Ruben Bouman
1ac6a4ce78
- Added output_filename as option for datasource, visbility, detection and group modes.
...
- Fixed bug when having both dates and datetimes in techniques YAML file.
2020-05-25 11:44:13 +02:00
Marcus Bakker
1dbfe7c248
Another fix for when 'software_id' is not present in a group YAML file
2020-01-30 16:28:46 +01:00
Maverick
721ffbb43a
Fix having software_id present for group mapping
...
- As noted in the wiki, `software_id` is not a hard requirement for the
group mapping to work, however, it was previously not taking into
account that `software_id` maybe empty when getting group details.
2020-01-27 19:35:57 +01:00
Marcus Bakker
b6a00a3955
Added new functionality to support a platform key-value pair in a group YAML file.
2019-12-06 13:50:16 +01:00
Ruben Bouman
fb3a5982b8
Fix for a small bug that resulted in a stacktrace when using an invalid group name as overlay.
2019-11-14 15:12:26 +01:00
Ruben Bouman
b5f970b8c2
Added support for new platforms of ATT&CK October update: AWS, GCP, Azure, Azure AD, Office 365, SaaS.
...
Added support for using multiple values in platform attribute in data sources administration and techniques administration files.
Added health check on platform attribute in techniques administration file.
Updated support for ATT&CK Navigator layer version 2.2.
2019-11-04 14:48:58 +01:00
Ruben Bouman
6efd04cb3b
Don't overwrite output files if they already exist, but append a number to the filename as suffix.
2019-08-21 10:53:04 +02:00
Marcus Bakker
08b4c9c1ec
Made the necessary changes to be compatible with the interactive menu.
2019-08-13 14:28:43 +02:00
Marcus Bakker
b0757b6bbd
Fixed a bug that caused a crash when having a 'group_name' or 'campaign' within a Group YAML with only integers.
2019-08-09 10:51:57 +02:00
Marcus Bakker
823c82a909
- Added new functionality to the function 'generate_group_heat_map' for the new EQL query functionality. And added support for the '--health' argument in the group mode.
...
- Removed functionality due to the deprecation of the argument '-a, --applicable'.
2019-08-08 14:46:30 +02:00
Marcus Bakker
3d11aa5835
- Added new functionality for Mitigations statistics.
...
- Moved multiple functions.
2019-08-01 15:02:55 +02:00
Marcus Bakker
a24f77146e
A pre-attack Navigator layer's filename no longer contains a platform (which it does not support)
2019-07-31 11:59:17 +02:00
Marcus Bakker
f4121bf4d0
- Replaced PyYAML with ruamel.yaml.
...
- Multiple functions made "private".
2019-07-31 10:19:51 +02:00
Marcus Bakker
3f4876a682
Increased performance by caching ATT&CK STIX objects were possible.
2019-07-15 14:55:39 +02:00
Marcus Bakker
f3407f6ec4
- Made compatible with the latest version of attackcti (v0.2.6)
...
- Fixed a bug that caused the campaign name not to be displayed for a group (part of the Group YAML file)
2019-07-13 14:41:59 +02:00
Marcus Bakker
f10e4ea9ab
- The health function now checks for very similar values within the key-value pair 'applicable_to'. E.g. 'server' and 'servers'.
...
- The health function is now always called for technique admin files. Showing a generic error message if possible errors are found.
- Created new function 'check_file' to separate the functionality from 'check_file_type'.
2019-05-19 14:10:25 +02:00
Ruben Bouman
9a9aa01355
Provided a groups YAML file for the Red Canary threat detection 2019 report, listing all frequently used techniques including lists per sector. Adjusted functionality in DeTT&CT to support the use of 'weight' in group files.
2019-05-15 14:43:25 +02:00
Ruben Bouman
e745b3bfe4
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-15 10:05:29 +02:00
Ruben Bouman
24be857eb2
Added both detection and visibility score to detection/visibility overlay.
2019-05-15 10:05:19 +02:00
Marcus Bakker
5fdcb2376d
added a new option '--health' to check a technique administration YAML file on errors.
2019-05-14 12:58:06 +02:00
Marcus Bakker
5cbb419a09
Fixed a bug that resulted in a wrong scoring an colouring of groups when overlaid with detection/visibility
2019-05-03 10:25:11 +02:00
Marcus Bakker
149362f9d8
Created 3 constants for overlay_type
2019-05-02 20:15:43 +02:00
Marcus Bakker
f475c26ede
Merge branch 'development' of https://github.com/rabobank-cdc/DeTTACT into development
2019-05-02 19:54:57 +02:00
Marcus Bakker
e60d77fdf1
Added score (in the layer attribute "score" and as metadata) for detection/visibility when overlaid with a group
2019-05-02 19:54:32 +02:00
Ruben Bouman
9b52bf1136
Improvend the legend for group + detection and visibility overlays.
2019-05-02 16:47:40 +02:00
Ruben Bouman
78bc2f2842
Added support for multiple detections and visibility per technique in the technique administration YAML file.
...
Changed version number tot 1.1.
Improvements and fixes for the new detections/visibility Excel sheet.
2019-05-02 13:21:01 +02:00
Ruben Bouman
43d8b130a0
Added support for filtering applicable_to in groups overlayed with detection/visibility. Added docstrings. Fixed bug in arg parsing.
2019-04-24 16:15:04 +02:00
Marcus Bakker
26776f0468
Fixed a bug that would cause a crash when doing a software-group using a visibility or detection overlay
2019-04-23 13:21:27 +02:00
Marcus Bakker
8b5b397ebc
initial commit
2019-03-29 15:26:25 +01:00