fdd4f7b4b7
Fixed two bugs:
...
- Using 'all' in a data soursce file to generate a YAML file does not work: empty file.
- Having 'all' in a data source and then use --yaml result in a weird filename: data-sources-a-l-l
2019-11-18 14:27:25 +01:00
dd4708a440
A small bug fix that resulted in an invalid Navigator layer file for a group/threat actor heat map, or when overlaid with a group, visibility or detection coverage.
2019-11-14 15:09:36 +01:00
f67cb194d4
Improved handling of multiple possible values for platform.
2019-11-05 10:21:42 +01:00
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
14852fb24a
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 11:16:05 +02:00
81a8d18eff
- Removed depreciated functionality.
...
- Moved health check functions to health.py
2019-08-20 11:15:54 +02:00
45ca1b9e81
Merge branch 'master' of https://github.com/marcusbakker/DeTTECT-private
2019-08-20 09:15:52 +02:00
90fc9278c9
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-20 09:15:41 +02:00
84f9f0440a
- Non-MITRE ATT&CK data sources are now also exported to Excel.
...
- Any ATT&CK data sources that are missing within the YAML file are added to the Excel with a comment stating it is missing.
2019-08-15 20:31:20 +02:00
4fd39d46aa
Removed an unnecessary try/catch block.
2019-08-13 14:29:54 +02:00
025c302af5
- Removed the function 'try_get_key' (replaced by the native dict method 'get').
...
- Improved the function 'fix_date_and_remove_null' to make use of StringIO instead of writing temporary files to disk.
- Made the function 'get_latest_score_obj', 'public'. This function is needed within the module 'eql_yaml.py'.
- Removed functionality for the deprecated argument '-a, --applicable'.
- Added a try/except block to 'load_techniques', for when an EQL query resulted in invalid technique administration YAML content.
- Improved the health check to only to perform the health check, when the content of the YAML file changed. This results in a notable increase in performance.
2019-08-08 14:29:15 +02:00
c6d25a2f0f
- Added functionally to remove null values from YAML file lines.
...
- Small improvement in the health check.
2019-08-02 11:47:58 +02:00
3d11aa5835
- Added new functionality for Mitigations statistics.
...
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
d0f2a4946b
- Made compatible with version 1.2 of the technique admin YAML file.
...
- Added new functionality for the auto-update of visibility scores.
- Added multiple new generic functions.
- Multiple small improvements to the technique admin YAML file health check.
- Replaced PyYAML with ruamel.yaml.
- Multiple functions made "private".
- Made compatible with v0.2.7 of attackcti.
2019-07-31 10:18:57 +02:00
3f4876a682
Increased performance by caching ATT&CK STIX objects were possible.
2019-07-15 14:55:39 +02:00
e251c6157c
Made compatible with the latest version of attackcti (v0.2.6)
2019-07-13 14:40:24 +02:00
2dd9327955
removed an unnecessary print statement
2019-05-23 09:37:08 +02:00
f10e4ea9ab
- The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
...
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
111395c684
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 14:43:32 +02:00
9a9aa01355
Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files.
2019-05-15 14:43:25 +02:00
7c027606d9
small improvement in the health check for tech. YAML files
2019-05-15 11:00:33 +02:00
ff492db9ff
fixed a small bug in new code
2019-05-14 13:56:07 +02:00
5fdcb2376d
added a new option '--health' to check a technique administration YAML file on errors.
2019-05-14 12:58:06 +02:00
5cbb419a09
Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility
2019-05-03 10:25:11 +02:00
149362f9d8
Created 3 constants for overlay_type
2019-05-02 20:15:43 +02:00
f475c26ede
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 19:54:57 +02:00
b84e98c12b
Converted float to int
2019-05-02 19:45:45 +02:00
9b52bf1136
Improvend the legend for group + detection and visibility overlays.
2019-05-02 16:47:40 +02:00
78bc2f2842
Added support for multiple detections and visibility per technique in the technique administration YAML file.
...
Changed version number tot 1.1.
Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
8ff223c81c
Merge remote-tracking branch 'origin/master' into development
2019-04-24 11:49:13 +02:00
54953dc62c
Fixed issue #3 (product list not appending for visibility ATT&CK layer)
2019-04-24 08:31:59 +02:00
55010f8dbb
Added functionality to migrate technique administration YAML files with version 1.0 to version 1.1
2019-04-23 13:19:29 +02:00
0dd76c68a1
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
...
# Conflicts:
# technique_mapping.py
2019-04-17 13:43:46 +02:00
3754dd39bc
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
...
# Conflicts:
# technique_mapping.py
2019-04-17 13:41:55 +02:00
a9dcb4fa78
Added a more detailed error message for invalid YAML files
2019-04-15 14:06:36 +02:00
a90e03b2ea
Rename to DeTT&CT
2019-04-08 07:24:38 +02:00
8b5b397ebc
initial commit
2019-03-29 15:26:25 +01:00
Ruben Bouman
Marcus Bakker
Ruben