Ruben Bouman
1ac6a4ce78
- Added output_filename as option for datasource, visbility, detection and group modes.
...
- Fixed bug when having both dates and datetimes in techniques YAML file.
2020-05-25 11:44:13 +02:00
Ruben
23b0324e75
Bugfix: date in auto updated yaml file was in YYYY-MM-DD format what errors when auto updating the YAML again. Using long datetime format like in the Editor.
2020-04-16 15:18:27 +02:00
Ruben Bouman
68699a9e06
bugfix for using lowercase platform in data source yaml file, bugfix for having empty score logbook in techniques yaml file, small code style improvement
2020-03-03 14:49:19 +01:00
Marcus Bakker
363beab8a5
Mapped data sources to platforms
2020-02-10 12:17:00 +01:00
Marcus Bakker
b6a00a3955
Added new functionality to support a platform key-value pair in a group YAML file.
2019-12-06 13:50:16 +01:00
Marcus Bakker
40657c4e06
Removing revoked ATT&CK STIX objects
2019-12-05 10:46:44 +01:00
Marcus Bakker
28b26fb92c
Small fixes
2019-12-05 08:43:42 +01:00
Marcus Bakker
a952c34cac
Added new checks to make sure the metadata in a Navigator layer file is compliant with the expected data structure. Reported by @Sreeman.
2019-12-04 14:51:56 +01:00
Marcus Bakker
dc092696f2
Fixed of a bug that caused a crash when having a None value for a detection or visibility comment. Reported by @Sreeman.
2019-11-29 12:17:33 +01:00
Ruben Bouman
fdd4f7b4b7
Fixed two bugs:
...
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
Ruben Bouman
dd4708a440
A small bug fix that resulted in an invalid Navigator layer file for a group/threat actor heat map, or when overlaid with a group, visibility or detection coverage.
2019-11-14 15:09:36 +01:00
Ruben Bouman
f67cb194d4
Improved handling of multiple possible values for platform.
2019-11-05 10:21:42 +01:00
Ruben Bouman
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
Marcus Bakker
14852fb24a
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 11:16:05 +02:00
Marcus Bakker
81a8d18eff
- Removed depreciated functionality.
...
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
Ruben Bouman
45ca1b9e81
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 09:15:52 +02:00
Ruben Bouman
90fc9278c9
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-20 09:15:41 +02:00
Marcus Bakker
84f9f0440a
- Non-MITRE ATT&CK data sources are now also exported to Excel.
...
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
Marcus Bakker
4fd39d46aa
Removed an unnecessary try/catch block.
2019-08-13 14:29:54 +02:00
Marcus Bakker
025c302af5
- Removed the function 'try_get_key' (replaced by the native dict method 'get').
...
- Improved the function 'fix_date_and_remove_null' to make use of StringIO instead of writing temporary files to disk.
- Made the function 'get_latest_score_obj', 'public'. This function is needed within the module 'eql_yaml.py'.
- Removed functionality for the deprecated argument '-a, --applicable'.
- Added a try/except block to 'load_techniques', for when an EQL query resulted in invalid technique administration YAML content.
- Improved the health check to only to perform the health check, when the content of the YAML file changed. This results in a notable increase in performance.
2019-08-08 14:29:15 +02:00
Marcus Bakker
c6d25a2f0f
- Added functionally to remove null values from YAML file lines.
...
- Small improvement in the health check.
2019-08-02 11:47:58 +02:00
Marcus Bakker
3d11aa5835
- Added new functionality for Mitigations statistics.
...
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
Marcus Bakker
d0f2a4946b
- Made compatible with version 1.2 of the technique admin YAML file.
...
- Added new functionality for the auto-update of visibility scores.
- Added multiple new generic functions.
- Multiple small improvements to the technique admin YAML file health check.
- Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
- Made compatible with v0.2.7 of attackcti.
2019-07-31 10:18:57 +02:00
Marcus Bakker
3f4876a682
Increased performance by caching ATT&CK STIX objects were possible.
2019-07-15 14:55:39 +02:00
Marcus Bakker
e251c6157c
Made compatible with the latest version of attackcti (v0.2.6)
2019-07-13 14:40:24 +02:00
Marcus Bakker
2dd9327955
removed an unnecessary print statement
2019-05-23 09:37:08 +02:00
Marcus Bakker
f10e4ea9ab
- The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
...
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
Ruben Bouman
111395c684
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 14:43:32 +02:00
Ruben Bouman
9a9aa01355
Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files.
2019-05-15 14:43:25 +02:00
Marcus Bakker
7c027606d9
small improvement in the health check for tech. YAML files
2019-05-15 11:00:33 +02:00
Marcus Bakker
ff492db9ff
fixed a small bug in new code
2019-05-14 13:56:07 +02:00
Marcus Bakker
5fdcb2376d
added a new option '--health' to check a technique administration YAML file on errors.
2019-05-14 12:58:06 +02:00
Marcus Bakker
5cbb419a09
Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility
2019-05-03 10:25:11 +02:00
Marcus Bakker
149362f9d8
Created 3 constants for overlay_type
2019-05-02 20:15:43 +02:00
Marcus Bakker
f475c26ede
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 19:54:57 +02:00
Marcus Bakker
b84e98c12b
Converted float to int
2019-05-02 19:45:45 +02:00
Ruben Bouman
9b52bf1136
Improvend the legend for group + detection and visibility overlays.
2019-05-02 16:47:40 +02:00
Ruben Bouman
78bc2f2842
Added support for multiple detections and visibility per technique in the technique administration YAML file.
...
Changed version number tot 1.1.
Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
Marcus Bakker
8ff223c81c
Merge remote-tracking branch 'origin/master' into development
2019-04-24 11:49:13 +02:00
Marcus Bakker
54953dc62c
Fixed issue #3 (product list not appending for visibility ATT&CK layer)
2019-04-24 08:31:59 +02:00
Marcus Bakker
55010f8dbb
Added functionality to migrate technique administration YAML files with version 1.0 to version 1.1
2019-04-23 13:19:29 +02:00
Ruben
0dd76c68a1
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
...
# Conflicts:
# technique_mapping.py
2019-04-17 13:43:46 +02:00
Ruben
3754dd39bc
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
...
# Conflicts:
# technique_mapping.py
2019-04-17 13:41:55 +02:00
Marcus Bakker
a9dcb4fa78
Added a more detailed error message for invalid YAML files
2019-04-15 14:06:36 +02:00
Marcus Bakker
a90e03b2ea
Rename to DeTT&CT
2019-04-08 07:24:38 +02:00
Marcus Bakker
8b5b397ebc
initial commit
2019-03-29 15:26:25 +01:00