Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Idea: Allow Atomics to be run Solely by test GUID #167

Open
hunty-dumpy opened this issue Nov 7, 2023 · 0 comments
Open

Idea: Allow Atomics to be run Solely by test GUID #167

hunty-dumpy opened this issue Nov 7, 2023 · 0 comments
Assignees
@cyberbuff

Comments

@hunty-dumpy
Copy link

Invoke-AtomicTest should be able to run solely based on the test_guids. Guids generation should be globally unique and thus have no collision across techniques.

  1. As Mitre updates the Att$ck matrix sub-techniques change IDs.
    a. There have been multiple instances of techniques changing IDs in the matrix. e.g., Port Monitors changed from T1013 to T1547.010.
    b. Using guids to run tests will allow for atomics to be re-organized to match the changing matrix without breaking automations

  2. Having to use techniques to call a tests also forces mapping detections (with auto unit testing through ART) to be mapped to the proper (new) Att$ck technique ID and to the one were ART has it mapped (not always the same).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cyberbuff cyberbuff

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cyberbuff @hunty-dumpy