Changed the platform and/or added some comments
parent
743ba247aa
commit
4df0887070
|
@ -4,7 +4,9 @@ version: 1.0
|
|||
file_type: data-source-administration
|
||||
name: empty-data-source-admin-file
|
||||
# Fill in the correct MITRE ATT&CK enterprise platform(s). Multiple can be included using a list
|
||||
# (Windows, Linux, macOS, AWS, GCP, Azure, Azure AD, Office 365, SaaS)
|
||||
# - (Windows, Linux, macOS, AWS, GCP, Azure, Azure AD, Office 365, SaaS)
|
||||
# Also, take into account which data sources are applicable per platform. For more info see:
|
||||
# - https://github.com/rabobank-cdc/DeTTECT/wiki/Data-sources-per-platform
|
||||
platform:
|
||||
data_sources:
|
||||
# A data source is treated as not available when all dimensions of the data quality have a score of 0.
|
||||
|
|
|
@ -3,7 +3,9 @@
|
|||
version: 1.0
|
||||
file_type: data-source-administration
|
||||
name: endpoints-example
|
||||
platform: Windows
|
||||
platform: ['Windows', 'Azure', 'Azure AD', 'Office 365']
|
||||
# The list only contains data sources that are applicable to the above platforms. For more info see:
|
||||
# - https://github.com/rabobank-cdc/DeTTECT/wiki/Data-sources-per-platform
|
||||
data_sources:
|
||||
# A data source is treated as not available when all dimensions of the data quality have a score of 0.
|
||||
# If desired you are free to add any key-value pairs.
|
||||
|
@ -619,30 +621,6 @@ data_sources:
|
|||
timeliness: 5
|
||||
consistency: 5
|
||||
retention: 4
|
||||
- data_source_name: AWS CloudTrail logs
|
||||
date_registered:
|
||||
date_connected:
|
||||
products: []
|
||||
available_for_data_analytics: False
|
||||
comment: ''
|
||||
data_quality:
|
||||
device_completeness: 0
|
||||
data_field_completeness: 0
|
||||
timeliness: 0
|
||||
consistency: 0
|
||||
retention: 0
|
||||
- data_source_name: AWS OS logs
|
||||
date_registered:
|
||||
date_connected:
|
||||
products: []
|
||||
available_for_data_analytics: False
|
||||
comment: ''
|
||||
data_quality:
|
||||
device_completeness: 0
|
||||
data_field_completeness: 0
|
||||
timeliness: 0
|
||||
consistency: 0
|
||||
retention: 0
|
||||
- data_source_name: Azure OS logs
|
||||
date_registered: 2019-11-01
|
||||
date_connected: 2019-11-01
|
||||
|
@ -658,7 +636,7 @@ data_sources:
|
|||
- data_source_name: Azure activity logs
|
||||
date_registered: 2019-11-01
|
||||
date_connected: 2019-11-01
|
||||
products: [Log Analytics agent]
|
||||
products: [Azure]
|
||||
available_for_data_analytics: True
|
||||
comment: ''
|
||||
data_quality:
|
||||
|
@ -667,22 +645,10 @@ data_sources:
|
|||
timeliness: 5
|
||||
consistency: 5
|
||||
retention: 3
|
||||
- data_source_name: OAuth audit logs
|
||||
date_registered:
|
||||
date_connected:
|
||||
products: []
|
||||
available_for_data_analytics: False
|
||||
comment: ''
|
||||
data_quality:
|
||||
device_completeness: 0
|
||||
data_field_completeness: 0
|
||||
timeliness: 0
|
||||
consistency: 0
|
||||
retention: 0
|
||||
- data_source_name: Office 365 account logs
|
||||
date_registered: 2019-11-01
|
||||
date_connected: 2019-11-01
|
||||
products: [Microsoft Cloud App Security]
|
||||
products: [O365]
|
||||
available_for_data_analytics: True
|
||||
comment: ''
|
||||
data_quality:
|
||||
|
@ -694,7 +660,7 @@ data_sources:
|
|||
- data_source_name: Office 365 audit logs
|
||||
date_registered: 2019-11-01
|
||||
date_connected: 2019-11-01
|
||||
products: [Microsoft Cloud App Security]
|
||||
products: [O365]
|
||||
available_for_data_analytics: True
|
||||
comment: ''
|
||||
data_quality:
|
||||
|
@ -704,29 +670,17 @@ data_sources:
|
|||
consistency: 5
|
||||
retention: 3
|
||||
- data_source_name: Office 365 trace logs
|
||||
date_registered:
|
||||
date_connected:
|
||||
products: []
|
||||
available_for_data_analytics: False
|
||||
date_registered: 2019-11-01
|
||||
date_connected: 2019-11-01
|
||||
products: [O365]
|
||||
available_for_data_analytics: True
|
||||
comment: ''
|
||||
data_quality:
|
||||
device_completeness: 0
|
||||
data_field_completeness: 0
|
||||
timeliness: 0
|
||||
consistency: 0
|
||||
retention: 0
|
||||
- data_source_name: Stackdriver logs
|
||||
date_registered:
|
||||
date_connected:
|
||||
products: []
|
||||
available_for_data_analytics: False
|
||||
comment: ''
|
||||
data_quality:
|
||||
device_completeness: 0
|
||||
data_field_completeness: 0
|
||||
timeliness: 0
|
||||
consistency: 0
|
||||
retention: 0
|
||||
device_completeness: 5
|
||||
data_field_completeness: 4
|
||||
timeliness: 5
|
||||
consistency: 5
|
||||
retention: 3
|
||||
exceptions:
|
||||
# Adding a technique ID below will result in removing that technique in the heat map (meaning not enough data source or quality is available for proper detection).
|
||||
# Please note that the below is just an example, many more can exists.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
version: 1.2
|
||||
file_type: technique-administration
|
||||
name: example
|
||||
platform: Windows
|
||||
platform: ['Windows', 'Azure', 'Azure AD', 'Office 365']
|
||||
techniques:
|
||||
# - Note that detection and visibility are independent from each other.
|
||||
# Meaning that detection could be left blank and only have visibility filled in.
|
||||
|
|
Loading…
Reference in New Issue