4e2f7b1adc
Added an extra health check for an empty item in the key-value pair 'location' of a detection. Reported by @Sreeman.
2019-11-29 12:22:10 +01:00
dc092696f2
Fixed of a bug that caused a crash when having a None value for a detection or visibility comment. Reported by @Sreeman.
2019-11-29 12:17:33 +01:00
64eb0fbc5d
Merge branch 'master' of development branch
2019-11-19 11:53:59 +01:00
2be0549293
rename files
2019-11-19 11:46:22 +01:00
400495ca03
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-19 11:39:32 +01:00
c10f20b1b2
Added group yaml and layer file for the "ATT&CK Techniques and Trends in Windows Malware" publication by Kris Oosthoek and Christian Doerr.
2019-11-19 11:39:25 +01:00
734aceebe3
Removed unnecessary code from the function "data_source_search"
2019-11-19 11:28:01 +01:00
be31da063c
Bumped the version to 1.2.5
2019-11-19 10:26:02 +01:00
7aacb7feb1
A fix for a bug that broke EQL searches on Data Source Administration YAML files
2019-11-19 10:10:15 +01:00
fdd4f7b4b7
Fixed two bugs:
...
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
77e580952e
Merge remote-tracking branch 'origin/master'
2019-11-15 20:52:27 +01:00
74bba89627
Added the platforms from the October update.
2019-11-15 20:51:51 +01:00
fb3a5982b8
Fix for a small bug that resulted in a stacktrace when using an invalid group name as overlay.
2019-11-14 15:12:26 +01:00
dd4708a440
A small bug fix that resulted in an invalid Navigator layer file for a group/threat actor heat map, or when overlaid with a group, visibility or detection coverage.
2019-11-14 15:09:36 +01:00
c208d67e0f
Bumped the version to 1.2.4
2019-11-14 14:46:59 +01:00
3c1105c247
Merge branch 'master' of https://github.com/rabobank-cdc/DeTTECT
2019-11-07 08:55:14 +01:00
4205e58ae7
Changed the blog URL.
2019-11-07 08:54:58 +01:00
370071bb7e
Merge branch 'development'
2019-11-06 12:58:06 +01:00
43360f6242
Removed the platform "Azure"
2019-11-06 12:56:51 +01:00
a93cd9732c
Added Group YAML Files and Navigator layers for CrowdStrike's 2019 Mid-Year OverWatch Report.
2019-11-06 12:29:09 +01:00
d2d24824f5
Merge branch 'development'
2019-11-05 13:54:23 +01:00
207162f29b
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-05 10:21:48 +01:00
f67cb194d4
Improved handling of multiple possible values for platform.
2019-11-05 10:21:42 +01:00
6dd96dff72
Added the new ATT&CK data sources from the October update.
2019-11-05 08:50:46 +01:00
b9188ad50e
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-11-05 08:50:12 +01:00
7f47fd6ac6
Bumped the version to 1.2.3
2019-11-05 08:49:58 +01:00
866521f30b
Update version number
2019-11-04 15:47:54 +01:00
1130c5ec44
Platform attribute with right casing due to ATT&CK October update.
2019-11-04 15:46:04 +01:00
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
3d657bd4bf
Added new data sources of ATT&CK October update to sample-data file.
2019-11-04 14:30:59 +01:00
3fa25fd38b
Merge branch 'development'
2019-10-31 10:12:37 +01:00
a2e7794491
Added a link to the hack.lu 2019 talk
2019-10-31 10:09:30 +01:00
a3d366f394
Merge branch 'development'
2019-10-17 14:13:48 +02:00
48440370b7
Bumped the version to 1.2.2
2019-10-17 13:51:54 +02:00
0c15c1ffde
Fixed a bug that caused a crash when having empty technique ID entries within the 'exception' list of a data source administration YAML file.
2019-10-17 13:51:28 +02:00
098681f239
Added two new health checks for the data source administration YAML:
...
- check on on invalid technique IDs in the 'exceptions list'
- check on an empty or invalid value for 'platform'
2019-10-17 13:51:06 +02:00
0317b982c9
Merge branch 'development'
2019-09-19 17:24:32 +02:00
785d52a619
Bumped the version to 1.2.1
2019-09-19 16:06:51 +02:00
951ab11619
Bumped the version to 1.2.1
2019-09-19 16:04:26 +02:00
c287673169
Improved the way how EQL is integrated into DeTT&CT.
2019-09-19 15:52:43 +02:00
3c341ce9a9
Fixed a bug within the YAML visibility update functionality.
2019-09-19 15:49:59 +02:00
6d17208387
Fixed the metadata for the data source "Process command-line parameters"
2019-09-19 15:48:38 +02:00
cf209ee668
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-09-16 09:28:47 +02:00
46b2982d23
Added a YAML and Navigator layer file for Kaspersky's Incident Response report 2018
2019-09-16 09:23:10 +02:00
e398807772
Release 1.2.0 commit
2019-08-22 08:28:14 +02:00
83f1eb0451
Merge branch 'master' of https://github.com/rabobank-cdc/DeTTECT
2019-08-22 08:23:45 +02:00
24c19fcca6
small changes to interactive menu: makes choices like booleans must faster
2019-08-21 15:12:12 +02:00
6efd04cb3b
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-21 10:53:04 +02:00
14852fb24a
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 11:16:05 +02:00
81a8d18eff
- Removed depreciated functionality.
...
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
Marcus Bakker
Ruben Bouman