update on wiki
parent
8b5b397ebc
commit
ca8d3af45a
14
README.md
14
README.md
|
@ -16,6 +16,8 @@ Blue ATT&CK will help you to:
|
||||||
- Map threat actor behaviours.
|
- Map threat actor behaviours.
|
||||||
- Compare visibility, detections and threat actor behaviours in order to uncover possible improvements in detection and visibility. This can help you to prioritise your blue teaming efforts.
|
- Compare visibility, detections and threat actor behaviours in order to uncover possible improvements in detection and visibility. This can help you to prioritise your blue teaming efforts.
|
||||||
|
|
||||||
|
The colored visualisations are created using MITRE's [ATT&CK Navigator](https://github.com/mitre-attack/attack-navigator) .
|
||||||
|
|
||||||
## Authors and contribution
|
## Authors and contribution
|
||||||
This project is developed and maintained by [Marcus Bakker](https://github.com/marcusbakker) (Twitter: [@bakker3m](https://twitter.com/bakk3rm)) and [Ruben Bouman](https://github.com/rubinatorz) (Twitter: [@rubenb_2](https://twitter.com/rubenb_2/)). Feel free to contact, DMs are open.
|
This project is developed and maintained by [Marcus Bakker](https://github.com/marcusbakker) (Twitter: [@bakker3m](https://twitter.com/bakk3rm)) and [Ruben Bouman](https://github.com/rubinatorz) (Twitter: [@rubenb_2](https://twitter.com/rubenb_2/)). Feel free to contact, DMs are open.
|
||||||
|
|
||||||
|
@ -45,22 +47,22 @@ See our GitHub Wiki: [Installation and requirements](https://github.com/rabobank
|
||||||
## Future developments
|
## Future developments
|
||||||
|
|
||||||
- Add more graphs:
|
- Add more graphs:
|
||||||
- [ ] Detections: improvement based on newly added detections and improvements on the level/score of existing detections. Possibly with a changelog with support for comments.
|
- [ ] Detections: improvement based on newly added detections and improvements on the level/score of existing detections. Possibly with a changelog.
|
||||||
- [ ] Visibility: improvement in the quality of an existing data source.
|
- [ ] Visibility: improvement in the quality of an existing data source.
|
||||||
- Groups:
|
- Groups:
|
||||||
- [ ] Have groups YAML file type that contains a count on how popular a certain technique is. This can be very useful to map things such as Red Canary's [Threat Detection Report 2019](https://redcanary.com/resources/guides/threat-detection-report/).
|
- [ ] Have a group YAML file type that contains a count on how popular a certain technique is. This can be very useful to map things such as Red Canary's [Threat Detection Report 2019](https://redcanary.com/resources/guides/threat-detection-report/).
|
||||||
- Excel output for:
|
- Excel output for:
|
||||||
- [ ] Techniques administration YAML file: visibility coverage
|
- [ ] Techniques administration YAML file: visibility coverage.
|
||||||
- [ ] Techniques administration YAML file: detection coverage
|
- [ ] Techniques administration YAML file: detection coverage.
|
||||||
- Data quality Excel sheet:
|
- Data quality Excel sheet:
|
||||||
- [ ] Add colors to the data quality scores in the Excel sheet.
|
- [ ] Add colors to the data quality scores in the Excel sheet.
|
||||||
- YAML files:
|
- YAML files:
|
||||||
- [ ] Create an option within the tool to migrate an old administration YAML file version to a new version (such as adding specific key-value pairs).
|
- [ ] Create an option within the tool to migrate an old administration YAML file version to a new version (such as adding specific key-value pairs).
|
||||||
- MITRE ATT&CK updates
|
- MITRE ATT&CK updates
|
||||||
- [ ] Have a smart way of knowing what to update in your data source and technique administration files once MITRE releases updates.
|
- [ ] Have a smart way of knowing what to update in your data source and technique administration files once MITRE publishes updates.
|
||||||
- [ ] Data sources: check for missing data sources in data sources administration files.
|
- [ ] Data sources: check for missing data sources in data sources administration files.
|
||||||
- Minimal visibility
|
- Minimal visibility
|
||||||
- [ ] Integrate information into the framework on what a minimal set of visibility for a technique should be, before you can say to have useful visibility (e.g. technique X requires at least to have visibility on process monitoring, process command line monitoring and DLL monitoring.)
|
- [ ] Integrate information into the framework on what a minimal set of visibility for a technique should be, before you can say to have useful visibility (e.g. technique X requires at least to have visibility on process monitoring, process command line monitoring and DLL monitoring).
|
||||||
|
|
||||||
## License: GPL-3.0
|
## License: GPL-3.0
|
||||||
[Blue ATT&CK's GNU General Public License v3.0](https://github.com/rabobank-cdc/Blue-ATTACK/blob/master/LICENSE)
|
[Blue ATT&CK's GNU General Public License v3.0](https://github.com/rabobank-cdc/Blue-ATTACK/blob/master/LICENSE)
|
||||||
|
|
Loading…
Reference in New Issue