded in the Navigator, and this update is fully backwards compatible with Version 2.1. See layers/LAYERFORMATv2_2md for the full v2.2 specification.

• Added the following cloud platforms to the set of acceptable enterprise platforms: "AWS", "GCP", "Azure", "Azure AD", "Office 365", "SaaS".
• Updated Enterprise and Mobile platforms to match their format as seen elsewhere in ATT&CK. This change is fully backwards compatible, and if the old format is detected it will automatically be updated to the new format.
  • "android" becomes "Android"
  • "ios" becomes "iOS"
  • "windows" becomes "Windows"
  • "linux" becomes "Linux"
  • "mac" becomes "macOS"

v2.2.1 - 5 June 2019

Fixes

• Updated Angular from 7.0.4 to 8.0.0.
• Updated other packages to fix vulnerabilities.
• Removed node-sass rebuild in dockerfile.
• Fixed improperly formatted domains in the April 2019 update layers which were causing issues when exporting those layers to excel.
• Updated readme to better highlight documentation for using the Navigator offline. See issue #82.

v2.2 - 11 December 2018

New Features

Major

• Added the ability to associate user defined metadata to layers and techniques inside of a layer. Metadata can be useful for supporting other applications that use the layer format, or for attaching additional descriptive fields to the layer. The UI supports editing metadata on the layer itself, but not on techniques. Metadata on techniques is shown in tooltips. See Layer File Format Changes, below, for more detail on the metadata format. Also see issue #52.
• Removed assets/tacticsData.json. The Navigator now populates its tactics data from x-mitre-matrix and x-mitre-tactic objects in the bundled data. The field tactics_url was removed from assets/config.json -- see Changes to config.json Format, below. See issue #63.

Minor

• Multiple layers can now be loaded on initialization. A change to the config.json file format allows the user to specify a list of default layers. Default layers can be loaded from the assets directory or from the web. see Changes to config.json Format, below. Also see issue #67.
• The color of the underline denoting comments can now be configured in the config.json file. Setting the color to "transparent" will remove comment underlines altogether. See *Changes to config.json Format`, below. Also see issue #53.

Fixes

• Updated links in the documentation to match the new ATT&CK website. See issue #62.
• Updated Angular to version 7.0.6. This fixes some installation issues with OSX. We also updated several other packages. Please note that our new version of Angular requires a newer nodejs version, so try updating your node installation if errors occur after updating the Navigator. See issues #61, #70.
• Merged a pull request which fixed a bug where default layers would have placeholder layer titles. See #54.
• Negative scores can now be entered in the UI. See #72.

Changes to config.json Format

Default Layer

default_layer has been renamed to default_layers. The string property location has been replaced with the string[] property urls. The strings in urls should be the paths to the default layers you wish to load -- now multiple default layers can be loaded. You can also now load default layers from the assets folder and from the web simultaneously, although the order of the tabs is not guaranteed (since layer loading over HTTP is asynchronous).

To update previous default layers configuration to the new format, see the following example:

"default_layer": {
    "enabled": true,
    "location": "assets/example.json"
}

Becomes:

"default_layers": {
    "enabled": true,
    "urls": [
        "assets/example.json"
    ]
}

Comment Color

The comment_color field has been added, which specifies the color for comment underlines.

Removal of assets/tacticsData.json and tactics_url

assets/tacticsData.json was removed, and the config.json field tactics_url along with it. tacticsData.json was previously used to specify the pre-attack, mitre-enterprise and mitre-mobile tactics.

This is now done using the x-mitre-matrix and x-mitre-tactic objects in the bundled data retrieved from the taxii server or from our static cti github. x-mitre-matrix specifies the order of tactics and x-mitre-tactic specifies the actual tactic data.

If you are using your own dataset with the Navigator an update to your source data will be required. The ATT&CK Navigator uses bundled data, where objects with types attack-pattern, intrusion-set, malware, tool, relationship, x-mitre-tactic, and x-mitre-matrix are all stored in a single array. This array is now required to contain x-mitre-tactic and x-mitre-matrix objects, which were not previously used.

The data retrieved from enterprise_attack_url, pre_attack_url, and mobile_data_url follow the proper bundle format. Please use them as a guide for how to format your own datasets.

Also, please note that multiple matrices are only supported for mitre-mobile, which expects matrices with the names Device Access and Network-Based Effects so that we can order the tactics in the UI properly.

Layer File Format Changes

Layer file format updated to version 2.1. This update is fully backwards compatible with layer format v2.0 since all the added fields are optional. See layers/LAYERFORMATv2_1.md for the full v2.1 specification.

This update constitutes the addition of metadata fields to the layer and technique objects. Metadata can be used to support other applications using the layer format, or to add additional descriptive fields to layers or techniques. Metadata is formatted as an array, and each piece of metadata in the array must conform to the schema {"name": string, "value": string}.

v2.1 - 31 July 2018

New Features

Major

• Added export to MS Excel feature. Saves the current layer to MS excel (xlsx) format. See issue #52.

Minor

• In the export to SVG interface you can now hide the technique count in the tactic column headers. See issue #47.
• Updated the README to explain how to use local files to populate the Navigator. See issue #51.

Fixes

• Fixed constant score expressions (e.g 10, 5+5) featuring no variables being ignored in the create layers from other layers interface. Now if a constant score expression is present it assigns uniformly to all techniques. See issue #49.
• Fixed a bug when uploading layers with no tactic field on techniques. When said field was absent, techniques with enabled=false were not initially hidden when hideDisabled=true. See issue #50.

v2.0 - 14 May 2018

New Features

Major

• Added TAXII client to pull ATT&CK content from a TAXII server. By default, the Navigator now loads content from the MITRE CTI TAXII server hosted at https://cti-taxii.mitre.org. See issue #4.
• Added a new interface to render layers to a downloadable SVG image. See issue #2.
• Added the ability to load a default layer when the Navigator initializes. See issues #14, #26.
  • A local default layer can be specified in src/assets/config.json.
  • The URL to a default layer hosted on the web can be specified in the new create customized Navigator interface, and when the navigator loads it will fetch that layer. See issues #7, #20.

Minor

• Added configurable background color to tactics row. See issue #32.
• Added customizable legend to describe the meanings of the colors of annotated techniques. See issues #24, #28, #31, #33.
• Added the ability to disable navigator features, either by editing the src/assets/config.json or using the new create customized Navigator interface. See issues #21, #41.
• Added the ability to specify new items in the technique context menu by editing src/assets/config.json. These new items can be used to hyperlink to a specified URL, with parameters for the technique ID or tactic. See issue #9.
• Added a button to remove all annotations on the currently selected techniques. See issue #12.
• Added a new "super compact" view option, which removes all technique text in order to fit as much content on the screen as possible. See issue #11.

Improvements

• Depreciated and revoked objects in the STIX content are no longer displayed in the Navigator. See issue #30.
• Uploading a layer with of a different version number than expected warns the user that some annotations or configurations may not be restored. See issue #27.
• A dockerfile was added to the repo, and documentation on using the Navigator with Docker was added to the readme. See issue #15.
• CTRL (windows) and CMD (mac) can now be used to select multiple techniques in addition to shift (both platforms). See issue #18.
• Gradient colors are now fully customizable, using a color picker instead of a dropdown menu.

Fixes

• Tooltips resize to fit long comments. If the comment exceeds a certain length the overflow is cut and denoted by ellipses (...). See issue #23.
• Tooltips, dropdown menus and context menus now align themselves automatically to avoid going off the edge of the page.
• Tab performance is now more independent of the number and content of other tabs.
• Uploaded layer files now typecheck their fields to make sure everything is formatted properly. Fields which do not meet the layer format specification are set to their default value.

Layer File Format Changes

Layer file format updated to version 2.0. Older layer versions can still be loaded by the Navigator, however some fields may no longer be supported. See layers/LAYERFORMATv2.md for the full v2.0 specification.

• Replaced the viewFullTable field (boolean) with the viewMode field (number) in order to support the "super compact" view option. See issue #11.
  • If viewFullTable is present in a layer file uploaded to the v2.0 Navigator it will be ignored.
  • To upgrade a layer without losing the view mode, see the following mappings:
    • viewFullTable: true becomes viewMode: 0.
    • viewFullTable: false becomes viewMode: 1.
• Added legendItems field, an array of legendItem objects (also specified in document). This field can be used to specify the contents of the legend. See issue #24.
• Added showTacticRowBackground field (boolean), which if true sets the layer to display a background color for the tactic row. See issue #32.
• Added tacticRowBackground field (string), which holds the hex color value to show as the background to the tactic row if showTacticRowBackground is true. See issue #32.
• Added selectTechniquesAcrossTactics field (boolean), which if false allows the user to select instances of techniques which are found in multiple tactics individually. See issue #8.
• Added tactic field (string) to the Technique object. If this field is present, the annotations will only be applied to the instance of the technique in the specified tactic. If this field is not present, the annotations will be applied to all instances of the technique. See issue #8.