-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Idea: Update all techniques by mitre/cti repository automatically #2610
Comments
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
Hello @socketz Sorry for the delay. We don't have any atomics related to T1063 and I was wondering instead of adding adding old ATT&CK Technique ID to the yaml, would #167 work for you ? We are working on running atomics solely by GUID. This way even when the ATT&CK IDs change in the future, you can use the GUID to test them out. |
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
This issue was closed because it has been stalled for 5 days with no activity. |
Use-cases
Many techniques had been replaced by new techniques in recent MITRE ATT&CK versions. Currently is v14.1 for Enterprise, Mobile and ICS, and PRE matrix is deprecated, and merged to Enterprise, that is bad mapped in current version of ART, e.g T1063 does not exists in v14.1 because is an older PRE technique, and now belongs to Enterprise as T1286.
Proposal
Automatic updates of TTP's by a mapping in yaml or json to test this techniques with old and new ID's when is called by Invoke-Atomic scripts. This mapping could be good integrated with STIX data to reports generated after atomic tests execution.
References
Enterprise: https://github.com/mitre/cti/blob/master/enterprise-attack/enterprise-attack.json
Mobile: https://github.com/mitre/cti/blob/master/mobile-attack/mobile-attack.json
ICS: https://github.com/mitre/cti/blob/master/ics-attack/ics-attack.json
The text was updated successfully, but these errors were encountered: